Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2023:0072-1

Опубликовано: 11 янв. 2023
Источник: suse-cvrf

Описание

Security update for php74

This update for php74 fixes the following issues:

  • CVE-2022-31631: Fixed an issue where PDO::quote would return an unquoted string (bsc#1206958).

Список пакетов

SUSE Linux Enterprise Module for Web and Scripting 12
apache2-mod_php74-7.4.33-1.50.2
php74-7.4.33-1.50.2
php74-bcmath-7.4.33-1.50.2
php74-bz2-7.4.33-1.50.2
php74-calendar-7.4.33-1.50.2
php74-ctype-7.4.33-1.50.2
php74-curl-7.4.33-1.50.2
php74-dba-7.4.33-1.50.2
php74-dom-7.4.33-1.50.2
php74-enchant-7.4.33-1.50.2
php74-exif-7.4.33-1.50.2
php74-fastcgi-7.4.33-1.50.2
php74-fileinfo-7.4.33-1.50.2
php74-fpm-7.4.33-1.50.2
php74-ftp-7.4.33-1.50.2
php74-gd-7.4.33-1.50.2
php74-gettext-7.4.33-1.50.2
php74-gmp-7.4.33-1.50.2
php74-iconv-7.4.33-1.50.2
php74-intl-7.4.33-1.50.2
php74-json-7.4.33-1.50.2
php74-ldap-7.4.33-1.50.2
php74-mbstring-7.4.33-1.50.2
php74-mysql-7.4.33-1.50.2
php74-odbc-7.4.33-1.50.2
php74-opcache-7.4.33-1.50.2
php74-openssl-7.4.33-1.50.2
php74-pcntl-7.4.33-1.50.2
php74-pdo-7.4.33-1.50.2
php74-pgsql-7.4.33-1.50.2
php74-phar-7.4.33-1.50.2
php74-posix-7.4.33-1.50.2
php74-readline-7.4.33-1.50.2
php74-shmop-7.4.33-1.50.2
php74-snmp-7.4.33-1.50.2
php74-soap-7.4.33-1.50.2
php74-sockets-7.4.33-1.50.2
php74-sodium-7.4.33-1.50.2
php74-sqlite-7.4.33-1.50.2
php74-sysvmsg-7.4.33-1.50.2
php74-sysvsem-7.4.33-1.50.2
php74-sysvshm-7.4.33-1.50.2
php74-tidy-7.4.33-1.50.2
php74-tokenizer-7.4.33-1.50.2
php74-xmlreader-7.4.33-1.50.2
php74-xmlrpc-7.4.33-1.50.2
php74-xmlwriter-7.4.33-1.50.2
php74-xsl-7.4.33-1.50.2
php74-zip-7.4.33-1.50.2
php74-zlib-7.4.33-1.50.2
SUSE Linux Enterprise Software Development Kit 12 SP5
php74-devel-7.4.33-1.50.2

Ссылки

Описание

The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php74-7.4.33-1.50.2
SUSE Linux Enterprise Module for Web and Scripting 12:php74-7.4.33-1.50.2
SUSE Linux Enterprise Module for Web and Scripting 12:php74-bcmath-7.4.33-1.50.2
SUSE Linux Enterprise Module for Web and Scripting 12:php74-bz2-7.4.33-1.50.2
Ссылки

Описание

PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\0.xml attack that bypasses an intended configuration in which client users may read only .xml files.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php74-7.4.33-1.50.2
SUSE Linux Enterprise Module for Web and Scripting 12:php74-7.4.33-1.50.2
SUSE Linux Enterprise Module for Web and Scripting 12:php74-bcmath-7.4.33-1.50.2
SUSE Linux Enterprise Module for Web and Scripting 12:php74-bz2-7.4.33-1.50.2
Ссылки

Описание

In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php74-7.4.33-1.50.2
SUSE Linux Enterprise Module for Web and Scripting 12:php74-7.4.33-1.50.2
SUSE Linux Enterprise Module for Web and Scripting 12:php74-bcmath-7.4.33-1.50.2
SUSE Linux Enterprise Module for Web and Scripting 12:php74-bz2-7.4.33-1.50.2
Ссылки