SUSE-SU-2023:0073-1

Опубликовано: 11 янв. 2023

Источник: suse-cvrf

Описание

Security update for php7

This update for php7 fixes the following issues:

CVE-2022-31631: Fixed an issue where PDO::quote would return an unquoted string (bsc#1206958).

Список пакетов

SUSE Linux Enterprise Module for Legacy 15 SP4

apache2-mod_php7-7.4.33-150400.4.16.1

php7-7.4.33-150400.4.16.1

php7-bcmath-7.4.33-150400.4.16.1

php7-bz2-7.4.33-150400.4.16.1

php7-calendar-7.4.33-150400.4.16.1

php7-cli-7.4.33-150400.4.16.1

php7-ctype-7.4.33-150400.4.16.1

php7-curl-7.4.33-150400.4.16.1

php7-dba-7.4.33-150400.4.16.1

php7-devel-7.4.33-150400.4.16.1

php7-dom-7.4.33-150400.4.16.1

php7-enchant-7.4.33-150400.4.16.1

php7-exif-7.4.33-150400.4.16.1

php7-fastcgi-7.4.33-150400.4.16.1

php7-fileinfo-7.4.33-150400.4.16.1

php7-fpm-7.4.33-150400.4.16.1

php7-ftp-7.4.33-150400.4.16.1

php7-gd-7.4.33-150400.4.16.1

php7-gettext-7.4.33-150400.4.16.1

php7-gmp-7.4.33-150400.4.16.1

php7-iconv-7.4.33-150400.4.16.1

php7-intl-7.4.33-150400.4.16.1

php7-json-7.4.33-150400.4.16.1

php7-ldap-7.4.33-150400.4.16.1

php7-mbstring-7.4.33-150400.4.16.1

php7-mysql-7.4.33-150400.4.16.1

php7-odbc-7.4.33-150400.4.16.1

php7-opcache-7.4.33-150400.4.16.1

php7-openssl-7.4.33-150400.4.16.1

php7-pcntl-7.4.33-150400.4.16.1

php7-pdo-7.4.33-150400.4.16.1

php7-pgsql-7.4.33-150400.4.16.1

php7-phar-7.4.33-150400.4.16.1

php7-posix-7.4.33-150400.4.16.1

php7-readline-7.4.33-150400.4.16.1

php7-shmop-7.4.33-150400.4.16.1

php7-snmp-7.4.33-150400.4.16.1

php7-soap-7.4.33-150400.4.16.1

php7-sockets-7.4.33-150400.4.16.1

php7-sodium-7.4.33-150400.4.16.1

php7-sqlite-7.4.33-150400.4.16.1

php7-sysvmsg-7.4.33-150400.4.16.1

php7-sysvsem-7.4.33-150400.4.16.1

php7-sysvshm-7.4.33-150400.4.16.1

php7-tidy-7.4.33-150400.4.16.1

php7-tokenizer-7.4.33-150400.4.16.1

php7-xmlreader-7.4.33-150400.4.16.1

php7-xmlrpc-7.4.33-150400.4.16.1

php7-xmlwriter-7.4.33-150400.4.16.1

php7-xsl-7.4.33-150400.4.16.1

php7-zip-7.4.33-150400.4.16.1

php7-zlib-7.4.33-150400.4.16.1

SUSE Linux Enterprise Module for Package Hub 15 SP4

php7-embed-7.4.33-150400.4.16.1

openSUSE Leap 15.4

apache2-mod_php7-7.4.33-150400.4.16.1

php7-7.4.33-150400.4.16.1

php7-bcmath-7.4.33-150400.4.16.1

php7-bz2-7.4.33-150400.4.16.1

php7-calendar-7.4.33-150400.4.16.1

php7-cli-7.4.33-150400.4.16.1

php7-ctype-7.4.33-150400.4.16.1

php7-curl-7.4.33-150400.4.16.1

php7-dba-7.4.33-150400.4.16.1

php7-devel-7.4.33-150400.4.16.1

php7-dom-7.4.33-150400.4.16.1

php7-embed-7.4.33-150400.4.16.1

php7-enchant-7.4.33-150400.4.16.1

php7-exif-7.4.33-150400.4.16.1

php7-fastcgi-7.4.33-150400.4.16.1

php7-fileinfo-7.4.33-150400.4.16.1

php7-fpm-7.4.33-150400.4.16.1

php7-ftp-7.4.33-150400.4.16.1

php7-gd-7.4.33-150400.4.16.1

php7-gettext-7.4.33-150400.4.16.1

php7-gmp-7.4.33-150400.4.16.1

php7-iconv-7.4.33-150400.4.16.1

php7-intl-7.4.33-150400.4.16.1

php7-json-7.4.33-150400.4.16.1

php7-ldap-7.4.33-150400.4.16.1

php7-mbstring-7.4.33-150400.4.16.1

php7-mysql-7.4.33-150400.4.16.1

php7-odbc-7.4.33-150400.4.16.1

php7-opcache-7.4.33-150400.4.16.1

php7-openssl-7.4.33-150400.4.16.1

php7-pcntl-7.4.33-150400.4.16.1

php7-pdo-7.4.33-150400.4.16.1

php7-pgsql-7.4.33-150400.4.16.1

php7-phar-7.4.33-150400.4.16.1

php7-posix-7.4.33-150400.4.16.1

php7-readline-7.4.33-150400.4.16.1

php7-shmop-7.4.33-150400.4.16.1

php7-snmp-7.4.33-150400.4.16.1

php7-soap-7.4.33-150400.4.16.1

php7-sockets-7.4.33-150400.4.16.1

php7-sodium-7.4.33-150400.4.16.1

php7-sqlite-7.4.33-150400.4.16.1

php7-sysvmsg-7.4.33-150400.4.16.1

php7-sysvsem-7.4.33-150400.4.16.1

php7-sysvshm-7.4.33-150400.4.16.1

php7-test-7.4.33-150400.4.16.1

php7-tidy-7.4.33-150400.4.16.1

php7-tokenizer-7.4.33-150400.4.16.1

php7-xmlreader-7.4.33-150400.4.16.1

php7-xmlrpc-7.4.33-150400.4.16.1

php7-xmlwriter-7.4.33-150400.4.16.1

php7-xsl-7.4.33-150400.4.16.1

php7-zip-7.4.33-150400.4.16.1

php7-zlib-7.4.33-150400.4.16.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20230073-1/
Link for SUSE-SU-2023:0073-1
https://lists.suse.com/pipermail/sle-security-updates/2023-January/013459.html
E-Mail link for SUSE-SU-2023:0073-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1206958
SUSE Bug 1206958
https://www.suse.com/security/cve/CVE-2022-31631/
SUSE CVE CVE-2022-31631 page

Описание

In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities.

Затронутые продукты

SUSE Linux Enterprise Module for Legacy 15 SP4:apache2-mod_php7-7.4.33-150400.4.16.1

SUSE Linux Enterprise Module for Legacy 15 SP4:php7-7.4.33-150400.4.16.1

SUSE Linux Enterprise Module for Legacy 15 SP4:php7-bcmath-7.4.33-150400.4.16.1

SUSE Linux Enterprise Module for Legacy 15 SP4:php7-bz2-7.4.33-150400.4.16.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-31631.html
CVE-2022-31631
https://bugzilla.suse.com/1206958
SUSE Bug 1206958

SUSE-SU-2023:0073-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Legacy 15 SP4

SUSE Linux Enterprise Module for Package Hub 15 SP4

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2022-31631

Описание

Затронутые продукты

Ссылки