SUSE-SU-2023:0074-1

Опубликовано: 11 янв. 2023

Источник: suse-cvrf

Описание

Security update for php8

This update for php8 fixes the following issues:

Updated to version 8.0.27:
- CVE-2022-31631: Fixed an issue where PDO::quote would return an unquoted string (bsc#1206958).

Non-security fixes:

Fixed a NULL pointer dereference with -w/-s options.
Fixed a crash in Generator when interrupted during argument evaluation with extra named params.
Fixed a crash in Generator when memory limit was exceeded during initialization.
Fixed a memory leak in Generator when interrupted during argument evaluation.
Fixed an issue in the DateTimeZone constructor where an extra null byte could be added to the input.
Fixed a hang in SaltStack when using php-fpm 8.1.11.
Fixed mysqli_query warnings being shown despite using silenced error mode.
Fixed a NULL pointer dereference when serializing a SOAP response call.

Список пакетов

Container bci/php-apache:8

apache2-mod_php8-8.0.27-150400.4.23.1

php8-8.0.27-150400.4.23.1

php8-cli-8.0.27-150400.4.23.1

php8-curl-8.0.27-150400.4.23.1

php8-mbstring-8.0.27-150400.4.23.1

php8-openssl-8.0.27-150400.4.23.1

php8-phar-8.0.27-150400.4.23.1

php8-zip-8.0.27-150400.4.23.1

php8-zlib-8.0.27-150400.4.23.1

Container bci/php-apache:latest

apache2-mod_php8-8.0.27-150400.4.23.1

php8-8.0.27-150400.4.23.1

php8-cli-8.0.27-150400.4.23.1

php8-curl-8.0.27-150400.4.23.1

php8-mbstring-8.0.27-150400.4.23.1

php8-openssl-8.0.27-150400.4.23.1

php8-phar-8.0.27-150400.4.23.1

php8-zip-8.0.27-150400.4.23.1

php8-zlib-8.0.27-150400.4.23.1

Container bci/php-fpm:8

php8-8.0.27-150400.4.23.1

php8-cli-8.0.27-150400.4.23.1

php8-curl-8.0.27-150400.4.23.1

php8-fpm-8.0.27-150400.4.23.1

php8-mbstring-8.0.27-150400.4.23.1

php8-openssl-8.0.27-150400.4.23.1

php8-phar-8.0.27-150400.4.23.1

php8-zip-8.0.27-150400.4.23.1

php8-zlib-8.0.27-150400.4.23.1

Container bci/php-fpm:latest

php8-8.0.27-150400.4.23.1

php8-cli-8.0.27-150400.4.23.1

php8-curl-8.0.27-150400.4.23.1

php8-fpm-8.0.27-150400.4.23.1

php8-mbstring-8.0.27-150400.4.23.1

php8-openssl-8.0.27-150400.4.23.1

php8-phar-8.0.27-150400.4.23.1

php8-zip-8.0.27-150400.4.23.1

php8-zlib-8.0.27-150400.4.23.1

Container bci/php:8

php8-8.0.27-150400.4.23.1

php8-cli-8.0.27-150400.4.23.1

php8-curl-8.0.27-150400.4.23.1

php8-mbstring-8.0.27-150400.4.23.1

php8-openssl-8.0.27-150400.4.23.1

php8-phar-8.0.27-150400.4.23.1

php8-zip-8.0.27-150400.4.23.1

php8-zlib-8.0.27-150400.4.23.1

Container bci/php:latest

php8-8.0.27-150400.4.23.1

php8-cli-8.0.27-150400.4.23.1

php8-curl-8.0.27-150400.4.23.1

php8-mbstring-8.0.27-150400.4.23.1

php8-openssl-8.0.27-150400.4.23.1

php8-phar-8.0.27-150400.4.23.1

php8-readline-8.0.27-150400.4.23.1

php8-zip-8.0.27-150400.4.23.1

php8-zlib-8.0.27-150400.4.23.1

SUSE Linux Enterprise Module for Web and Scripting 15 SP4

apache2-mod_php8-8.0.27-150400.4.23.1

php8-8.0.27-150400.4.23.1

php8-bcmath-8.0.27-150400.4.23.1

php8-bz2-8.0.27-150400.4.23.1

php8-calendar-8.0.27-150400.4.23.1

php8-cli-8.0.27-150400.4.23.1

php8-ctype-8.0.27-150400.4.23.1

php8-curl-8.0.27-150400.4.23.1

php8-dba-8.0.27-150400.4.23.1

php8-devel-8.0.27-150400.4.23.1

php8-dom-8.0.27-150400.4.23.1

php8-embed-8.0.27-150400.4.23.1

php8-enchant-8.0.27-150400.4.23.1

php8-exif-8.0.27-150400.4.23.1

php8-fastcgi-8.0.27-150400.4.23.1

php8-fileinfo-8.0.27-150400.4.23.1

php8-fpm-8.0.27-150400.4.23.1

php8-ftp-8.0.27-150400.4.23.1

php8-gd-8.0.27-150400.4.23.1

php8-gettext-8.0.27-150400.4.23.1

php8-gmp-8.0.27-150400.4.23.1

php8-iconv-8.0.27-150400.4.23.1

php8-intl-8.0.27-150400.4.23.1

php8-ldap-8.0.27-150400.4.23.1

php8-mbstring-8.0.27-150400.4.23.1

php8-mysql-8.0.27-150400.4.23.1

php8-odbc-8.0.27-150400.4.23.1

php8-opcache-8.0.27-150400.4.23.1

php8-openssl-8.0.27-150400.4.23.1

php8-pcntl-8.0.27-150400.4.23.1

php8-pdo-8.0.27-150400.4.23.1

php8-pgsql-8.0.27-150400.4.23.1

php8-phar-8.0.27-150400.4.23.1

php8-posix-8.0.27-150400.4.23.1

php8-readline-8.0.27-150400.4.23.1

php8-shmop-8.0.27-150400.4.23.1

php8-snmp-8.0.27-150400.4.23.1

php8-soap-8.0.27-150400.4.23.1

php8-sockets-8.0.27-150400.4.23.1

php8-sodium-8.0.27-150400.4.23.1

php8-sqlite-8.0.27-150400.4.23.1

php8-sysvmsg-8.0.27-150400.4.23.1

php8-sysvsem-8.0.27-150400.4.23.1

php8-sysvshm-8.0.27-150400.4.23.1

php8-test-8.0.27-150400.4.23.1

php8-tidy-8.0.27-150400.4.23.1

php8-tokenizer-8.0.27-150400.4.23.1

php8-xmlreader-8.0.27-150400.4.23.1

php8-xmlwriter-8.0.27-150400.4.23.1

php8-xsl-8.0.27-150400.4.23.1

php8-zip-8.0.27-150400.4.23.1

php8-zlib-8.0.27-150400.4.23.1

openSUSE Leap 15.4

apache2-mod_php8-8.0.27-150400.4.23.1

php8-8.0.27-150400.4.23.1

php8-bcmath-8.0.27-150400.4.23.1

php8-bz2-8.0.27-150400.4.23.1

php8-calendar-8.0.27-150400.4.23.1

php8-cli-8.0.27-150400.4.23.1

php8-ctype-8.0.27-150400.4.23.1

php8-curl-8.0.27-150400.4.23.1

php8-dba-8.0.27-150400.4.23.1

php8-devel-8.0.27-150400.4.23.1

php8-dom-8.0.27-150400.4.23.1

php8-embed-8.0.27-150400.4.23.1

php8-enchant-8.0.27-150400.4.23.1

php8-exif-8.0.27-150400.4.23.1

php8-fastcgi-8.0.27-150400.4.23.1

php8-fileinfo-8.0.27-150400.4.23.1

php8-fpm-8.0.27-150400.4.23.1

php8-ftp-8.0.27-150400.4.23.1

php8-gd-8.0.27-150400.4.23.1

php8-gettext-8.0.27-150400.4.23.1

php8-gmp-8.0.27-150400.4.23.1

php8-iconv-8.0.27-150400.4.23.1

php8-intl-8.0.27-150400.4.23.1

php8-ldap-8.0.27-150400.4.23.1

php8-mbstring-8.0.27-150400.4.23.1

php8-mysql-8.0.27-150400.4.23.1

php8-odbc-8.0.27-150400.4.23.1

php8-opcache-8.0.27-150400.4.23.1

php8-openssl-8.0.27-150400.4.23.1

php8-pcntl-8.0.27-150400.4.23.1

php8-pdo-8.0.27-150400.4.23.1

php8-pgsql-8.0.27-150400.4.23.1

php8-phar-8.0.27-150400.4.23.1

php8-posix-8.0.27-150400.4.23.1

php8-readline-8.0.27-150400.4.23.1

php8-shmop-8.0.27-150400.4.23.1

php8-snmp-8.0.27-150400.4.23.1

php8-soap-8.0.27-150400.4.23.1

php8-sockets-8.0.27-150400.4.23.1

php8-sodium-8.0.27-150400.4.23.1

php8-sqlite-8.0.27-150400.4.23.1

php8-sysvmsg-8.0.27-150400.4.23.1

php8-sysvsem-8.0.27-150400.4.23.1

php8-sysvshm-8.0.27-150400.4.23.1

php8-test-8.0.27-150400.4.23.1

php8-tidy-8.0.27-150400.4.23.1

php8-tokenizer-8.0.27-150400.4.23.1

php8-xmlreader-8.0.27-150400.4.23.1

php8-xmlwriter-8.0.27-150400.4.23.1

php8-xsl-8.0.27-150400.4.23.1

php8-zip-8.0.27-150400.4.23.1

php8-zlib-8.0.27-150400.4.23.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20230074-1/
Link for SUSE-SU-2023:0074-1
https://lists.suse.com/pipermail/sle-security-updates/2023-January/013457.html
E-Mail link for SUSE-SU-2023:0074-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1206958
SUSE Bug 1206958
https://www.suse.com/security/cve/CVE-2022-31631/
SUSE CVE CVE-2022-31631 page

Описание

In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities.

Затронутые продукты

Container bci/php-apache:8:apache2-mod_php8-8.0.27-150400.4.23.1

Container bci/php-apache:8:php8-8.0.27-150400.4.23.1

Container bci/php-apache:8:php8-cli-8.0.27-150400.4.23.1

Container bci/php-apache:8:php8-curl-8.0.27-150400.4.23.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-31631.html
CVE-2022-31631
https://bugzilla.suse.com/1206958
SUSE Bug 1206958

SUSE-SU-2023:0074-1

Описание

Список пакетов

Container bci/php-apache:8

Container bci/php-apache:latest

Container bci/php-fpm:8

Container bci/php-fpm:latest

Container bci/php:8

Container bci/php:latest

SUSE Linux Enterprise Module for Web and Scripting 15 SP4

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2022-31631

Описание

Затронутые продукты

Ссылки