SUSE-SU-2023:0084-1

Опубликовано: 12 янв. 2023

Источник: suse-cvrf

Описание

Security update for php7

This update for php7 fixes the following issues:

CVE-2022-31631: Fixed an issue where PDO::quote would return an unquoted string (bsc#1206958).

Список пакетов

SUSE Enterprise Storage 6

apache2-mod_php7-7.2.34-150000.4.106.1

php7-7.2.34-150000.4.106.1

php7-bcmath-7.2.34-150000.4.106.1

php7-bz2-7.2.34-150000.4.106.1

php7-calendar-7.2.34-150000.4.106.1

php7-ctype-7.2.34-150000.4.106.1

php7-curl-7.2.34-150000.4.106.1

php7-dba-7.2.34-150000.4.106.1

php7-devel-7.2.34-150000.4.106.1

php7-dom-7.2.34-150000.4.106.1

php7-enchant-7.2.34-150000.4.106.1

php7-exif-7.2.34-150000.4.106.1

php7-fastcgi-7.2.34-150000.4.106.1

php7-fileinfo-7.2.34-150000.4.106.1

php7-fpm-7.2.34-150000.4.106.1

php7-ftp-7.2.34-150000.4.106.1

php7-gd-7.2.34-150000.4.106.1

php7-gettext-7.2.34-150000.4.106.1

php7-gmp-7.2.34-150000.4.106.1

php7-iconv-7.2.34-150000.4.106.1

php7-intl-7.2.34-150000.4.106.1

php7-json-7.2.34-150000.4.106.1

php7-ldap-7.2.34-150000.4.106.1

php7-mbstring-7.2.34-150000.4.106.1

php7-mysql-7.2.34-150000.4.106.1

php7-odbc-7.2.34-150000.4.106.1

php7-opcache-7.2.34-150000.4.106.1

php7-openssl-7.2.34-150000.4.106.1

php7-pcntl-7.2.34-150000.4.106.1

php7-pdo-7.2.34-150000.4.106.1

php7-pear-7.2.34-150000.4.106.1

php7-pear-Archive_Tar-7.2.34-150000.4.106.1

php7-pgsql-7.2.34-150000.4.106.1

php7-phar-7.2.34-150000.4.106.1

php7-posix-7.2.34-150000.4.106.1

php7-readline-7.2.34-150000.4.106.1

php7-shmop-7.2.34-150000.4.106.1

php7-snmp-7.2.34-150000.4.106.1

php7-soap-7.2.34-150000.4.106.1

php7-sockets-7.2.34-150000.4.106.1

php7-sodium-7.2.34-150000.4.106.1

php7-sqlite-7.2.34-150000.4.106.1

php7-sysvmsg-7.2.34-150000.4.106.1

php7-sysvsem-7.2.34-150000.4.106.1

php7-sysvshm-7.2.34-150000.4.106.1

php7-tidy-7.2.34-150000.4.106.1

php7-tokenizer-7.2.34-150000.4.106.1

php7-wddx-7.2.34-150000.4.106.1

php7-xmlreader-7.2.34-150000.4.106.1

php7-xmlrpc-7.2.34-150000.4.106.1

php7-xmlwriter-7.2.34-150000.4.106.1

php7-xsl-7.2.34-150000.4.106.1

php7-zip-7.2.34-150000.4.106.1

php7-zlib-7.2.34-150000.4.106.1

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

apache2-mod_php7-7.2.34-150000.4.106.1

php7-7.2.34-150000.4.106.1

php7-bcmath-7.2.34-150000.4.106.1

php7-bz2-7.2.34-150000.4.106.1

php7-calendar-7.2.34-150000.4.106.1

php7-ctype-7.2.34-150000.4.106.1

php7-curl-7.2.34-150000.4.106.1

php7-dba-7.2.34-150000.4.106.1

php7-devel-7.2.34-150000.4.106.1

php7-dom-7.2.34-150000.4.106.1

php7-enchant-7.2.34-150000.4.106.1

php7-exif-7.2.34-150000.4.106.1

php7-fastcgi-7.2.34-150000.4.106.1

php7-fileinfo-7.2.34-150000.4.106.1

php7-fpm-7.2.34-150000.4.106.1

php7-ftp-7.2.34-150000.4.106.1

php7-gd-7.2.34-150000.4.106.1

php7-gettext-7.2.34-150000.4.106.1

php7-gmp-7.2.34-150000.4.106.1

php7-iconv-7.2.34-150000.4.106.1

php7-intl-7.2.34-150000.4.106.1

php7-json-7.2.34-150000.4.106.1

php7-ldap-7.2.34-150000.4.106.1

php7-mbstring-7.2.34-150000.4.106.1

php7-mysql-7.2.34-150000.4.106.1

php7-odbc-7.2.34-150000.4.106.1

php7-opcache-7.2.34-150000.4.106.1

php7-openssl-7.2.34-150000.4.106.1

php7-pcntl-7.2.34-150000.4.106.1

php7-pdo-7.2.34-150000.4.106.1

php7-pear-7.2.34-150000.4.106.1

php7-pear-Archive_Tar-7.2.34-150000.4.106.1

php7-pgsql-7.2.34-150000.4.106.1

php7-phar-7.2.34-150000.4.106.1

php7-posix-7.2.34-150000.4.106.1

php7-readline-7.2.34-150000.4.106.1

php7-shmop-7.2.34-150000.4.106.1

php7-snmp-7.2.34-150000.4.106.1

php7-soap-7.2.34-150000.4.106.1

php7-sockets-7.2.34-150000.4.106.1

php7-sodium-7.2.34-150000.4.106.1

php7-sqlite-7.2.34-150000.4.106.1

php7-sysvmsg-7.2.34-150000.4.106.1

php7-sysvsem-7.2.34-150000.4.106.1

php7-sysvshm-7.2.34-150000.4.106.1

php7-tidy-7.2.34-150000.4.106.1

php7-tokenizer-7.2.34-150000.4.106.1

php7-wddx-7.2.34-150000.4.106.1

php7-xmlreader-7.2.34-150000.4.106.1

php7-xmlrpc-7.2.34-150000.4.106.1

php7-xmlwriter-7.2.34-150000.4.106.1

php7-xsl-7.2.34-150000.4.106.1

php7-zip-7.2.34-150000.4.106.1

php7-zlib-7.2.34-150000.4.106.1

SUSE Linux Enterprise Server 15 SP1-LTSS

apache2-mod_php7-7.2.34-150000.4.106.1

php7-7.2.34-150000.4.106.1

php7-bcmath-7.2.34-150000.4.106.1

php7-bz2-7.2.34-150000.4.106.1

php7-calendar-7.2.34-150000.4.106.1

php7-ctype-7.2.34-150000.4.106.1

php7-curl-7.2.34-150000.4.106.1

php7-dba-7.2.34-150000.4.106.1

php7-devel-7.2.34-150000.4.106.1

php7-dom-7.2.34-150000.4.106.1

php7-enchant-7.2.34-150000.4.106.1

php7-exif-7.2.34-150000.4.106.1

php7-fastcgi-7.2.34-150000.4.106.1

php7-fileinfo-7.2.34-150000.4.106.1

php7-fpm-7.2.34-150000.4.106.1

php7-ftp-7.2.34-150000.4.106.1

php7-gd-7.2.34-150000.4.106.1

php7-gettext-7.2.34-150000.4.106.1

php7-gmp-7.2.34-150000.4.106.1

php7-iconv-7.2.34-150000.4.106.1

php7-intl-7.2.34-150000.4.106.1

php7-json-7.2.34-150000.4.106.1

php7-ldap-7.2.34-150000.4.106.1

php7-mbstring-7.2.34-150000.4.106.1

php7-mysql-7.2.34-150000.4.106.1

php7-odbc-7.2.34-150000.4.106.1

php7-opcache-7.2.34-150000.4.106.1

php7-openssl-7.2.34-150000.4.106.1

php7-pcntl-7.2.34-150000.4.106.1

php7-pdo-7.2.34-150000.4.106.1

php7-pear-7.2.34-150000.4.106.1

php7-pear-Archive_Tar-7.2.34-150000.4.106.1

php7-pgsql-7.2.34-150000.4.106.1

php7-phar-7.2.34-150000.4.106.1

php7-posix-7.2.34-150000.4.106.1

php7-readline-7.2.34-150000.4.106.1

php7-shmop-7.2.34-150000.4.106.1

php7-snmp-7.2.34-150000.4.106.1

php7-soap-7.2.34-150000.4.106.1

php7-sockets-7.2.34-150000.4.106.1

php7-sodium-7.2.34-150000.4.106.1

php7-sqlite-7.2.34-150000.4.106.1

php7-sysvmsg-7.2.34-150000.4.106.1

php7-sysvsem-7.2.34-150000.4.106.1

php7-sysvshm-7.2.34-150000.4.106.1

php7-tidy-7.2.34-150000.4.106.1

php7-tokenizer-7.2.34-150000.4.106.1

php7-wddx-7.2.34-150000.4.106.1

php7-xmlreader-7.2.34-150000.4.106.1

php7-xmlrpc-7.2.34-150000.4.106.1

php7-xmlwriter-7.2.34-150000.4.106.1

php7-xsl-7.2.34-150000.4.106.1

php7-zip-7.2.34-150000.4.106.1

php7-zlib-7.2.34-150000.4.106.1

SUSE Linux Enterprise Server for SAP Applications 15 SP1

apache2-mod_php7-7.2.34-150000.4.106.1

php7-7.2.34-150000.4.106.1

php7-bcmath-7.2.34-150000.4.106.1

php7-bz2-7.2.34-150000.4.106.1

php7-calendar-7.2.34-150000.4.106.1

php7-ctype-7.2.34-150000.4.106.1

php7-curl-7.2.34-150000.4.106.1

php7-dba-7.2.34-150000.4.106.1

php7-devel-7.2.34-150000.4.106.1

php7-dom-7.2.34-150000.4.106.1

php7-enchant-7.2.34-150000.4.106.1

php7-exif-7.2.34-150000.4.106.1

php7-fastcgi-7.2.34-150000.4.106.1

php7-fileinfo-7.2.34-150000.4.106.1

php7-fpm-7.2.34-150000.4.106.1

php7-ftp-7.2.34-150000.4.106.1

php7-gd-7.2.34-150000.4.106.1

php7-gettext-7.2.34-150000.4.106.1

php7-gmp-7.2.34-150000.4.106.1

php7-iconv-7.2.34-150000.4.106.1

php7-intl-7.2.34-150000.4.106.1

php7-json-7.2.34-150000.4.106.1

php7-ldap-7.2.34-150000.4.106.1

php7-mbstring-7.2.34-150000.4.106.1

php7-mysql-7.2.34-150000.4.106.1

php7-odbc-7.2.34-150000.4.106.1

php7-opcache-7.2.34-150000.4.106.1

php7-openssl-7.2.34-150000.4.106.1

php7-pcntl-7.2.34-150000.4.106.1

php7-pdo-7.2.34-150000.4.106.1

php7-pear-7.2.34-150000.4.106.1

php7-pear-Archive_Tar-7.2.34-150000.4.106.1

php7-pgsql-7.2.34-150000.4.106.1

php7-phar-7.2.34-150000.4.106.1

php7-posix-7.2.34-150000.4.106.1

php7-readline-7.2.34-150000.4.106.1

php7-shmop-7.2.34-150000.4.106.1

php7-snmp-7.2.34-150000.4.106.1

php7-soap-7.2.34-150000.4.106.1

php7-sockets-7.2.34-150000.4.106.1

php7-sodium-7.2.34-150000.4.106.1

php7-sqlite-7.2.34-150000.4.106.1

php7-sysvmsg-7.2.34-150000.4.106.1

php7-sysvsem-7.2.34-150000.4.106.1

php7-sysvshm-7.2.34-150000.4.106.1

php7-tidy-7.2.34-150000.4.106.1

php7-tokenizer-7.2.34-150000.4.106.1

php7-wddx-7.2.34-150000.4.106.1

php7-xmlreader-7.2.34-150000.4.106.1

php7-xmlrpc-7.2.34-150000.4.106.1

php7-xmlwriter-7.2.34-150000.4.106.1

php7-xsl-7.2.34-150000.4.106.1

php7-zip-7.2.34-150000.4.106.1

php7-zlib-7.2.34-150000.4.106.1

openSUSE Leap 15.4

php7-wddx-7.2.34-150000.4.106.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20230084-1/
Link for SUSE-SU-2023:0084-1
https://lists.suse.com/pipermail/sle-security-updates/2023-January/013466.html
E-Mail link for SUSE-SU-2023:0084-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1206958
SUSE Bug 1206958
https://www.suse.com/security/cve/CVE-2022-31631/
SUSE CVE CVE-2022-31631 page

Описание

In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities.

Затронутые продукты

SUSE Enterprise Storage 6:apache2-mod_php7-7.2.34-150000.4.106.1

SUSE Enterprise Storage 6:php7-7.2.34-150000.4.106.1

SUSE Enterprise Storage 6:php7-bcmath-7.2.34-150000.4.106.1

SUSE Enterprise Storage 6:php7-bz2-7.2.34-150000.4.106.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-31631.html
CVE-2022-31631
https://bugzilla.suse.com/1206958
SUSE Bug 1206958

SUSE-SU-2023:0084-1

Описание

Список пакетов

SUSE Enterprise Storage 6

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

SUSE Linux Enterprise Server 15 SP1-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP1

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2022-31631

Описание

Затронутые продукты

Ссылки