SUSE-SU-2023:0527-1

Опубликовано: 27 фев. 2023

Источник: suse-cvrf

Описание

Security update for php8

This update for php8 fixes the following issues:

php8 was updated to version 8.0.28:

CVE-2023-0568: Fixed NULL byte off-by-one in php_check_specific_open_basedir (bnc#1208366).
CVE-2023-0662: Fixed DoS vulnerability when parsing multipart request body (bnc#1208367).

Список пакетов

Container bci/php-apache:8

apache2-mod_php8-8.0.28-150400.4.26.1

php8-8.0.28-150400.4.26.1

php8-cli-8.0.28-150400.4.26.1

php8-curl-8.0.28-150400.4.26.1

php8-mbstring-8.0.28-150400.4.26.1

php8-openssl-8.0.28-150400.4.26.1

php8-phar-8.0.28-150400.4.26.1

php8-zip-8.0.28-150400.4.26.1

php8-zlib-8.0.28-150400.4.26.1

Container bci/php-apache:latest

apache2-mod_php8-8.0.28-150400.4.26.1

php8-8.0.28-150400.4.26.1

php8-cli-8.0.28-150400.4.26.1

php8-curl-8.0.28-150400.4.26.1

php8-mbstring-8.0.28-150400.4.26.1

php8-openssl-8.0.28-150400.4.26.1

php8-phar-8.0.28-150400.4.26.1

php8-zip-8.0.28-150400.4.26.1

php8-zlib-8.0.28-150400.4.26.1

Container bci/php-fpm:8

php8-8.0.28-150400.4.26.1

php8-cli-8.0.28-150400.4.26.1

php8-curl-8.0.28-150400.4.26.1

php8-fpm-8.0.28-150400.4.26.1

php8-mbstring-8.0.28-150400.4.26.1

php8-openssl-8.0.28-150400.4.26.1

php8-phar-8.0.28-150400.4.26.1

php8-zip-8.0.28-150400.4.26.1

php8-zlib-8.0.28-150400.4.26.1

Container bci/php-fpm:latest

php8-8.0.28-150400.4.26.1

php8-cli-8.0.28-150400.4.26.1

php8-curl-8.0.28-150400.4.26.1

php8-fpm-8.0.28-150400.4.26.1

php8-mbstring-8.0.28-150400.4.26.1

php8-openssl-8.0.28-150400.4.26.1

php8-phar-8.0.28-150400.4.26.1

php8-zip-8.0.28-150400.4.26.1

php8-zlib-8.0.28-150400.4.26.1

Container bci/php:8

php8-8.0.28-150400.4.26.1

php8-cli-8.0.28-150400.4.26.1

php8-curl-8.0.28-150400.4.26.1

php8-mbstring-8.0.28-150400.4.26.1

php8-openssl-8.0.28-150400.4.26.1

php8-phar-8.0.28-150400.4.26.1

php8-zip-8.0.28-150400.4.26.1

php8-zlib-8.0.28-150400.4.26.1

Container bci/php:latest

php8-8.0.28-150400.4.26.1

php8-cli-8.0.28-150400.4.26.1

php8-curl-8.0.28-150400.4.26.1

php8-mbstring-8.0.28-150400.4.26.1

php8-openssl-8.0.28-150400.4.26.1

php8-phar-8.0.28-150400.4.26.1

php8-readline-8.0.28-150400.4.26.1

php8-zip-8.0.28-150400.4.26.1

php8-zlib-8.0.28-150400.4.26.1

SUSE Linux Enterprise Module for Web and Scripting 15 SP4

apache2-mod_php8-8.0.28-150400.4.26.1

php8-8.0.28-150400.4.26.1

php8-bcmath-8.0.28-150400.4.26.1

php8-bz2-8.0.28-150400.4.26.1

php8-calendar-8.0.28-150400.4.26.1

php8-cli-8.0.28-150400.4.26.1

php8-ctype-8.0.28-150400.4.26.1

php8-curl-8.0.28-150400.4.26.1

php8-dba-8.0.28-150400.4.26.1

php8-devel-8.0.28-150400.4.26.1

php8-dom-8.0.28-150400.4.26.1

php8-embed-8.0.28-150400.4.26.1

php8-enchant-8.0.28-150400.4.26.1

php8-exif-8.0.28-150400.4.26.1

php8-fastcgi-8.0.28-150400.4.26.1

php8-fileinfo-8.0.28-150400.4.26.1

php8-fpm-8.0.28-150400.4.26.1

php8-ftp-8.0.28-150400.4.26.1

php8-gd-8.0.28-150400.4.26.1

php8-gettext-8.0.28-150400.4.26.1

php8-gmp-8.0.28-150400.4.26.1

php8-iconv-8.0.28-150400.4.26.1

php8-intl-8.0.28-150400.4.26.1

php8-ldap-8.0.28-150400.4.26.1

php8-mbstring-8.0.28-150400.4.26.1

php8-mysql-8.0.28-150400.4.26.1

php8-odbc-8.0.28-150400.4.26.1

php8-opcache-8.0.28-150400.4.26.1

php8-openssl-8.0.28-150400.4.26.1

php8-pcntl-8.0.28-150400.4.26.1

php8-pdo-8.0.28-150400.4.26.1

php8-pgsql-8.0.28-150400.4.26.1

php8-phar-8.0.28-150400.4.26.1

php8-posix-8.0.28-150400.4.26.1

php8-readline-8.0.28-150400.4.26.1

php8-shmop-8.0.28-150400.4.26.1

php8-snmp-8.0.28-150400.4.26.1

php8-soap-8.0.28-150400.4.26.1

php8-sockets-8.0.28-150400.4.26.1

php8-sodium-8.0.28-150400.4.26.1

php8-sqlite-8.0.28-150400.4.26.1

php8-sysvmsg-8.0.28-150400.4.26.1

php8-sysvsem-8.0.28-150400.4.26.1

php8-sysvshm-8.0.28-150400.4.26.1

php8-test-8.0.28-150400.4.26.1

php8-tidy-8.0.28-150400.4.26.1

php8-tokenizer-8.0.28-150400.4.26.1

php8-xmlreader-8.0.28-150400.4.26.1

php8-xmlwriter-8.0.28-150400.4.26.1

php8-xsl-8.0.28-150400.4.26.1

php8-zip-8.0.28-150400.4.26.1

php8-zlib-8.0.28-150400.4.26.1

openSUSE Leap 15.4

apache2-mod_php8-8.0.28-150400.4.26.1

php8-8.0.28-150400.4.26.1

php8-bcmath-8.0.28-150400.4.26.1

php8-bz2-8.0.28-150400.4.26.1

php8-calendar-8.0.28-150400.4.26.1

php8-cli-8.0.28-150400.4.26.1

php8-ctype-8.0.28-150400.4.26.1

php8-curl-8.0.28-150400.4.26.1

php8-dba-8.0.28-150400.4.26.1

php8-devel-8.0.28-150400.4.26.1

php8-dom-8.0.28-150400.4.26.1

php8-embed-8.0.28-150400.4.26.1

php8-enchant-8.0.28-150400.4.26.1

php8-exif-8.0.28-150400.4.26.1

php8-fastcgi-8.0.28-150400.4.26.1

php8-fileinfo-8.0.28-150400.4.26.1

php8-fpm-8.0.28-150400.4.26.1

php8-ftp-8.0.28-150400.4.26.1

php8-gd-8.0.28-150400.4.26.1

php8-gettext-8.0.28-150400.4.26.1

php8-gmp-8.0.28-150400.4.26.1

php8-iconv-8.0.28-150400.4.26.1

php8-intl-8.0.28-150400.4.26.1

php8-ldap-8.0.28-150400.4.26.1

php8-mbstring-8.0.28-150400.4.26.1

php8-mysql-8.0.28-150400.4.26.1

php8-odbc-8.0.28-150400.4.26.1

php8-opcache-8.0.28-150400.4.26.1

php8-openssl-8.0.28-150400.4.26.1

php8-pcntl-8.0.28-150400.4.26.1

php8-pdo-8.0.28-150400.4.26.1

php8-pgsql-8.0.28-150400.4.26.1

php8-phar-8.0.28-150400.4.26.1

php8-posix-8.0.28-150400.4.26.1

php8-readline-8.0.28-150400.4.26.1

php8-shmop-8.0.28-150400.4.26.1

php8-snmp-8.0.28-150400.4.26.1

php8-soap-8.0.28-150400.4.26.1

php8-sockets-8.0.28-150400.4.26.1

php8-sodium-8.0.28-150400.4.26.1

php8-sqlite-8.0.28-150400.4.26.1

php8-sysvmsg-8.0.28-150400.4.26.1

php8-sysvsem-8.0.28-150400.4.26.1

php8-sysvshm-8.0.28-150400.4.26.1

php8-test-8.0.28-150400.4.26.1

php8-tidy-8.0.28-150400.4.26.1

php8-tokenizer-8.0.28-150400.4.26.1

php8-xmlreader-8.0.28-150400.4.26.1

php8-xmlwriter-8.0.28-150400.4.26.1

php8-xsl-8.0.28-150400.4.26.1

php8-zip-8.0.28-150400.4.26.1

php8-zlib-8.0.28-150400.4.26.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20230527-1/
Link for SUSE-SU-2023:0527-1
https://lists.suse.com/pipermail/sle-security-updates/2023-February/013897.html
E-Mail link for SUSE-SU-2023:0527-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1208366
SUSE Bug 1208366
https://bugzilla.suse.com/1208367
SUSE Bug 1208367
https://www.suse.com/security/cve/CVE-2023-0568/
SUSE CVE CVE-2023-0568 page
https://www.suse.com/security/cve/CVE-2023-0662/
SUSE CVE CVE-2023-0662 page

Описание

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.

Затронутые продукты

Container bci/php-apache:8:apache2-mod_php8-8.0.28-150400.4.26.1

Container bci/php-apache:8:php8-8.0.28-150400.4.26.1

Container bci/php-apache:8:php8-cli-8.0.28-150400.4.26.1

Container bci/php-apache:8:php8-curl-8.0.28-150400.4.26.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-0568.html
CVE-2023-0568
https://bugzilla.suse.com/1208366
SUSE Bug 1208366

Описание

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space.

Затронутые продукты

Container bci/php-apache:8:apache2-mod_php8-8.0.28-150400.4.26.1

Container bci/php-apache:8:php8-8.0.28-150400.4.26.1

Container bci/php-apache:8:php8-cli-8.0.28-150400.4.26.1

Container bci/php-apache:8:php8-curl-8.0.28-150400.4.26.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-0662.html
CVE-2023-0662
https://bugzilla.suse.com/1208367
SUSE Bug 1208367

SUSE-SU-2023:0527-1

Описание

Список пакетов

Container bci/php-apache:8

Container bci/php-apache:latest

Container bci/php-fpm:8

Container bci/php-fpm:latest

Container bci/php:8

Container bci/php:latest

SUSE Linux Enterprise Module for Web and Scripting 15 SP4

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2023-0568

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-0662

Описание

Затронутые продукты

Ссылки