SUSE-SU-2024:2027-1

Опубликовано: 13 июн. 2024

Источник: suse-cvrf

Описание

Security update for php8

This update for php8 fixes the following issues:

CVE-2024-5458: Fixed an issue that allows to bypass filters in filter_var FILTER_VALIDATE_URL. (bsc#1226073)

Список пакетов

SUSE Linux Enterprise Module for Web and Scripting 12

apache2-mod_php74-7.4.33-1.68.2

php74-7.4.33-1.68.2

php74-bcmath-7.4.33-1.68.2

php74-bz2-7.4.33-1.68.2

php74-calendar-7.4.33-1.68.2

php74-ctype-7.4.33-1.68.2

php74-curl-7.4.33-1.68.2

php74-dba-7.4.33-1.68.2

php74-dom-7.4.33-1.68.2

php74-enchant-7.4.33-1.68.2

php74-exif-7.4.33-1.68.2

php74-fastcgi-7.4.33-1.68.2

php74-fileinfo-7.4.33-1.68.2

php74-fpm-7.4.33-1.68.2

php74-ftp-7.4.33-1.68.2

php74-gd-7.4.33-1.68.2

php74-gettext-7.4.33-1.68.2

php74-gmp-7.4.33-1.68.2

php74-iconv-7.4.33-1.68.2

php74-intl-7.4.33-1.68.2

php74-json-7.4.33-1.68.2

php74-ldap-7.4.33-1.68.2

php74-mbstring-7.4.33-1.68.2

php74-mysql-7.4.33-1.68.2

php74-odbc-7.4.33-1.68.2

php74-opcache-7.4.33-1.68.2

php74-openssl-7.4.33-1.68.2

php74-pcntl-7.4.33-1.68.2

php74-pdo-7.4.33-1.68.2

php74-pgsql-7.4.33-1.68.2

php74-phar-7.4.33-1.68.2

php74-posix-7.4.33-1.68.2

php74-readline-7.4.33-1.68.2

php74-shmop-7.4.33-1.68.2

php74-snmp-7.4.33-1.68.2

php74-soap-7.4.33-1.68.2

php74-sockets-7.4.33-1.68.2

php74-sodium-7.4.33-1.68.2

php74-sqlite-7.4.33-1.68.2

php74-sysvmsg-7.4.33-1.68.2

php74-sysvsem-7.4.33-1.68.2

php74-sysvshm-7.4.33-1.68.2

php74-tidy-7.4.33-1.68.2

php74-tokenizer-7.4.33-1.68.2

php74-xmlreader-7.4.33-1.68.2

php74-xmlrpc-7.4.33-1.68.2

php74-xmlwriter-7.4.33-1.68.2

php74-xsl-7.4.33-1.68.2

php74-zip-7.4.33-1.68.2

php74-zlib-7.4.33-1.68.2

SUSE Linux Enterprise Software Development Kit 12 SP5

php74-devel-7.4.33-1.68.2

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20242027-1/
Link for SUSE-SU-2024:2027-1
https://lists.suse.com/pipermail/sle-updates/2024-June/035584.html
E-Mail link for SUSE-SU-2024:2027-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1226073
SUSE Bug 1226073
https://www.suse.com/security/cve/CVE-2024-5458/
SUSE CVE CVE-2024-5458 page

Описание

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly.

Затронутые продукты

SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php74-7.4.33-1.68.2

SUSE Linux Enterprise Module for Web and Scripting 12:php74-7.4.33-1.68.2

SUSE Linux Enterprise Module for Web and Scripting 12:php74-bcmath-7.4.33-1.68.2

SUSE Linux Enterprise Module for Web and Scripting 12:php74-bz2-7.4.33-1.68.2

Ссылки

https://www.suse.com/security/cve/CVE-2024-5458.html
CVE-2024-5458
https://bugzilla.suse.com/1226072
SUSE Bug 1226072
https://bugzilla.suse.com/1226073
SUSE Bug 1226073
https://bugzilla.suse.com/1226074
SUSE Bug 1226074

SUSE-SU-2024:2027-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Web and Scripting 12

SUSE Linux Enterprise Software Development Kit 12 SP5

Ссылки

Уязвимость: CVE-2024-5458

Описание

Затронутые продукты

Ссылки