SUSE-SU-2024:2037-1

Опубликовано: 17 июн. 2024

Источник: suse-cvrf

Описание

Security update for php7

This update for php7 fixes the following issues:

CVE-2024-2756: Fixed bypass of security fix applied for CVE-2022-31629 that lead PHP to consider not secure cookies as secure (bsc#1222857)
CVE-2024-3096: Fixed bypass on null byte leading passwords checked via password_verify (bsc#1222858)
CVE-2024-5458: Fixed an issue that allows to bypass filters in filter_var FILTER_VALIDATE_URL. (bsc#1226073)

Список пакетов

SUSE Enterprise Storage 7.1

apache2-mod_php7-7.4.33-150200.3.65.1

php7-7.4.33-150200.3.65.1

php7-bcmath-7.4.33-150200.3.65.1

php7-bz2-7.4.33-150200.3.65.1

php7-calendar-7.4.33-150200.3.65.1

php7-ctype-7.4.33-150200.3.65.1

php7-curl-7.4.33-150200.3.65.1

php7-dba-7.4.33-150200.3.65.1

php7-devel-7.4.33-150200.3.65.1

php7-dom-7.4.33-150200.3.65.1

php7-enchant-7.4.33-150200.3.65.1

php7-exif-7.4.33-150200.3.65.1

php7-fastcgi-7.4.33-150200.3.65.1

php7-fileinfo-7.4.33-150200.3.65.1

php7-fpm-7.4.33-150200.3.65.1

php7-ftp-7.4.33-150200.3.65.1

php7-gd-7.4.33-150200.3.65.1

php7-gettext-7.4.33-150200.3.65.1

php7-gmp-7.4.33-150200.3.65.1

php7-iconv-7.4.33-150200.3.65.1

php7-intl-7.4.33-150200.3.65.1

php7-json-7.4.33-150200.3.65.1

php7-ldap-7.4.33-150200.3.65.1

php7-mbstring-7.4.33-150200.3.65.1

php7-mysql-7.4.33-150200.3.65.1

php7-odbc-7.4.33-150200.3.65.1

php7-opcache-7.4.33-150200.3.65.1

php7-openssl-7.4.33-150200.3.65.1

php7-pcntl-7.4.33-150200.3.65.1

php7-pdo-7.4.33-150200.3.65.1

php7-pgsql-7.4.33-150200.3.65.1

php7-phar-7.4.33-150200.3.65.1

php7-posix-7.4.33-150200.3.65.1

php7-readline-7.4.33-150200.3.65.1

php7-shmop-7.4.33-150200.3.65.1

php7-snmp-7.4.33-150200.3.65.1

php7-soap-7.4.33-150200.3.65.1

php7-sockets-7.4.33-150200.3.65.1

php7-sodium-7.4.33-150200.3.65.1

php7-sqlite-7.4.33-150200.3.65.1

php7-sysvmsg-7.4.33-150200.3.65.1

php7-sysvsem-7.4.33-150200.3.65.1

php7-sysvshm-7.4.33-150200.3.65.1

php7-tidy-7.4.33-150200.3.65.1

php7-tokenizer-7.4.33-150200.3.65.1

php7-xmlreader-7.4.33-150200.3.65.1

php7-xmlrpc-7.4.33-150200.3.65.1

php7-xmlwriter-7.4.33-150200.3.65.1

php7-xsl-7.4.33-150200.3.65.1

php7-zip-7.4.33-150200.3.65.1

php7-zlib-7.4.33-150200.3.65.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

apache2-mod_php7-7.4.33-150200.3.65.1

php7-7.4.33-150200.3.65.1

php7-bcmath-7.4.33-150200.3.65.1

php7-bz2-7.4.33-150200.3.65.1

php7-calendar-7.4.33-150200.3.65.1

php7-ctype-7.4.33-150200.3.65.1

php7-curl-7.4.33-150200.3.65.1

php7-dba-7.4.33-150200.3.65.1

php7-devel-7.4.33-150200.3.65.1

php7-dom-7.4.33-150200.3.65.1

php7-enchant-7.4.33-150200.3.65.1

php7-exif-7.4.33-150200.3.65.1

php7-fastcgi-7.4.33-150200.3.65.1

php7-fileinfo-7.4.33-150200.3.65.1

php7-fpm-7.4.33-150200.3.65.1

php7-ftp-7.4.33-150200.3.65.1

php7-gd-7.4.33-150200.3.65.1

php7-gettext-7.4.33-150200.3.65.1

php7-gmp-7.4.33-150200.3.65.1

php7-iconv-7.4.33-150200.3.65.1

php7-intl-7.4.33-150200.3.65.1

php7-json-7.4.33-150200.3.65.1

php7-ldap-7.4.33-150200.3.65.1

php7-mbstring-7.4.33-150200.3.65.1

php7-mysql-7.4.33-150200.3.65.1

php7-odbc-7.4.33-150200.3.65.1

php7-opcache-7.4.33-150200.3.65.1

php7-openssl-7.4.33-150200.3.65.1

php7-pcntl-7.4.33-150200.3.65.1

php7-pdo-7.4.33-150200.3.65.1

php7-pgsql-7.4.33-150200.3.65.1

php7-phar-7.4.33-150200.3.65.1

php7-posix-7.4.33-150200.3.65.1

php7-readline-7.4.33-150200.3.65.1

php7-shmop-7.4.33-150200.3.65.1

php7-snmp-7.4.33-150200.3.65.1

php7-soap-7.4.33-150200.3.65.1

php7-sockets-7.4.33-150200.3.65.1

php7-sodium-7.4.33-150200.3.65.1

php7-sqlite-7.4.33-150200.3.65.1

php7-sysvmsg-7.4.33-150200.3.65.1

php7-sysvsem-7.4.33-150200.3.65.1

php7-sysvshm-7.4.33-150200.3.65.1

php7-tidy-7.4.33-150200.3.65.1

php7-tokenizer-7.4.33-150200.3.65.1

php7-xmlreader-7.4.33-150200.3.65.1

php7-xmlrpc-7.4.33-150200.3.65.1

php7-xmlwriter-7.4.33-150200.3.65.1

php7-xsl-7.4.33-150200.3.65.1

php7-zip-7.4.33-150200.3.65.1

php7-zlib-7.4.33-150200.3.65.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

apache2-mod_php7-7.4.33-150200.3.65.1

php7-7.4.33-150200.3.65.1

php7-bcmath-7.4.33-150200.3.65.1

php7-bz2-7.4.33-150200.3.65.1

php7-calendar-7.4.33-150200.3.65.1

php7-ctype-7.4.33-150200.3.65.1

php7-curl-7.4.33-150200.3.65.1

php7-dba-7.4.33-150200.3.65.1

php7-devel-7.4.33-150200.3.65.1

php7-dom-7.4.33-150200.3.65.1

php7-enchant-7.4.33-150200.3.65.1

php7-exif-7.4.33-150200.3.65.1

php7-fastcgi-7.4.33-150200.3.65.1

php7-fileinfo-7.4.33-150200.3.65.1

php7-fpm-7.4.33-150200.3.65.1

php7-ftp-7.4.33-150200.3.65.1

php7-gd-7.4.33-150200.3.65.1

php7-gettext-7.4.33-150200.3.65.1

php7-gmp-7.4.33-150200.3.65.1

php7-iconv-7.4.33-150200.3.65.1

php7-intl-7.4.33-150200.3.65.1

php7-json-7.4.33-150200.3.65.1

php7-ldap-7.4.33-150200.3.65.1

php7-mbstring-7.4.33-150200.3.65.1

php7-mysql-7.4.33-150200.3.65.1

php7-odbc-7.4.33-150200.3.65.1

php7-opcache-7.4.33-150200.3.65.1

php7-openssl-7.4.33-150200.3.65.1

php7-pcntl-7.4.33-150200.3.65.1

php7-pdo-7.4.33-150200.3.65.1

php7-pgsql-7.4.33-150200.3.65.1

php7-phar-7.4.33-150200.3.65.1

php7-posix-7.4.33-150200.3.65.1

php7-readline-7.4.33-150200.3.65.1

php7-shmop-7.4.33-150200.3.65.1

php7-snmp-7.4.33-150200.3.65.1

php7-soap-7.4.33-150200.3.65.1

php7-sockets-7.4.33-150200.3.65.1

php7-sodium-7.4.33-150200.3.65.1

php7-sqlite-7.4.33-150200.3.65.1

php7-sysvmsg-7.4.33-150200.3.65.1

php7-sysvsem-7.4.33-150200.3.65.1

php7-sysvshm-7.4.33-150200.3.65.1

php7-tidy-7.4.33-150200.3.65.1

php7-tokenizer-7.4.33-150200.3.65.1

php7-xmlreader-7.4.33-150200.3.65.1

php7-xmlrpc-7.4.33-150200.3.65.1

php7-xmlwriter-7.4.33-150200.3.65.1

php7-xsl-7.4.33-150200.3.65.1

php7-zip-7.4.33-150200.3.65.1

php7-zlib-7.4.33-150200.3.65.1

SUSE Linux Enterprise Server 15 SP2-LTSS

apache2-mod_php7-7.4.33-150200.3.65.1

php7-7.4.33-150200.3.65.1

php7-bcmath-7.4.33-150200.3.65.1

php7-bz2-7.4.33-150200.3.65.1

php7-calendar-7.4.33-150200.3.65.1

php7-ctype-7.4.33-150200.3.65.1

php7-curl-7.4.33-150200.3.65.1

php7-dba-7.4.33-150200.3.65.1

php7-devel-7.4.33-150200.3.65.1

php7-dom-7.4.33-150200.3.65.1

php7-enchant-7.4.33-150200.3.65.1

php7-exif-7.4.33-150200.3.65.1

php7-fastcgi-7.4.33-150200.3.65.1

php7-fileinfo-7.4.33-150200.3.65.1

php7-fpm-7.4.33-150200.3.65.1

php7-ftp-7.4.33-150200.3.65.1

php7-gd-7.4.33-150200.3.65.1

php7-gettext-7.4.33-150200.3.65.1

php7-gmp-7.4.33-150200.3.65.1

php7-iconv-7.4.33-150200.3.65.1

php7-intl-7.4.33-150200.3.65.1

php7-json-7.4.33-150200.3.65.1

php7-ldap-7.4.33-150200.3.65.1

php7-mbstring-7.4.33-150200.3.65.1

php7-mysql-7.4.33-150200.3.65.1

php7-odbc-7.4.33-150200.3.65.1

php7-opcache-7.4.33-150200.3.65.1

php7-openssl-7.4.33-150200.3.65.1

php7-pcntl-7.4.33-150200.3.65.1

php7-pdo-7.4.33-150200.3.65.1

php7-pgsql-7.4.33-150200.3.65.1

php7-phar-7.4.33-150200.3.65.1

php7-posix-7.4.33-150200.3.65.1

php7-readline-7.4.33-150200.3.65.1

php7-shmop-7.4.33-150200.3.65.1

php7-snmp-7.4.33-150200.3.65.1

php7-soap-7.4.33-150200.3.65.1

php7-sockets-7.4.33-150200.3.65.1

php7-sodium-7.4.33-150200.3.65.1

php7-sqlite-7.4.33-150200.3.65.1

php7-sysvmsg-7.4.33-150200.3.65.1

php7-sysvsem-7.4.33-150200.3.65.1

php7-sysvshm-7.4.33-150200.3.65.1

php7-tidy-7.4.33-150200.3.65.1

php7-tokenizer-7.4.33-150200.3.65.1

php7-xmlreader-7.4.33-150200.3.65.1

php7-xmlrpc-7.4.33-150200.3.65.1

php7-xmlwriter-7.4.33-150200.3.65.1

php7-xsl-7.4.33-150200.3.65.1

php7-zip-7.4.33-150200.3.65.1

php7-zlib-7.4.33-150200.3.65.1

SUSE Linux Enterprise Server 15 SP3-LTSS

apache2-mod_php7-7.4.33-150200.3.65.1

php7-7.4.33-150200.3.65.1

php7-bcmath-7.4.33-150200.3.65.1

php7-bz2-7.4.33-150200.3.65.1

php7-calendar-7.4.33-150200.3.65.1

php7-ctype-7.4.33-150200.3.65.1

php7-curl-7.4.33-150200.3.65.1

php7-dba-7.4.33-150200.3.65.1

php7-devel-7.4.33-150200.3.65.1

php7-dom-7.4.33-150200.3.65.1

php7-enchant-7.4.33-150200.3.65.1

php7-exif-7.4.33-150200.3.65.1

php7-fastcgi-7.4.33-150200.3.65.1

php7-fileinfo-7.4.33-150200.3.65.1

php7-fpm-7.4.33-150200.3.65.1

php7-ftp-7.4.33-150200.3.65.1

php7-gd-7.4.33-150200.3.65.1

php7-gettext-7.4.33-150200.3.65.1

php7-gmp-7.4.33-150200.3.65.1

php7-iconv-7.4.33-150200.3.65.1

php7-intl-7.4.33-150200.3.65.1

php7-json-7.4.33-150200.3.65.1

php7-ldap-7.4.33-150200.3.65.1

php7-mbstring-7.4.33-150200.3.65.1

php7-mysql-7.4.33-150200.3.65.1

php7-odbc-7.4.33-150200.3.65.1

php7-opcache-7.4.33-150200.3.65.1

php7-openssl-7.4.33-150200.3.65.1

php7-pcntl-7.4.33-150200.3.65.1

php7-pdo-7.4.33-150200.3.65.1

php7-pgsql-7.4.33-150200.3.65.1

php7-phar-7.4.33-150200.3.65.1

php7-posix-7.4.33-150200.3.65.1

php7-readline-7.4.33-150200.3.65.1

php7-shmop-7.4.33-150200.3.65.1

php7-snmp-7.4.33-150200.3.65.1

php7-soap-7.4.33-150200.3.65.1

php7-sockets-7.4.33-150200.3.65.1

php7-sodium-7.4.33-150200.3.65.1

php7-sqlite-7.4.33-150200.3.65.1

php7-sysvmsg-7.4.33-150200.3.65.1

php7-sysvsem-7.4.33-150200.3.65.1

php7-sysvshm-7.4.33-150200.3.65.1

php7-tidy-7.4.33-150200.3.65.1

php7-tokenizer-7.4.33-150200.3.65.1

php7-xmlreader-7.4.33-150200.3.65.1

php7-xmlrpc-7.4.33-150200.3.65.1

php7-xmlwriter-7.4.33-150200.3.65.1

php7-xsl-7.4.33-150200.3.65.1

php7-zip-7.4.33-150200.3.65.1

php7-zlib-7.4.33-150200.3.65.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

apache2-mod_php7-7.4.33-150200.3.65.1

php7-7.4.33-150200.3.65.1

php7-bcmath-7.4.33-150200.3.65.1

php7-bz2-7.4.33-150200.3.65.1

php7-calendar-7.4.33-150200.3.65.1

php7-ctype-7.4.33-150200.3.65.1

php7-curl-7.4.33-150200.3.65.1

php7-dba-7.4.33-150200.3.65.1

php7-devel-7.4.33-150200.3.65.1

php7-dom-7.4.33-150200.3.65.1

php7-enchant-7.4.33-150200.3.65.1

php7-exif-7.4.33-150200.3.65.1

php7-fastcgi-7.4.33-150200.3.65.1

php7-fileinfo-7.4.33-150200.3.65.1

php7-fpm-7.4.33-150200.3.65.1

php7-ftp-7.4.33-150200.3.65.1

php7-gd-7.4.33-150200.3.65.1

php7-gettext-7.4.33-150200.3.65.1

php7-gmp-7.4.33-150200.3.65.1

php7-iconv-7.4.33-150200.3.65.1

php7-intl-7.4.33-150200.3.65.1

php7-json-7.4.33-150200.3.65.1

php7-ldap-7.4.33-150200.3.65.1

php7-mbstring-7.4.33-150200.3.65.1

php7-mysql-7.4.33-150200.3.65.1

php7-odbc-7.4.33-150200.3.65.1

php7-opcache-7.4.33-150200.3.65.1

php7-openssl-7.4.33-150200.3.65.1

php7-pcntl-7.4.33-150200.3.65.1

php7-pdo-7.4.33-150200.3.65.1

php7-pgsql-7.4.33-150200.3.65.1

php7-phar-7.4.33-150200.3.65.1

php7-posix-7.4.33-150200.3.65.1

php7-readline-7.4.33-150200.3.65.1

php7-shmop-7.4.33-150200.3.65.1

php7-snmp-7.4.33-150200.3.65.1

php7-soap-7.4.33-150200.3.65.1

php7-sockets-7.4.33-150200.3.65.1

php7-sodium-7.4.33-150200.3.65.1

php7-sqlite-7.4.33-150200.3.65.1

php7-sysvmsg-7.4.33-150200.3.65.1

php7-sysvsem-7.4.33-150200.3.65.1

php7-sysvshm-7.4.33-150200.3.65.1

php7-tidy-7.4.33-150200.3.65.1

php7-tokenizer-7.4.33-150200.3.65.1

php7-xmlreader-7.4.33-150200.3.65.1

php7-xmlrpc-7.4.33-150200.3.65.1

php7-xmlwriter-7.4.33-150200.3.65.1

php7-xsl-7.4.33-150200.3.65.1

php7-zip-7.4.33-150200.3.65.1

php7-zlib-7.4.33-150200.3.65.1

SUSE Linux Enterprise Server for SAP Applications 15 SP3

apache2-mod_php7-7.4.33-150200.3.65.1

php7-7.4.33-150200.3.65.1

php7-bcmath-7.4.33-150200.3.65.1

php7-bz2-7.4.33-150200.3.65.1

php7-calendar-7.4.33-150200.3.65.1

php7-ctype-7.4.33-150200.3.65.1

php7-curl-7.4.33-150200.3.65.1

php7-dba-7.4.33-150200.3.65.1

php7-devel-7.4.33-150200.3.65.1

php7-dom-7.4.33-150200.3.65.1

php7-enchant-7.4.33-150200.3.65.1

php7-exif-7.4.33-150200.3.65.1

php7-fastcgi-7.4.33-150200.3.65.1

php7-fileinfo-7.4.33-150200.3.65.1

php7-fpm-7.4.33-150200.3.65.1

php7-ftp-7.4.33-150200.3.65.1

php7-gd-7.4.33-150200.3.65.1

php7-gettext-7.4.33-150200.3.65.1

php7-gmp-7.4.33-150200.3.65.1

php7-iconv-7.4.33-150200.3.65.1

php7-intl-7.4.33-150200.3.65.1

php7-json-7.4.33-150200.3.65.1

php7-ldap-7.4.33-150200.3.65.1

php7-mbstring-7.4.33-150200.3.65.1

php7-mysql-7.4.33-150200.3.65.1

php7-odbc-7.4.33-150200.3.65.1

php7-opcache-7.4.33-150200.3.65.1

php7-openssl-7.4.33-150200.3.65.1

php7-pcntl-7.4.33-150200.3.65.1

php7-pdo-7.4.33-150200.3.65.1

php7-pgsql-7.4.33-150200.3.65.1

php7-phar-7.4.33-150200.3.65.1

php7-posix-7.4.33-150200.3.65.1

php7-readline-7.4.33-150200.3.65.1

php7-shmop-7.4.33-150200.3.65.1

php7-snmp-7.4.33-150200.3.65.1

php7-soap-7.4.33-150200.3.65.1

php7-sockets-7.4.33-150200.3.65.1

php7-sodium-7.4.33-150200.3.65.1

php7-sqlite-7.4.33-150200.3.65.1

php7-sysvmsg-7.4.33-150200.3.65.1

php7-sysvsem-7.4.33-150200.3.65.1

php7-sysvshm-7.4.33-150200.3.65.1

php7-tidy-7.4.33-150200.3.65.1

php7-tokenizer-7.4.33-150200.3.65.1

php7-xmlreader-7.4.33-150200.3.65.1

php7-xmlrpc-7.4.33-150200.3.65.1

php7-xmlwriter-7.4.33-150200.3.65.1

php7-xsl-7.4.33-150200.3.65.1

php7-zip-7.4.33-150200.3.65.1

php7-zlib-7.4.33-150200.3.65.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20242037-1/
Link for SUSE-SU-2024:2037-1
https://lists.suse.com/pipermail/sle-updates/2024-June/035602.html
E-Mail link for SUSE-SU-2024:2037-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1222857
SUSE Bug 1222857
https://bugzilla.suse.com/1222858
SUSE Bug 1222858
https://bugzilla.suse.com/1226073
SUSE Bug 1226073
https://www.suse.com/security/cve/CVE-2024-2756/
SUSE CVE CVE-2024-2756 page
https://www.suse.com/security/cve/CVE-2024-3096/
SUSE CVE CVE-2024-3096 page
https://www.suse.com/security/cve/CVE-2024-5458/
SUSE CVE CVE-2024-5458 page

Описание

Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications.

Затронутые продукты

SUSE Enterprise Storage 7.1:apache2-mod_php7-7.4.33-150200.3.65.1

SUSE Enterprise Storage 7.1:php7-7.4.33-150200.3.65.1

SUSE Enterprise Storage 7.1:php7-bcmath-7.4.33-150200.3.65.1

SUSE Enterprise Storage 7.1:php7-bz2-7.4.33-150200.3.65.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-2756.html
CVE-2024-2756
https://bugzilla.suse.com/1222857
SUSE Bug 1222857

Описание

In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true.

Затронутые продукты

SUSE Enterprise Storage 7.1:apache2-mod_php7-7.4.33-150200.3.65.1

SUSE Enterprise Storage 7.1:php7-7.4.33-150200.3.65.1

SUSE Enterprise Storage 7.1:php7-bcmath-7.4.33-150200.3.65.1

SUSE Enterprise Storage 7.1:php7-bz2-7.4.33-150200.3.65.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-3096.html
CVE-2024-3096
https://bugzilla.suse.com/1222858
SUSE Bug 1222858

Описание

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly.

Затронутые продукты

SUSE Enterprise Storage 7.1:apache2-mod_php7-7.4.33-150200.3.65.1

SUSE Enterprise Storage 7.1:php7-7.4.33-150200.3.65.1

SUSE Enterprise Storage 7.1:php7-bcmath-7.4.33-150200.3.65.1

SUSE Enterprise Storage 7.1:php7-bz2-7.4.33-150200.3.65.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-5458.html
CVE-2024-5458
https://bugzilla.suse.com/1226072
SUSE Bug 1226072
https://bugzilla.suse.com/1226073
SUSE Bug 1226073
https://bugzilla.suse.com/1226074
SUSE Bug 1226074

SUSE-SU-2024:2037-1

Описание

Список пакетов

SUSE Enterprise Storage 7.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

SUSE Linux Enterprise Server 15 SP2-LTSS

SUSE Linux Enterprise Server 15 SP3-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP2

SUSE Linux Enterprise Server for SAP Applications 15 SP3

Ссылки

Уязвимость: CVE-2024-2756

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2024-3096

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2024-5458

Описание

Затронутые продукты

Ссылки