Описание
Security update for php7
This update for php7 fixes the following issues:
- CVE-2021-21703: Fixed local privilege escalation via PHP-FPM (bsc#1192050).
- CVE-2021-21707: Fixed special character breaks path in xml parsing (bsc#1193041).
- CVE-2017-8923: Fixed denial of service (application crash) when using .= with a long string (zend_string_extend func in Zend/zend_string.h) (bsc#1038980).
- CVE-2015-9253: Fixed endless loop when the master process restarts a child process using program execution functions (bsc#1081790).
Список пакетов
openSUSE Leap 15.4
Ссылки
- E-Mail link for openSUSE-SU-2022:0679-1
- SUSE Security Ratings
- SUSE Bug 1038980
- SUSE Bug 1081790
- SUSE Bug 1192050
- SUSE Bug 1193041
- SUSE CVE CVE-2015-9253 page
- SUSE CVE CVE-2017-8923 page
- SUSE CVE CVE-2021-21703 page
- SUSE CVE CVE-2021-21707 page
Описание
An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this master process to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility.
Затронутые продукты
Ссылки
- CVE-2015-9253
- SUSE Bug 1081790
Описание
The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.
Затронутые продукты
Ссылки
- CVE-2017-8923
- SUSE Bug 1038980
Описание
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.
Затронутые продукты
Ссылки
- CVE-2021-21703
- SUSE Bug 1192050
Описание
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.
Затронутые продукты
Ссылки
- CVE-2021-21707
- SUSE Bug 1193041