Lucene search

K
suseSuseSUSE-SU-2022:3661-1
HistoryOct 19, 2022 - 12:00 a.m.

Security update for php8 (important)

2022-10-1900:00:00
lists.opensuse.org
20
php8
update
vulnerability
feature
cve-2021-21703
cve-2022-31628
cve-2022-31629
security
suse
patch
sle-23639
sle-24723
bsc-1192050
bsc-1203867
bsc-1203870
recursion
cookie
gzip

EPSS

0.006

Percentile

79.3%

An update that solves three vulnerabilities, contains two
features and has one errata is now available.

Description:

This update for php8 fixes the following issues:

  • php8 was updated to version 8.0.24
  • php8 was updated to version 8.0.23 (jsc#SLE-23639).
  • CVE-2021-21703: Fixed a local privilege escalation via PHP-FPM.
    (bsc#1192050)
  • CVE-2022-31628: Fixed an uncontrolled recursion in the phar uncompressor
    while decompressing “quines” gzip files. (bsc#1203867)
  • CVE-2022-31629: Fixed a bug which could lead an attacker to set an
    insecure cookie that will treated as secure in the victim’s browser.
    (bsc#1203870)
  • Fixed missing devel package requires pear and pecl extensions
    (jsc#SLE-24723, bsc#1200772).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.4:

    zypper in -t patch openSUSE-SLE-15.4-2022-3661=1

  • SUSE Linux Enterprise Module for Web Scripting 15-SP4:

    zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2022-3661=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.4aarch64< - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):.aarch64.rpm
openSUSE Leap15.4ppc64le< - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):.ppc64le.rpm
openSUSE Leap15.4s390x< - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):.s390x.rpm
openSUSE Leap15.4x86_64< - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):.x86_64.rpm
SUSE Linux Enterprise Module for Web Scripting 15SP4aarch64<  SUSE Linux Enterprise Module for Web Scripting 15-SP4 (aarch64 ppc64le s390x x86_64):- SUSE Linux Enterprise Module for Web Scripting 15-SP4 (aarch64 ppc64le s390x x86_64):.aarch64.rpm
SUSE Linux Enterprise Module for Web Scripting 15SP4ppc64le<  SUSE Linux Enterprise Module for Web Scripting 15-SP4 (aarch64 ppc64le s390x x86_64):- SUSE Linux Enterprise Module for Web Scripting 15-SP4 (aarch64 ppc64le s390x x86_64):.ppc64le.rpm
SUSE Linux Enterprise Module for Web Scripting 15SP4s390x<  SUSE Linux Enterprise Module for Web Scripting 15-SP4 (aarch64 ppc64le s390x x86_64):- SUSE Linux Enterprise Module for Web Scripting 15-SP4 (aarch64 ppc64le s390x x86_64):.s390x.rpm
SUSE Linux Enterprise Module for Web Scripting 15SP4x86_64<  SUSE Linux Enterprise Module for Web Scripting 15-SP4 (aarch64 ppc64le s390x x86_64):- SUSE Linux Enterprise Module for Web Scripting 15-SP4 (aarch64 ppc64le s390x x86_64):.x86_64.rpm