Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

openSUSE 2023:0092-2 Critical PHP8 DoS Security Bulletin

opensuse
Calendar Grey January 12, 2023
Dist Opensuse Esm H88
SUSE announces significant php8 upgrade to fix severe vulnerability. Check out the official release notes for comprehensive information.
An update that fixes one vulnerability is now available.

Description

This update for php7 fixes the following issues:

- CVE-2022-31631: Fixed an issue where PDO::quote would return an unquoted

string (bsc#1206958).

Topics%20covered

Topics Covered

security advisory security issue update DoS important PHP openSUSE

Patch

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.4:

zypper in -t patch openSUSE-SLE-15.4-2023-84=1

- SUSE Linux Enterprise Server for SAP 15-SP1:

zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-84=1

- SUSE Linux Enterprise Server 15-SP1-LTSS:

zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-84=1

- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:

zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-84=1

- SUSE Enterprise Storage 6:

zypper in -t patch SUSE-Storage-6-2023-84=1

- SUSE CaaS Platform 4.0:

To install this update, use the SUSE CaaS Platform 'skuba' tool. It

will inform you if it detects new updates and let you then trigger

updating of the complete cluster in a controlled way.

Package List

- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):

php7-wddx-7.2.34-150000.4.106.1

php7-wddx-debuginfo-7.2.34-150000.4.106.1

- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):

apache2-mod_php7-7.2.34-150000.4.106.1

apache2-mod_php7-debuginfo-7.2.34-150000.4.106.1

php7-7.2.34-150000.4.106.1

php7-bcmath-7.2.34-150000.4.106.1

php7-bcmath-debuginfo-7.2.34-150000.4.106.1

php7-bz2-7.2.34-150000.4.106.1

php7-bz2-debuginfo-7.2.34-150000.4.106.1

php7-calendar-7.2.34-150000.4.106.1

php7-calendar-debuginfo-7.2.34-150000.4.106.1

php7-ctype-7.2.34-150000.4.106.1

php7-ctype-debuginfo-7.2.34-150000.4.106.1

php7-curl-7.2.34-150000.4.106.1

php7-curl-debuginfo-7.2.34-150000.4.106.1

php7-dba-7.2.34-150000.4.106.1

php7-dba-debuginfo-7.2.34-150000.4.106.1

php7-debuginfo-7.2.34-150000.4.106.1

php7-debugsource-7.2.34-150000.4.106.1

php7-devel-7.2.34-150000.4.106.1

php7-dom-7.2.34-150000.4.106.1

php7-dom-debuginfo-7.2.34-150000.4.106.1

php7-enchant-7.2.34-150000.4.106.1

php7-enchant-debuginfo-7.2.34-150000.4.106.1

php7-...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2022-31631.html

https://bugzilla.suse.com/1206958

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2023:0084-1
Rating: important
Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 openSUSE Leap 15.4

Topics%20covered

Topics Covered

security advisory security issue update DoS important PHP openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here