openSUSE: 2024:4146-1 moderate: php7 Advisory Security Update
opensuse
December 3, 2024
An update that solves three vulnerabilities can now be installed.
Description
This update for php7 fixes the following issues:
* CVE-2024-11233: Single byte overread with convert.quoted-printable-decode
filter (bsc#1233702).
* CVE-2024-11234: Configuring a proxy in a stream context might allow for CRLF
injection in URIs (bsc#1233703).
* CVE-2024-8929: Leak partial content of the heap through heap buffer over-
read (bsc#1233651).
Topics Covered
Patch
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-4146=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-4146=1
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-4146=1
* Legacy Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2024-4146=1
* Legacy Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2024-4146=1
* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-4146=1
* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-4146=1
Package List
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* php7-tokenizer-7.4.33-150400.4.43.1
* php7-snmp-7.4.33-150400.4.43.1
* php7-zlib-debuginfo-7.4.33-150400.4.43.1
* php7-sysvmsg-debuginfo-7.4.33-150400.4.43.1
* php7-sysvsem-debuginfo-7.4.33-150400.4.43.1
* php7-intl-7.4.33-150400.4.43.1
* php7-enchant-debuginfo-7.4.33-150400.4.43.1
* php7-xmlreader-debuginfo-7.4.33-150400.4.43.1
* php7-sysvshm-7.4.33-150400.4.43.1
* php7-iconv-debuginfo-7.4.33-150400.4.43.1
* php7-sqlite-debuginfo-7.4.33-150400.4.43.1
* php7-embed-7.4.33-150400.4.43.1
* php7-pdo-debuginfo-7.4.33-150400.4.43.1
* php7-readline-debuginfo-7.4.33-150400.4.43.1
* php7-fastcgi-debugsource-7.4.33-150400.4.43.1
* php7-mbstring-7.4.33-150400.4.43.1
* php7-zip-7.4.33-150400.4.43.1
* apache2-mod_php7-debugsource-7.4.33-150400.4.43.1
* php7-opcache-debuginfo-7.4.33-150400.4.43.1
* php7-xmlrpc-7.4.33-150400.4.43.1
* php7-tidy-debuginfo-7.4.33-150400.4.43.1
* php7-cli-7.4.33-150400.4.43.1
* php7-fastcgi-debuginfo-7.4.33-150400.4.43.1
*...
Read the Full AdvisoryReferences
* bsc#1233651
* bsc#1233702
* bsc#1233703
## References:
* https://www.suse.com/security/cve/CVE-2024-11233.html
* https://www.suse.com/security/cve/CVE-2024-11234.html
* https://www.suse.com/security/cve/CVE-2024-8929.html
* https://bugzilla.suse.com/show_bug.cgi?id=1233651
* https://bugzilla.suse.com/show_bug.cgi?id=1233702
* https://bugzilla.suse.com/show_bug.cgi?id=1233703
PREVIOUS
NEXT
Announcement ID: SUSE-SU-2024:4146-1
Release Date: 2024-12-03T09:08:38Z
Affected Products:
* Legacy Module 15-SP5
* Legacy Module 15-SP6
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP5
* SUSE Package Hub 15 15-SP6
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!