Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

SUSE: 2022:4068-1 Important: Fix for PHP74 Buffer Overflow Issue

suse
Calendar Grey November 18, 2022
Dist Suse Esm H88
SUSE Security Update for php80 tackles severe vulnerabilities within the software, providing essential updates alongside a significant feature upgrade.
An update that fixes 18 vulnerabilities, contains one feature is now available

Summary

This update for php74 fixes the following issues: - Version update to 7.4.33: - CVE-2022-31630: Fixed out-of-bounds read due to insufficient input validation in imageloadfont() (bsc#1204979). - CVE-2022-37454: Fixed buffer overflow in hash_update() on long parameter (bsc#1204577). - Version update to 7.4.32 (jsc#SLE-23639) - CVE-2022-31628: Fixed an uncontrolled recursion in the phar uncompressor while decompressing "quines" gzip files. (bsc#1203867) - CVE-2022-31629: Fixed a bug which could lead an attacker to set an insecure cookie that will treated as secure in the victim's browser. (bsc#1203870) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

Topics%20covered

Topics Covered

security advisory update buffer overflow critical suse web scripting php74

References

#1203867 #1203870 #1204577 #1204979 SLE-23639

Cross- CVE-2017-8923 CVE-2020-7068 CVE-2020-7069

CVE-2020-7070 CVE-2020-7071 CVE-2021-21702

CVE-2021-21703 CVE-2021-21704 CVE-2021-21705

CVE-2021-21706 CVE-2021-21707 CVE-2021-21708

CVE-2022-31625 CVE-2022-31626 CVE-2022-31628

CVE-2022-31629 CVE-2022-31630 CVE-2022-37454

CVSS scores:

CVE-2017-8923 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2017-8923 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVE-2020-7068 (NVD) : 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L

CVE-2020-7068 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVE-2020-7069 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:4068-1
Rating: important

Topics%20covered

Topics Covered

security advisory update buffer overflow critical suse web scripting php74

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here