Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2024:4215-1 moderate: php8 buffer overread and injection concerns

suse
Calendar Grey December 5, 2024
Dist Suse Esm H88
Critical enhancement released for php8 addressing several vulnerabilities rated with medium severity. Important for SUSE users to apply updates without delay.
* bsc#1233651 * bsc#1233702 * bsc#1233703 Cross-References:

Summary

## This update for php8 fixes the following issues: * CVE-2024-11233: buffer overread when processing input with the convert.quoted-printable-decode filter. (bsc#1233702) * CVE-2024-11234: possible CRLF injection in URIs when a proxy is configured in a stream context. (bsc#1233703) * CVE-2024-8929: data exposure on MySQL clients due to heap buffer overread in mysqlnd. (bsc#1233651) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-4215=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-4215=1 * Web and Scripting Module 15-SP5

Topics%20covered

Topics Covered

security advisory moderate SUSE data exposure CRLF injection buffer overread php8

References

* bsc#1233651

* bsc#1233702

* bsc#1233703

Cross-

* CVE-2024-11233

* CVE-2024-11234

* CVE-2024-8929

CVSS scores:

* CVE-2024-11233 ( SUSE ): 8.3

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2024-11233 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

* CVE-2024-11233 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

* CVE-2024-11233 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

* CVE-2024-11234 ( SUSE ): 6.3

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

* CVE-2024-11234 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

* CVE-2024-11234 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

* CVE-2024-11234 ( NVD ): 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Announcement ID: SUSE-SU-2024:4215-1
Release Date: 2024-12-05T17:31:56Z
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate SUSE data exposure CRLF injection buffer overread php8

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here