SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2292

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2292

Security update for php7

Type: security

Severity: important

Issued: 2022-07-06

Description:

This update for php7 fixes the following issues:

- CVE-2021-21707: Fixed a special character breaks path in xml parsing. (bsc#1193041)
- CVE-2022-31625: Fixed uninitialized pointers free in Postgres extension. (bsc#1200645)
- CVE-2022-31626: Fixed buffer overflow via user-supplied password when using pdo_mysql extension with mysqlnd driver. (bsc#1200628)

References

CVE: CVE-2022-31626
CVE: CVE-2022-31625
CVE: CVE-2021-21707
Bugzilla: 1200645 VUL-0: CVE-2022-31625: php5,php72,php8,php74,php53,php7: uninitialized pointers free in Postgres extension
Bugzilla: 1200628 VUL-0: CVE-2022-31626: php72,php8,php74,php5,php7,php53: buffer overflow via user-supplied password when using pdo_mysql extension with mysqlnd driver
Bugzilla: 1193041 VUL-0: CVE-2021-21707: php72,php7,php74,php53,php5: php: special character breaks path in xml parsing

Packages

php7-embed-7.4.25-150400.4.8.1