Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3997


Security update for php7


Type: security
Severity: important
Issued: 2022-11-15
Description:
This update for php7 fixes the following issues:

- Version update to 7.4.33:
- CVE-2022-31630: Fixed out-of-bounds read due to insufficient input validation in imageloadfont() (bsc#1204979).
- CVE-2022-37454: Fixed buffer overflow in hash_update() on long parameter (bsc#1204577).


- Version update to 7.4.32 (jsc#SLE-23639)
- CVE-2022-31628: Fixed an uncontrolled recursion in the phar uncompressor while decompressing "quines" gzip files. (bsc#1203867)
- CVE-2022-31629: Fixed a bug which could lead an attacker to set an insecure cookie that will treated as secure in the victim's browser. (bsc#1203870)


              

Packages


  • php7-embed-7.4.33-150400.4.13.1