SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-513

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-513

Security update for php7

Type: security

Severity: important

Issued: 2023-02-24

Description:

This update for php7 fixes the following issues:

  - CVE-2023-0568: Fixed NULL byte off-by-one in php_check_specific_open_basedir (bnc#1208366).
  - CVE-2023-0662: Fixed DoS vulnerability when parsing multipart request body (bnc#1208367).
  - CVE-2023-0567: Fixed vulnerability where BCrypt hashes erroneously validate if the salt is cut short by `$` (bsc#1208388).

References

CVE: CVE-2023-0662
CVE: CVE-2023-0568
CVE: CVE-2023-0567
Bugzilla: 1208388 VUL-0: CVE-2023-0567: php53,php5,php8,php72,php7,php74: BCrypt hashes erroneously validate if the salt is cut short by `$`
Bugzilla: 1208367 VUL-0: CVE-2023-0662: php72,php53,php8,php7,php5,php74: DoS vulnerability when parsing multipart request body
Bugzilla: 1208366 VUL-0: CVE-2023-0568: php5,php74,php8,php7,php72,php53: NULL byte off-by-one in php_check_specific_open_basedir

Packages

php7-embed-7.4.33-150400.4.19.1