SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-4146

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-4146

Security update for php7

Type: security

Severity: moderate

Issued: 2024-12-03

Description:

This update for php7 fixes the following issues:

- CVE-2024-11233: Single byte overread with convert.quoted-printable-decode filter (bsc#1233702).
- CVE-2024-11234: Configuring a proxy in a stream context might allow for CRLF injection in URIs (bsc#1233703).
- CVE-2024-8929: Leak partial content of the heap through heap buffer over-read (bsc#1233651).

References

CVE: CVE-2024-8929
CVE: CVE-2024-11234
CVE: CVE-2024-11233
Bugzilla: 1233703 VUL-0: CVE-2024-11234: php74, php8: configuring streams with a proxy and the 'request_fulluri' context option might allow for CRLF injection in URIs
Bugzilla: 1233702 VUL-0: CVE-2024-11233: php74, php8: single-byte buffer overread due to missing bounds check when processing input with convert.quoted-printable-decode filters
Bugzilla: 1233651 VUL-0: CVE-2024-8929: php: In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests ...

Packages

php7-embed-7.4.33-150400.4.43.1