php7-7.4.24-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11167-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z php7-7.4.24-1.1 on GA media These are all security issues fixed in the php7-7.4.24-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11167 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2005-3353/ SUSE CVE CVE-2005-3353 page https://www.suse.com/security/cve/CVE-2005-3388/ SUSE CVE CVE-2005-3388 page https://www.suse.com/security/cve/CVE-2005-3389/ SUSE CVE CVE-2005-3389 page https://www.suse.com/security/cve/CVE-2005-3390/ SUSE CVE CVE-2005-3390 page https://www.suse.com/security/cve/CVE-2005-3391/ SUSE CVE CVE-2005-3391 page https://www.suse.com/security/cve/CVE-2005-3392/ SUSE CVE CVE-2005-3392 page https://www.suse.com/security/cve/CVE-2006-0996/ SUSE CVE CVE-2006-0996 page https://www.suse.com/security/cve/CVE-2006-1017/ SUSE CVE CVE-2006-1017 page https://www.suse.com/security/cve/CVE-2006-1490/ SUSE CVE CVE-2006-1490 page https://www.suse.com/security/cve/CVE-2006-1494/ SUSE CVE CVE-2006-1494 page https://www.suse.com/security/cve/CVE-2006-1991/ SUSE CVE CVE-2006-1991 page https://www.suse.com/security/cve/CVE-2007-4783/ SUSE CVE CVE-2007-4783 page https://www.suse.com/security/cve/CVE-2007-4887/ SUSE CVE CVE-2007-4887 page https://www.suse.com/security/cve/CVE-2008-0599/ SUSE CVE CVE-2008-0599 page https://www.suse.com/security/cve/CVE-2017-9120/ SUSE CVE CVE-2017-9120 page https://www.suse.com/security/cve/CVE-2018-1000222/ SUSE CVE CVE-2018-1000222 page https://www.suse.com/security/cve/CVE-2018-1000888/ SUSE CVE CVE-2018-1000888 page https://www.suse.com/security/cve/CVE-2018-12882/ SUSE CVE CVE-2018-12882 page https://www.suse.com/security/cve/CVE-2018-14851/ SUSE CVE CVE-2018-14851 page https://www.suse.com/security/cve/CVE-2018-17082/ SUSE CVE CVE-2018-17082 page https://www.suse.com/security/cve/CVE-2018-19935/ SUSE CVE CVE-2018-19935 page https://www.suse.com/security/cve/CVE-2018-20783/ SUSE CVE CVE-2018-20783 page https://www.suse.com/security/cve/CVE-2019-11034/ SUSE CVE CVE-2019-11034 page https://www.suse.com/security/cve/CVE-2019-11035/ SUSE CVE CVE-2019-11035 page https://www.suse.com/security/cve/CVE-2019-11036/ SUSE CVE CVE-2019-11036 page https://www.suse.com/security/cve/CVE-2019-11039/ SUSE CVE CVE-2019-11039 page https://www.suse.com/security/cve/CVE-2019-11040/ SUSE CVE CVE-2019-11040 page https://www.suse.com/security/cve/CVE-2019-11041/ SUSE CVE CVE-2019-11041 page https://www.suse.com/security/cve/CVE-2019-11042/ SUSE CVE CVE-2019-11042 page https://www.suse.com/security/cve/CVE-2019-11043/ SUSE CVE CVE-2019-11043 page https://www.suse.com/security/cve/CVE-2019-11046/ SUSE CVE CVE-2019-11046 page https://www.suse.com/security/cve/CVE-2019-9020/ SUSE CVE CVE-2019-9020 page https://www.suse.com/security/cve/CVE-2019-9021/ SUSE CVE CVE-2019-9021 page https://www.suse.com/security/cve/CVE-2019-9022/ SUSE CVE CVE-2019-9022 page https://www.suse.com/security/cve/CVE-2019-9023/ SUSE CVE CVE-2019-9023 page https://www.suse.com/security/cve/CVE-2019-9024/ SUSE CVE CVE-2019-9024 page https://www.suse.com/security/cve/CVE-2019-9637/ SUSE CVE CVE-2019-9637 page https://www.suse.com/security/cve/CVE-2019-9638/ SUSE CVE CVE-2019-9638 page https://www.suse.com/security/cve/CVE-2019-9640/ SUSE CVE CVE-2019-9640 page https://www.suse.com/security/cve/CVE-2019-9641/ SUSE CVE CVE-2019-9641 page https://www.suse.com/security/cve/CVE-2019-9675/ SUSE CVE CVE-2019-9675 page https://www.suse.com/security/cve/CVE-2020-7062/ SUSE CVE CVE-2020-7062 page https://www.suse.com/security/cve/CVE-2020-7063/ SUSE CVE CVE-2020-7063 page https://www.suse.com/security/cve/CVE-2021-21706/ SUSE CVE CVE-2021-21706 page openSUSE Tumbleweed php7-7.4.24-1.1 php7-bcmath-7.4.24-1.1 php7-bz2-7.4.24-1.1 php7-calendar-7.4.24-1.1 php7-cli-7.4.24-1.1 php7-ctype-7.4.24-1.1 php7-curl-7.4.24-1.1 php7-dba-7.4.24-1.1 php7-devel-7.4.24-1.1 php7-dom-7.4.24-1.1 php7-enchant-7.4.24-1.1 php7-exif-7.4.24-1.1 php7-fileinfo-7.4.24-1.1 php7-ftp-7.4.24-1.1 php7-gd-7.4.24-1.1 php7-gettext-7.4.24-1.1 php7-gmp-7.4.24-1.1 php7-iconv-7.4.24-1.1 php7-intl-7.4.24-1.1 php7-json-7.4.24-1.1 php7-ldap-7.4.24-1.1 php7-mbstring-7.4.24-1.1 php7-mysql-7.4.24-1.1 php7-odbc-7.4.24-1.1 php7-opcache-7.4.24-1.1 php7-openssl-7.4.24-1.1 php7-pcntl-7.4.24-1.1 php7-pdo-7.4.24-1.1 php7-pgsql-7.4.24-1.1 php7-phar-7.4.24-1.1 php7-posix-7.4.24-1.1 php7-readline-7.4.24-1.1 php7-shmop-7.4.24-1.1 php7-snmp-7.4.24-1.1 php7-soap-7.4.24-1.1 php7-sockets-7.4.24-1.1 php7-sodium-7.4.24-1.1 php7-sqlite-7.4.24-1.1 php7-sysvmsg-7.4.24-1.1 php7-sysvsem-7.4.24-1.1 php7-sysvshm-7.4.24-1.1 php7-tidy-7.4.24-1.1 php7-tokenizer-7.4.24-1.1 php7-xmlreader-7.4.24-1.1 php7-xmlrpc-7.4.24-1.1 php7-xmlwriter-7.4.24-1.1 php7-xsl-7.4.24-1.1 php7-zip-7.4.24-1.1 php7-zlib-7.4.24-1.1 php7-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-bcmath-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-bz2-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-calendar-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-cli-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-ctype-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-curl-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-dba-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-devel-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-dom-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-enchant-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-exif-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-fileinfo-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-ftp-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-gd-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-gettext-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-gmp-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-iconv-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-intl-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-json-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-ldap-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-mbstring-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-mysql-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-odbc-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-opcache-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-openssl-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-pcntl-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-pdo-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-pgsql-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-phar-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-posix-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-readline-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-shmop-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-snmp-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-soap-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-sockets-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-sodium-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-sqlite-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-sysvmsg-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-sysvsem-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-sysvshm-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-tidy-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-tokenizer-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-xmlreader-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-xmlrpc-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-xmlwriter-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-xsl-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-zip-7.4.24-1.1 as a component of openSUSE Tumbleweed php7-zlib-7.4.24-1.1 as a component of openSUSE Tumbleweed The exif_read_data function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service (infinite loop) via a malformed JPEG image. CVE-2005-3353 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2005-3353.html CVE-2005-3353 https://bugzilla.suse.com/118976 SUSE Bug 118976 https://bugzilla.suse.com/120087 SUSE Bug 120087 https://bugzilla.suse.com/130227 SUSE Bug 130227 https://bugzilla.suse.com/131578 SUSE Bug 131578 https://bugzilla.suse.com/131579 SUSE Bug 131579 https://bugzilla.suse.com/131580 SUSE Bug 131580 https://bugzilla.suse.com/132684 SUSE Bug 132684 https://bugzilla.suse.com/135480 SUSE Bug 135480 https://bugzilla.suse.com/529198 SUSE Bug 529198 Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment." CVE-2005-3388 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2005-3388.html CVE-2005-3388 https://bugzilla.suse.com/120087 SUSE Bug 120087 https://bugzilla.suse.com/131578 SUSE Bug 131578 https://bugzilla.suse.com/131579 SUSE Bug 131579 https://bugzilla.suse.com/131580 SUSE Bug 131580 https://bugzilla.suse.com/132684 SUSE Bug 132684 The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected. CVE-2005-3389 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2005-3389.html CVE-2005-3389 https://bugzilla.suse.com/118976 SUSE Bug 118976 https://bugzilla.suse.com/120087 SUSE Bug 120087 https://bugzilla.suse.com/130227 SUSE Bug 130227 https://bugzilla.suse.com/131578 SUSE Bug 131578 https://bugzilla.suse.com/131579 SUSE Bug 131579 https://bugzilla.suse.com/131580 SUSE Bug 131580 https://bugzilla.suse.com/132684 SUSE Bug 132684 https://bugzilla.suse.com/135480 SUSE Bug 135480 https://bugzilla.suse.com/307272 SUSE Bug 307272 The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field. CVE-2005-3390 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2005-3390.html CVE-2005-3390 https://bugzilla.suse.com/118976 SUSE Bug 118976 https://bugzilla.suse.com/120087 SUSE Bug 120087 https://bugzilla.suse.com/130227 SUSE Bug 130227 https://bugzilla.suse.com/131578 SUSE Bug 131578 https://bugzilla.suse.com/131579 SUSE Bug 131579 https://bugzilla.suse.com/131580 SUSE Bug 131580 https://bugzilla.suse.com/132684 SUSE Bug 132684 https://bugzilla.suse.com/135480 SUSE Bug 135480 Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in (1) ext/curl and (2) ext/gd. CVE-2005-3391 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2005-3391.html CVE-2005-3391 https://bugzilla.suse.com/131580 SUSE Bug 131580 https://bugzilla.suse.com/135673 SUSE Bug 135673 Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives. CVE-2005-3392 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2005-3392.html CVE-2005-3392 https://bugzilla.suse.com/131580 SUSE Bug 131580 https://bugzilla.suse.com/135673 SUSE Bug 135673 Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed. CVE-2006-0996 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2006-0996.html CVE-2006-0996 https://bugzilla.suse.com/164804 SUSE Bug 164804 https://bugzilla.suse.com/164845 SUSE Bug 164845 The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the (1) safe_mode or (2) open_basedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imap_open function, allow remote attackers to obtain access to an IMAP stream data structure and conduct unauthorized IMAP actions. CVE-2006-1017 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 moderate 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2006-1017.html CVE-2006-1017 https://bugzilla.suse.com/154317 SUSE Bug 154317 https://bugzilla.suse.com/279863 SUSE Bug 279863 PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to as a "memory leak," but it is an information leak that discloses memory contents. CVE-2006-1490 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2006-1490.html CVE-2006-1490 https://bugzilla.suse.com/161718 SUSE Bug 161718 https://bugzilla.suse.com/164845 SUSE Bug 164845 Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function. CVE-2006-1494 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 moderate 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2006-1494.html CVE-2006-1494 https://bugzilla.suse.com/164845 SUSE Bug 164845 The substr_compare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service (memory access violation) via an out-of-bounds offset argument. CVE-2006-1991 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 moderate 6.4 AV:N/AC:L/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2006-1991.html CVE-2006-1991 https://bugzilla.suse.com/169038 SUSE Bug 169038 The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution. CVE-2007-4783 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2007-4783.html CVE-2007-4783 https://bugzilla.suse.com/308069 SUSE Bug 308069 https://bugzilla.suse.com/325827 SUSE Bug 325827 The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability. CVE-2007-4887 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2007-4887.html CVE-2007-4887 https://bugzilla.suse.com/325657 SUSE Bug 325657 The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI. CVE-2008-0599 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 moderate 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-0599.html CVE-2008-0599 https://bugzilla.suse.com/387745 SUSE Bug 387745 https://bugzilla.suse.com/393279 SUSE Bug 393279 PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string. CVE-2017-9120 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 low 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-9120.html CVE-2017-9120 https://bugzilla.suse.com/1103661 SUSE Bug 1103661 Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5. CVE-2018-1000222 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-1000222.html CVE-2018-1000222 https://bugzilla.suse.com/1105434 SUSE Bug 1105434 PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header['filename']` as parameter (such as file_exists, is_file, is_dir, etc). When extract is called without a specific prefix path, we can trigger unserialization by crafting a tar file with `phar://[path_to_malicious_phar_file]` as path. Object injection can be used to trigger destruct in the loaded PHP classes, e.g. the Archive_Tar class itself. With Archive_Tar object injection, arbitrary file deletion can occur because `@unlink($this->_temp_tarname)` is called. If another class with useful gadget is loaded, it may possible to cause remote code execution that can result in files being deleted or possibly modified. This vulnerability appears to have been fixed in 1.4.4. CVE-2018-1000888 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-1000888.html CVE-2018-1000888 exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function. CVE-2018-12882 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-12882.html CVE-2018-12882 https://bugzilla.suse.com/1099098 SUSE Bug 1099098 exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file. CVE-2018-14851 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-14851.html CVE-2018-14851 https://bugzilla.suse.com/1103659 SUSE Bug 1103659 The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c. CVE-2018-17082 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-17082.html CVE-2018-17082 https://bugzilla.suse.com/1108753 SUSE Bug 1108753 ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function. CVE-2018-19935 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-19935.html CVE-2018-19935 https://bugzilla.suse.com/1118832 SUSE Bug 1118832 In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in ext/phar/phar.c. CVE-2018-20783 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-20783.html CVE-2018-20783 https://bugzilla.suse.com/1126713 SUSE Bug 1126713 https://bugzilla.suse.com/1127122 SUSE Bug 1127122 When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. CVE-2019-11034 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-11034.html CVE-2019-11034 https://bugzilla.suse.com/1132838 SUSE Bug 1132838 When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash. CVE-2019-11035 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-11035.html CVE-2019-11035 https://bugzilla.suse.com/1132837 SUSE Bug 1132837 When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. CVE-2019-11036 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-11036.html CVE-2019-11036 https://bugzilla.suse.com/1134322 SUSE Bug 1134322 Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash. CVE-2019-11039 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 low 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-11039.html CVE-2019-11039 https://bugzilla.suse.com/1138173 SUSE Bug 1138173 When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. CVE-2019-11040 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-11040.html CVE-2019-11040 https://bugzilla.suse.com/1138172 SUSE Bug 1138172 When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. CVE-2019-11041 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 important 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-11041.html CVE-2019-11041 https://bugzilla.suse.com/1146360 SUSE Bug 1146360 When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. CVE-2019-11042 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-11042.html CVE-2019-11042 https://bugzilla.suse.com/1145095 SUSE Bug 1145095 In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. CVE-2019-11043 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-11043.html CVE-2019-11043 https://bugzilla.suse.com/1154999 SUSE Bug 1154999 In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations. CVE-2019-11046 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-11046.html CVE-2019-11046 https://bugzilla.suse.com/1159924 SUSE Bug 1159924 An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c. CVE-2019-9020 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-9020.html CVE-2019-9020 https://bugzilla.suse.com/1126711 SUSE Bug 1126711 An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c. CVE-2019-9021 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 low 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-9021.html CVE-2019-9021 https://bugzilla.suse.com/1126713 SUSE Bug 1126713 An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries. CVE-2019-9022 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-9022.html CVE-2019-9022 https://bugzilla.suse.com/1126827 SUSE Bug 1126827 An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences. CVE-2019-9023 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-9023.html CVE-2019-9023 https://bugzilla.suse.com/1126823 SUSE Bug 1126823 An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c. CVE-2019-9024 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-9024.html CVE-2019-9024 https://bugzilla.suse.com/1126821 SUSE Bug 1126821 An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data. CVE-2019-9637 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 low 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-9637.html CVE-2019-9637 https://bugzilla.suse.com/1128892 SUSE Bug 1128892 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len. CVE-2019-9638 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-9638.html CVE-2019-9638 https://bugzilla.suse.com/1128889 SUSE Bug 1128889 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn. CVE-2019-9640 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 low 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-9640.html CVE-2019-9640 https://bugzilla.suse.com/1128883 SUSE Bug 1128883 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF. CVE-2019-9641 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-9641.html CVE-2019-9641 https://bugzilla.suse.com/1128722 SUSE Bug 1128722 ** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: "This issue allows theoretical compromise of security, but a practical attack is usually impossible." CVE-2019-9675 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-9675.html CVE-2019-9675 https://bugzilla.suse.com/1128886 SUSE Bug 1128886 In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash. CVE-2020-7062 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-7062.html CVE-2020-7062 https://bugzilla.suse.com/1165280 SUSE Bug 1165280 In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted. CVE-2020-7063 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-7063.html CVE-2020-7063 https://bugzilla.suse.com/1165289 SUSE Bug 1165289 In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions. CVE-2021-21706 openSUSE Tumbleweed:php7-7.4.24-1.1 openSUSE Tumbleweed:php7-bcmath-7.4.24-1.1 openSUSE Tumbleweed:php7-bz2-7.4.24-1.1 openSUSE Tumbleweed:php7-calendar-7.4.24-1.1 openSUSE Tumbleweed:php7-cli-7.4.24-1.1 openSUSE Tumbleweed:php7-ctype-7.4.24-1.1 openSUSE Tumbleweed:php7-curl-7.4.24-1.1 openSUSE Tumbleweed:php7-dba-7.4.24-1.1 openSUSE Tumbleweed:php7-devel-7.4.24-1.1 openSUSE Tumbleweed:php7-dom-7.4.24-1.1 openSUSE Tumbleweed:php7-enchant-7.4.24-1.1 openSUSE Tumbleweed:php7-exif-7.4.24-1.1 openSUSE Tumbleweed:php7-fileinfo-7.4.24-1.1 openSUSE Tumbleweed:php7-ftp-7.4.24-1.1 openSUSE Tumbleweed:php7-gd-7.4.24-1.1 openSUSE Tumbleweed:php7-gettext-7.4.24-1.1 openSUSE Tumbleweed:php7-gmp-7.4.24-1.1 openSUSE Tumbleweed:php7-iconv-7.4.24-1.1 openSUSE Tumbleweed:php7-intl-7.4.24-1.1 openSUSE Tumbleweed:php7-json-7.4.24-1.1 openSUSE Tumbleweed:php7-ldap-7.4.24-1.1 openSUSE Tumbleweed:php7-mbstring-7.4.24-1.1 openSUSE Tumbleweed:php7-mysql-7.4.24-1.1 openSUSE Tumbleweed:php7-odbc-7.4.24-1.1 openSUSE Tumbleweed:php7-opcache-7.4.24-1.1 openSUSE Tumbleweed:php7-openssl-7.4.24-1.1 openSUSE Tumbleweed:php7-pcntl-7.4.24-1.1 openSUSE Tumbleweed:php7-pdo-7.4.24-1.1 openSUSE Tumbleweed:php7-pgsql-7.4.24-1.1 openSUSE Tumbleweed:php7-phar-7.4.24-1.1 openSUSE Tumbleweed:php7-posix-7.4.24-1.1 openSUSE Tumbleweed:php7-readline-7.4.24-1.1 openSUSE Tumbleweed:php7-shmop-7.4.24-1.1 openSUSE Tumbleweed:php7-snmp-7.4.24-1.1 openSUSE Tumbleweed:php7-soap-7.4.24-1.1 openSUSE Tumbleweed:php7-sockets-7.4.24-1.1 openSUSE Tumbleweed:php7-sodium-7.4.24-1.1 openSUSE Tumbleweed:php7-sqlite-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvmsg-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvsem-7.4.24-1.1 openSUSE Tumbleweed:php7-sysvshm-7.4.24-1.1 openSUSE Tumbleweed:php7-tidy-7.4.24-1.1 openSUSE Tumbleweed:php7-tokenizer-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlreader-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlrpc-7.4.24-1.1 openSUSE Tumbleweed:php7-xmlwriter-7.4.24-1.1 openSUSE Tumbleweed:php7-xsl-7.4.24-1.1 openSUSE Tumbleweed:php7-zip-7.4.24-1.1 openSUSE Tumbleweed:php7-zlib-7.4.24-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21706.html CVE-2021-21706 https://bugzilla.suse.com/1191314 SUSE Bug 1191314