php8-8.0.11-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11169 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z php8-8.0.11-1.1 on GA media These are all security issues fixed in the php8-8.0.11-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11169 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11169 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2005-3353/ SUSE CVE CVE-2005-3353 page https://www.suse.com/security/cve/CVE-2005-3388/ SUSE CVE CVE-2005-3388 page https://www.suse.com/security/cve/CVE-2005-3389/ SUSE CVE CVE-2005-3389 page https://www.suse.com/security/cve/CVE-2005-3390/ SUSE CVE CVE-2005-3390 page https://www.suse.com/security/cve/CVE-2005-3391/ SUSE CVE CVE-2005-3391 page https://www.suse.com/security/cve/CVE-2005-3392/ SUSE CVE CVE-2005-3392 page https://www.suse.com/security/cve/CVE-2006-0996/ SUSE CVE CVE-2006-0996 page https://www.suse.com/security/cve/CVE-2006-1017/ SUSE CVE CVE-2006-1017 page https://www.suse.com/security/cve/CVE-2006-1490/ SUSE CVE CVE-2006-1490 page https://www.suse.com/security/cve/CVE-2006-1494/ SUSE CVE CVE-2006-1494 page https://www.suse.com/security/cve/CVE-2006-1991/ SUSE CVE CVE-2006-1991 page https://www.suse.com/security/cve/CVE-2006-7243/ SUSE CVE CVE-2006-7243 page https://www.suse.com/security/cve/CVE-2007-4783/ SUSE CVE CVE-2007-4783 page https://www.suse.com/security/cve/CVE-2007-4887/ SUSE CVE CVE-2007-4887 page https://www.suse.com/security/cve/CVE-2008-0599/ SUSE CVE CVE-2008-0599 page https://www.suse.com/security/cve/CVE-2010-2225/ SUSE CVE CVE-2010-2225 page https://www.suse.com/security/cve/CVE-2010-2950/ SUSE CVE CVE-2010-2950 page https://www.suse.com/security/cve/CVE-2010-3436/ SUSE CVE CVE-2010-3436 page https://www.suse.com/security/cve/CVE-2010-3709/ SUSE CVE CVE-2010-3709 page https://www.suse.com/security/cve/CVE-2010-3710/ SUSE CVE CVE-2010-3710 page https://www.suse.com/security/cve/CVE-2010-4150/ SUSE CVE CVE-2010-4150 page https://www.suse.com/security/cve/CVE-2010-4645/ SUSE CVE CVE-2010-4645 page https://www.suse.com/security/cve/CVE-2011-0420/ SUSE CVE CVE-2011-0420 page https://www.suse.com/security/cve/CVE-2011-0421/ SUSE CVE CVE-2011-0421 page https://www.suse.com/security/cve/CVE-2011-0708/ SUSE CVE CVE-2011-0708 page https://www.suse.com/security/cve/CVE-2011-1092/ SUSE CVE CVE-2011-1092 page https://www.suse.com/security/cve/CVE-2011-1153/ SUSE CVE CVE-2011-1153 page https://www.suse.com/security/cve/CVE-2011-1466/ SUSE CVE CVE-2011-1466 page https://www.suse.com/security/cve/CVE-2011-2202/ SUSE CVE CVE-2011-2202 page https://www.suse.com/security/cve/CVE-2011-3379/ SUSE CVE CVE-2011-3379 page https://www.suse.com/security/cve/CVE-2011-4153/ SUSE CVE CVE-2011-4153 page https://www.suse.com/security/cve/CVE-2011-4566/ SUSE CVE CVE-2011-4566 page https://www.suse.com/security/cve/CVE-2011-4885/ SUSE CVE CVE-2011-4885 page https://www.suse.com/security/cve/CVE-2012-0830/ SUSE CVE CVE-2012-0830 page https://www.suse.com/security/cve/CVE-2012-1823/ SUSE CVE CVE-2012-1823 page https://www.suse.com/security/cve/CVE-2012-2688/ SUSE CVE CVE-2012-2688 page https://www.suse.com/security/cve/CVE-2012-3365/ SUSE CVE CVE-2012-3365 page https://www.suse.com/security/cve/CVE-2013-1635/ SUSE CVE CVE-2013-1635 page https://www.suse.com/security/cve/CVE-2013-1643/ SUSE CVE CVE-2013-1643 page https://www.suse.com/security/cve/CVE-2013-4113/ SUSE CVE CVE-2013-4113 page https://www.suse.com/security/cve/CVE-2013-4248/ SUSE CVE CVE-2013-4248 page https://www.suse.com/security/cve/CVE-2013-6420/ SUSE CVE CVE-2013-6420 page https://www.suse.com/security/cve/CVE-2013-6712/ SUSE CVE CVE-2013-6712 page https://www.suse.com/security/cve/CVE-2013-7327/ SUSE CVE CVE-2013-7327 page https://www.suse.com/security/cve/CVE-2013-7345/ SUSE CVE CVE-2013-7345 page https://www.suse.com/security/cve/CVE-2014-0185/ SUSE CVE CVE-2014-0185 page https://www.suse.com/security/cve/CVE-2014-0238/ SUSE CVE CVE-2014-0238 page https://www.suse.com/security/cve/CVE-2014-1943/ SUSE CVE CVE-2014-1943 page https://www.suse.com/security/cve/CVE-2014-2497/ SUSE CVE CVE-2014-2497 page https://www.suse.com/security/cve/CVE-2014-3538/ SUSE CVE CVE-2014-3538 page https://www.suse.com/security/cve/CVE-2014-3597/ SUSE CVE CVE-2014-3597 page https://www.suse.com/security/cve/CVE-2014-3622/ SUSE CVE CVE-2014-3622 page https://www.suse.com/security/cve/CVE-2014-3668/ SUSE CVE CVE-2014-3668 page https://www.suse.com/security/cve/CVE-2014-3670/ SUSE CVE CVE-2014-3670 page https://www.suse.com/security/cve/CVE-2014-4049/ SUSE CVE CVE-2014-4049 page https://www.suse.com/security/cve/CVE-2014-4670/ SUSE CVE CVE-2014-4670 page https://www.suse.com/security/cve/CVE-2014-4698/ SUSE CVE CVE-2014-4698 page https://www.suse.com/security/cve/CVE-2014-5459/ SUSE CVE CVE-2014-5459 page https://www.suse.com/security/cve/CVE-2014-9426/ SUSE CVE CVE-2014-9426 page https://www.suse.com/security/cve/CVE-2014-9427/ SUSE CVE CVE-2014-9427 page https://www.suse.com/security/cve/CVE-2015-0231/ SUSE CVE CVE-2015-0231 page https://www.suse.com/security/cve/CVE-2015-0235/ SUSE CVE CVE-2015-0235 page https://www.suse.com/security/cve/CVE-2015-0273/ SUSE CVE CVE-2015-0273 page https://www.suse.com/security/cve/CVE-2015-1351/ SUSE CVE CVE-2015-1351 page https://www.suse.com/security/cve/CVE-2015-3152/ SUSE CVE CVE-2015-3152 page https://www.suse.com/security/cve/CVE-2015-3414/ SUSE CVE CVE-2015-3414 page https://www.suse.com/security/cve/CVE-2015-3415/ SUSE CVE CVE-2015-3415 page https://www.suse.com/security/cve/CVE-2017-9120/ SUSE CVE CVE-2017-9120 page https://www.suse.com/security/cve/CVE-2018-1000222/ SUSE CVE CVE-2018-1000222 page https://www.suse.com/security/cve/CVE-2018-1000888/ SUSE CVE CVE-2018-1000888 page https://www.suse.com/security/cve/CVE-2018-12882/ SUSE CVE CVE-2018-12882 page https://www.suse.com/security/cve/CVE-2018-14851/ SUSE CVE CVE-2018-14851 page https://www.suse.com/security/cve/CVE-2018-17082/ SUSE CVE CVE-2018-17082 page https://www.suse.com/security/cve/CVE-2018-19935/ SUSE CVE CVE-2018-19935 page https://www.suse.com/security/cve/CVE-2018-20783/ SUSE CVE CVE-2018-20783 page https://www.suse.com/security/cve/CVE-2019-11034/ SUSE CVE CVE-2019-11034 page https://www.suse.com/security/cve/CVE-2019-11035/ SUSE CVE CVE-2019-11035 page https://www.suse.com/security/cve/CVE-2019-11036/ SUSE CVE CVE-2019-11036 page https://www.suse.com/security/cve/CVE-2019-11039/ SUSE CVE CVE-2019-11039 page https://www.suse.com/security/cve/CVE-2019-11040/ SUSE CVE CVE-2019-11040 page https://www.suse.com/security/cve/CVE-2019-11041/ SUSE CVE CVE-2019-11041 page https://www.suse.com/security/cve/CVE-2019-11042/ SUSE CVE CVE-2019-11042 page https://www.suse.com/security/cve/CVE-2019-11043/ SUSE CVE CVE-2019-11043 page https://www.suse.com/security/cve/CVE-2019-11046/ SUSE CVE CVE-2019-11046 page https://www.suse.com/security/cve/CVE-2019-9020/ SUSE CVE CVE-2019-9020 page https://www.suse.com/security/cve/CVE-2019-9021/ SUSE CVE CVE-2019-9021 page https://www.suse.com/security/cve/CVE-2019-9022/ SUSE CVE CVE-2019-9022 page https://www.suse.com/security/cve/CVE-2019-9023/ SUSE CVE CVE-2019-9023 page https://www.suse.com/security/cve/CVE-2019-9024/ SUSE CVE CVE-2019-9024 page https://www.suse.com/security/cve/CVE-2019-9637/ SUSE CVE CVE-2019-9637 page https://www.suse.com/security/cve/CVE-2019-9638/ SUSE CVE CVE-2019-9638 page https://www.suse.com/security/cve/CVE-2019-9640/ SUSE CVE CVE-2019-9640 page https://www.suse.com/security/cve/CVE-2019-9641/ SUSE CVE CVE-2019-9641 page https://www.suse.com/security/cve/CVE-2019-9675/ SUSE CVE CVE-2019-9675 page https://www.suse.com/security/cve/CVE-2020-7062/ SUSE CVE CVE-2020-7062 page https://www.suse.com/security/cve/CVE-2020-7063/ SUSE CVE CVE-2020-7063 page https://www.suse.com/security/cve/CVE-2021-21706/ SUSE CVE CVE-2021-21706 page openSUSE Tumbleweed php8-8.0.11-1.1 php8-bcmath-8.0.11-1.1 php8-bz2-8.0.11-1.1 php8-calendar-8.0.11-1.1 php8-cli-8.0.11-1.1 php8-ctype-8.0.11-1.1 php8-curl-8.0.11-1.1 php8-dba-8.0.11-1.1 php8-devel-8.0.11-1.1 php8-dom-8.0.11-1.1 php8-enchant-8.0.11-1.1 php8-exif-8.0.11-1.1 php8-fileinfo-8.0.11-1.1 php8-ftp-8.0.11-1.1 php8-gd-8.0.11-1.1 php8-gettext-8.0.11-1.1 php8-gmp-8.0.11-1.1 php8-iconv-8.0.11-1.1 php8-intl-8.0.11-1.1 php8-ldap-8.0.11-1.1 php8-mbstring-8.0.11-1.1 php8-mysql-8.0.11-1.1 php8-odbc-8.0.11-1.1 php8-opcache-8.0.11-1.1 php8-openssl-8.0.11-1.1 php8-pcntl-8.0.11-1.1 php8-pdo-8.0.11-1.1 php8-pgsql-8.0.11-1.1 php8-phar-8.0.11-1.1 php8-posix-8.0.11-1.1 php8-readline-8.0.11-1.1 php8-shmop-8.0.11-1.1 php8-snmp-8.0.11-1.1 php8-soap-8.0.11-1.1 php8-sockets-8.0.11-1.1 php8-sodium-8.0.11-1.1 php8-sqlite-8.0.11-1.1 php8-sysvmsg-8.0.11-1.1 php8-sysvsem-8.0.11-1.1 php8-sysvshm-8.0.11-1.1 php8-tidy-8.0.11-1.1 php8-tokenizer-8.0.11-1.1 php8-xmlreader-8.0.11-1.1 php8-xmlwriter-8.0.11-1.1 php8-xsl-8.0.11-1.1 php8-zip-8.0.11-1.1 php8-zlib-8.0.11-1.1 php8-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-bcmath-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-bz2-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-calendar-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-cli-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-ctype-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-curl-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-dba-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-devel-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-dom-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-enchant-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-exif-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-fileinfo-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-ftp-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-gd-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-gettext-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-gmp-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-iconv-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-intl-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-ldap-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-mbstring-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-mysql-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-odbc-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-opcache-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-openssl-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-pcntl-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-pdo-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-pgsql-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-phar-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-posix-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-readline-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-shmop-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-snmp-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-soap-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-sockets-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-sodium-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-sqlite-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-sysvmsg-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-sysvsem-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-sysvshm-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-tidy-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-tokenizer-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-xmlreader-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-xmlwriter-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-xsl-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-zip-8.0.11-1.1 as a component of openSUSE Tumbleweed php8-zlib-8.0.11-1.1 as a component of openSUSE Tumbleweed The exif_read_data function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service (infinite loop) via a malformed JPEG image. CVE-2005-3353 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2005-3353.html CVE-2005-3353 https://bugzilla.suse.com/118976 SUSE Bug 118976 https://bugzilla.suse.com/120087 SUSE Bug 120087 https://bugzilla.suse.com/130227 SUSE Bug 130227 https://bugzilla.suse.com/131578 SUSE Bug 131578 https://bugzilla.suse.com/131579 SUSE Bug 131579 https://bugzilla.suse.com/131580 SUSE Bug 131580 https://bugzilla.suse.com/132684 SUSE Bug 132684 https://bugzilla.suse.com/135480 SUSE Bug 135480 https://bugzilla.suse.com/529198 SUSE Bug 529198 Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment." CVE-2005-3388 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2005-3388.html CVE-2005-3388 https://bugzilla.suse.com/120087 SUSE Bug 120087 https://bugzilla.suse.com/131578 SUSE Bug 131578 https://bugzilla.suse.com/131579 SUSE Bug 131579 https://bugzilla.suse.com/131580 SUSE Bug 131580 https://bugzilla.suse.com/132684 SUSE Bug 132684 The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected. CVE-2005-3389 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2005-3389.html CVE-2005-3389 https://bugzilla.suse.com/118976 SUSE Bug 118976 https://bugzilla.suse.com/120087 SUSE Bug 120087 https://bugzilla.suse.com/130227 SUSE Bug 130227 https://bugzilla.suse.com/131578 SUSE Bug 131578 https://bugzilla.suse.com/131579 SUSE Bug 131579 https://bugzilla.suse.com/131580 SUSE Bug 131580 https://bugzilla.suse.com/132684 SUSE Bug 132684 https://bugzilla.suse.com/135480 SUSE Bug 135480 https://bugzilla.suse.com/307272 SUSE Bug 307272 The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field. CVE-2005-3390 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2005-3390.html CVE-2005-3390 https://bugzilla.suse.com/118976 SUSE Bug 118976 https://bugzilla.suse.com/120087 SUSE Bug 120087 https://bugzilla.suse.com/130227 SUSE Bug 130227 https://bugzilla.suse.com/131578 SUSE Bug 131578 https://bugzilla.suse.com/131579 SUSE Bug 131579 https://bugzilla.suse.com/131580 SUSE Bug 131580 https://bugzilla.suse.com/132684 SUSE Bug 132684 https://bugzilla.suse.com/135480 SUSE Bug 135480 Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in (1) ext/curl and (2) ext/gd. CVE-2005-3391 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2005-3391.html CVE-2005-3391 https://bugzilla.suse.com/131580 SUSE Bug 131580 https://bugzilla.suse.com/135673 SUSE Bug 135673 Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives. CVE-2005-3392 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2005-3392.html CVE-2005-3392 https://bugzilla.suse.com/131580 SUSE Bug 131580 https://bugzilla.suse.com/135673 SUSE Bug 135673 Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed. CVE-2006-0996 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2006-0996.html CVE-2006-0996 https://bugzilla.suse.com/164804 SUSE Bug 164804 https://bugzilla.suse.com/164845 SUSE Bug 164845 The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the (1) safe_mode or (2) open_basedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imap_open function, allow remote attackers to obtain access to an IMAP stream data structure and conduct unauthorized IMAP actions. CVE-2006-1017 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2006-1017.html CVE-2006-1017 https://bugzilla.suse.com/154317 SUSE Bug 154317 https://bugzilla.suse.com/279863 SUSE Bug 279863 PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to as a "memory leak," but it is an information leak that discloses memory contents. CVE-2006-1490 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2006-1490.html CVE-2006-1490 https://bugzilla.suse.com/161718 SUSE Bug 161718 https://bugzilla.suse.com/164845 SUSE Bug 164845 Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function. CVE-2006-1494 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2006-1494.html CVE-2006-1494 https://bugzilla.suse.com/164845 SUSE Bug 164845 The substr_compare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service (memory access violation) via an out-of-bounds offset argument. CVE-2006-1991 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2006-1991.html CVE-2006-1991 https://bugzilla.suse.com/169038 SUSE Bug 169038 PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function. CVE-2006-7243 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2006-7243.html CVE-2006-7243 https://bugzilla.suse.com/1067090 SUSE Bug 1067090 https://bugzilla.suse.com/654853 SUSE Bug 654853 https://bugzilla.suse.com/893855 SUSE Bug 893855 https://bugzilla.suse.com/924970 SUSE Bug 924970 https://bugzilla.suse.com/992991 SUSE Bug 992991 The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution. CVE-2007-4783 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2007-4783.html CVE-2007-4783 https://bugzilla.suse.com/308069 SUSE Bug 308069 https://bugzilla.suse.com/325827 SUSE Bug 325827 The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability. CVE-2007-4887 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2007-4887.html CVE-2007-4887 https://bugzilla.suse.com/325657 SUSE Bug 325657 The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI. CVE-2008-0599 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-0599.html CVE-2008-0599 https://bugzilla.suse.com/387745 SUSE Bug 387745 https://bugzilla.suse.com/393279 SUSE Bug 393279 Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function. CVE-2010-2225 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-2225.html CVE-2010-2225 https://bugzilla.suse.com/616232 SUSE Bug 616232 Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2094. CVE-2010-2950 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-2950.html CVE-2010-2950 https://bugzilla.suse.com/633934 SUSE Bug 633934 fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename. CVE-2010-3436 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3436.html CVE-2010-3436 https://bugzilla.suse.com/642733 SUSE Bug 642733 https://bugzilla.suse.com/992991 SUSE Bug 992991 The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive. CVE-2010-3709 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3709.html CVE-2010-3709 https://bugzilla.suse.com/660102 SUSE Bug 660102 https://bugzilla.suse.com/992991 SUSE Bug 992991 Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string. CVE-2010-3710 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3710.html CVE-2010-3710 https://bugzilla.suse.com/649210 SUSE Bug 649210 Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. CVE-2010-4150 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-4150.html CVE-2010-4150 https://bugzilla.suse.com/655968 SUSE Bug 655968 strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308. CVE-2010-4645 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-4645.html CVE-2010-4645 https://bugzilla.suse.com/662932 SUSE Bug 662932 The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference. CVE-2011-0420 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-0420.html CVE-2011-0420 https://bugzilla.suse.com/672933 SUSE Bug 672933 The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation. CVE-2011-0421 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-0421.html CVE-2011-0421 https://bugzilla.suse.com/681193 SUSE Bug 681193 exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read. CVE-2011-0708 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-0708.html CVE-2011-0708 https://bugzilla.suse.com/671710 SUSE Bug 671710 Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop_read function. CVE-2011-1092 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-1092.html CVE-2011-1092 https://bugzilla.suse.com/677782 SUSE Bug 677782 Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call. CVE-2011-1153 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-1153.html CVE-2011-1153 https://bugzilla.suse.com/778941 SUSE Bug 778941 https://bugzilla.suse.com/992991 SUSE Bug 992991 Integer overflow in the SdnToJulian function in the Calendar extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a large integer in the first argument to the cal_from_jd function. CVE-2011-1466 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-1466.html CVE-2011-1466 https://bugzilla.suse.com/733590 SUSE Bug 733590 https://bugzilla.suse.com/736169 SUSE Bug 736169 https://bugzilla.suse.com/738221 SUSE Bug 738221 https://bugzilla.suse.com/741520 SUSE Bug 741520 https://bugzilla.suse.com/741859 SUSE Bug 741859 https://bugzilla.suse.com/742273 SUSE Bug 742273 https://bugzilla.suse.com/742806 SUSE Bug 742806 https://bugzilla.suse.com/743308 SUSE Bug 743308 https://bugzilla.suse.com/744966 SUSE Bug 744966 https://bugzilla.suse.com/746661 SUSE Bug 746661 https://bugzilla.suse.com/749111 SUSE Bug 749111 The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability." CVE-2011-2202 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-2202.html CVE-2011-2202 https://bugzilla.suse.com/699711 SUSE Bug 699711 The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders. CVE-2011-3379 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3379.html CVE-2011-3379 https://bugzilla.suse.com/728350 SUSE Bug 728350 PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c. CVE-2011-4153 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-4153.html CVE-2011-4153 https://bugzilla.suse.com/733590 SUSE Bug 733590 https://bugzilla.suse.com/736169 SUSE Bug 736169 https://bugzilla.suse.com/738221 SUSE Bug 738221 https://bugzilla.suse.com/741520 SUSE Bug 741520 https://bugzilla.suse.com/741859 SUSE Bug 741859 https://bugzilla.suse.com/742273 SUSE Bug 742273 https://bugzilla.suse.com/742806 SUSE Bug 742806 https://bugzilla.suse.com/743308 SUSE Bug 743308 https://bugzilla.suse.com/744966 SUSE Bug 744966 https://bugzilla.suse.com/746661 SUSE Bug 746661 https://bugzilla.suse.com/749111 SUSE Bug 749111 Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708. CVE-2011-4566 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-4566.html CVE-2011-4566 https://bugzilla.suse.com/733590 SUSE Bug 733590 https://bugzilla.suse.com/736169 SUSE Bug 736169 https://bugzilla.suse.com/738221 SUSE Bug 738221 https://bugzilla.suse.com/741520 SUSE Bug 741520 https://bugzilla.suse.com/741859 SUSE Bug 741859 https://bugzilla.suse.com/742273 SUSE Bug 742273 https://bugzilla.suse.com/742806 SUSE Bug 742806 https://bugzilla.suse.com/743308 SUSE Bug 743308 https://bugzilla.suse.com/744966 SUSE Bug 744966 https://bugzilla.suse.com/746661 SUSE Bug 746661 https://bugzilla.suse.com/749111 SUSE Bug 749111 PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. CVE-2011-4885 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-4885.html CVE-2011-4885 https://bugzilla.suse.com/733590 SUSE Bug 733590 https://bugzilla.suse.com/736169 SUSE Bug 736169 https://bugzilla.suse.com/738221 SUSE Bug 738221 https://bugzilla.suse.com/741520 SUSE Bug 741520 https://bugzilla.suse.com/741859 SUSE Bug 741859 https://bugzilla.suse.com/742273 SUSE Bug 742273 https://bugzilla.suse.com/742806 SUSE Bug 742806 https://bugzilla.suse.com/743308 SUSE Bug 743308 https://bugzilla.suse.com/744966 SUSE Bug 744966 https://bugzilla.suse.com/746661 SUSE Bug 746661 https://bugzilla.suse.com/749111 SUSE Bug 749111 The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885. CVE-2012-0830 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0830.html CVE-2012-0830 https://bugzilla.suse.com/733590 SUSE Bug 733590 https://bugzilla.suse.com/736169 SUSE Bug 736169 https://bugzilla.suse.com/738221 SUSE Bug 738221 https://bugzilla.suse.com/741520 SUSE Bug 741520 https://bugzilla.suse.com/741859 SUSE Bug 741859 https://bugzilla.suse.com/742273 SUSE Bug 742273 https://bugzilla.suse.com/742806 SUSE Bug 742806 https://bugzilla.suse.com/743308 SUSE Bug 743308 https://bugzilla.suse.com/744966 SUSE Bug 744966 https://bugzilla.suse.com/746661 SUSE Bug 746661 https://bugzilla.suse.com/749111 SUSE Bug 749111 sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. CVE-2012-1823 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1823.html CVE-2012-1823 https://bugzilla.suse.com/1226072 SUSE Bug 1226072 https://bugzilla.suse.com/1226073 SUSE Bug 1226073 https://bugzilla.suse.com/1226074 SUSE Bug 1226074 https://bugzilla.suse.com/760536 SUSE Bug 760536 https://bugzilla.suse.com/761631 SUSE Bug 761631 https://bugzilla.suse.com/850694 SUSE Bug 850694 Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow." CVE-2012-2688 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-2688.html CVE-2012-2688 https://bugzilla.suse.com/772582 SUSE Bug 772582 The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors. CVE-2012-3365 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3365.html CVE-2012-3365 https://bugzilla.suse.com/772580 SUSE Bug 772580 https://bugzilla.suse.com/772582 SUSE Bug 772582 ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory. CVE-2013-1635 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1635.html CVE-2013-1635 https://bugzilla.suse.com/807707 SUSE Bug 807707 The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824. CVE-2013-1643 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1643.html CVE-2013-1643 https://bugzilla.suse.com/807707 SUSE Bug 807707 ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function. CVE-2013-4113 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4113.html CVE-2013-4113 https://bugzilla.suse.com/829207 SUSE Bug 829207 The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. CVE-2013-4248 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4248.html CVE-2013-4248 https://bugzilla.suse.com/837746 SUSE Bug 837746 The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function. CVE-2013-6420 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 important 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6420.html CVE-2013-6420 https://bugzilla.suse.com/854880 SUSE Bug 854880 https://bugzilla.suse.com/880238 SUSE Bug 880238 The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification. CVE-2013-6712 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6712.html CVE-2013-6712 https://bugzilla.suse.com/853045 SUSE Bug 853045 The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return value, a different vulnerability than CVE-2013-7226. CVE-2013-7327 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-7327.html CVE-2013-7327 https://bugzilla.suse.com/864879 SUSE Bug 864879 The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters. CVE-2013-7345 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-7345.html CVE-2013-7345 https://bugzilla.suse.com/869906 SUSE Bug 869906 https://bugzilla.suse.com/883306 SUSE Bug 883306 https://bugzilla.suse.com/987530 SUSE Bug 987530 sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client. CVE-2014-0185 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-0185.html CVE-2014-0185 https://bugzilla.suse.com/868624 SUSE Bug 868624 https://bugzilla.suse.com/875826 SUSE Bug 875826 https://bugzilla.suse.com/992991 SUSE Bug 992991 The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long. CVE-2014-0238 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-0238.html CVE-2014-0238 https://bugzilla.suse.com/880904 SUSE Bug 880904 https://bugzilla.suse.com/992991 SUSE Bug 992991 Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file. CVE-2014-1943 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1943.html CVE-2014-1943 https://bugzilla.suse.com/864343 SUSE Bug 864343 https://bugzilla.suse.com/864589 SUSE Bug 864589 https://bugzilla.suse.com/883306 SUSE Bug 883306 The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file. CVE-2014-2497 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-2497.html CVE-2014-2497 https://bugzilla.suse.com/868624 SUSE Bug 868624 file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345. CVE-2014-3538 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3538.html CVE-2014-3538 https://bugzilla.suse.com/935225 SUSE Bug 935225 https://bugzilla.suse.com/987530 SUSE Bug 987530 Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049. CVE-2014-3597 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3597.html CVE-2014-3597 https://bugzilla.suse.com/893853 SUSE Bug 893853 https://bugzilla.suse.com/980366 SUSE Bug 980366 https://bugzilla.suse.com/992991 SUSE Bug 992991 Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value. CVE-2014-3622 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3622.html CVE-2014-3622 https://bugzilla.suse.com/900934 SUSE Bug 900934 Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation. CVE-2014-3668 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3668.html CVE-2014-3668 https://bugzilla.suse.com/902368 SUSE Bug 902368 https://bugzilla.suse.com/980366 SUSE Bug 980366 The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function. CVE-2014-3670 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3670.html CVE-2014-3670 https://bugzilla.suse.com/902357 SUSE Bug 902357 https://bugzilla.suse.com/980366 SUSE Bug 980366 Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function. CVE-2014-4049 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-4049.html CVE-2014-4049 https://bugzilla.suse.com/882992 SUSE Bug 882992 https://bugzilla.suse.com/893853 SUSE Bug 893853 Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments. CVE-2014-4670 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-4670.html CVE-2014-4670 https://bugzilla.suse.com/886059 SUSE Bug 886059 https://bugzilla.suse.com/980366 SUSE Bug 980366 https://bugzilla.suse.com/992991 SUSE Bug 992991 Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments. CVE-2014-4698 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-4698.html CVE-2014-4698 https://bugzilla.suse.com/886060 SUSE Bug 886060 https://bugzilla.suse.com/980366 SUSE Bug 980366 The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions. CVE-2014-5459 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-5459.html CVE-2014-5459 https://bugzilla.suse.com/893849 SUSE Bug 893849 https://bugzilla.suse.com/980366 SUSE Bug 980366 https://bugzilla.suse.com/992991 SUSE Bug 992991 ** DISPUTED ** The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service (memory corruption or application crash) or possibly have unspecified other impact via unknown vectors. NOTE: this is disputed by the vendor because the standard erealloc behavior makes the free operation unreachable. CVE-2014-9426 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-9426.html CVE-2014-9426 https://bugzilla.suse.com/911663 SUSE Bug 911663 sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might (1) allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping. CVE-2014-9427 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-9427.html CVE-2014-9427 https://bugzilla.suse.com/911664 SUSE Bug 911664 Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142. CVE-2015-0231 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0231.html CVE-2015-0231 https://bugzilla.suse.com/910659 SUSE Bug 910659 https://bugzilla.suse.com/924972 SUSE Bug 924972 https://bugzilla.suse.com/980366 SUSE Bug 980366 https://bugzilla.suse.com/992991 SUSE Bug 992991 Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." CVE-2015-0235 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0235.html CVE-2015-0235 https://bugzilla.suse.com/844309 SUSE Bug 844309 https://bugzilla.suse.com/913646 SUSE Bug 913646 https://bugzilla.suse.com/949238 SUSE Bug 949238 https://bugzilla.suse.com/954983 SUSE Bug 954983 Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function. CVE-2015-0273 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0273.html CVE-2015-0273 https://bugzilla.suse.com/917302 SUSE Bug 917302 https://bugzilla.suse.com/918768 SUSE Bug 918768 https://bugzilla.suse.com/980366 SUSE Bug 980366 Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2015-1351 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-1351.html CVE-2015-1351 https://bugzilla.suse.com/1137633 SUSE Bug 1137633 Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack. CVE-2015-3152 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-3152.html CVE-2015-3152 https://bugzilla.suse.com/1037590 SUSE Bug 1037590 https://bugzilla.suse.com/1047059 SUSE Bug 1047059 https://bugzilla.suse.com/1088681 SUSE Bug 1088681 https://bugzilla.suse.com/924663 SUSE Bug 924663 https://bugzilla.suse.com/928962 SUSE Bug 928962 https://bugzilla.suse.com/936407 SUSE Bug 936407 SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement. CVE-2015-3414 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-3414.html CVE-2015-3414 https://bugzilla.suse.com/1085790 SUSE Bug 1085790 https://bugzilla.suse.com/1190372 SUSE Bug 1190372 https://bugzilla.suse.com/1193078 SUSE Bug 1193078 https://bugzilla.suse.com/928700 SUSE Bug 928700 https://bugzilla.suse.com/928701 SUSE Bug 928701 https://bugzilla.suse.com/928702 SUSE Bug 928702 The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement. CVE-2015-3415 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-3415.html CVE-2015-3415 https://bugzilla.suse.com/1190372 SUSE Bug 1190372 https://bugzilla.suse.com/928700 SUSE Bug 928700 https://bugzilla.suse.com/928701 SUSE Bug 928701 https://bugzilla.suse.com/928702 SUSE Bug 928702 PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string. CVE-2017-9120 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-9120.html CVE-2017-9120 https://bugzilla.suse.com/1103661 SUSE Bug 1103661 Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5. CVE-2018-1000222 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-1000222.html CVE-2018-1000222 https://bugzilla.suse.com/1105434 SUSE Bug 1105434 PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header['filename']` as parameter (such as file_exists, is_file, is_dir, etc). When extract is called without a specific prefix path, we can trigger unserialization by crafting a tar file with `phar://[path_to_malicious_phar_file]` as path. Object injection can be used to trigger destruct in the loaded PHP classes, e.g. the Archive_Tar class itself. With Archive_Tar object injection, arbitrary file deletion can occur because `@unlink($this->_temp_tarname)` is called. If another class with useful gadget is loaded, it may possible to cause remote code execution that can result in files being deleted or possibly modified. This vulnerability appears to have been fixed in 1.4.4. CVE-2018-1000888 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-1000888.html CVE-2018-1000888 exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function. CVE-2018-12882 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-12882.html CVE-2018-12882 https://bugzilla.suse.com/1099098 SUSE Bug 1099098 exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file. CVE-2018-14851 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-14851.html CVE-2018-14851 https://bugzilla.suse.com/1103659 SUSE Bug 1103659 The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c. CVE-2018-17082 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-17082.html CVE-2018-17082 https://bugzilla.suse.com/1108753 SUSE Bug 1108753 ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function. CVE-2018-19935 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-19935.html CVE-2018-19935 https://bugzilla.suse.com/1118832 SUSE Bug 1118832 In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in ext/phar/phar.c. CVE-2018-20783 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-20783.html CVE-2018-20783 https://bugzilla.suse.com/1126713 SUSE Bug 1126713 https://bugzilla.suse.com/1127122 SUSE Bug 1127122 When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. CVE-2019-11034 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-11034.html CVE-2019-11034 https://bugzilla.suse.com/1132838 SUSE Bug 1132838 When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash. CVE-2019-11035 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-11035.html CVE-2019-11035 https://bugzilla.suse.com/1132837 SUSE Bug 1132837 When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. CVE-2019-11036 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-11036.html CVE-2019-11036 https://bugzilla.suse.com/1134322 SUSE Bug 1134322 Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash. CVE-2019-11039 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-11039.html CVE-2019-11039 https://bugzilla.suse.com/1138173 SUSE Bug 1138173 When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. CVE-2019-11040 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-11040.html CVE-2019-11040 https://bugzilla.suse.com/1138172 SUSE Bug 1138172 When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. CVE-2019-11041 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-11041.html CVE-2019-11041 https://bugzilla.suse.com/1146360 SUSE Bug 1146360 When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. CVE-2019-11042 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-11042.html CVE-2019-11042 https://bugzilla.suse.com/1145095 SUSE Bug 1145095 In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. CVE-2019-11043 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-11043.html CVE-2019-11043 https://bugzilla.suse.com/1154999 SUSE Bug 1154999 In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations. CVE-2019-11046 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-11046.html CVE-2019-11046 https://bugzilla.suse.com/1159924 SUSE Bug 1159924 An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c. CVE-2019-9020 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-9020.html CVE-2019-9020 https://bugzilla.suse.com/1126711 SUSE Bug 1126711 An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c. CVE-2019-9021 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-9021.html CVE-2019-9021 https://bugzilla.suse.com/1126713 SUSE Bug 1126713 An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries. CVE-2019-9022 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-9022.html CVE-2019-9022 https://bugzilla.suse.com/1126827 SUSE Bug 1126827 An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences. CVE-2019-9023 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-9023.html CVE-2019-9023 https://bugzilla.suse.com/1126823 SUSE Bug 1126823 An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c. CVE-2019-9024 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-9024.html CVE-2019-9024 https://bugzilla.suse.com/1126821 SUSE Bug 1126821 An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data. CVE-2019-9637 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-9637.html CVE-2019-9637 https://bugzilla.suse.com/1128892 SUSE Bug 1128892 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len. CVE-2019-9638 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-9638.html CVE-2019-9638 https://bugzilla.suse.com/1128889 SUSE Bug 1128889 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn. CVE-2019-9640 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-9640.html CVE-2019-9640 https://bugzilla.suse.com/1128883 SUSE Bug 1128883 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF. CVE-2019-9641 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-9641.html CVE-2019-9641 https://bugzilla.suse.com/1128722 SUSE Bug 1128722 ** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: "This issue allows theoretical compromise of security, but a practical attack is usually impossible." CVE-2019-9675 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-9675.html CVE-2019-9675 https://bugzilla.suse.com/1128886 SUSE Bug 1128886 In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash. CVE-2020-7062 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-7062.html CVE-2020-7062 https://bugzilla.suse.com/1165280 SUSE Bug 1165280 In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted. CVE-2020-7063 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-7063.html CVE-2020-7063 https://bugzilla.suse.com/1165289 SUSE Bug 1165289 In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions. CVE-2021-21706 openSUSE Tumbleweed:php8-8.0.11-1.1 openSUSE Tumbleweed:php8-bcmath-8.0.11-1.1 openSUSE Tumbleweed:php8-bz2-8.0.11-1.1 openSUSE Tumbleweed:php8-calendar-8.0.11-1.1 openSUSE Tumbleweed:php8-cli-8.0.11-1.1 openSUSE Tumbleweed:php8-ctype-8.0.11-1.1 openSUSE Tumbleweed:php8-curl-8.0.11-1.1 openSUSE Tumbleweed:php8-dba-8.0.11-1.1 openSUSE Tumbleweed:php8-devel-8.0.11-1.1 openSUSE Tumbleweed:php8-dom-8.0.11-1.1 openSUSE Tumbleweed:php8-enchant-8.0.11-1.1 openSUSE Tumbleweed:php8-exif-8.0.11-1.1 openSUSE Tumbleweed:php8-fileinfo-8.0.11-1.1 openSUSE Tumbleweed:php8-ftp-8.0.11-1.1 openSUSE Tumbleweed:php8-gd-8.0.11-1.1 openSUSE Tumbleweed:php8-gettext-8.0.11-1.1 openSUSE Tumbleweed:php8-gmp-8.0.11-1.1 openSUSE Tumbleweed:php8-iconv-8.0.11-1.1 openSUSE Tumbleweed:php8-intl-8.0.11-1.1 openSUSE Tumbleweed:php8-ldap-8.0.11-1.1 openSUSE Tumbleweed:php8-mbstring-8.0.11-1.1 openSUSE Tumbleweed:php8-mysql-8.0.11-1.1 openSUSE Tumbleweed:php8-odbc-8.0.11-1.1 openSUSE Tumbleweed:php8-opcache-8.0.11-1.1 openSUSE Tumbleweed:php8-openssl-8.0.11-1.1 openSUSE Tumbleweed:php8-pcntl-8.0.11-1.1 openSUSE Tumbleweed:php8-pdo-8.0.11-1.1 openSUSE Tumbleweed:php8-pgsql-8.0.11-1.1 openSUSE Tumbleweed:php8-phar-8.0.11-1.1 openSUSE Tumbleweed:php8-posix-8.0.11-1.1 openSUSE Tumbleweed:php8-readline-8.0.11-1.1 openSUSE Tumbleweed:php8-shmop-8.0.11-1.1 openSUSE Tumbleweed:php8-snmp-8.0.11-1.1 openSUSE Tumbleweed:php8-soap-8.0.11-1.1 openSUSE Tumbleweed:php8-sockets-8.0.11-1.1 openSUSE Tumbleweed:php8-sodium-8.0.11-1.1 openSUSE Tumbleweed:php8-sqlite-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvsem-8.0.11-1.1 openSUSE Tumbleweed:php8-sysvshm-8.0.11-1.1 openSUSE Tumbleweed:php8-tidy-8.0.11-1.1 openSUSE Tumbleweed:php8-tokenizer-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlreader-8.0.11-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.0.11-1.1 openSUSE Tumbleweed:php8-xsl-8.0.11-1.1 openSUSE Tumbleweed:php8-zip-8.0.11-1.1 openSUSE Tumbleweed:php8-zlib-8.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21706.html CVE-2021-21706 https://bugzilla.suse.com/1191314 SUSE Bug 1191314