php8-8.2.10-3.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13267-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z php8-8.2.10-3.1 on GA media These are all security issues fixed in the php8-8.2.10-3.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13267 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-31625/ SUSE CVE CVE-2022-31625 page https://www.suse.com/security/cve/CVE-2022-31626/ SUSE CVE CVE-2022-31626 page https://www.suse.com/security/cve/CVE-2023-3247/ SUSE CVE CVE-2023-3247 page openSUSE Tumbleweed php8-8.2.10-3.1 php8-bcmath-8.2.10-3.1 php8-bz2-8.2.10-3.1 php8-calendar-8.2.10-3.1 php8-cli-8.2.10-3.1 php8-ctype-8.2.10-3.1 php8-curl-8.2.10-3.1 php8-dba-8.2.10-3.1 php8-devel-8.2.10-3.1 php8-dom-8.2.10-3.1 php8-enchant-8.2.10-3.1 php8-exif-8.2.10-3.1 php8-ffi-8.2.10-3.1 php8-fileinfo-8.2.10-3.1 php8-ftp-8.2.10-3.1 php8-gd-8.2.10-3.1 php8-gettext-8.2.10-3.1 php8-gmp-8.2.10-3.1 php8-iconv-8.2.10-3.1 php8-intl-8.2.10-3.1 php8-ldap-8.2.10-3.1 php8-mbstring-8.2.10-3.1 php8-mysql-8.2.10-3.1 php8-odbc-8.2.10-3.1 php8-opcache-8.2.10-3.1 php8-openssl-8.2.10-3.1 php8-pcntl-8.2.10-3.1 php8-pdo-8.2.10-3.1 php8-pgsql-8.2.10-3.1 php8-phar-8.2.10-3.1 php8-posix-8.2.10-3.1 php8-readline-8.2.10-3.1 php8-shmop-8.2.10-3.1 php8-snmp-8.2.10-3.1 php8-soap-8.2.10-3.1 php8-sockets-8.2.10-3.1 php8-sodium-8.2.10-3.1 php8-sqlite-8.2.10-3.1 php8-sysvmsg-8.2.10-3.1 php8-sysvsem-8.2.10-3.1 php8-sysvshm-8.2.10-3.1 php8-tidy-8.2.10-3.1 php8-tokenizer-8.2.10-3.1 php8-xmlreader-8.2.10-3.1 php8-xmlwriter-8.2.10-3.1 php8-xsl-8.2.10-3.1 php8-zip-8.2.10-3.1 php8-zlib-8.2.10-3.1 php8-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-bcmath-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-bz2-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-calendar-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-cli-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-ctype-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-curl-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-dba-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-devel-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-dom-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-enchant-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-exif-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-ffi-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-fileinfo-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-ftp-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-gd-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-gettext-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-gmp-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-iconv-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-intl-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-ldap-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-mbstring-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-mysql-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-odbc-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-opcache-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-openssl-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-pcntl-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-pdo-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-pgsql-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-phar-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-posix-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-readline-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-shmop-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-snmp-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-soap-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-sockets-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-sodium-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-sqlite-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-sysvmsg-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-sysvsem-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-sysvshm-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-tidy-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-tokenizer-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-xmlreader-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-xmlwriter-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-xsl-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-zip-8.2.10-3.1 as a component of openSUSE Tumbleweed php8-zlib-8.2.10-3.1 as a component of openSUSE Tumbleweed In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service. CVE-2022-31625 openSUSE Tumbleweed:php8-8.2.10-3.1 openSUSE Tumbleweed:php8-bcmath-8.2.10-3.1 openSUSE Tumbleweed:php8-bz2-8.2.10-3.1 openSUSE Tumbleweed:php8-calendar-8.2.10-3.1 openSUSE Tumbleweed:php8-cli-8.2.10-3.1 openSUSE Tumbleweed:php8-ctype-8.2.10-3.1 openSUSE Tumbleweed:php8-curl-8.2.10-3.1 openSUSE Tumbleweed:php8-dba-8.2.10-3.1 openSUSE Tumbleweed:php8-devel-8.2.10-3.1 openSUSE Tumbleweed:php8-dom-8.2.10-3.1 openSUSE Tumbleweed:php8-enchant-8.2.10-3.1 openSUSE Tumbleweed:php8-exif-8.2.10-3.1 openSUSE Tumbleweed:php8-ffi-8.2.10-3.1 openSUSE Tumbleweed:php8-fileinfo-8.2.10-3.1 openSUSE Tumbleweed:php8-ftp-8.2.10-3.1 openSUSE Tumbleweed:php8-gd-8.2.10-3.1 openSUSE Tumbleweed:php8-gettext-8.2.10-3.1 openSUSE Tumbleweed:php8-gmp-8.2.10-3.1 openSUSE Tumbleweed:php8-iconv-8.2.10-3.1 openSUSE Tumbleweed:php8-intl-8.2.10-3.1 openSUSE Tumbleweed:php8-ldap-8.2.10-3.1 openSUSE Tumbleweed:php8-mbstring-8.2.10-3.1 openSUSE Tumbleweed:php8-mysql-8.2.10-3.1 openSUSE Tumbleweed:php8-odbc-8.2.10-3.1 openSUSE Tumbleweed:php8-opcache-8.2.10-3.1 openSUSE Tumbleweed:php8-openssl-8.2.10-3.1 openSUSE Tumbleweed:php8-pcntl-8.2.10-3.1 openSUSE Tumbleweed:php8-pdo-8.2.10-3.1 openSUSE Tumbleweed:php8-pgsql-8.2.10-3.1 openSUSE Tumbleweed:php8-phar-8.2.10-3.1 openSUSE Tumbleweed:php8-posix-8.2.10-3.1 openSUSE Tumbleweed:php8-readline-8.2.10-3.1 openSUSE Tumbleweed:php8-shmop-8.2.10-3.1 openSUSE Tumbleweed:php8-snmp-8.2.10-3.1 openSUSE Tumbleweed:php8-soap-8.2.10-3.1 openSUSE Tumbleweed:php8-sockets-8.2.10-3.1 openSUSE Tumbleweed:php8-sodium-8.2.10-3.1 openSUSE Tumbleweed:php8-sqlite-8.2.10-3.1 openSUSE Tumbleweed:php8-sysvmsg-8.2.10-3.1 openSUSE Tumbleweed:php8-sysvsem-8.2.10-3.1 openSUSE Tumbleweed:php8-sysvshm-8.2.10-3.1 openSUSE Tumbleweed:php8-tidy-8.2.10-3.1 openSUSE Tumbleweed:php8-tokenizer-8.2.10-3.1 openSUSE Tumbleweed:php8-xmlreader-8.2.10-3.1 openSUSE Tumbleweed:php8-xmlwriter-8.2.10-3.1 openSUSE Tumbleweed:php8-xsl-8.2.10-3.1 openSUSE Tumbleweed:php8-zip-8.2.10-3.1 openSUSE Tumbleweed:php8-zlib-8.2.10-3.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-31625.html CVE-2022-31625 https://bugzilla.suse.com/1200645 SUSE Bug 1200645 In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability. CVE-2022-31626 openSUSE Tumbleweed:php8-8.2.10-3.1 openSUSE Tumbleweed:php8-bcmath-8.2.10-3.1 openSUSE Tumbleweed:php8-bz2-8.2.10-3.1 openSUSE Tumbleweed:php8-calendar-8.2.10-3.1 openSUSE Tumbleweed:php8-cli-8.2.10-3.1 openSUSE Tumbleweed:php8-ctype-8.2.10-3.1 openSUSE Tumbleweed:php8-curl-8.2.10-3.1 openSUSE Tumbleweed:php8-dba-8.2.10-3.1 openSUSE Tumbleweed:php8-devel-8.2.10-3.1 openSUSE Tumbleweed:php8-dom-8.2.10-3.1 openSUSE Tumbleweed:php8-enchant-8.2.10-3.1 openSUSE Tumbleweed:php8-exif-8.2.10-3.1 openSUSE Tumbleweed:php8-ffi-8.2.10-3.1 openSUSE Tumbleweed:php8-fileinfo-8.2.10-3.1 openSUSE Tumbleweed:php8-ftp-8.2.10-3.1 openSUSE Tumbleweed:php8-gd-8.2.10-3.1 openSUSE Tumbleweed:php8-gettext-8.2.10-3.1 openSUSE Tumbleweed:php8-gmp-8.2.10-3.1 openSUSE Tumbleweed:php8-iconv-8.2.10-3.1 openSUSE Tumbleweed:php8-intl-8.2.10-3.1 openSUSE Tumbleweed:php8-ldap-8.2.10-3.1 openSUSE Tumbleweed:php8-mbstring-8.2.10-3.1 openSUSE Tumbleweed:php8-mysql-8.2.10-3.1 openSUSE Tumbleweed:php8-odbc-8.2.10-3.1 openSUSE Tumbleweed:php8-opcache-8.2.10-3.1 openSUSE Tumbleweed:php8-openssl-8.2.10-3.1 openSUSE Tumbleweed:php8-pcntl-8.2.10-3.1 openSUSE Tumbleweed:php8-pdo-8.2.10-3.1 openSUSE Tumbleweed:php8-pgsql-8.2.10-3.1 openSUSE Tumbleweed:php8-phar-8.2.10-3.1 openSUSE Tumbleweed:php8-posix-8.2.10-3.1 openSUSE Tumbleweed:php8-readline-8.2.10-3.1 openSUSE Tumbleweed:php8-shmop-8.2.10-3.1 openSUSE Tumbleweed:php8-snmp-8.2.10-3.1 openSUSE Tumbleweed:php8-soap-8.2.10-3.1 openSUSE Tumbleweed:php8-sockets-8.2.10-3.1 openSUSE Tumbleweed:php8-sodium-8.2.10-3.1 openSUSE Tumbleweed:php8-sqlite-8.2.10-3.1 openSUSE Tumbleweed:php8-sysvmsg-8.2.10-3.1 openSUSE Tumbleweed:php8-sysvsem-8.2.10-3.1 openSUSE Tumbleweed:php8-sysvshm-8.2.10-3.1 openSUSE Tumbleweed:php8-tidy-8.2.10-3.1 openSUSE Tumbleweed:php8-tokenizer-8.2.10-3.1 openSUSE Tumbleweed:php8-xmlreader-8.2.10-3.1 openSUSE Tumbleweed:php8-xmlwriter-8.2.10-3.1 openSUSE Tumbleweed:php8-xsl-8.2.10-3.1 openSUSE Tumbleweed:php8-zip-8.2.10-3.1 openSUSE Tumbleweed:php8-zlib-8.2.10-3.1 important 6 AV:N/AC:M/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-31626.html CVE-2022-31626 https://bugzilla.suse.com/1200628 SUSE Bug 1200628 In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce. CVE-2023-3247 openSUSE Tumbleweed:php8-8.2.10-3.1 openSUSE Tumbleweed:php8-bcmath-8.2.10-3.1 openSUSE Tumbleweed:php8-bz2-8.2.10-3.1 openSUSE Tumbleweed:php8-calendar-8.2.10-3.1 openSUSE Tumbleweed:php8-cli-8.2.10-3.1 openSUSE Tumbleweed:php8-ctype-8.2.10-3.1 openSUSE Tumbleweed:php8-curl-8.2.10-3.1 openSUSE Tumbleweed:php8-dba-8.2.10-3.1 openSUSE Tumbleweed:php8-devel-8.2.10-3.1 openSUSE Tumbleweed:php8-dom-8.2.10-3.1 openSUSE Tumbleweed:php8-enchant-8.2.10-3.1 openSUSE Tumbleweed:php8-exif-8.2.10-3.1 openSUSE Tumbleweed:php8-ffi-8.2.10-3.1 openSUSE Tumbleweed:php8-fileinfo-8.2.10-3.1 openSUSE Tumbleweed:php8-ftp-8.2.10-3.1 openSUSE Tumbleweed:php8-gd-8.2.10-3.1 openSUSE Tumbleweed:php8-gettext-8.2.10-3.1 openSUSE Tumbleweed:php8-gmp-8.2.10-3.1 openSUSE Tumbleweed:php8-iconv-8.2.10-3.1 openSUSE Tumbleweed:php8-intl-8.2.10-3.1 openSUSE Tumbleweed:php8-ldap-8.2.10-3.1 openSUSE Tumbleweed:php8-mbstring-8.2.10-3.1 openSUSE Tumbleweed:php8-mysql-8.2.10-3.1 openSUSE Tumbleweed:php8-odbc-8.2.10-3.1 openSUSE Tumbleweed:php8-opcache-8.2.10-3.1 openSUSE Tumbleweed:php8-openssl-8.2.10-3.1 openSUSE Tumbleweed:php8-pcntl-8.2.10-3.1 openSUSE Tumbleweed:php8-pdo-8.2.10-3.1 openSUSE Tumbleweed:php8-pgsql-8.2.10-3.1 openSUSE Tumbleweed:php8-phar-8.2.10-3.1 openSUSE Tumbleweed:php8-posix-8.2.10-3.1 openSUSE Tumbleweed:php8-readline-8.2.10-3.1 openSUSE Tumbleweed:php8-shmop-8.2.10-3.1 openSUSE Tumbleweed:php8-snmp-8.2.10-3.1 openSUSE Tumbleweed:php8-soap-8.2.10-3.1 openSUSE Tumbleweed:php8-sockets-8.2.10-3.1 openSUSE Tumbleweed:php8-sodium-8.2.10-3.1 openSUSE Tumbleweed:php8-sqlite-8.2.10-3.1 openSUSE Tumbleweed:php8-sysvmsg-8.2.10-3.1 openSUSE Tumbleweed:php8-sysvsem-8.2.10-3.1 openSUSE Tumbleweed:php8-sysvshm-8.2.10-3.1 openSUSE Tumbleweed:php8-tidy-8.2.10-3.1 openSUSE Tumbleweed:php8-tokenizer-8.2.10-3.1 openSUSE Tumbleweed:php8-xmlreader-8.2.10-3.1 openSUSE Tumbleweed:php8-xmlwriter-8.2.10-3.1 openSUSE Tumbleweed:php8-xsl-8.2.10-3.1 openSUSE Tumbleweed:php8-zip-8.2.10-3.1 openSUSE Tumbleweed:php8-zlib-8.2.10-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-3247.html CVE-2023-3247 https://bugzilla.suse.com/1212349 SUSE Bug 1212349