Security update for php8 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:2027-1 Final 1 1 2024-06-13T15:11:26Z current 2024-06-13T15:11:26Z 2024-06-13T15:11:26Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for php8 This update for php8 fixes the following issues: - CVE-2024-5458: Fixed an issue that allows to bypass filters in filter_var FILTER_VALIDATE_URL. (bsc#1226073) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-2027,SUSE-SLE-Module-Web-Scripting-12-2024-2027,SUSE-SLE-SDK-12-SP5-2024-2027 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20242027-1/ Link for SUSE-SU-2024:2027-1 https://lists.suse.com/pipermail/sle-updates/2024-June/035584.html E-Mail link for SUSE-SU-2024:2027-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1226073 SUSE Bug 1226073 https://www.suse.com/security/cve/CVE-2024-5458/ SUSE CVE CVE-2024-5458 page SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Software Development Kit 12 SP5 apache2-mod_php74-7.4.33-1.68.2 php74-7.4.33-1.68.2 php74-bcmath-7.4.33-1.68.2 php74-bz2-7.4.33-1.68.2 php74-calendar-7.4.33-1.68.2 php74-ctype-7.4.33-1.68.2 php74-curl-7.4.33-1.68.2 php74-dba-7.4.33-1.68.2 php74-devel-7.4.33-1.68.2 php74-dom-7.4.33-1.68.2 php74-embed-7.4.33-1.68.2 php74-enchant-7.4.33-1.68.2 php74-exif-7.4.33-1.68.2 php74-fastcgi-7.4.33-1.68.2 php74-fileinfo-7.4.33-1.68.2 php74-firebird-7.4.33-1.68.2 php74-fpm-7.4.33-1.68.2 php74-ftp-7.4.33-1.68.2 php74-gd-7.4.33-1.68.2 php74-gettext-7.4.33-1.68.2 php74-gmp-7.4.33-1.68.2 php74-iconv-7.4.33-1.68.2 php74-intl-7.4.33-1.68.2 php74-json-7.4.33-1.68.2 php74-ldap-7.4.33-1.68.2 php74-mbstring-7.4.33-1.68.2 php74-mysql-7.4.33-1.68.2 php74-odbc-7.4.33-1.68.2 php74-opcache-7.4.33-1.68.2 php74-openssl-7.4.33-1.68.2 php74-pcntl-7.4.33-1.68.2 php74-pdo-7.4.33-1.68.2 php74-pgsql-7.4.33-1.68.2 php74-phar-7.4.33-1.68.2 php74-posix-7.4.33-1.68.2 php74-readline-7.4.33-1.68.2 php74-shmop-7.4.33-1.68.2 php74-snmp-7.4.33-1.68.2 php74-soap-7.4.33-1.68.2 php74-sockets-7.4.33-1.68.2 php74-sodium-7.4.33-1.68.2 php74-sqlite-7.4.33-1.68.2 php74-sysvmsg-7.4.33-1.68.2 php74-sysvsem-7.4.33-1.68.2 php74-sysvshm-7.4.33-1.68.2 php74-test-7.4.33-1.68.2 php74-tidy-7.4.33-1.68.2 php74-tokenizer-7.4.33-1.68.2 php74-xmlreader-7.4.33-1.68.2 php74-xmlrpc-7.4.33-1.68.2 php74-xmlwriter-7.4.33-1.68.2 php74-xsl-7.4.33-1.68.2 php74-zip-7.4.33-1.68.2 php74-zlib-7.4.33-1.68.2 apache2-mod_php74-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-bcmath-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-bz2-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-calendar-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-ctype-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-curl-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-dba-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-dom-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-enchant-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-exif-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-fastcgi-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-fileinfo-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-fpm-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-ftp-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-gd-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-gettext-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-gmp-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-iconv-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-intl-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-json-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-ldap-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-mbstring-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-mysql-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-odbc-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-opcache-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-openssl-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-pcntl-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-pdo-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-pgsql-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-phar-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-posix-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-readline-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-shmop-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-snmp-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-soap-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-sockets-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-sodium-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-sqlite-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-sysvmsg-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-sysvsem-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-sysvshm-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-tidy-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-tokenizer-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-xmlreader-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-xmlrpc-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-xmlwriter-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-xsl-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-zip-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-zlib-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-devel-7.4.33-1.68.2 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly. CVE-2024-5458 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php74-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bcmath-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bz2-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-calendar-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ctype-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-curl-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dba-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dom-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-enchant-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-exif-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fastcgi-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fileinfo-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fpm-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ftp-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gd-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gettext-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gmp-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-iconv-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-intl-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-json-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ldap-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mbstring-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mysql-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-odbc-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-opcache-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-openssl-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pcntl-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pdo-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pgsql-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-phar-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-posix-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-readline-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-shmop-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-snmp-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-soap-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sockets-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sodium-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sqlite-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvmsg-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvsem-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvshm-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tidy-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tokenizer-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlreader-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlrpc-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlwriter-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xsl-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zip-7.4.33-1.68.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zlib-7.4.33-1.68.2 SUSE Linux Enterprise Software Development Kit 12 SP5:php74-devel-7.4.33-1.68.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20242027-1/ https://www.suse.com/security/cve/CVE-2024-5458.html CVE-2024-5458 https://bugzilla.suse.com/1226072 SUSE Bug 1226072 https://bugzilla.suse.com/1226073 SUSE Bug 1226073 https://bugzilla.suse.com/1226074 SUSE Bug 1226074