Security update for php74 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:4068-1 Final 1 1 2022-11-18T10:55:22Z current 2022-11-18T10:55:22Z 2022-11-18T10:55:22Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for php74 This update for php74 fixes the following issues: - Version update to 7.4.33: - CVE-2022-31630: Fixed out-of-bounds read due to insufficient input validation in imageloadfont() (bsc#1204979). - CVE-2022-37454: Fixed buffer overflow in hash_update() on long parameter (bsc#1204577). - Version update to 7.4.32 (jsc#SLE-23639) - CVE-2022-31628: Fixed an uncontrolled recursion in the phar uncompressor while decompressing 'quines' gzip files. (bsc#1203867) - CVE-2022-31629: Fixed a bug which could lead an attacker to set an insecure cookie that will treated as secure in the victim's browser. (bsc#1203870) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2022-4068,SUSE-SLE-Module-Web-Scripting-12-2022-4068,SUSE-SLE-SDK-12-SP5-2022-4068 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20224068-1/ Link for SUSE-SU-2022:4068-1 https://lists.suse.com/pipermail/sle-security-updates/2022-November/012984.html E-Mail link for SUSE-SU-2022:4068-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1203867 SUSE Bug 1203867 https://bugzilla.suse.com/1203870 SUSE Bug 1203870 https://bugzilla.suse.com/1204577 SUSE Bug 1204577 https://bugzilla.suse.com/1204979 SUSE Bug 1204979 https://www.suse.com/security/cve/CVE-2017-8923/ SUSE CVE CVE-2017-8923 page https://www.suse.com/security/cve/CVE-2020-7068/ SUSE CVE CVE-2020-7068 page https://www.suse.com/security/cve/CVE-2020-7069/ SUSE CVE CVE-2020-7069 page https://www.suse.com/security/cve/CVE-2020-7070/ SUSE CVE CVE-2020-7070 page https://www.suse.com/security/cve/CVE-2020-7071/ SUSE CVE CVE-2020-7071 page https://www.suse.com/security/cve/CVE-2021-21702/ SUSE CVE CVE-2021-21702 page https://www.suse.com/security/cve/CVE-2021-21703/ SUSE CVE CVE-2021-21703 page https://www.suse.com/security/cve/CVE-2021-21704/ SUSE CVE CVE-2021-21704 page https://www.suse.com/security/cve/CVE-2021-21705/ SUSE CVE CVE-2021-21705 page https://www.suse.com/security/cve/CVE-2021-21706/ SUSE CVE CVE-2021-21706 page https://www.suse.com/security/cve/CVE-2021-21707/ SUSE CVE CVE-2021-21707 page https://www.suse.com/security/cve/CVE-2021-21708/ SUSE CVE CVE-2021-21708 page https://www.suse.com/security/cve/CVE-2022-31625/ SUSE CVE CVE-2022-31625 page https://www.suse.com/security/cve/CVE-2022-31626/ SUSE CVE CVE-2022-31626 page https://www.suse.com/security/cve/CVE-2022-31628/ SUSE CVE CVE-2022-31628 page https://www.suse.com/security/cve/CVE-2022-31629/ SUSE CVE CVE-2022-31629 page https://www.suse.com/security/cve/CVE-2022-31630/ SUSE CVE CVE-2022-31630 page https://www.suse.com/security/cve/CVE-2022-37454/ SUSE CVE CVE-2022-37454 page SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Software Development Kit 12 SP5 apache2-mod_php74-7.4.33-1.47.2 php74-7.4.33-1.47.2 php74-bcmath-7.4.33-1.47.2 php74-bz2-7.4.33-1.47.2 php74-calendar-7.4.33-1.47.2 php74-ctype-7.4.33-1.47.2 php74-curl-7.4.33-1.47.2 php74-dba-7.4.33-1.47.2 php74-devel-7.4.33-1.47.2 php74-dom-7.4.33-1.47.2 php74-embed-7.4.33-1.47.2 php74-enchant-7.4.33-1.47.2 php74-exif-7.4.33-1.47.2 php74-fastcgi-7.4.33-1.47.2 php74-fileinfo-7.4.33-1.47.2 php74-firebird-7.4.33-1.47.2 php74-fpm-7.4.33-1.47.2 php74-ftp-7.4.33-1.47.2 php74-gd-7.4.33-1.47.2 php74-gettext-7.4.33-1.47.2 php74-gmp-7.4.33-1.47.2 php74-iconv-7.4.33-1.47.2 php74-intl-7.4.33-1.47.2 php74-json-7.4.33-1.47.2 php74-ldap-7.4.33-1.47.2 php74-mbstring-7.4.33-1.47.2 php74-mysql-7.4.33-1.47.2 php74-odbc-7.4.33-1.47.2 php74-opcache-7.4.33-1.47.2 php74-openssl-7.4.33-1.47.2 php74-pcntl-7.4.33-1.47.2 php74-pdo-7.4.33-1.47.2 php74-pgsql-7.4.33-1.47.2 php74-phar-7.4.33-1.47.2 php74-posix-7.4.33-1.47.2 php74-readline-7.4.33-1.47.2 php74-shmop-7.4.33-1.47.2 php74-snmp-7.4.33-1.47.2 php74-soap-7.4.33-1.47.2 php74-sockets-7.4.33-1.47.2 php74-sodium-7.4.33-1.47.2 php74-sqlite-7.4.33-1.47.2 php74-sysvmsg-7.4.33-1.47.2 php74-sysvsem-7.4.33-1.47.2 php74-sysvshm-7.4.33-1.47.2 php74-test-7.4.33-1.47.2 php74-tidy-7.4.33-1.47.2 php74-tokenizer-7.4.33-1.47.2 php74-xmlreader-7.4.33-1.47.2 php74-xmlrpc-7.4.33-1.47.2 php74-xmlwriter-7.4.33-1.47.2 php74-xsl-7.4.33-1.47.2 php74-zip-7.4.33-1.47.2 php74-zlib-7.4.33-1.47.2 apache2-mod_php74-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-bcmath-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-bz2-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-calendar-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-ctype-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-curl-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-dba-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-dom-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-enchant-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-exif-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-fastcgi-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-fileinfo-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-fpm-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-ftp-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-gd-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-gettext-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-gmp-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-iconv-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-intl-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-json-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-ldap-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-mbstring-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-mysql-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-odbc-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-opcache-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-openssl-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-pcntl-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-pdo-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-pgsql-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-phar-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-posix-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-readline-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-shmop-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-snmp-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-soap-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-sockets-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-sodium-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-sqlite-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-sysvmsg-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-sysvsem-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-sysvshm-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-tidy-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-tokenizer-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-xmlreader-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-xmlrpc-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-xmlwriter-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-xsl-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-zip-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-zlib-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php74-devel-7.4.33-1.47.2 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string. CVE-2017-8923 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php74-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bcmath-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bz2-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-calendar-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ctype-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-curl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dba-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dom-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-enchant-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-exif-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fastcgi-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fileinfo-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fpm-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ftp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gd-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gettext-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gmp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-iconv-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-intl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-json-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ldap-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mbstring-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mysql-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-odbc-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-opcache-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-openssl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pcntl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pdo-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pgsql-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-phar-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-posix-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-readline-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-shmop-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-snmp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-soap-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sockets-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sodium-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sqlite-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvmsg-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvsem-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvshm-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tidy-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tokenizer-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlreader-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlrpc-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlwriter-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xsl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zip-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zlib-7.4.33-1.47.2 SUSE Linux Enterprise Software Development Kit 12 SP5:php74-devel-7.4.33-1.47.2 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224068-1/ https://www.suse.com/security/cve/CVE-2017-8923.html CVE-2017-8923 https://bugzilla.suse.com/1038980 SUSE Bug 1038980 In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure. CVE-2020-7068 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php74-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bcmath-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bz2-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-calendar-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ctype-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-curl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dba-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dom-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-enchant-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-exif-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fastcgi-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fileinfo-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fpm-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ftp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gd-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gettext-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gmp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-iconv-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-intl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-json-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ldap-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mbstring-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mysql-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-odbc-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-opcache-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-openssl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pcntl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pdo-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pgsql-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-phar-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-posix-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-readline-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-shmop-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-snmp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-soap-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sockets-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sodium-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sqlite-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvmsg-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvsem-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvshm-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tidy-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tokenizer-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlreader-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlrpc-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlwriter-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xsl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zip-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zlib-7.4.33-1.47.2 SUSE Linux Enterprise Software Development Kit 12 SP5:php74-devel-7.4.33-1.47.2 moderate 3.3 AV:L/AC:M/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224068-1/ https://www.suse.com/security/cve/CVE-2020-7068.html CVE-2020-7068 https://bugzilla.suse.com/1175203 SUSE Bug 1175203 https://bugzilla.suse.com/1175223 SUSE Bug 1175223 In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data. CVE-2020-7069 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php74-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bcmath-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bz2-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-calendar-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ctype-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-curl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dba-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dom-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-enchant-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-exif-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fastcgi-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fileinfo-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fpm-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ftp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gd-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gettext-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gmp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-iconv-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-intl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-json-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ldap-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mbstring-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mysql-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-odbc-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-opcache-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-openssl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pcntl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pdo-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pgsql-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-phar-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-posix-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-readline-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-shmop-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-snmp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-soap-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sockets-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sodium-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sqlite-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvmsg-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvsem-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvshm-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tidy-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tokenizer-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlreader-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlrpc-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlwriter-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xsl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zip-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zlib-7.4.33-1.47.2 SUSE Linux Enterprise Software Development Kit 12 SP5:php74-devel-7.4.33-1.47.2 important 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224068-1/ https://www.suse.com/security/cve/CVE-2020-7069.html CVE-2020-7069 https://bugzilla.suse.com/1177351 SUSE Bug 1177351 In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information. CVE-2020-7070 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php74-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bcmath-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bz2-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-calendar-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ctype-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-curl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dba-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dom-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-enchant-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-exif-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fastcgi-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fileinfo-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fpm-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ftp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gd-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gettext-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gmp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-iconv-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-intl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-json-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ldap-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mbstring-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mysql-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-odbc-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-opcache-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-openssl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pcntl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pdo-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pgsql-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-phar-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-posix-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-readline-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-shmop-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-snmp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-soap-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sockets-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sodium-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sqlite-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvmsg-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvsem-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvshm-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tidy-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tokenizer-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlreader-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlrpc-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlwriter-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xsl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zip-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zlib-7.4.33-1.47.2 SUSE Linux Enterprise Software Development Kit 12 SP5:php74-devel-7.4.33-1.47.2 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224068-1/ https://www.suse.com/security/cve/CVE-2020-7070.html CVE-2020-7070 https://bugzilla.suse.com/1177352 SUSE Bug 1177352 In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL. CVE-2020-7071 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php74-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bcmath-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bz2-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-calendar-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ctype-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-curl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dba-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dom-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-enchant-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-exif-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fastcgi-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fileinfo-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fpm-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ftp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gd-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gettext-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gmp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-iconv-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-intl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-json-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ldap-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mbstring-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mysql-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-odbc-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-opcache-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-openssl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pcntl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pdo-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pgsql-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-phar-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-posix-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-readline-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-shmop-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-snmp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-soap-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sockets-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sodium-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sqlite-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvmsg-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvsem-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvshm-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tidy-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tokenizer-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlreader-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlrpc-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlwriter-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xsl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zip-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zlib-7.4.33-1.47.2 SUSE Linux Enterprise Software Development Kit 12 SP5:php74-devel-7.4.33-1.47.2 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224068-1/ https://www.suse.com/security/cve/CVE-2020-7071.html CVE-2020-7071 https://bugzilla.suse.com/1180706 SUSE Bug 1180706 https://bugzilla.suse.com/1182049 SUSE Bug 1182049 In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash. CVE-2021-21702 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php74-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bcmath-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bz2-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-calendar-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ctype-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-curl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dba-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dom-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-enchant-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-exif-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fastcgi-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fileinfo-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fpm-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ftp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gd-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gettext-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gmp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-iconv-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-intl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-json-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ldap-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mbstring-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mysql-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-odbc-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-opcache-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-openssl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pcntl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pdo-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pgsql-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-phar-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-posix-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-readline-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-shmop-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-snmp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-soap-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sockets-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sodium-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sqlite-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvmsg-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvsem-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvshm-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tidy-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tokenizer-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlreader-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlrpc-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlwriter-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xsl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zip-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zlib-7.4.33-1.47.2 SUSE Linux Enterprise Software Development Kit 12 SP5:php74-devel-7.4.33-1.47.2 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224068-1/ https://www.suse.com/security/cve/CVE-2021-21702.html CVE-2021-21702 https://bugzilla.suse.com/1182049 SUSE Bug 1182049 In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user. CVE-2021-21703 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php74-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bcmath-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bz2-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-calendar-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ctype-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-curl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dba-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dom-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-enchant-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-exif-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fastcgi-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fileinfo-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fpm-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ftp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gd-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gettext-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gmp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-iconv-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-intl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-json-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ldap-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mbstring-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mysql-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-odbc-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-opcache-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-openssl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pcntl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pdo-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pgsql-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-phar-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-posix-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-readline-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-shmop-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-snmp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-soap-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sockets-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sodium-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sqlite-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvmsg-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvsem-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvshm-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tidy-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tokenizer-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlreader-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlrpc-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlwriter-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xsl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zip-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zlib-7.4.33-1.47.2 SUSE Linux Enterprise Software Development Kit 12 SP5:php74-devel-7.4.33-1.47.2 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224068-1/ https://www.suse.com/security/cve/CVE-2021-21703.html CVE-2021-21703 https://bugzilla.suse.com/1192050 SUSE Bug 1192050 In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption. CVE-2021-21704 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php74-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bcmath-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bz2-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-calendar-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ctype-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-curl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dba-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dom-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-enchant-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-exif-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fastcgi-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fileinfo-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fpm-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ftp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gd-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gettext-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gmp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-iconv-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-intl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-json-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ldap-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mbstring-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mysql-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-odbc-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-opcache-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-openssl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pcntl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pdo-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pgsql-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-phar-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-posix-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-readline-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-shmop-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-snmp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-soap-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sockets-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sodium-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sqlite-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvmsg-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvsem-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvshm-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tidy-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tokenizer-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlreader-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlrpc-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlwriter-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xsl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zip-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zlib-7.4.33-1.47.2 SUSE Linux Enterprise Software Development Kit 12 SP5:php74-devel-7.4.33-1.47.2 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224068-1/ https://www.suse.com/security/cve/CVE-2021-21704.html CVE-2021-21704 https://bugzilla.suse.com/1188035 SUSE Bug 1188035 In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision. CVE-2021-21705 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php74-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bcmath-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bz2-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-calendar-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ctype-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-curl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dba-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dom-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-enchant-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-exif-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fastcgi-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fileinfo-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fpm-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ftp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gd-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gettext-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gmp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-iconv-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-intl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-json-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ldap-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mbstring-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mysql-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-odbc-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-opcache-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-openssl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pcntl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pdo-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pgsql-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-phar-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-posix-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-readline-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-shmop-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-snmp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-soap-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sockets-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sodium-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sqlite-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvmsg-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvsem-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvshm-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tidy-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tokenizer-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlreader-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlrpc-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlwriter-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xsl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zip-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zlib-7.4.33-1.47.2 SUSE Linux Enterprise Software Development Kit 12 SP5:php74-devel-7.4.33-1.47.2 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224068-1/ https://www.suse.com/security/cve/CVE-2021-21705.html CVE-2021-21705 https://bugzilla.suse.com/1188037 SUSE Bug 1188037 In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions. CVE-2021-21706 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php74-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bcmath-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bz2-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-calendar-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ctype-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-curl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dba-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dom-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-enchant-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-exif-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fastcgi-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fileinfo-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fpm-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ftp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gd-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gettext-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gmp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-iconv-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-intl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-json-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ldap-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mbstring-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mysql-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-odbc-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-opcache-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-openssl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pcntl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pdo-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pgsql-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-phar-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-posix-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-readline-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-shmop-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-snmp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-soap-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sockets-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sodium-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sqlite-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvmsg-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvsem-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvshm-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tidy-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tokenizer-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlreader-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlrpc-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlwriter-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xsl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zip-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zlib-7.4.33-1.47.2 SUSE Linux Enterprise Software Development Kit 12 SP5:php74-devel-7.4.33-1.47.2 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224068-1/ https://www.suse.com/security/cve/CVE-2021-21706.html CVE-2021-21706 https://bugzilla.suse.com/1191314 SUSE Bug 1191314 In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended. CVE-2021-21707 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php74-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bcmath-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bz2-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-calendar-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ctype-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-curl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dba-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dom-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-enchant-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-exif-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fastcgi-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fileinfo-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fpm-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ftp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gd-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gettext-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gmp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-iconv-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-intl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-json-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ldap-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mbstring-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mysql-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-odbc-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-opcache-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-openssl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pcntl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pdo-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pgsql-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-phar-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-posix-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-readline-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-shmop-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-snmp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-soap-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sockets-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sodium-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sqlite-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvmsg-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvsem-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvshm-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tidy-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tokenizer-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlreader-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlrpc-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlwriter-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xsl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zip-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zlib-7.4.33-1.47.2 SUSE Linux Enterprise Software Development Kit 12 SP5:php74-devel-7.4.33-1.47.2 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224068-1/ https://www.suse.com/security/cve/CVE-2021-21707.html CVE-2021-21707 https://bugzilla.suse.com/1193041 SUSE Bug 1193041 In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits. CVE-2021-21708 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php74-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bcmath-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bz2-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-calendar-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ctype-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-curl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dba-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dom-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-enchant-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-exif-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fastcgi-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fileinfo-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fpm-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ftp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gd-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gettext-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gmp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-iconv-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-intl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-json-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ldap-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mbstring-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mysql-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-odbc-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-opcache-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-openssl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pcntl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pdo-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pgsql-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-phar-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-posix-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-readline-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-shmop-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-snmp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-soap-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sockets-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sodium-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sqlite-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvmsg-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvsem-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvshm-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tidy-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tokenizer-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlreader-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlrpc-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlwriter-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xsl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zip-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zlib-7.4.33-1.47.2 SUSE Linux Enterprise Software Development Kit 12 SP5:php74-devel-7.4.33-1.47.2 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224068-1/ https://www.suse.com/security/cve/CVE-2021-21708.html CVE-2021-21708 https://bugzilla.suse.com/1196252 SUSE Bug 1196252 In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service. CVE-2022-31625 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php74-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bcmath-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bz2-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-calendar-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ctype-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-curl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dba-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dom-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-enchant-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-exif-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fastcgi-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fileinfo-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fpm-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ftp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gd-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gettext-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gmp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-iconv-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-intl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-json-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ldap-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mbstring-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mysql-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-odbc-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-opcache-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-openssl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pcntl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pdo-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pgsql-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-phar-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-posix-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-readline-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-shmop-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-snmp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-soap-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sockets-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sodium-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sqlite-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvmsg-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvsem-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvshm-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tidy-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tokenizer-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlreader-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlrpc-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlwriter-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xsl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zip-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zlib-7.4.33-1.47.2 SUSE Linux Enterprise Software Development Kit 12 SP5:php74-devel-7.4.33-1.47.2 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224068-1/ https://www.suse.com/security/cve/CVE-2022-31625.html CVE-2022-31625 https://bugzilla.suse.com/1200645 SUSE Bug 1200645 In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability. CVE-2022-31626 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php74-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bcmath-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bz2-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-calendar-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ctype-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-curl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dba-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dom-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-enchant-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-exif-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fastcgi-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fileinfo-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fpm-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ftp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gd-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gettext-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gmp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-iconv-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-intl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-json-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ldap-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mbstring-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mysql-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-odbc-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-opcache-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-openssl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pcntl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pdo-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pgsql-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-phar-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-posix-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-readline-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-shmop-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-snmp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-soap-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sockets-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sodium-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sqlite-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvmsg-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvsem-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvshm-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tidy-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tokenizer-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlreader-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlrpc-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlwriter-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xsl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zip-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zlib-7.4.33-1.47.2 SUSE Linux Enterprise Software Development Kit 12 SP5:php74-devel-7.4.33-1.47.2 important 6 AV:N/AC:M/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224068-1/ https://www.suse.com/security/cve/CVE-2022-31626.html CVE-2022-31626 https://bugzilla.suse.com/1200628 SUSE Bug 1200628 In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop. CVE-2022-31628 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php74-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bcmath-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bz2-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-calendar-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ctype-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-curl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dba-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dom-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-enchant-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-exif-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fastcgi-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fileinfo-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fpm-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ftp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gd-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gettext-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gmp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-iconv-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-intl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-json-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ldap-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mbstring-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mysql-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-odbc-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-opcache-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-openssl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pcntl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pdo-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pgsql-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-phar-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-posix-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-readline-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-shmop-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-snmp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-soap-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sockets-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sodium-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sqlite-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvmsg-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvsem-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvshm-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tidy-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tokenizer-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlreader-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlrpc-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlwriter-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xsl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zip-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zlib-7.4.33-1.47.2 SUSE Linux Enterprise Software Development Kit 12 SP5:php74-devel-7.4.33-1.47.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224068-1/ https://www.suse.com/security/cve/CVE-2022-31628.html CVE-2022-31628 https://bugzilla.suse.com/1203867 SUSE Bug 1203867 In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications. CVE-2022-31629 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php74-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bcmath-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bz2-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-calendar-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ctype-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-curl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dba-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dom-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-enchant-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-exif-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fastcgi-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fileinfo-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fpm-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ftp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gd-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gettext-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gmp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-iconv-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-intl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-json-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ldap-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mbstring-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mysql-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-odbc-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-opcache-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-openssl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pcntl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pdo-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pgsql-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-phar-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-posix-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-readline-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-shmop-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-snmp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-soap-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sockets-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sodium-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sqlite-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvmsg-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvsem-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvshm-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tidy-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tokenizer-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlreader-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlrpc-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlwriter-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xsl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zip-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zlib-7.4.33-1.47.2 SUSE Linux Enterprise Software Development Kit 12 SP5:php74-devel-7.4.33-1.47.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224068-1/ https://www.suse.com/security/cve/CVE-2022-31629.html CVE-2022-31629 https://bugzilla.suse.com/1203870 SUSE Bug 1203870 https://bugzilla.suse.com/1222857 SUSE Bug 1222857 In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. CVE-2022-31630 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php74-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bcmath-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bz2-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-calendar-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ctype-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-curl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dba-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dom-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-enchant-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-exif-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fastcgi-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fileinfo-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fpm-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ftp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gd-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gettext-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gmp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-iconv-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-intl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-json-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ldap-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mbstring-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mysql-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-odbc-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-opcache-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-openssl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pcntl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pdo-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pgsql-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-phar-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-posix-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-readline-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-shmop-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-snmp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-soap-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sockets-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sodium-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sqlite-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvmsg-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvsem-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvshm-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tidy-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tokenizer-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlreader-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlrpc-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlwriter-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xsl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zip-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zlib-7.4.33-1.47.2 SUSE Linux Enterprise Software Development Kit 12 SP5:php74-devel-7.4.33-1.47.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224068-1/ https://www.suse.com/security/cve/CVE-2022-31630.html CVE-2022-31630 https://bugzilla.suse.com/1204979 SUSE Bug 1204979 The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. CVE-2022-37454 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php74-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bcmath-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-bz2-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-calendar-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ctype-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-curl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dba-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-dom-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-enchant-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-exif-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fastcgi-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fileinfo-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-fpm-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ftp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gd-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gettext-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-gmp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-iconv-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-intl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-json-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-ldap-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mbstring-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-mysql-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-odbc-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-opcache-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-openssl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pcntl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pdo-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-pgsql-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-phar-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-posix-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-readline-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-shmop-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-snmp-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-soap-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sockets-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sodium-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sqlite-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvmsg-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvsem-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-sysvshm-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tidy-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-tokenizer-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlreader-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlrpc-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xmlwriter-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-xsl-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zip-7.4.33-1.47.2 SUSE Linux Enterprise Module for Web and Scripting 12:php74-zlib-7.4.33-1.47.2 SUSE Linux Enterprise Software Development Kit 12 SP5:php74-devel-7.4.33-1.47.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224068-1/ https://www.suse.com/security/cve/CVE-2022-37454.html CVE-2022-37454 https://bugzilla.suse.com/1204577 SUSE Bug 1204577 https://bugzilla.suse.com/1204966 SUSE Bug 1204966 https://bugzilla.suse.com/1205836 SUSE Bug 1205836