Security update for php7 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:1583-1 Final 1 1 2023-03-27T08:32:16Z current 2023-03-27T08:32:16Z 2023-03-27T08:32:16Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for php7 This update for php7 fixes the following issues: - CVE-2022-4900: Fixed potential buffer overflow via PHP_CLI_SERVER_WORKERS environment variable. (bsc#1209537) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2023-1583,openSUSE-SLE-15.4-2023-1583 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20231583-1/ Link for SUSE-SU-2023:1583-1 https://lists.suse.com/pipermail/sle-updates/2023-March/028378.html E-Mail link for SUSE-SU-2023:1583-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1208199 SUSE Bug 1208199 https://bugzilla.suse.com/1209537 SUSE Bug 1209537 https://www.suse.com/security/cve/CVE-2022-4900/ SUSE CVE CVE-2022-4900 page openSUSE Leap 15.4 apache2-mod_php7-7.4.33-150200.3.54.1 php7-7.4.33-150200.3.54.1 php7-bcmath-7.4.33-150200.3.54.1 php7-bz2-7.4.33-150200.3.54.1 php7-calendar-7.4.33-150200.3.54.1 php7-ctype-7.4.33-150200.3.54.1 php7-curl-7.4.33-150200.3.54.1 php7-dba-7.4.33-150200.3.54.1 php7-devel-7.4.33-150200.3.54.1 php7-dom-7.4.33-150200.3.54.1 php7-embed-7.4.33-150200.3.54.1 php7-enchant-7.4.33-150200.3.54.1 php7-exif-7.4.33-150200.3.54.1 php7-fastcgi-7.4.33-150200.3.54.1 php7-fileinfo-7.4.33-150200.3.54.1 php7-firebird-7.4.33-150200.3.54.1 php7-fpm-7.4.33-150200.3.54.1 php7-ftp-7.4.33-150200.3.54.1 php7-gd-7.4.33-150200.3.54.1 php7-gettext-7.4.33-150200.3.54.1 php7-gmp-7.4.33-150200.3.54.1 php7-iconv-7.4.33-150200.3.54.1 php7-intl-7.4.33-150200.3.54.1 php7-json-7.4.33-150200.3.54.1 php7-ldap-7.4.33-150200.3.54.1 php7-mbstring-7.4.33-150200.3.54.1 php7-mysql-7.4.33-150200.3.54.1 php7-odbc-7.4.33-150200.3.54.1 php7-opcache-7.4.33-150200.3.54.1 php7-openssl-7.4.33-150200.3.54.1 php7-pcntl-7.4.33-150200.3.54.1 php7-pdo-7.4.33-150200.3.54.1 php7-pgsql-7.4.33-150200.3.54.1 php7-phar-7.4.33-150200.3.54.1 php7-posix-7.4.33-150200.3.54.1 php7-readline-7.4.33-150200.3.54.1 php7-shmop-7.4.33-150200.3.54.1 php7-snmp-7.4.33-150200.3.54.1 php7-soap-7.4.33-150200.3.54.1 php7-sockets-7.4.33-150200.3.54.1 php7-sodium-7.4.33-150200.3.54.1 php7-sqlite-7.4.33-150200.3.54.1 php7-sysvmsg-7.4.33-150200.3.54.1 php7-sysvsem-7.4.33-150200.3.54.1 php7-sysvshm-7.4.33-150200.3.54.1 php7-test-7.4.33-150200.3.54.1 php7-tidy-7.4.33-150200.3.54.1 php7-tokenizer-7.4.33-150200.3.54.1 php7-xmlreader-7.4.33-150200.3.54.1 php7-xmlrpc-7.4.33-150200.3.54.1 php7-xmlwriter-7.4.33-150200.3.54.1 php7-xsl-7.4.33-150200.3.54.1 php7-zip-7.4.33-150200.3.54.1 php7-zlib-7.4.33-150200.3.54.1 php7-firebird-7.4.33-150200.3.54.1 as a component of openSUSE Leap 15.4 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-4900 openSUSE Leap 15.4:php7-firebird-7.4.33-150200.3.54.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20231583-1/ https://www.suse.com/security/cve/CVE-2022-4900.html CVE-2022-4900 https://bugzilla.suse.com/1209537 SUSE Bug 1209537