SUSE update for php74

Published: 2023-02-25 | Updated: 2023-02-28

Risk	Medium
Patch available	YES
Number of vulnerabilities	3
CVE-ID	CVE-2023-0567 CVE-2023-0568 CVE-2023-0662
CWE-ID	CWE-330 CWE-787 CWE-20
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	Web and Scripting Module Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 12 Operating systems & Components / Operating system SUSE Linux Enterprise Server 12 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 12 Operating systems & Components / Operating system SUSE Linux Enterprise Software Development Kit 12 Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications Operating systems & Components / Operating system SUSE Linux Enterprise Server Operating systems & Components / Operating system php74-devel Operating systems & Components / Operating system package or component php74-tokenizer-debuginfo Operating systems & Components / Operating system package or component php74-sockets Operating systems & Components / Operating system package or component php74-xmlrpc Operating systems & Components / Operating system package or component php74-sysvmsg-debuginfo Operating systems & Components / Operating system package or component php74-dba-debuginfo Operating systems & Components / Operating system package or component php74-sysvsem Operating systems & Components / Operating system package or component php74-mbstring-debuginfo Operating systems & Components / Operating system package or component php74-ldap Operating systems & Components / Operating system package or component php74-posix-debuginfo Operating systems & Components / Operating system package or component php74-shmop Operating systems & Components / Operating system package or component php74-exif Operating systems & Components / Operating system package or component php74-openssl-debuginfo Operating systems & Components / Operating system package or component php74-fileinfo Operating systems & Components / Operating system package or component php74-snmp-debuginfo Operating systems & Components / Operating system package or component php74-mbstring Operating systems & Components / Operating system package or component php74-fastcgi Operating systems & Components / Operating system package or component php74-iconv-debuginfo Operating systems & Components / Operating system package or component php74-fpm Operating systems & Components / Operating system package or component php74-bcmath-debuginfo Operating systems & Components / Operating system package or component php74-ldap-debuginfo Operating systems & Components / Operating system package or component php74-dom Operating systems & Components / Operating system package or component php74-sysvmsg Operating systems & Components / Operating system package or component php74-sysvshm Operating systems & Components / Operating system package or component php74-dba Operating systems & Components / Operating system package or component php74-sysvshm-debuginfo Operating systems & Components / Operating system package or component php74-readline-debuginfo Operating systems & Components / Operating system package or component php74-sysvsem-debuginfo Operating systems & Components / Operating system package or component php74-sodium-debuginfo Operating systems & Components / Operating system package or component php74-fileinfo-debuginfo Operating systems & Components / Operating system package or component php74-posix Operating systems & Components / Operating system package or component php74-gmp Operating systems & Components / Operating system package or component php74-gd-debuginfo Operating systems & Components / Operating system package or component php74-sockets-debuginfo Operating systems & Components / Operating system package or component php74-pcntl Operating systems & Components / Operating system package or component php74-phar-debuginfo Operating systems & Components / Operating system package or component php74-calendar Operating systems & Components / Operating system package or component php74-phar Operating systems & Components / Operating system package or component php74-ftp Operating systems & Components / Operating system package or component php74-bz2-debuginfo Operating systems & Components / Operating system package or component php74-json Operating systems & Components / Operating system package or component php74-soap Operating systems & Components / Operating system package or component php74-xsl-debuginfo Operating systems & Components / Operating system package or component php74-tidy Operating systems & Components / Operating system package or component apache2-mod_php74-debuginfo Operating systems & Components / Operating system package or component php74-ctype Operating systems & Components / Operating system package or component php74-curl-debuginfo Operating systems & Components / Operating system package or component php74-shmop-debuginfo Operating systems & Components / Operating system package or component php74-dom-debuginfo Operating systems & Components / Operating system package or component php74-pcntl-debuginfo Operating systems & Components / Operating system package or component php74-pgsql-debuginfo Operating systems & Components / Operating system package or component php74-tidy-debuginfo Operating systems & Components / Operating system package or component php74-fpm-debuginfo Operating systems & Components / Operating system package or component apache2-mod_php74 Operating systems & Components / Operating system package or component php74-zip-debuginfo Operating systems & Components / Operating system package or component php74-xmlrpc-debuginfo Operating systems & Components / Operating system package or component php74-xmlreader-debuginfo Operating systems & Components / Operating system package or component php74-iconv Operating systems & Components / Operating system package or component php74-gd Operating systems & Components / Operating system package or component php74-curl Operating systems & Components / Operating system package or component php74-xmlreader Operating systems & Components / Operating system package or component php74-ctype-debuginfo Operating systems & Components / Operating system package or component php74-soap-debuginfo Operating systems & Components / Operating system package or component php74-xsl Operating systems & Components / Operating system package or component php74-gettext Operating systems & Components / Operating system package or component php74-zip Operating systems & Components / Operating system package or component php74-pdo Operating systems & Components / Operating system package or component php74-enchant Operating systems & Components / Operating system package or component php74-calendar-debuginfo Operating systems & Components / Operating system package or component php74-debuginfo Operating systems & Components / Operating system package or component php74-opcache-debuginfo Operating systems & Components / Operating system package or component php74-json-debuginfo Operating systems & Components / Operating system package or component php74-zlib-debuginfo Operating systems & Components / Operating system package or component php74-ftp-debuginfo Operating systems & Components / Operating system package or component php74-exif-debuginfo Operating systems & Components / Operating system package or component php74-odbc Operating systems & Components / Operating system package or component php74-gmp-debuginfo Operating systems & Components / Operating system package or component php74-xmlwriter-debuginfo Operating systems & Components / Operating system package or component php74-debugsource Operating systems & Components / Operating system package or component php74-pgsql Operating systems & Components / Operating system package or component php74-odbc-debuginfo Operating systems & Components / Operating system package or component php74-pdo-debuginfo Operating systems & Components / Operating system package or component php74-sodium Operating systems & Components / Operating system package or component php74-intl Operating systems & Components / Operating system package or component php74-enchant-debuginfo Operating systems & Components / Operating system package or component php74-sqlite Operating systems & Components / Operating system package or component php74-sqlite-debuginfo Operating systems & Components / Operating system package or component php74-openssl Operating systems & Components / Operating system package or component php74-bcmath Operating systems & Components / Operating system package or component php74-zlib Operating systems & Components / Operating system package or component php74-gettext-debuginfo Operating systems & Components / Operating system package or component php74-xmlwriter Operating systems & Components / Operating system package or component php74-intl-debuginfo Operating systems & Components / Operating system package or component php74-mysql-debuginfo Operating systems & Components / Operating system package or component php74-snmp Operating systems & Components / Operating system package or component php74 Operating systems & Components / Operating system package or component php74-opcache Operating systems & Components / Operating system package or component php74-tokenizer Operating systems & Components / Operating system package or component php74-readline Operating systems & Components / Operating system package or component php74-bz2 Operating systems & Components / Operating system package or component php74-fastcgi-debuginfo Operating systems & Components / Operating system package or component php74-mysql Operating systems & Components / Operating system package or component
Vendor	SUSE

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Use of insufficiently random values

EUVDB-ID: #VU72166

Risk: Medium

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-0567

CWE-ID: CWE-330 - Use of Insufficiently Random Values

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication.

The vulnerability exists due to an error within the Password_verify() function, which always returns true with some hashes. A remote attacker can bypass authentication process and gain unauthorized access to the application.

Mitigation

Update the affected package php74 to the latest version.

Vulnerable software versions

Web and Scripting Module: 12

SUSE Linux Enterprise Server for SAP Applications 12: SP1 - SP5

SUSE Linux Enterprise Server 12: SP1 - SP5

SUSE Linux Enterprise High Performance Computing 12: SP2 - SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications: 12-SP4

SUSE Linux Enterprise Server: 12-SP2-LTSS-ERICSSON

php74-devel: before 7.4.33-1.53.1

php74-tokenizer-debuginfo: before 7.4.33-1.53.1

php74-sockets: before 7.4.33-1.53.1

php74-xmlrpc: before 7.4.33-1.53.1

php74-sysvmsg-debuginfo: before 7.4.33-1.53.1

php74-dba-debuginfo: before 7.4.33-1.53.1

php74-sysvsem: before 7.4.33-1.53.1

php74-mbstring-debuginfo: before 7.4.33-1.53.1

php74-ldap: before 7.4.33-1.53.1

php74-posix-debuginfo: before 7.4.33-1.53.1

php74-shmop: before 7.4.33-1.53.1

php74-exif: before 7.4.33-1.53.1

php74-openssl-debuginfo: before 7.4.33-1.53.1

php74-fileinfo: before 7.4.33-1.53.1

php74-snmp-debuginfo: before 7.4.33-1.53.1

php74-mbstring: before 7.4.33-1.53.1

php74-fastcgi: before 7.4.33-1.53.1

php74-iconv-debuginfo: before 7.4.33-1.53.1

php74-fpm: before 7.4.33-1.53.1

php74-bcmath-debuginfo: before 7.4.33-1.53.1

php74-ldap-debuginfo: before 7.4.33-1.53.1

php74-dom: before 7.4.33-1.53.1

php74-sysvmsg: before 7.4.33-1.53.1

php74-sysvshm: before 7.4.33-1.53.1

php74-dba: before 7.4.33-1.53.1

php74-sysvshm-debuginfo: before 7.4.33-1.53.1

php74-readline-debuginfo: before 7.4.33-1.53.1

php74-sysvsem-debuginfo: before 7.4.33-1.53.1

php74-sodium-debuginfo: before 7.4.33-1.53.1

php74-fileinfo-debuginfo: before 7.4.33-1.53.1

php74-posix: before 7.4.33-1.53.1

php74-gmp: before 7.4.33-1.53.1

php74-gd-debuginfo: before 7.4.33-1.53.1

php74-sockets-debuginfo: before 7.4.33-1.53.1

php74-pcntl: before 7.4.33-1.53.1

php74-phar-debuginfo: before 7.4.33-1.53.1

php74-calendar: before 7.4.33-1.53.1

php74-phar: before 7.4.33-1.53.1

php74-ftp: before 7.4.33-1.53.1

php74-bz2-debuginfo: before 7.4.33-1.53.1

php74-json: before 7.4.33-1.53.1

php74-soap: before 7.4.33-1.53.1

php74-xsl-debuginfo: before 7.4.33-1.53.1

php74-tidy: before 7.4.33-1.53.1

apache2-mod_php74-debuginfo: before 7.4.33-1.53.1

php74-ctype: before 7.4.33-1.53.1

php74-curl-debuginfo: before 7.4.33-1.53.1

php74-shmop-debuginfo: before 7.4.33-1.53.1

php74-dom-debuginfo: before 7.4.33-1.53.1

php74-pcntl-debuginfo: before 7.4.33-1.53.1

php74-pgsql-debuginfo: before 7.4.33-1.53.1

php74-tidy-debuginfo: before 7.4.33-1.53.1

php74-fpm-debuginfo: before 7.4.33-1.53.1

apache2-mod_php74: before 7.4.33-1.53.1

php74-zip-debuginfo: before 7.4.33-1.53.1

php74-xmlrpc-debuginfo: before 7.4.33-1.53.1

php74-xmlreader-debuginfo: before 7.4.33-1.53.1

php74-iconv: before 7.4.33-1.53.1

php74-gd: before 7.4.33-1.53.1

php74-curl: before 7.4.33-1.53.1

php74-xmlreader: before 7.4.33-1.53.1

php74-ctype-debuginfo: before 7.4.33-1.53.1

php74-soap-debuginfo: before 7.4.33-1.53.1

php74-xsl: before 7.4.33-1.53.1

php74-gettext: before 7.4.33-1.53.1

php74-zip: before 7.4.33-1.53.1

php74-pdo: before 7.4.33-1.53.1

php74-enchant: before 7.4.33-1.53.1

php74-calendar-debuginfo: before 7.4.33-1.53.1

php74-debuginfo: before 7.4.33-1.53.1

php74-opcache-debuginfo: before 7.4.33-1.53.1

php74-json-debuginfo: before 7.4.33-1.53.1

php74-zlib-debuginfo: before 7.4.33-1.53.1

php74-ftp-debuginfo: before 7.4.33-1.53.1

php74-exif-debuginfo: before 7.4.33-1.53.1

php74-odbc: before 7.4.33-1.53.1

php74-gmp-debuginfo: before 7.4.33-1.53.1

php74-xmlwriter-debuginfo: before 7.4.33-1.53.1

php74-debugsource: before 7.4.33-1.53.1

php74-pgsql: before 7.4.33-1.53.1

php74-odbc-debuginfo: before 7.4.33-1.53.1

php74-pdo-debuginfo: before 7.4.33-1.53.1

php74-sodium: before 7.4.33-1.53.1

php74-intl: before 7.4.33-1.53.1

php74-enchant-debuginfo: before 7.4.33-1.53.1

php74-sqlite: before 7.4.33-1.53.1

php74-sqlite-debuginfo: before 7.4.33-1.53.1

php74-openssl: before 7.4.33-1.53.1

php74-bcmath: before 7.4.33-1.53.1

php74-zlib: before 7.4.33-1.53.1

php74-gettext-debuginfo: before 7.4.33-1.53.1

php74-xmlwriter: before 7.4.33-1.53.1

php74-intl-debuginfo: before 7.4.33-1.53.1

php74-mysql-debuginfo: before 7.4.33-1.53.1

php74-snmp: before 7.4.33-1.53.1

php74: before 7.4.33-1.53.1

php74-opcache: before 7.4.33-1.53.1

php74-tokenizer: before 7.4.33-1.53.1

php74-readline: before 7.4.33-1.53.1

php74-bz2: before 7.4.33-1.53.1

php74-fastcgi-debuginfo: before 7.4.33-1.53.1

php74-mysql: before 7.4.33-1.53.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2023/suse-su-20230515-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds write

EUVDB-ID: #VU72167

Risk: Medium

CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-0568

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in fopen_wrappers.c. A remote attacker can pass a specially crafted filename to the affected application, trigger a one-byte buffer overflow and crash the application or potentially execute arbitrary code.

Mitigation

Update the affected package php74 to the latest version.

Vulnerable software versions

Web and Scripting Module: 12

SUSE Linux Enterprise Server for SAP Applications 12: SP1 - SP5

SUSE Linux Enterprise Server 12: SP1 - SP5

SUSE Linux Enterprise High Performance Computing 12: SP2 - SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications: 12-SP4

SUSE Linux Enterprise Server: 12-SP2-LTSS-ERICSSON

php74-devel: before 7.4.33-1.53.1

php74-tokenizer-debuginfo: before 7.4.33-1.53.1

php74-sockets: before 7.4.33-1.53.1

php74-xmlrpc: before 7.4.33-1.53.1

php74-sysvmsg-debuginfo: before 7.4.33-1.53.1

php74-dba-debuginfo: before 7.4.33-1.53.1

php74-sysvsem: before 7.4.33-1.53.1

php74-mbstring-debuginfo: before 7.4.33-1.53.1

php74-ldap: before 7.4.33-1.53.1

php74-posix-debuginfo: before 7.4.33-1.53.1

php74-shmop: before 7.4.33-1.53.1

php74-exif: before 7.4.33-1.53.1

php74-openssl-debuginfo: before 7.4.33-1.53.1

php74-fileinfo: before 7.4.33-1.53.1

php74-snmp-debuginfo: before 7.4.33-1.53.1

php74-mbstring: before 7.4.33-1.53.1

php74-fastcgi: before 7.4.33-1.53.1

php74-iconv-debuginfo: before 7.4.33-1.53.1

php74-fpm: before 7.4.33-1.53.1

php74-bcmath-debuginfo: before 7.4.33-1.53.1

php74-ldap-debuginfo: before 7.4.33-1.53.1

php74-dom: before 7.4.33-1.53.1

php74-sysvmsg: before 7.4.33-1.53.1

php74-sysvshm: before 7.4.33-1.53.1

php74-dba: before 7.4.33-1.53.1

php74-sysvshm-debuginfo: before 7.4.33-1.53.1

php74-readline-debuginfo: before 7.4.33-1.53.1

php74-sysvsem-debuginfo: before 7.4.33-1.53.1

php74-sodium-debuginfo: before 7.4.33-1.53.1

php74-fileinfo-debuginfo: before 7.4.33-1.53.1

php74-posix: before 7.4.33-1.53.1

php74-gmp: before 7.4.33-1.53.1

php74-gd-debuginfo: before 7.4.33-1.53.1

php74-sockets-debuginfo: before 7.4.33-1.53.1

php74-pcntl: before 7.4.33-1.53.1

php74-phar-debuginfo: before 7.4.33-1.53.1

php74-calendar: before 7.4.33-1.53.1

php74-phar: before 7.4.33-1.53.1

php74-ftp: before 7.4.33-1.53.1

php74-bz2-debuginfo: before 7.4.33-1.53.1

php74-json: before 7.4.33-1.53.1

php74-soap: before 7.4.33-1.53.1

php74-xsl-debuginfo: before 7.4.33-1.53.1

php74-tidy: before 7.4.33-1.53.1

apache2-mod_php74-debuginfo: before 7.4.33-1.53.1

php74-ctype: before 7.4.33-1.53.1

php74-curl-debuginfo: before 7.4.33-1.53.1

php74-shmop-debuginfo: before 7.4.33-1.53.1

php74-dom-debuginfo: before 7.4.33-1.53.1

php74-pcntl-debuginfo: before 7.4.33-1.53.1

php74-pgsql-debuginfo: before 7.4.33-1.53.1

php74-tidy-debuginfo: before 7.4.33-1.53.1

php74-fpm-debuginfo: before 7.4.33-1.53.1

apache2-mod_php74: before 7.4.33-1.53.1

php74-zip-debuginfo: before 7.4.33-1.53.1

php74-xmlrpc-debuginfo: before 7.4.33-1.53.1

php74-xmlreader-debuginfo: before 7.4.33-1.53.1

php74-iconv: before 7.4.33-1.53.1

php74-gd: before 7.4.33-1.53.1

php74-curl: before 7.4.33-1.53.1

php74-xmlreader: before 7.4.33-1.53.1

php74-ctype-debuginfo: before 7.4.33-1.53.1

php74-soap-debuginfo: before 7.4.33-1.53.1

php74-xsl: before 7.4.33-1.53.1

php74-gettext: before 7.4.33-1.53.1

php74-zip: before 7.4.33-1.53.1

php74-pdo: before 7.4.33-1.53.1

php74-enchant: before 7.4.33-1.53.1

php74-calendar-debuginfo: before 7.4.33-1.53.1

php74-debuginfo: before 7.4.33-1.53.1

php74-opcache-debuginfo: before 7.4.33-1.53.1

php74-json-debuginfo: before 7.4.33-1.53.1

php74-zlib-debuginfo: before 7.4.33-1.53.1

php74-ftp-debuginfo: before 7.4.33-1.53.1

php74-exif-debuginfo: before 7.4.33-1.53.1

php74-odbc: before 7.4.33-1.53.1

php74-gmp-debuginfo: before 7.4.33-1.53.1

php74-xmlwriter-debuginfo: before 7.4.33-1.53.1

php74-debugsource: before 7.4.33-1.53.1

php74-pgsql: before 7.4.33-1.53.1

php74-odbc-debuginfo: before 7.4.33-1.53.1

php74-pdo-debuginfo: before 7.4.33-1.53.1

php74-sodium: before 7.4.33-1.53.1

php74-intl: before 7.4.33-1.53.1

php74-enchant-debuginfo: before 7.4.33-1.53.1

php74-sqlite: before 7.4.33-1.53.1

php74-sqlite-debuginfo: before 7.4.33-1.53.1

php74-openssl: before 7.4.33-1.53.1

php74-bcmath: before 7.4.33-1.53.1

php74-zlib: before 7.4.33-1.53.1

php74-gettext-debuginfo: before 7.4.33-1.53.1

php74-xmlwriter: before 7.4.33-1.53.1

php74-intl-debuginfo: before 7.4.33-1.53.1

php74-mysql-debuginfo: before 7.4.33-1.53.1

php74-snmp: before 7.4.33-1.53.1

php74: before 7.4.33-1.53.1

php74-opcache: before 7.4.33-1.53.1

php74-tokenizer: before 7.4.33-1.53.1

php74-readline: before 7.4.33-1.53.1

php74-bz2: before 7.4.33-1.53.1

php74-fastcgi-debuginfo: before 7.4.33-1.53.1

php74-mysql: before 7.4.33-1.53.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2023/suse-su-20230515-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU72165

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-0662

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when parsing multipart request body. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Update the affected package php74 to the latest version.

Vulnerable software versions

Web and Scripting Module: 12

SUSE Linux Enterprise Server for SAP Applications 12: SP1 - SP5

SUSE Linux Enterprise Server 12: SP1 - SP5

SUSE Linux Enterprise High Performance Computing 12: SP2 - SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications: 12-SP4

SUSE Linux Enterprise Server: 12-SP2-LTSS-ERICSSON

php74-devel: before 7.4.33-1.53.1

php74-tokenizer-debuginfo: before 7.4.33-1.53.1

php74-sockets: before 7.4.33-1.53.1

php74-xmlrpc: before 7.4.33-1.53.1

php74-sysvmsg-debuginfo: before 7.4.33-1.53.1

php74-dba-debuginfo: before 7.4.33-1.53.1

php74-sysvsem: before 7.4.33-1.53.1

php74-mbstring-debuginfo: before 7.4.33-1.53.1

php74-ldap: before 7.4.33-1.53.1

php74-posix-debuginfo: before 7.4.33-1.53.1

php74-shmop: before 7.4.33-1.53.1

php74-exif: before 7.4.33-1.53.1

php74-openssl-debuginfo: before 7.4.33-1.53.1

php74-fileinfo: before 7.4.33-1.53.1

php74-snmp-debuginfo: before 7.4.33-1.53.1

php74-mbstring: before 7.4.33-1.53.1

php74-fastcgi: before 7.4.33-1.53.1

php74-iconv-debuginfo: before 7.4.33-1.53.1

php74-fpm: before 7.4.33-1.53.1

php74-bcmath-debuginfo: before 7.4.33-1.53.1

php74-ldap-debuginfo: before 7.4.33-1.53.1

php74-dom: before 7.4.33-1.53.1

php74-sysvmsg: before 7.4.33-1.53.1

php74-sysvshm: before 7.4.33-1.53.1

php74-dba: before 7.4.33-1.53.1

php74-sysvshm-debuginfo: before 7.4.33-1.53.1

php74-readline-debuginfo: before 7.4.33-1.53.1

php74-sysvsem-debuginfo: before 7.4.33-1.53.1

php74-sodium-debuginfo: before 7.4.33-1.53.1

php74-fileinfo-debuginfo: before 7.4.33-1.53.1

php74-posix: before 7.4.33-1.53.1

php74-gmp: before 7.4.33-1.53.1

php74-gd-debuginfo: before 7.4.33-1.53.1

php74-sockets-debuginfo: before 7.4.33-1.53.1

php74-pcntl: before 7.4.33-1.53.1

php74-phar-debuginfo: before 7.4.33-1.53.1

php74-calendar: before 7.4.33-1.53.1

php74-phar: before 7.4.33-1.53.1

php74-ftp: before 7.4.33-1.53.1

php74-bz2-debuginfo: before 7.4.33-1.53.1

php74-json: before 7.4.33-1.53.1

php74-soap: before 7.4.33-1.53.1

php74-xsl-debuginfo: before 7.4.33-1.53.1

php74-tidy: before 7.4.33-1.53.1

apache2-mod_php74-debuginfo: before 7.4.33-1.53.1

php74-ctype: before 7.4.33-1.53.1

php74-curl-debuginfo: before 7.4.33-1.53.1

php74-shmop-debuginfo: before 7.4.33-1.53.1

php74-dom-debuginfo: before 7.4.33-1.53.1

php74-pcntl-debuginfo: before 7.4.33-1.53.1

php74-pgsql-debuginfo: before 7.4.33-1.53.1

php74-tidy-debuginfo: before 7.4.33-1.53.1

php74-fpm-debuginfo: before 7.4.33-1.53.1

apache2-mod_php74: before 7.4.33-1.53.1

php74-zip-debuginfo: before 7.4.33-1.53.1

php74-xmlrpc-debuginfo: before 7.4.33-1.53.1

php74-xmlreader-debuginfo: before 7.4.33-1.53.1

php74-iconv: before 7.4.33-1.53.1

php74-gd: before 7.4.33-1.53.1

php74-curl: before 7.4.33-1.53.1

php74-xmlreader: before 7.4.33-1.53.1

php74-ctype-debuginfo: before 7.4.33-1.53.1

php74-soap-debuginfo: before 7.4.33-1.53.1

php74-xsl: before 7.4.33-1.53.1

php74-gettext: before 7.4.33-1.53.1

php74-zip: before 7.4.33-1.53.1

php74-pdo: before 7.4.33-1.53.1

php74-enchant: before 7.4.33-1.53.1

php74-calendar-debuginfo: before 7.4.33-1.53.1

php74-debuginfo: before 7.4.33-1.53.1

php74-opcache-debuginfo: before 7.4.33-1.53.1

php74-json-debuginfo: before 7.4.33-1.53.1

php74-zlib-debuginfo: before 7.4.33-1.53.1

php74-ftp-debuginfo: before 7.4.33-1.53.1

php74-exif-debuginfo: before 7.4.33-1.53.1

php74-odbc: before 7.4.33-1.53.1

php74-gmp-debuginfo: before 7.4.33-1.53.1

php74-xmlwriter-debuginfo: before 7.4.33-1.53.1

php74-debugsource: before 7.4.33-1.53.1

php74-pgsql: before 7.4.33-1.53.1

php74-odbc-debuginfo: before 7.4.33-1.53.1

php74-pdo-debuginfo: before 7.4.33-1.53.1

php74-sodium: before 7.4.33-1.53.1

php74-intl: before 7.4.33-1.53.1

php74-enchant-debuginfo: before 7.4.33-1.53.1

php74-sqlite: before 7.4.33-1.53.1

php74-sqlite-debuginfo: before 7.4.33-1.53.1

php74-openssl: before 7.4.33-1.53.1

php74-bcmath: before 7.4.33-1.53.1

php74-zlib: before 7.4.33-1.53.1

php74-gettext-debuginfo: before 7.4.33-1.53.1

php74-xmlwriter: before 7.4.33-1.53.1

php74-intl-debuginfo: before 7.4.33-1.53.1

php74-mysql-debuginfo: before 7.4.33-1.53.1

php74-snmp: before 7.4.33-1.53.1

php74: before 7.4.33-1.53.1

php74-opcache: before 7.4.33-1.53.1

php74-tokenizer: before 7.4.33-1.53.1

php74-readline: before 7.4.33-1.53.1

php74-bz2: before 7.4.33-1.53.1

php74-fastcgi-debuginfo: before 7.4.33-1.53.1

php74-mysql: before 7.4.33-1.53.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2023/suse-su-20230515-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.