SUSE update for php7

1) XML External Entity injection

EUVDB-ID: #VU78977

Risk: High

CVSSv4.0: 8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-3823

CWE-ID: CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied XML input. A remote attacker can pass a specially crafted XML code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.

Successful exploitation of the vulnerability may allow an attacker to view contents of arbitrary file on the server or perform network scanning of internal and external infrastructure.

Mitigation

Update the affected package php7 to the latest version.

Vulnerable software versions

Web and Scripting Module: 15-SP4 - 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP4 - SP5

SUSE Linux Enterprise Server 15: SP4 - SP5

SUSE Linux Enterprise High Performance Computing 15: SP4 - SP5

openSUSE Leap: 15.4 - 15.5

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

php8-embed-debuginfo: before 8.0.30-150400.4.37.1

php8-pdo-debuginfo: before 8.0.30-150400.4.37.1

php8-ctype: before 8.0.30-150400.4.37.1

php8-pgsql-debuginfo: before 8.0.30-150400.4.37.1

php8-shmop: before 8.0.30-150400.4.37.1

php8-phar: before 8.0.30-150400.4.37.1

php8-pgsql: before 8.0.30-150400.4.37.1

php8-posix: before 8.0.30-150400.4.37.1

php8-dba-debuginfo: before 8.0.30-150400.4.37.1

php8-sqlite: before 8.0.30-150400.4.37.1

php8-snmp: before 8.0.30-150400.4.37.1

php8-soap-debuginfo: before 8.0.30-150400.4.37.1

php8-calendar-debuginfo: before 8.0.30-150400.4.37.1

php8-enchant: before 8.0.30-150400.4.37.1

php8-enchant-debuginfo: before 8.0.30-150400.4.37.1

php8-mysql-debuginfo: before 8.0.30-150400.4.37.1

php8-posix-debuginfo: before 8.0.30-150400.4.37.1

php8-mysql: before 8.0.30-150400.4.37.1

apache2-mod_php8-debuginfo: before 8.0.30-150400.4.37.1

php8-gettext: before 8.0.30-150400.4.37.1

php8-opcache-debuginfo: before 8.0.30-150400.4.37.1

php8-zlib-debuginfo: before 8.0.30-150400.4.37.1

php8-ldap: before 8.0.30-150400.4.37.1

php8-fastcgi: before 8.0.30-150400.4.37.1

apache2-mod_php8: before 8.0.30-150400.4.37.1

php8-sockets-debuginfo: before 8.0.30-150400.4.37.1

php8-fastcgi-debuginfo: before 8.0.30-150400.4.37.1

php8-embed-debugsource: before 8.0.30-150400.4.37.1

php8-bz2-debuginfo: before 8.0.30-150400.4.37.1

php8-fileinfo: before 8.0.30-150400.4.37.1

php8-sysvshm: before 8.0.30-150400.4.37.1

php8-xmlwriter: before 8.0.30-150400.4.37.1

php8-fpm-debuginfo: before 8.0.30-150400.4.37.1

php8-test: before 8.0.30-150400.4.37.1

php8-sysvmsg-debuginfo: before 8.0.30-150400.4.37.1

php8-cli-debuginfo: before 8.0.30-150400.4.37.1

apache2-mod_php8-debugsource: before 8.0.30-150400.4.37.1

php8-tidy: before 8.0.30-150400.4.37.1

php8-sodium-debuginfo: before 8.0.30-150400.4.37.1

php8-readline: before 8.0.30-150400.4.37.1

php8-xmlreader-debuginfo: before 8.0.30-150400.4.37.1

php8-readline-debuginfo: before 8.0.30-150400.4.37.1

php8-mbstring: before 8.0.30-150400.4.37.1

php8-fpm: before 8.0.30-150400.4.37.1

php8-openssl: before 8.0.30-150400.4.37.1

php8-sysvmsg: before 8.0.30-150400.4.37.1

php8-ctype-debuginfo: before 8.0.30-150400.4.37.1

php8-fileinfo-debuginfo: before 8.0.30-150400.4.37.1

php8-ftp: before 8.0.30-150400.4.37.1

php8-sqlite-debuginfo: before 8.0.30-150400.4.37.1

php8-opcache: before 8.0.30-150400.4.37.1

php8-sysvshm-debuginfo: before 8.0.30-150400.4.37.1

php8-phar-debuginfo: before 8.0.30-150400.4.37.1

php8-devel: before 8.0.30-150400.4.37.1

php8-fastcgi-debugsource: before 8.0.30-150400.4.37.1

php8-cli: before 8.0.30-150400.4.37.1

php8-pcntl-debuginfo: before 8.0.30-150400.4.37.1

php8-mbstring-debuginfo: before 8.0.30-150400.4.37.1

php8-soap: before 8.0.30-150400.4.37.1

php8-zlib: before 8.0.30-150400.4.37.1

php8-curl: before 8.0.30-150400.4.37.1

php8-dba: before 8.0.30-150400.4.37.1

php8-odbc-debuginfo: before 8.0.30-150400.4.37.1

php8-xsl-debuginfo: before 8.0.30-150400.4.37.1

php8-odbc: before 8.0.30-150400.4.37.1

php8-pcntl: before 8.0.30-150400.4.37.1

php8-gettext-debuginfo: before 8.0.30-150400.4.37.1

php8-debugsource: before 8.0.30-150400.4.37.1

php8-intl-debuginfo: before 8.0.30-150400.4.37.1

php8-zip-debuginfo: before 8.0.30-150400.4.37.1

php8-fpm-debugsource: before 8.0.30-150400.4.37.1

php8-embed: before 8.0.30-150400.4.37.1

php8-pdo: before 8.0.30-150400.4.37.1

php8-sodium: before 8.0.30-150400.4.37.1

php8-snmp-debuginfo: before 8.0.30-150400.4.37.1

php8-dom-debuginfo: before 8.0.30-150400.4.37.1

php8-curl-debuginfo: before 8.0.30-150400.4.37.1

php8-xmlwriter-debuginfo: before 8.0.30-150400.4.37.1

php8-sysvsem-debuginfo: before 8.0.30-150400.4.37.1

php8-tidy-debuginfo: before 8.0.30-150400.4.37.1

php8-exif-debuginfo: before 8.0.30-150400.4.37.1

php8-openssl-debuginfo: before 8.0.30-150400.4.37.1

php8-exif: before 8.0.30-150400.4.37.1

php8-sysvsem: before 8.0.30-150400.4.37.1

php8-zip: before 8.0.30-150400.4.37.1

php8-gd-debuginfo: before 8.0.30-150400.4.37.1

php8-dom: before 8.0.30-150400.4.37.1

php8-intl: before 8.0.30-150400.4.37.1

php8-gd: before 8.0.30-150400.4.37.1

php8-debuginfo: before 8.0.30-150400.4.37.1

php8-tokenizer-debuginfo: before 8.0.30-150400.4.37.1

php8-gmp: before 8.0.30-150400.4.37.1

php8-bz2: before 8.0.30-150400.4.37.1

php8-tokenizer: before 8.0.30-150400.4.37.1

php8-shmop-debuginfo: before 8.0.30-150400.4.37.1

php8-calendar: before 8.0.30-150400.4.37.1

php8-bcmath: before 8.0.30-150400.4.37.1

php8-iconv-debuginfo: before 8.0.30-150400.4.37.1

php8-sockets: before 8.0.30-150400.4.37.1

php8-xmlreader: before 8.0.30-150400.4.37.1

php8: before 8.0.30-150400.4.37.1

php8-gmp-debuginfo: before 8.0.30-150400.4.37.1

php8-iconv: before 8.0.30-150400.4.37.1

php8-bcmath-debuginfo: before 8.0.30-150400.4.37.1

php8-ldap-debuginfo: before 8.0.30-150400.4.37.1

php8-ftp-debuginfo: before 8.0.30-150400.4.37.1

php8-xsl: before 8.0.30-150400.4.37.1

CPE2.3

• cpe:2.3:o:suse:web_and_scripting_module:15-SP4:*:*:*:*:*:*:*
• cpe:2.3:o:suse:web_and_scripting_module:15-SP5:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP4:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP4:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP4:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:*
• cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
• cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
• cpe:2.3:a:suse:php8-embed-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-pdo-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-ctype:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-pgsql-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-shmop:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-phar:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-pgsql:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-posix:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-dba-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-sqlite:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-snmp:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-soap-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-calendar-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-enchant:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-enchant-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-mysql-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-posix-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-mysql:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:apache2-mod_php8-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-gettext:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-opcache-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-zlib-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-ldap:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-fastcgi:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:apache2-mod_php8:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-sockets-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-fastcgi-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-embed-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-bz2-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-fileinfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-sysvshm:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-xmlwriter:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-fpm-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-test:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-sysvmsg-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-cli-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:apache2-mod_php8-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-tidy:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-sodium-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-readline:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-xmlreader-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-readline-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-mbstring:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-fpm:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-openssl:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-sysvmsg:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-ctype-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-fileinfo-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-ftp:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-sqlite-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-opcache:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-sysvshm-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-phar-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-devel:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-fastcgi-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-cli:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-pcntl-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-mbstring-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-soap:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-zlib:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-curl:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-dba:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-odbc-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-xsl-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-odbc:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-pcntl:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-gettext-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-intl-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-zip-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-fpm-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-embed:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-pdo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-sodium:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-snmp-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-dom-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-curl-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-xmlwriter-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-sysvsem-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-tidy-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-exif-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-openssl-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-exif:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-sysvsem:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-zip:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-gd-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-dom:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-intl:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-gd:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-tokenizer-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-gmp:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-bz2:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-tokenizer:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-shmop-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-calendar:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-bcmath:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-iconv-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-sockets:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-xmlreader:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-gmp-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-iconv:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-bcmath-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-ldap-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-ftp-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-xsl:*:*:*:*:*:suse_linux:*:*

External links

https://www.suse.com/support/update/announcement/2023/suse-su-20233528-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Buffer overflow

EUVDB-ID: #VU78978

Risk: Critical

CVSSv4.0: 9.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: CVE-2023-3824

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the phar_dir_read() function. A remote attacker can force the application to open a specially crafted .phar archive,  trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Update the affected package php7 to the latest version.

Vulnerable software versions

Web and Scripting Module: 15-SP4 - 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP4 - SP5

SUSE Linux Enterprise Server 15: SP4 - SP5

SUSE Linux Enterprise High Performance Computing 15: SP4 - SP5

openSUSE Leap: 15.4 - 15.5

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

php8-embed-debuginfo: before 8.0.30-150400.4.37.1

php8-pdo-debuginfo: before 8.0.30-150400.4.37.1

php8-ctype: before 8.0.30-150400.4.37.1

php8-pgsql-debuginfo: before 8.0.30-150400.4.37.1

php8-shmop: before 8.0.30-150400.4.37.1

php8-phar: before 8.0.30-150400.4.37.1

php8-pgsql: before 8.0.30-150400.4.37.1

php8-posix: before 8.0.30-150400.4.37.1

php8-dba-debuginfo: before 8.0.30-150400.4.37.1

php8-sqlite: before 8.0.30-150400.4.37.1

php8-snmp: before 8.0.30-150400.4.37.1

php8-soap-debuginfo: before 8.0.30-150400.4.37.1

php8-calendar-debuginfo: before 8.0.30-150400.4.37.1

php8-enchant: before 8.0.30-150400.4.37.1

php8-enchant-debuginfo: before 8.0.30-150400.4.37.1

php8-mysql-debuginfo: before 8.0.30-150400.4.37.1

php8-posix-debuginfo: before 8.0.30-150400.4.37.1

php8-mysql: before 8.0.30-150400.4.37.1

apache2-mod_php8-debuginfo: before 8.0.30-150400.4.37.1

php8-gettext: before 8.0.30-150400.4.37.1

php8-opcache-debuginfo: before 8.0.30-150400.4.37.1

php8-zlib-debuginfo: before 8.0.30-150400.4.37.1

php8-ldap: before 8.0.30-150400.4.37.1

php8-fastcgi: before 8.0.30-150400.4.37.1

apache2-mod_php8: before 8.0.30-150400.4.37.1

php8-sockets-debuginfo: before 8.0.30-150400.4.37.1

php8-fastcgi-debuginfo: before 8.0.30-150400.4.37.1

php8-embed-debugsource: before 8.0.30-150400.4.37.1

php8-bz2-debuginfo: before 8.0.30-150400.4.37.1

php8-fileinfo: before 8.0.30-150400.4.37.1

php8-sysvshm: before 8.0.30-150400.4.37.1

php8-xmlwriter: before 8.0.30-150400.4.37.1

php8-fpm-debuginfo: before 8.0.30-150400.4.37.1

php8-test: before 8.0.30-150400.4.37.1

php8-sysvmsg-debuginfo: before 8.0.30-150400.4.37.1

php8-cli-debuginfo: before 8.0.30-150400.4.37.1

apache2-mod_php8-debugsource: before 8.0.30-150400.4.37.1

php8-tidy: before 8.0.30-150400.4.37.1

php8-sodium-debuginfo: before 8.0.30-150400.4.37.1

php8-readline: before 8.0.30-150400.4.37.1

php8-xmlreader-debuginfo: before 8.0.30-150400.4.37.1

php8-readline-debuginfo: before 8.0.30-150400.4.37.1

php8-mbstring: before 8.0.30-150400.4.37.1

php8-fpm: before 8.0.30-150400.4.37.1

php8-openssl: before 8.0.30-150400.4.37.1

php8-sysvmsg: before 8.0.30-150400.4.37.1

php8-ctype-debuginfo: before 8.0.30-150400.4.37.1

php8-fileinfo-debuginfo: before 8.0.30-150400.4.37.1

php8-ftp: before 8.0.30-150400.4.37.1

php8-sqlite-debuginfo: before 8.0.30-150400.4.37.1

php8-opcache: before 8.0.30-150400.4.37.1

php8-sysvshm-debuginfo: before 8.0.30-150400.4.37.1

php8-phar-debuginfo: before 8.0.30-150400.4.37.1

php8-devel: before 8.0.30-150400.4.37.1

php8-fastcgi-debugsource: before 8.0.30-150400.4.37.1

php8-cli: before 8.0.30-150400.4.37.1

php8-pcntl-debuginfo: before 8.0.30-150400.4.37.1

php8-mbstring-debuginfo: before 8.0.30-150400.4.37.1

php8-soap: before 8.0.30-150400.4.37.1

php8-zlib: before 8.0.30-150400.4.37.1

php8-curl: before 8.0.30-150400.4.37.1

php8-dba: before 8.0.30-150400.4.37.1

php8-odbc-debuginfo: before 8.0.30-150400.4.37.1

php8-xsl-debuginfo: before 8.0.30-150400.4.37.1

php8-odbc: before 8.0.30-150400.4.37.1

php8-pcntl: before 8.0.30-150400.4.37.1

php8-gettext-debuginfo: before 8.0.30-150400.4.37.1

php8-debugsource: before 8.0.30-150400.4.37.1

php8-intl-debuginfo: before 8.0.30-150400.4.37.1

php8-zip-debuginfo: before 8.0.30-150400.4.37.1

php8-fpm-debugsource: before 8.0.30-150400.4.37.1

php8-embed: before 8.0.30-150400.4.37.1

php8-pdo: before 8.0.30-150400.4.37.1

php8-sodium: before 8.0.30-150400.4.37.1

php8-snmp-debuginfo: before 8.0.30-150400.4.37.1

php8-dom-debuginfo: before 8.0.30-150400.4.37.1

php8-curl-debuginfo: before 8.0.30-150400.4.37.1

php8-xmlwriter-debuginfo: before 8.0.30-150400.4.37.1

php8-sysvsem-debuginfo: before 8.0.30-150400.4.37.1

php8-tidy-debuginfo: before 8.0.30-150400.4.37.1

php8-exif-debuginfo: before 8.0.30-150400.4.37.1

php8-openssl-debuginfo: before 8.0.30-150400.4.37.1

php8-exif: before 8.0.30-150400.4.37.1

php8-sysvsem: before 8.0.30-150400.4.37.1

php8-zip: before 8.0.30-150400.4.37.1

php8-gd-debuginfo: before 8.0.30-150400.4.37.1

php8-dom: before 8.0.30-150400.4.37.1

php8-intl: before 8.0.30-150400.4.37.1

php8-gd: before 8.0.30-150400.4.37.1

php8-debuginfo: before 8.0.30-150400.4.37.1

php8-tokenizer-debuginfo: before 8.0.30-150400.4.37.1

php8-gmp: before 8.0.30-150400.4.37.1

php8-bz2: before 8.0.30-150400.4.37.1

php8-tokenizer: before 8.0.30-150400.4.37.1

php8-shmop-debuginfo: before 8.0.30-150400.4.37.1

php8-calendar: before 8.0.30-150400.4.37.1

php8-bcmath: before 8.0.30-150400.4.37.1

php8-iconv-debuginfo: before 8.0.30-150400.4.37.1

php8-sockets: before 8.0.30-150400.4.37.1

php8-xmlreader: before 8.0.30-150400.4.37.1

php8: before 8.0.30-150400.4.37.1

php8-gmp-debuginfo: before 8.0.30-150400.4.37.1

php8-iconv: before 8.0.30-150400.4.37.1

php8-bcmath-debuginfo: before 8.0.30-150400.4.37.1

php8-ldap-debuginfo: before 8.0.30-150400.4.37.1

php8-ftp-debuginfo: before 8.0.30-150400.4.37.1

php8-xsl: before 8.0.30-150400.4.37.1

CPE2.3

• cpe:2.3:o:suse:web_and_scripting_module:15-SP4:*:*:*:*:*:*:*
• cpe:2.3:o:suse:web_and_scripting_module:15-SP5:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP4:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP4:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP4:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:*
• cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
• cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
• cpe:2.3:a:suse:php8-embed-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-pdo-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-ctype:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-pgsql-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-shmop:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-phar:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-pgsql:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-posix:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-dba-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-sqlite:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-snmp:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-soap-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-calendar-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-enchant:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-enchant-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-mysql-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-posix-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-mysql:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:apache2-mod_php8-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-gettext:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-opcache-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-zlib-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-ldap:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-fastcgi:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:apache2-mod_php8:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-sockets-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-fastcgi-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-embed-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-bz2-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-fileinfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-sysvshm:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-xmlwriter:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-fpm-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-test:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-sysvmsg-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-cli-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:apache2-mod_php8-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-tidy:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-sodium-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-readline:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-xmlreader-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-readline-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-mbstring:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-fpm:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-openssl:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-sysvmsg:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-ctype-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-fileinfo-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-ftp:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-sqlite-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-opcache:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-sysvshm-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-phar-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-devel:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-fastcgi-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-cli:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-pcntl-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-mbstring-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-soap:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-zlib:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-curl:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-dba:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-odbc-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-xsl-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-odbc:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-pcntl:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-gettext-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-intl-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-zip-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-fpm-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-embed:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-pdo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-sodium:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-snmp-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-dom-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-curl-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-xmlwriter-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-sysvsem-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-tidy-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-exif-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-openssl-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-exif:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-sysvsem:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-zip:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-gd-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-dom:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-intl:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-gd:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-tokenizer-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-gmp:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-bz2:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-tokenizer:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-shmop-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-calendar:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-bcmath:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-iconv-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-sockets:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-xmlreader:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-gmp-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-iconv:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-bcmath-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-ldap-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-ftp-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:php8-xsl:*:*:*:*:*:suse_linux:*:*

External links

https://www.suse.com/support/update/announcement/2023/suse-su-20233528-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.