SUSE-SU-2022:3198-1: moderate: Security update for php8-pear
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Thu Sep 8 13:44:05 UTC 2022
SUSE Security Update: Security update for php8-pear
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3198-1
Rating: moderate
References: SLE-24728
Cross-References: CVE-2021-32610
CVSS scores:
CVE-2021-32610 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Web Scripting 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
______________________________________________________________________________
An update that fixes one vulnerability, contains one
feature is now available.
Description:
This update for php8-pear fixes the following issues:
- Add php8-pear to SLE15-SP4 (jsc#SLE-24728)
- Update to 1.10.21
- PEAR 1.10.13
* unsupported protocol - use --force to continue
* Add $this operator to _determineIfPowerpc calls
- Update to 1.10.20
- Archive_Tar 1.4.14
* Properly fix symbolic link path traversal (CVE-2021-32610)
- Archive_Tar 1.4.13
* Relative symlinks failing (out-of path file extraction)
- Archive_Tar 1.4.12
- Archive_Tar 1.4.11
- Archive_Tar 1.4.10
* Fix block padding when the file buffer length is a multiple
of 512 and smaller than Archive_Tar buffer length
* Don't try to copy username/groupname in chroot jail
- provides and obsoletes php7-pear-Archive_Tar, former location
of PEAR/Archive/Tar.php
- Update to version 1.10.19
- PEAR 1.10.12
* adjust dependencies based on new releases
- XML_Util 1.4.5
* fix Trying to access array offset on value of type int
- Update to version 1.10.18
- Remove pear-cacheid-array-check.patch (upstreamed)
- Contents of .filemap are now sorted internally
- Sort contents of .filemap to make build reproducible
- Recommend php7-openssl to allow https sources to be used
- Modify metadata_dir for system configuration only
- Add /var/lib/pear directory where xml files are stored
- Cleanup %files section
- Only use the GPG keys of Chuck Burgess. Extracted from the Release
Manager public keys.
- Add release versions of PEAR modules
- Install metadata files (registry, filemap, channels, ...) in
/var/lib/pear/ instead of /usr/share/php7/PEAR/
- Update to version 1.10.17
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Web Scripting 15-SP4:
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2022-3198=1
Package List:
- SUSE Linux Enterprise Module for Web Scripting 15-SP4 (noarch):
php8-pear-1.10.21-150400.9.3.1
php8-pecl-1.10.21-150400.9.3.1
References:
https://www.suse.com/security/cve/CVE-2021-32610.html
More information about the sle-updates
mailing list