Overview

File _patchinfo of Package patchinfo.27848

<patchinfo incident="27848">
  <issue tracker="cve" id="2023-0567"/>
  <issue tracker="cve" id="2023-0568"/>
  <issue tracker="cve" id="2023-0662"/>
  <issue tracker="bnc" id="1208367">VUL-0: CVE-2023-0662: php72,php53,php8,php7,php5,php74: DoS vulnerability when parsing multipart request body</issue>
  <issue tracker="bnc" id="1208366">VUL-0: CVE-2023-0568: php5,php74,php8,php7,php72,php53: NULL byte off-by-one in php_check_specific_open_basedir</issue>
  <issue tracker="bnc" id="1208388">VUL-0: CVE-2023-0567: php53,php5,php8,php72,php7,php74: BCrypt hashes erroneously validate if the salt is cut short by `$`</issue>
  <packager>pgajdos</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for php7</summary>
  <description>This update for php7 fixes the following issues:

  - CVE-2023-0568: Fixed NULL byte off-by-one in php_check_specific_open_basedir (bnc#1208366).
  - CVE-2023-0662: Fixed DoS vulnerability when parsing multipart request body (bnc#1208367).
  - CVE-2023-0567: Fixed vulnerability where BCrypt hashes erroneously validate if the salt is cut short by `$` (bsc#1208388).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places