SUSE-SU-2022:3198-1

Source
https://www.suse.com/support/update/announcement/2022/suse-su-20223198-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:3198-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2022:3198-1
Related
Published
2022-09-08T08:36:07Z
Modified
2022-09-08T08:36:07Z
Summary
Security update for php8-pear
Details

This update for php8-pear fixes the following issues:

  • Add php8-pear to SLE15-SP4 (jsc#SLE-24728)
  • Update to 1.10.21
    • PEAR 1.10.13
      • unsupported protocol - use --force to continue
      • Add $this operator to _determineIfPowerpc calls
  • Update to 1.10.20

    • Archive_Tar 1.4.14
      • Properly fix symbolic link path traversal (CVE-2021-32610)
    • Archive_Tar 1.4.13
      • Relative symlinks failing (out-of path file extraction)
    • Archive_Tar 1.4.12
    • Archive_Tar 1.4.11
    • ArchiveTar 1.4.10
      • Fix block padding when the file buffer length is a multiple of 512 and smaller than ArchiveTar buffer length
      • Don't try to copy username/groupname in chroot jail
  • provides and obsoletes php7-pear-Archive_Tar, former location of PEAR/Archive/Tar.php

  • Update to version 1.10.19

    • PEAR 1.10.12
      • adjust dependencies based on new releases
    • XML_Util 1.4.5
      • fix Trying to access array offset on value of type int
  • Update to version 1.10.18

  • Remove pear-cacheid-array-check.patch (upstreamed)
  • Contents of .filemap are now sorted internally

  • Sort contents of .filemap to make build reproducible

  • Recommend php7-openssl to allow https sources to be used

  • Modify metadata_dir for system configuration only
  • Add /var/lib/pear directory where xml files are stored
  • Cleanup %files section

  • Only use the GPG keys of Chuck Burgess. Extracted from the Release Manager public keys.

  • Add release versions of PEAR modules

  • Install metadata files (registry, filemap, channels, ...) in /var/lib/pear/ instead of /usr/share/php7/PEAR/

  • Update to version 1.10.17

References

Affected packages

SUSE:Linux Enterprise Module for Web and Scripting 15 SP4 / php8-pear

Package

Name
php8-pear
Purl
pkg:rpm/suse/php8-pear&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.10.21-150400.9.3.1

Ecosystem specific

{
    "binaries": [
        {
            "php8-pear": "1.10.21-150400.9.3.1",
            "php8-pecl": "1.10.21-150400.9.3.1"
        }
    ]
}