SUSE-SU-2022:3198-2: moderate: Security update for php8-pear
SUSE Security Update: Security update for php8-pear
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3198-2
Rating: moderate
References: SLE-24728
Cross-References: CVE-2021-32610
CVSS scores:
CVE-2021-32610 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected Products:
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability, contains one
feature is now available.
Description:
This update for php8-pear fixes the following issues:
- Add php8-pear to SLE15-SP4 (jsc#SLE-24728)
- Update to 1.10.21
- PEAR 1.10.13
* unsupported protocol - use --force to continue
* Add $this operator to _determineIfPowerpc calls
- Update to 1.10.20
- Archive_Tar 1.4.14
* Properly fix symbolic link path traversal (CVE-2021-32610) - Archive_Tar 1.4.13
* Relative symlinks failing (out-of path file extraction) - Archive_Tar 1.4.12
- Archive_Tar 1.4.11
- Archive_Tar 1.4.10
* Fix block padding when the file buffer length is a multiple of 512 and smaller than Archive_Tar buffer length
* Don't try to copy username/groupname in chroot jail
- provides and obsoletes php7-pear-Archive_Tar, former location of PEAR/Archive/Tar.php
- Update to version 1.10.19
- PEAR 1.10.12
* adjust dependencies based on new releases
- XML_Util 1.4.5
* fix Trying to access array offset on value of type int
- Update to version 1.10.18
- Remove pear-cacheid-array-check.patch (upstreamed)
- Contents of .filemap are now sorted internally
- Sort contents of .filemap to make build reproducible
- Recommend php7-openssl to allow https sources to be used - Modify metadata_dir for system configuration only
- Add /var/lib/pear directory where xml files are stored - Cleanup %files section
- Only use the GPG keys of Chuck Burgess. Extracted from the Release Manager public keys.
- Add release versions of PEAR modules
- Install metadata files (registry, filemap, channels, ...) in /var/lib/pear/ instead of /usr/share/php7/PEAR/
- Update to version 1.10.17
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2023-291=1
Package List:
- openSUSE Leap 15.4 (noarch):
php8-pear-1.10.21-150400.9.3.1
php8-pecl-1.10.21-150400.9.3.1
References:
https://www.suse.com/security/cve/CVE-2021-32610.html
A php8-pear security update has been released for openSUSE Leap 15.4.
