vulnerability
SUSE: CVE-2020-7069: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:N/C:P/I:P/A:N) | 2020-10-02 | 2021-02-07 | 2022-02-04 |
Severity
6
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published
2020-10-02
Added
2021-02-07
Modified
2022-02-04
Description
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.
Solution(s)
suse-upgrade-apache2-mod_php7suse-upgrade-apache2-mod_php72suse-upgrade-apache2-mod_php74suse-upgrade-php7suse-upgrade-php7-bcmathsuse-upgrade-php7-bz2suse-upgrade-php7-calendarsuse-upgrade-php7-ctypesuse-upgrade-php7-curlsuse-upgrade-php7-dbasuse-upgrade-php7-develsuse-upgrade-php7-domsuse-upgrade-php7-embedsuse-upgrade-php7-enchantsuse-upgrade-php7-exifsuse-upgrade-php7-fastcgisuse-upgrade-php7-fileinfosuse-upgrade-php7-firebirdsuse-upgrade-php7-fpmsuse-upgrade-php7-ftpsuse-upgrade-php7-gdsuse-upgrade-php7-gettextsuse-upgrade-php7-gmpsuse-upgrade-php7-iconvsuse-upgrade-php7-intlsuse-upgrade-php7-jsonsuse-upgrade-php7-ldapsuse-upgrade-php7-mbstringsuse-upgrade-php7-mysqlsuse-upgrade-php7-odbcsuse-upgrade-php7-opcachesuse-upgrade-php7-opensslsuse-upgrade-php7-pcntlsuse-upgrade-php7-pdosuse-upgrade-php7-pearsuse-upgrade-php7-pear-archive_tarsuse-upgrade-php7-pgsqlsuse-upgrade-php7-pharsuse-upgrade-php7-posixsuse-upgrade-php7-readlinesuse-upgrade-php7-shmopsuse-upgrade-php7-snmpsuse-upgrade-php7-soapsuse-upgrade-php7-socketssuse-upgrade-php7-sodiumsuse-upgrade-php7-sqlitesuse-upgrade-php7-sysvmsgsuse-upgrade-php7-sysvsemsuse-upgrade-php7-sysvshmsuse-upgrade-php7-testsuse-upgrade-php7-tidysuse-upgrade-php7-tokenizersuse-upgrade-php7-wddxsuse-upgrade-php7-xmlreadersuse-upgrade-php7-xmlrpcsuse-upgrade-php7-xmlwritersuse-upgrade-php7-xslsuse-upgrade-php7-zipsuse-upgrade-php7-zlibsuse-upgrade-php72suse-upgrade-php72-bcmathsuse-upgrade-php72-bz2suse-upgrade-php72-calendarsuse-upgrade-php72-ctypesuse-upgrade-php72-curlsuse-upgrade-php72-dbasuse-upgrade-php72-develsuse-upgrade-php72-domsuse-upgrade-php72-enchantsuse-upgrade-php72-exifsuse-upgrade-php72-fastcgisuse-upgrade-php72-fileinfosuse-upgrade-php72-fpmsuse-upgrade-php72-ftpsuse-upgrade-php72-gdsuse-upgrade-php72-gettextsuse-upgrade-php72-gmpsuse-upgrade-php72-iconvsuse-upgrade-php72-imapsuse-upgrade-php72-intlsuse-upgrade-php72-jsonsuse-upgrade-php72-ldapsuse-upgrade-php72-mbstringsuse-upgrade-php72-mysqlsuse-upgrade-php72-odbcsuse-upgrade-php72-opcachesuse-upgrade-php72-opensslsuse-upgrade-php72-pcntlsuse-upgrade-php72-pdosuse-upgrade-php72-pearsuse-upgrade-php72-pear-archive_tarsuse-upgrade-php72-pgsqlsuse-upgrade-php72-pharsuse-upgrade-php72-posixsuse-upgrade-php72-pspellsuse-upgrade-php72-readlinesuse-upgrade-php72-shmopsuse-upgrade-php72-snmpsuse-upgrade-php72-soapsuse-upgrade-php72-socketssuse-upgrade-php72-sodiumsuse-upgrade-php72-sqlitesuse-upgrade-php72-sysvmsgsuse-upgrade-php72-sysvsemsuse-upgrade-php72-sysvshmsuse-upgrade-php72-tidysuse-upgrade-php72-tokenizersuse-upgrade-php72-wddxsuse-upgrade-php72-xmlreadersuse-upgrade-php72-xmlrpcsuse-upgrade-php72-xmlwritersuse-upgrade-php72-xslsuse-upgrade-php72-zipsuse-upgrade-php72-zlibsuse-upgrade-php74suse-upgrade-php74-bcmathsuse-upgrade-php74-bz2suse-upgrade-php74-calendarsuse-upgrade-php74-ctypesuse-upgrade-php74-curlsuse-upgrade-php74-dbasuse-upgrade-php74-develsuse-upgrade-php74-domsuse-upgrade-php74-enchantsuse-upgrade-php74-exifsuse-upgrade-php74-fastcgisuse-upgrade-php74-fileinfosuse-upgrade-php74-fpmsuse-upgrade-php74-ftpsuse-upgrade-php74-gdsuse-upgrade-php74-gettextsuse-upgrade-php74-gmpsuse-upgrade-php74-iconvsuse-upgrade-php74-intlsuse-upgrade-php74-jsonsuse-upgrade-php74-ldapsuse-upgrade-php74-mbstringsuse-upgrade-php74-mysqlsuse-upgrade-php74-odbcsuse-upgrade-php74-opcachesuse-upgrade-php74-opensslsuse-upgrade-php74-pcntlsuse-upgrade-php74-pdosuse-upgrade-php74-pgsqlsuse-upgrade-php74-pharsuse-upgrade-php74-posixsuse-upgrade-php74-readlinesuse-upgrade-php74-shmopsuse-upgrade-php74-snmpsuse-upgrade-php74-soapsuse-upgrade-php74-socketssuse-upgrade-php74-sodiumsuse-upgrade-php74-sqlitesuse-upgrade-php74-sysvmsgsuse-upgrade-php74-sysvsemsuse-upgrade-php74-sysvshmsuse-upgrade-php74-tidysuse-upgrade-php74-tokenizersuse-upgrade-php74-xmlreadersuse-upgrade-php74-xmlrpcsuse-upgrade-php74-xmlwritersuse-upgrade-php74-xslsuse-upgrade-php74-zipsuse-upgrade-php74-zlib
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.