SUSE: CVE-2024-11236: SUSE Linux Security Advisory
10
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
11/24/2024
01/04/2025
01/03/2025
01/28/2025
Description
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.
Solution(s)
- suse-upgrade-apache2-mod_php8
- suse-upgrade-php8
- suse-upgrade-php8-bcmath
- suse-upgrade-php8-bz2
- suse-upgrade-php8-calendar
- suse-upgrade-php8-cli
- suse-upgrade-php8-ctype
- suse-upgrade-php8-curl
- suse-upgrade-php8-dba
- suse-upgrade-php8-devel
- suse-upgrade-php8-dom
- suse-upgrade-php8-embed
- suse-upgrade-php8-enchant
- suse-upgrade-php8-exif
- suse-upgrade-php8-fastcgi
- suse-upgrade-php8-ffi
- suse-upgrade-php8-fileinfo
- suse-upgrade-php8-fpm
- suse-upgrade-php8-fpm-apache
- suse-upgrade-php8-ftp
- suse-upgrade-php8-gd
- suse-upgrade-php8-gettext
- suse-upgrade-php8-gmp
- suse-upgrade-php8-iconv
- suse-upgrade-php8-intl
- suse-upgrade-php8-ldap
- suse-upgrade-php8-mbstring
- suse-upgrade-php8-mysql
- suse-upgrade-php8-odbc
- suse-upgrade-php8-opcache
- suse-upgrade-php8-openssl
- suse-upgrade-php8-pcntl
- suse-upgrade-php8-pdo
- suse-upgrade-php8-pgsql
- suse-upgrade-php8-phar
- suse-upgrade-php8-posix
- suse-upgrade-php8-readline
- suse-upgrade-php8-shmop
- suse-upgrade-php8-snmp
- suse-upgrade-php8-soap
- suse-upgrade-php8-sockets
- suse-upgrade-php8-sodium
- suse-upgrade-php8-sqlite
- suse-upgrade-php8-sysvmsg
- suse-upgrade-php8-sysvsem
- suse-upgrade-php8-sysvshm
- suse-upgrade-php8-test
- suse-upgrade-php8-tidy
- suse-upgrade-php8-tokenizer
- suse-upgrade-php8-xmlreader
- suse-upgrade-php8-xmlwriter
- suse-upgrade-php8-xsl
- suse-upgrade-php8-zip
- suse-upgrade-php8-zlib
Advanced vulnerability management analytics and reporting.
Key Features
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center