SUSE-SU-2022:0577-1
Advisory lineage Upstream: 3 Downstream: 0
Published: 25 Feb 2022, 19:14
Last modified:04 Feb 2026, 03:19
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
25 Feb 2022, 19:14
Published
Vulnerability first disclosed
04 Feb 2026, 03:19
Last Modified
Vulnerability information updated
Description
Security update for php72 This update for php72 fixes the following issues: - CVE-2015-9253: Fixed endless loop when the master process restarts a child process using program execution functions (bsc#1081790). - CVE-2017-8923: Fixed denial of service (application crash) when using .= with a long string (zend_string_extend func in Zend/zend_string.h) (bsc#1038980). - CVE-2021-21707: Fixed special character handling that broke path in xml parsing (bsc#1193041).
Affected Systems
- suse•php72&distro=SUSE Linux Enterprise Module for Web and Scripting 12
< 7.2.5-1.75.1
- suse•php72&distro=SUSE Linux Enterprise Software Development Kit 12 SP5
< 7.2.5-1.75.1
References (7)
- https://www.suse.com/support/update/announcement/2022/suse-su-20220577-1/
- https://bugzilla.suse.com/1038980
- https://bugzilla.suse.com/1081790
- https://bugzilla.suse.com/1193041
- https://www.suse.com/security/cve/CVE-2015-9253
- https://www.suse.com/security/cve/CVE-2017-8923
- https://www.suse.com/security/cve/CVE-2021-21707