Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-RU-2019:0823-1

Опубликовано: 29 мар. 2019
Источник: suse-cvrf

Описание

Optional update for php72

This update provides PHP 7.2 and subpackages to the SUSE Linux Enterprise 12 Web and Scripting Module.

It is a replacement of the php7 packages, the packages do not co-exist.

The mcrypt extensions was removed in PHP 7.2.

Список пакетов

SUSE Linux Enterprise Module for Web and Scripting 12
apache2-mod_php72-7.2.5-1.7.1
libmemcached11-1.0.18-3.2.1
libtidy-0_99-0-1.0.20100204cvs-26.2.1
php72-7.2.5-1.7.1
php72-bcmath-7.2.5-1.7.1
php72-bz2-7.2.5-1.7.1
php72-calendar-7.2.5-1.7.1
php72-ctype-7.2.5-1.7.1
php72-curl-7.2.5-1.7.1
php72-dba-7.2.5-1.7.1
php72-dom-7.2.5-1.7.1
php72-enchant-7.2.5-1.7.1
php72-exif-7.2.5-1.7.1
php72-fastcgi-7.2.5-1.7.1
php72-fileinfo-7.2.5-1.7.1
php72-fpm-7.2.5-1.7.1
php72-ftp-7.2.5-1.7.1
php72-gd-7.2.5-1.7.1
php72-gettext-7.2.5-1.7.1
php72-gmp-7.2.5-1.7.1
php72-iconv-7.2.5-1.7.1
php72-imap-7.2.5-1.7.1
php72-intl-7.2.5-1.7.1
php72-json-7.2.5-1.7.1
php72-ldap-7.2.5-1.7.1
php72-mbstring-7.2.5-1.7.1
php72-memcached-3.1.3-1.3.1
php72-mysql-7.2.5-1.7.1
php72-odbc-7.2.5-1.7.1
php72-opcache-7.2.5-1.7.1
php72-openssl-7.2.5-1.7.1
php72-pcntl-7.2.5-1.7.1
php72-pdo-7.2.5-1.7.1
php72-pear-7.2.5-1.7.1
php72-pear-Archive_Tar-7.2.5-1.7.1
php72-pgsql-7.2.5-1.7.1
php72-phar-7.2.5-1.7.1
php72-posix-7.2.5-1.7.1
php72-pspell-7.2.5-1.7.1
php72-readline-7.2.5-1.7.1
php72-shmop-7.2.5-1.7.1
php72-snmp-7.2.5-1.7.1
php72-soap-7.2.5-1.7.1
php72-sockets-7.2.5-1.7.1
php72-sqlite-7.2.5-1.7.1
php72-sysvmsg-7.2.5-1.7.1
php72-sysvsem-7.2.5-1.7.1
php72-sysvshm-7.2.5-1.7.1
php72-tidy-7.2.5-1.7.1
php72-tokenizer-7.2.5-1.7.1
php72-wddx-7.2.5-1.7.1
php72-xmlreader-7.2.5-1.7.1
php72-xmlrpc-7.2.5-1.7.1
php72-xmlwriter-7.2.5-1.7.1
php72-xsl-7.2.5-1.7.1
php72-zip-7.2.5-1.7.1
php72-zlib-7.2.5-1.7.1
SUSE Linux Enterprise Server 12 SP3
libmemcached-1.0.18-3.2.1
libmemcached11-1.0.18-3.2.1
libmemcachedutil2-1.0.18-3.2.1
SUSE Linux Enterprise Server 12 SP4
libmemcached-1.0.18-3.2.1
libmemcached11-1.0.18-3.2.1
libmemcachedutil2-1.0.18-3.2.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libmemcached-1.0.18-3.2.1
libmemcached11-1.0.18-3.2.1
libmemcachedutil2-1.0.18-3.2.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libmemcached-1.0.18-3.2.1
libmemcached11-1.0.18-3.2.1
libmemcachedutil2-1.0.18-3.2.1
SUSE Linux Enterprise Software Development Kit 12 SP3
libtidy-0_99-0-1.0.20100204cvs-26.2.1
libtidy-0_99-0-devel-1.0.20100204cvs-26.2.1
php72-devel-7.2.5-1.7.1
tidy-1.0.20100204cvs-26.2.1
SUSE Linux Enterprise Software Development Kit 12 SP4
libmemcached-devel-1.0.18-3.2.1
libtidy-0_99-0-1.0.20100204cvs-26.2.1
libtidy-0_99-0-devel-1.0.20100204cvs-26.2.1
php72-devel-7.2.5-1.7.1
tidy-1.0.20100204cvs-26.2.1

Ссылки

Описание

In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in ext/phar/phar.c.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php72-7.2.5-1.7.1
SUSE Linux Enterprise Module for Web and Scripting 12:libmemcached11-1.0.18-3.2.1
SUSE Linux Enterprise Module for Web and Scripting 12:libtidy-0_99-0-1.0.20100204cvs-26.2.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-7.2.5-1.7.1
Ссылки

Описание

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php72-7.2.5-1.7.1
SUSE Linux Enterprise Module for Web and Scripting 12:libmemcached11-1.0.18-3.2.1
SUSE Linux Enterprise Module for Web and Scripting 12:libtidy-0_99-0-1.0.20100204cvs-26.2.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-7.2.5-1.7.1
Ссылки

Описание

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php72-7.2.5-1.7.1
SUSE Linux Enterprise Module for Web and Scripting 12:libmemcached11-1.0.18-3.2.1
SUSE Linux Enterprise Module for Web and Scripting 12:libtidy-0_99-0-1.0.20100204cvs-26.2.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-7.2.5-1.7.1
Ссылки

Описание

An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php72-7.2.5-1.7.1
SUSE Linux Enterprise Module for Web and Scripting 12:libmemcached11-1.0.18-3.2.1
SUSE Linux Enterprise Module for Web and Scripting 12:libtidy-0_99-0-1.0.20100204cvs-26.2.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-7.2.5-1.7.1
Ссылки

Описание

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php72-7.2.5-1.7.1
SUSE Linux Enterprise Module for Web and Scripting 12:libmemcached11-1.0.18-3.2.1
SUSE Linux Enterprise Module for Web and Scripting 12:libtidy-0_99-0-1.0.20100204cvs-26.2.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-7.2.5-1.7.1
Ссылки

Описание

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php72-7.2.5-1.7.1
SUSE Linux Enterprise Module for Web and Scripting 12:libmemcached11-1.0.18-3.2.1
SUSE Linux Enterprise Module for Web and Scripting 12:libtidy-0_99-0-1.0.20100204cvs-26.2.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-7.2.5-1.7.1
Ссылки

Описание

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php72-7.2.5-1.7.1
SUSE Linux Enterprise Module for Web and Scripting 12:libmemcached11-1.0.18-3.2.1
SUSE Linux Enterprise Module for Web and Scripting 12:libtidy-0_99-0-1.0.20100204cvs-26.2.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-7.2.5-1.7.1
Ссылки
Уязвимость SUSE-RU-2019:0823-1