Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:0333-1

Опубликовано: 12 фев. 2019
Источник: suse-cvrf

Описание

Security update for php7

This update for php7 fixes the following issues:

Security issue fixed:

  • CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123354).
  • CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522).
  • CVE-2018-19935: Fixed a Denial of Service in php_imap.c which could be triggered via an empty string in the message argument to imap_mail (bsc#1118832).

Список пакетов

SUSE Linux Enterprise Module for Web and Scripting 12
apache2-mod_php7-7.0.7-50.63.1
php7-7.0.7-50.63.1
php7-bcmath-7.0.7-50.63.1
php7-bz2-7.0.7-50.63.1
php7-calendar-7.0.7-50.63.1
php7-ctype-7.0.7-50.63.1
php7-curl-7.0.7-50.63.1
php7-dba-7.0.7-50.63.1
php7-dom-7.0.7-50.63.1
php7-enchant-7.0.7-50.63.1
php7-exif-7.0.7-50.63.1
php7-fastcgi-7.0.7-50.63.1
php7-fileinfo-7.0.7-50.63.1
php7-fpm-7.0.7-50.63.1
php7-ftp-7.0.7-50.63.1
php7-gd-7.0.7-50.63.1
php7-gettext-7.0.7-50.63.1
php7-gmp-7.0.7-50.63.1
php7-iconv-7.0.7-50.63.1
php7-imap-7.0.7-50.63.1
php7-intl-7.0.7-50.63.1
php7-json-7.0.7-50.63.1
php7-ldap-7.0.7-50.63.1
php7-mbstring-7.0.7-50.63.1
php7-mcrypt-7.0.7-50.63.1
php7-mysql-7.0.7-50.63.1
php7-odbc-7.0.7-50.63.1
php7-opcache-7.0.7-50.63.1
php7-openssl-7.0.7-50.63.1
php7-pcntl-7.0.7-50.63.1
php7-pdo-7.0.7-50.63.1
php7-pear-7.0.7-50.63.1
php7-pear-Archive_Tar-7.0.7-50.63.1
php7-pgsql-7.0.7-50.63.1
php7-phar-7.0.7-50.63.1
php7-posix-7.0.7-50.63.1
php7-pspell-7.0.7-50.63.1
php7-shmop-7.0.7-50.63.1
php7-snmp-7.0.7-50.63.1
php7-soap-7.0.7-50.63.1
php7-sockets-7.0.7-50.63.1
php7-sqlite-7.0.7-50.63.1
php7-sysvmsg-7.0.7-50.63.1
php7-sysvsem-7.0.7-50.63.1
php7-sysvshm-7.0.7-50.63.1
php7-tokenizer-7.0.7-50.63.1
php7-wddx-7.0.7-50.63.1
php7-xmlreader-7.0.7-50.63.1
php7-xmlrpc-7.0.7-50.63.1
php7-xmlwriter-7.0.7-50.63.1
php7-xsl-7.0.7-50.63.1
php7-zip-7.0.7-50.63.1
php7-zlib-7.0.7-50.63.1
SUSE Linux Enterprise Software Development Kit 12 SP3
php7-devel-7.0.7-50.63.1
SUSE Linux Enterprise Software Development Kit 12 SP4
php7-devel-7.0.7-50.63.1

Ссылки

Описание

ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php7-7.0.7-50.63.1
SUSE Linux Enterprise Module for Web and Scripting 12:php7-7.0.7-50.63.1
SUSE Linux Enterprise Module for Web and Scripting 12:php7-bcmath-7.0.7-50.63.1
SUSE Linux Enterprise Module for Web and Scripting 12:php7-bz2-7.0.7-50.63.1
Ссылки

Описание

gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php7-7.0.7-50.63.1
SUSE Linux Enterprise Module for Web and Scripting 12:php7-7.0.7-50.63.1
SUSE Linux Enterprise Module for Web and Scripting 12:php7-bcmath-7.0.7-50.63.1
SUSE Linux Enterprise Module for Web and Scripting 12:php7-bz2-7.0.7-50.63.1
Ссылки

Описание

The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php7-7.0.7-50.63.1
SUSE Linux Enterprise Module for Web and Scripting 12:php7-7.0.7-50.63.1
SUSE Linux Enterprise Module for Web and Scripting 12:php7-bcmath-7.0.7-50.63.1
SUSE Linux Enterprise Module for Web and Scripting 12:php7-bz2-7.0.7-50.63.1
Ссылки