Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:1360-1

Опубликовано: 27 мая 2019
Источник: suse-cvrf

Описание

Security update for php72

This update for php72 fixes the following issues:

Security issues fixed:

  • CVE-2019-11034: Fixed a heap-buffer overflow in php_ifd_get32si() (bsc#1132838).
  • CVE-2019-11035: Fixed a heap-buffer overflow in exif_iif_add_value() (bsc#1132837).
  • CVE-2019-11036: Fixed buffer over-read in exif_process_IFD_TAG function leading to information disclosure (bsc#1134322).

Non-security issue fixed:

  • Use system gd (bsc#1133714).

Список пакетов

SUSE Linux Enterprise Module for Web and Scripting 12
apache2-mod_php72-7.2.5-1.17.1
php72-7.2.5-1.17.1
php72-bcmath-7.2.5-1.17.1
php72-bz2-7.2.5-1.17.1
php72-calendar-7.2.5-1.17.1
php72-ctype-7.2.5-1.17.1
php72-curl-7.2.5-1.17.1
php72-dba-7.2.5-1.17.1
php72-dom-7.2.5-1.17.1
php72-enchant-7.2.5-1.17.1
php72-exif-7.2.5-1.17.1
php72-fastcgi-7.2.5-1.17.1
php72-fileinfo-7.2.5-1.17.1
php72-fpm-7.2.5-1.17.1
php72-ftp-7.2.5-1.17.1
php72-gd-7.2.5-1.17.1
php72-gettext-7.2.5-1.17.1
php72-gmp-7.2.5-1.17.1
php72-iconv-7.2.5-1.17.1
php72-imap-7.2.5-1.17.1
php72-intl-7.2.5-1.17.1
php72-json-7.2.5-1.17.1
php72-ldap-7.2.5-1.17.1
php72-mbstring-7.2.5-1.17.1
php72-mysql-7.2.5-1.17.1
php72-odbc-7.2.5-1.17.1
php72-opcache-7.2.5-1.17.1
php72-openssl-7.2.5-1.17.1
php72-pcntl-7.2.5-1.17.1
php72-pdo-7.2.5-1.17.1
php72-pear-7.2.5-1.17.1
php72-pear-Archive_Tar-7.2.5-1.17.1
php72-pgsql-7.2.5-1.17.1
php72-phar-7.2.5-1.17.1
php72-posix-7.2.5-1.17.1
php72-pspell-7.2.5-1.17.1
php72-readline-7.2.5-1.17.1
php72-shmop-7.2.5-1.17.1
php72-snmp-7.2.5-1.17.1
php72-soap-7.2.5-1.17.1
php72-sockets-7.2.5-1.17.1
php72-sqlite-7.2.5-1.17.1
php72-sysvmsg-7.2.5-1.17.1
php72-sysvsem-7.2.5-1.17.1
php72-sysvshm-7.2.5-1.17.1
php72-tidy-7.2.5-1.17.1
php72-tokenizer-7.2.5-1.17.1
php72-wddx-7.2.5-1.17.1
php72-xmlreader-7.2.5-1.17.1
php72-xmlrpc-7.2.5-1.17.1
php72-xmlwriter-7.2.5-1.17.1
php72-xsl-7.2.5-1.17.1
php72-zip-7.2.5-1.17.1
php72-zlib-7.2.5-1.17.1
SUSE Linux Enterprise Software Development Kit 12 SP3
php72-devel-7.2.5-1.17.1
SUSE Linux Enterprise Software Development Kit 12 SP4
php72-devel-7.2.5-1.17.1

Ссылки

Описание

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php72-7.2.5-1.17.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-7.2.5-1.17.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-bcmath-7.2.5-1.17.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-bz2-7.2.5-1.17.1
Ссылки

Описание

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php72-7.2.5-1.17.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-7.2.5-1.17.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-bcmath-7.2.5-1.17.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-bz2-7.2.5-1.17.1
Ссылки

Описание

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php72-7.2.5-1.17.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-7.2.5-1.17.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-bcmath-7.2.5-1.17.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-bz2-7.2.5-1.17.1
Ссылки