SUSE-SU-2019:2909-1

Опубликовано: 06 нояб. 2019

Источник: suse-cvrf

Описание

Security update for php72

This update for php72 fixes the following issues:

Security issue fixed:

CVE-2019-11043: Fixed possible remote code execution via env_path_info underflow in fpm_main.c (bsc#1154999).

Список пакетов

SUSE Linux Enterprise Module for Web and Scripting 12

apache2-mod_php72-7.2.5-1.29.1

php72-7.2.5-1.29.1

php72-bcmath-7.2.5-1.29.1

php72-bz2-7.2.5-1.29.1

php72-calendar-7.2.5-1.29.1

php72-ctype-7.2.5-1.29.1

php72-curl-7.2.5-1.29.1

php72-dba-7.2.5-1.29.1

php72-dom-7.2.5-1.29.1

php72-enchant-7.2.5-1.29.1

php72-exif-7.2.5-1.29.1

php72-fastcgi-7.2.5-1.29.1

php72-fileinfo-7.2.5-1.29.1

php72-fpm-7.2.5-1.29.1

php72-ftp-7.2.5-1.29.1

php72-gd-7.2.5-1.29.1

php72-gettext-7.2.5-1.29.1

php72-gmp-7.2.5-1.29.1

php72-iconv-7.2.5-1.29.1

php72-imap-7.2.5-1.29.1

php72-intl-7.2.5-1.29.1

php72-json-7.2.5-1.29.1

php72-ldap-7.2.5-1.29.1

php72-mbstring-7.2.5-1.29.1

php72-mysql-7.2.5-1.29.1

php72-odbc-7.2.5-1.29.1

php72-opcache-7.2.5-1.29.1

php72-openssl-7.2.5-1.29.1

php72-pcntl-7.2.5-1.29.1

php72-pdo-7.2.5-1.29.1

php72-pear-7.2.5-1.29.1

php72-pear-Archive_Tar-7.2.5-1.29.1

php72-pgsql-7.2.5-1.29.1

php72-phar-7.2.5-1.29.1

php72-posix-7.2.5-1.29.1

php72-pspell-7.2.5-1.29.1

php72-readline-7.2.5-1.29.1

php72-shmop-7.2.5-1.29.1

php72-snmp-7.2.5-1.29.1

php72-soap-7.2.5-1.29.1

php72-sockets-7.2.5-1.29.1

php72-sodium-7.2.5-1.29.1

php72-sqlite-7.2.5-1.29.1

php72-sysvmsg-7.2.5-1.29.1

php72-sysvsem-7.2.5-1.29.1

php72-sysvshm-7.2.5-1.29.1

php72-tidy-7.2.5-1.29.1

php72-tokenizer-7.2.5-1.29.1

php72-wddx-7.2.5-1.29.1

php72-xmlreader-7.2.5-1.29.1

php72-xmlrpc-7.2.5-1.29.1

php72-xmlwriter-7.2.5-1.29.1

php72-xsl-7.2.5-1.29.1

php72-zip-7.2.5-1.29.1

php72-zlib-7.2.5-1.29.1

SUSE Linux Enterprise Software Development Kit 12 SP4

php72-devel-7.2.5-1.29.1

SUSE Linux Enterprise Software Development Kit 12 SP5

php72-devel-7.2.5-1.29.1

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20192909-1/
Link for SUSE-SU-2019:2909-1
https://lists.suse.com/pipermail/sle-security-updates/2019-November/006094.html
E-Mail link for SUSE-SU-2019:2909-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1154999
SUSE Bug 1154999
https://www.suse.com/security/cve/CVE-2019-11043/
SUSE CVE CVE-2019-11043 page

Описание

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

Затронутые продукты

SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php72-7.2.5-1.29.1

SUSE Linux Enterprise Module for Web and Scripting 12:php72-7.2.5-1.29.1

SUSE Linux Enterprise Module for Web and Scripting 12:php72-bcmath-7.2.5-1.29.1

SUSE Linux Enterprise Module for Web and Scripting 12:php72-bz2-7.2.5-1.29.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-11043.html
CVE-2019-11043
https://bugzilla.suse.com/1154999
SUSE Bug 1154999

SUSE-SU-2019:2909-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Web and Scripting 12

SUSE Linux Enterprise Software Development Kit 12 SP4

SUSE Linux Enterprise Software Development Kit 12 SP5

Ссылки

Уязвимость: CVE-2019-11043

Описание

Затронутые продукты

Ссылки