Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2020:0522-1

Опубликовано: 28 фев. 2020
Источник: suse-cvrf

Описание

Security update for php5

This update for php5 fixes the following issues:

Security issues fixed:

  • CVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail() (bsc#1146360).
  • CVE-2019-11042: Fixed heap buffer over-read in exif_process_user_comment() (bsc#1145095).
  • CVE-2019-11043: Fixed possible remote code execution via env_path_info underflow in fpm_main.c (bsc#1154999).
  • CVE-2019-11045: Fixed an issue with the PHP DirectoryIterator class that accepts filenames with embedded \0 bytes (bsc#1159923).
  • CVE-2019-11046: Fixed an out-of-bounds read in bc_shift_addsub (bsc#1159924).
  • CVE-2019-11047: Fixed an information disclosure in exif_read_data (bsc#1159922).
  • CVE-2019-11050: Fixed a buffer over-read in the EXIF extension (bsc#1159927).
  • CVE-2020-7059: Fixed an out-of-bounds read in php_strip_tags_ex (bsc#1162629).
  • CVE-2020-7060: Fixed a global buffer-overflow in mbfl_filt_conv_big5_wchar (bsc#1162632).

Список пакетов

SUSE Linux Enterprise Module for Web and Scripting 12
apache2-mod_php5-5.5.14-109.68.1
php5-5.5.14-109.68.1
php5-bcmath-5.5.14-109.68.1
php5-bz2-5.5.14-109.68.1
php5-calendar-5.5.14-109.68.1
php5-ctype-5.5.14-109.68.1
php5-curl-5.5.14-109.68.1
php5-dba-5.5.14-109.68.1
php5-dom-5.5.14-109.68.1
php5-enchant-5.5.14-109.68.1
php5-exif-5.5.14-109.68.1
php5-fastcgi-5.5.14-109.68.1
php5-fileinfo-5.5.14-109.68.1
php5-fpm-5.5.14-109.68.1
php5-ftp-5.5.14-109.68.1
php5-gd-5.5.14-109.68.1
php5-gettext-5.5.14-109.68.1
php5-gmp-5.5.14-109.68.1
php5-iconv-5.5.14-109.68.1
php5-imap-5.5.14-109.68.1
php5-intl-5.5.14-109.68.1
php5-json-5.5.14-109.68.1
php5-ldap-5.5.14-109.68.1
php5-mbstring-5.5.14-109.68.1
php5-mcrypt-5.5.14-109.68.1
php5-mysql-5.5.14-109.68.1
php5-odbc-5.5.14-109.68.1
php5-opcache-5.5.14-109.68.1
php5-openssl-5.5.14-109.68.1
php5-pcntl-5.5.14-109.68.1
php5-pdo-5.5.14-109.68.1
php5-pear-5.5.14-109.68.1
php5-pgsql-5.5.14-109.68.1
php5-phar-5.5.14-109.68.1
php5-posix-5.5.14-109.68.1
php5-pspell-5.5.14-109.68.1
php5-shmop-5.5.14-109.68.1
php5-snmp-5.5.14-109.68.1
php5-soap-5.5.14-109.68.1
php5-sockets-5.5.14-109.68.1
php5-sqlite-5.5.14-109.68.1
php5-suhosin-5.5.14-109.68.1
php5-sysvmsg-5.5.14-109.68.1
php5-sysvsem-5.5.14-109.68.1
php5-sysvshm-5.5.14-109.68.1
php5-tokenizer-5.5.14-109.68.1
php5-wddx-5.5.14-109.68.1
php5-xmlreader-5.5.14-109.68.1
php5-xmlrpc-5.5.14-109.68.1
php5-xmlwriter-5.5.14-109.68.1
php5-xsl-5.5.14-109.68.1
php5-zip-5.5.14-109.68.1
php5-zlib-5.5.14-109.68.1
SUSE Linux Enterprise Software Development Kit 12 SP4
php5-devel-5.5.14-109.68.1

Ссылки

Описание

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-109.68.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-109.68.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-109.68.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-109.68.1
Ссылки

Описание

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-109.68.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-109.68.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-109.68.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-109.68.1
Ссылки

Описание

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-109.68.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-109.68.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-109.68.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-109.68.1
Ссылки

Описание

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-109.68.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-109.68.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-109.68.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-109.68.1
Ссылки

Описание

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-109.68.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-109.68.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-109.68.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-109.68.1
Ссылки

Описание

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-109.68.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-109.68.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-109.68.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-109.68.1
Ссылки

Описание

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-109.68.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-109.68.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-109.68.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-109.68.1
Ссылки

Описание

When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-109.68.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-109.68.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-109.68.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-109.68.1
Ссылки

Описание

When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-109.68.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-109.68.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-109.68.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-109.68.1
Ссылки
Уязвимость SUSE-SU-2020:0522-1