Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2020:14289-1

Опубликовано: 24 фев. 2020
Источник: suse-cvrf

Описание

Security update for php53

This update for php53 fixes the following issues:

Security issues fixed:

  • CVE-2020-7059: Fixed an out-of-bounds read in php_strip_tags_ex (bsc#1162629).
  • CVE-2019-11045: Fixed an issue with the PHP DirectoryIterator class that accepts filenames with embedded \0 bytes (bsc#1159923).
  • CVE-2019-11046: Fixed an out-of-bounds read in bc_shift_addsub (bsc#1159924).
  • CVE-2019-11047: Fixed an information disclosure in exif_read_data (bsc#1159922).
  • CVE-2019-11050: Fixed a buffer over-read in the EXIF extension (bsc#1159927).
  • CVE-2019-20433: Fixed a buffer over-read when processing strings ending with a single '\0' byte with ucs-2 and ucs-4 encoding (bsc#1161982).

Список пакетов

SUSE Linux Enterprise Point of Sale 11 SP3
apache2-mod_php53-5.3.17-112.79.1
php53-5.3.17-112.79.1
php53-bcmath-5.3.17-112.79.1
php53-bz2-5.3.17-112.79.1
php53-calendar-5.3.17-112.79.1
php53-ctype-5.3.17-112.79.1
php53-curl-5.3.17-112.79.1
php53-dba-5.3.17-112.79.1
php53-dom-5.3.17-112.79.1
php53-exif-5.3.17-112.79.1
php53-fastcgi-5.3.17-112.79.1
php53-fileinfo-5.3.17-112.79.1
php53-ftp-5.3.17-112.79.1
php53-gd-5.3.17-112.79.1
php53-gettext-5.3.17-112.79.1
php53-gmp-5.3.17-112.79.1
php53-iconv-5.3.17-112.79.1
php53-intl-5.3.17-112.79.1
php53-json-5.3.17-112.79.1
php53-ldap-5.3.17-112.79.1
php53-mbstring-5.3.17-112.79.1
php53-mcrypt-5.3.17-112.79.1
php53-mysql-5.3.17-112.79.1
php53-odbc-5.3.17-112.79.1
php53-openssl-5.3.17-112.79.1
php53-pcntl-5.3.17-112.79.1
php53-pdo-5.3.17-112.79.1
php53-pear-5.3.17-112.79.1
php53-pgsql-5.3.17-112.79.1
php53-pspell-5.3.17-112.79.1
php53-shmop-5.3.17-112.79.1
php53-snmp-5.3.17-112.79.1
php53-soap-5.3.17-112.79.1
php53-suhosin-5.3.17-112.79.1
php53-sysvmsg-5.3.17-112.79.1
php53-sysvsem-5.3.17-112.79.1
php53-sysvshm-5.3.17-112.79.1
php53-tokenizer-5.3.17-112.79.1
php53-wddx-5.3.17-112.79.1
php53-xmlreader-5.3.17-112.79.1
php53-xmlrpc-5.3.17-112.79.1
php53-xmlwriter-5.3.17-112.79.1
php53-xsl-5.3.17-112.79.1
php53-zip-5.3.17-112.79.1
php53-zlib-5.3.17-112.79.1
SUSE Linux Enterprise Server 11 SP4-LTSS
apache2-mod_php53-5.3.17-112.79.1
php53-5.3.17-112.79.1
php53-bcmath-5.3.17-112.79.1
php53-bz2-5.3.17-112.79.1
php53-calendar-5.3.17-112.79.1
php53-ctype-5.3.17-112.79.1
php53-curl-5.3.17-112.79.1
php53-dba-5.3.17-112.79.1
php53-dom-5.3.17-112.79.1
php53-exif-5.3.17-112.79.1
php53-fastcgi-5.3.17-112.79.1
php53-fileinfo-5.3.17-112.79.1
php53-ftp-5.3.17-112.79.1
php53-gd-5.3.17-112.79.1
php53-gettext-5.3.17-112.79.1
php53-gmp-5.3.17-112.79.1
php53-iconv-5.3.17-112.79.1
php53-intl-5.3.17-112.79.1
php53-json-5.3.17-112.79.1
php53-ldap-5.3.17-112.79.1
php53-mbstring-5.3.17-112.79.1
php53-mcrypt-5.3.17-112.79.1
php53-mysql-5.3.17-112.79.1
php53-odbc-5.3.17-112.79.1
php53-openssl-5.3.17-112.79.1
php53-pcntl-5.3.17-112.79.1
php53-pdo-5.3.17-112.79.1
php53-pear-5.3.17-112.79.1
php53-pgsql-5.3.17-112.79.1
php53-pspell-5.3.17-112.79.1
php53-shmop-5.3.17-112.79.1
php53-snmp-5.3.17-112.79.1
php53-soap-5.3.17-112.79.1
php53-suhosin-5.3.17-112.79.1
php53-sysvmsg-5.3.17-112.79.1
php53-sysvsem-5.3.17-112.79.1
php53-sysvshm-5.3.17-112.79.1
php53-tokenizer-5.3.17-112.79.1
php53-wddx-5.3.17-112.79.1
php53-xmlreader-5.3.17-112.79.1
php53-xmlrpc-5.3.17-112.79.1
php53-xmlwriter-5.3.17-112.79.1
php53-xsl-5.3.17-112.79.1
php53-zip-5.3.17-112.79.1
php53-zlib-5.3.17-112.79.1

Ссылки

Описание

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:apache2-mod_php53-5.3.17-112.79.1
SUSE Linux Enterprise Point of Sale 11 SP3:php53-5.3.17-112.79.1
SUSE Linux Enterprise Point of Sale 11 SP3:php53-bcmath-5.3.17-112.79.1
SUSE Linux Enterprise Point of Sale 11 SP3:php53-bz2-5.3.17-112.79.1
Ссылки

Описание

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:apache2-mod_php53-5.3.17-112.79.1
SUSE Linux Enterprise Point of Sale 11 SP3:php53-5.3.17-112.79.1
SUSE Linux Enterprise Point of Sale 11 SP3:php53-bcmath-5.3.17-112.79.1
SUSE Linux Enterprise Point of Sale 11 SP3:php53-bz2-5.3.17-112.79.1
Ссылки

Описание

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:apache2-mod_php53-5.3.17-112.79.1
SUSE Linux Enterprise Point of Sale 11 SP3:php53-5.3.17-112.79.1
SUSE Linux Enterprise Point of Sale 11 SP3:php53-bcmath-5.3.17-112.79.1
SUSE Linux Enterprise Point of Sale 11 SP3:php53-bz2-5.3.17-112.79.1
Ссылки

Описание

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:apache2-mod_php53-5.3.17-112.79.1
SUSE Linux Enterprise Point of Sale 11 SP3:php53-5.3.17-112.79.1
SUSE Linux Enterprise Point of Sale 11 SP3:php53-bcmath-5.3.17-112.79.1
SUSE Linux Enterprise Point of Sale 11 SP3:php53-bz2-5.3.17-112.79.1
Ссылки

Описание

libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:apache2-mod_php53-5.3.17-112.79.1
SUSE Linux Enterprise Point of Sale 11 SP3:php53-5.3.17-112.79.1
SUSE Linux Enterprise Point of Sale 11 SP3:php53-bcmath-5.3.17-112.79.1
SUSE Linux Enterprise Point of Sale 11 SP3:php53-bz2-5.3.17-112.79.1
Ссылки

Описание

When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:apache2-mod_php53-5.3.17-112.79.1
SUSE Linux Enterprise Point of Sale 11 SP3:php53-5.3.17-112.79.1
SUSE Linux Enterprise Point of Sale 11 SP3:php53-bcmath-5.3.17-112.79.1
SUSE Linux Enterprise Point of Sale 11 SP3:php53-bz2-5.3.17-112.79.1
Ссылки
Уязвимость SUSE-SU-2020:14289-1