SUSE-SU-2020:1546-1

Опубликовано: 05 июн. 2020

Источник: suse-cvrf

Описание

Security update for php72

This update for php72 fixes the following issues:

CVE-2020-7064: Fixed a one byte read of uninitialized memory in exif_read_data() (bsc#1168326).
CVE-2020-7066: Fixed URL truncation get_headers() if the URL contains zero (\0) character (bsc#1168352).
CVE-2019-11048: Improved the handling of overly long filenames or field names in HTTP file uploads (bsc#1171999).

Список пакетов

SUSE Linux Enterprise Module for Web and Scripting 12

apache2-mod_php72-7.2.5-1.46.1

php72-7.2.5-1.46.1

php72-bcmath-7.2.5-1.46.1

php72-bz2-7.2.5-1.46.1

php72-calendar-7.2.5-1.46.1

php72-ctype-7.2.5-1.46.1

php72-curl-7.2.5-1.46.1

php72-dba-7.2.5-1.46.1

php72-dom-7.2.5-1.46.1

php72-enchant-7.2.5-1.46.1

php72-exif-7.2.5-1.46.1

php72-fastcgi-7.2.5-1.46.1

php72-fileinfo-7.2.5-1.46.1

php72-fpm-7.2.5-1.46.1

php72-ftp-7.2.5-1.46.1

php72-gd-7.2.5-1.46.1

php72-gettext-7.2.5-1.46.1

php72-gmp-7.2.5-1.46.1

php72-iconv-7.2.5-1.46.1

php72-imap-7.2.5-1.46.1

php72-intl-7.2.5-1.46.1

php72-json-7.2.5-1.46.1

php72-ldap-7.2.5-1.46.1

php72-mbstring-7.2.5-1.46.1

php72-mysql-7.2.5-1.46.1

php72-odbc-7.2.5-1.46.1

php72-opcache-7.2.5-1.46.1

php72-openssl-7.2.5-1.46.1

php72-pcntl-7.2.5-1.46.1

php72-pdo-7.2.5-1.46.1

php72-pear-7.2.5-1.46.1

php72-pear-Archive_Tar-7.2.5-1.46.1

php72-pgsql-7.2.5-1.46.1

php72-phar-7.2.5-1.46.1

php72-posix-7.2.5-1.46.1

php72-pspell-7.2.5-1.46.1

php72-readline-7.2.5-1.46.1

php72-shmop-7.2.5-1.46.1

php72-snmp-7.2.5-1.46.1

php72-soap-7.2.5-1.46.1

php72-sockets-7.2.5-1.46.1

php72-sodium-7.2.5-1.46.1

php72-sqlite-7.2.5-1.46.1

php72-sysvmsg-7.2.5-1.46.1

php72-sysvsem-7.2.5-1.46.1

php72-sysvshm-7.2.5-1.46.1

php72-tidy-7.2.5-1.46.1

php72-tokenizer-7.2.5-1.46.1

php72-wddx-7.2.5-1.46.1

php72-xmlreader-7.2.5-1.46.1

php72-xmlrpc-7.2.5-1.46.1

php72-xmlwriter-7.2.5-1.46.1

php72-xsl-7.2.5-1.46.1

php72-zip-7.2.5-1.46.1

php72-zlib-7.2.5-1.46.1

SUSE Linux Enterprise Software Development Kit 12 SP4

php72-devel-7.2.5-1.46.1

SUSE Linux Enterprise Software Development Kit 12 SP5

php72-devel-7.2.5-1.46.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20201546-1/
Link for SUSE-SU-2020:1546-1
https://lists.suse.com/pipermail/sle-security-updates/2020-June/006888.html
E-Mail link for SUSE-SU-2020:1546-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1168326
SUSE Bug 1168326
https://bugzilla.suse.com/1168352
SUSE Bug 1168352
https://bugzilla.suse.com/1171999
SUSE Bug 1171999
https://www.suse.com/security/cve/CVE-2019-11048/
SUSE CVE CVE-2019-11048 page
https://www.suse.com/security/cve/CVE-2020-7064/
SUSE CVE CVE-2020-7064 page
https://www.suse.com/security/cve/CVE-2020-7066/
SUSE CVE CVE-2020-7066 page

Описание

In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server.

Затронутые продукты

SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php72-7.2.5-1.46.1

SUSE Linux Enterprise Module for Web and Scripting 12:php72-7.2.5-1.46.1

SUSE Linux Enterprise Module for Web and Scripting 12:php72-bcmath-7.2.5-1.46.1

SUSE Linux Enterprise Module for Web and Scripting 12:php72-bz2-7.2.5-1.46.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-11048.html
CVE-2019-11048
https://bugzilla.suse.com/1171999
SUSE Bug 1171999

Описание

In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.

Затронутые продукты

SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php72-7.2.5-1.46.1

SUSE Linux Enterprise Module for Web and Scripting 12:php72-7.2.5-1.46.1

SUSE Linux Enterprise Module for Web and Scripting 12:php72-bcmath-7.2.5-1.46.1

SUSE Linux Enterprise Module for Web and Scripting 12:php72-bz2-7.2.5-1.46.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-7064.html
CVE-2020-7064
https://bugzilla.suse.com/1168326
SUSE Bug 1168326

Описание

In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server.

Затронутые продукты

SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php72-7.2.5-1.46.1

SUSE Linux Enterprise Module for Web and Scripting 12:php72-7.2.5-1.46.1

SUSE Linux Enterprise Module for Web and Scripting 12:php72-bcmath-7.2.5-1.46.1

SUSE Linux Enterprise Module for Web and Scripting 12:php72-bz2-7.2.5-1.46.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-7066.html
CVE-2020-7066
https://bugzilla.suse.com/1168352
SUSE Bug 1168352

SUSE-SU-2020:1546-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Web and Scripting 12

SUSE Linux Enterprise Software Development Kit 12 SP4

SUSE Linux Enterprise Software Development Kit 12 SP5

Ссылки

Уязвимость: CVE-2019-11048

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-7064

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-7066

Описание

Затронутые продукты

Ссылки