Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2019:1501-1

Опубликовано: 03 июн. 2019
Источник: suse-cvrf

Описание

Security update for php7

This update for php7 fixes the following issues:

Security issues fixed:

  • CVE-2019-11034: Fixed a heap-buffer overflow in php_ifd_get32si() (bsc#1132838).
  • CVE-2019-11035: Fixed a heap-buffer overflow in exif_iif_add_value() (bsc#1132837).
  • CVE-2019-11036: Fixed buffer over-read in exif_process_IFD_TAG function leading to information disclosure (bsc#1134322).

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.3
apache2-mod_php7-7.0.7-61.1
php7-7.0.7-61.1
php7-bcmath-7.0.7-61.1
php7-bz2-7.0.7-61.1
php7-calendar-7.0.7-61.1
php7-ctype-7.0.7-61.1
php7-curl-7.0.7-61.1
php7-dba-7.0.7-61.1
php7-devel-7.0.7-61.1
php7-dom-7.0.7-61.1
php7-enchant-7.0.7-61.1
php7-exif-7.0.7-61.1
php7-fastcgi-7.0.7-61.1
php7-fileinfo-7.0.7-61.1
php7-firebird-7.0.7-61.1
php7-fpm-7.0.7-61.1
php7-ftp-7.0.7-61.1
php7-gd-7.0.7-61.1
php7-gettext-7.0.7-61.1
php7-gmp-7.0.7-61.1
php7-iconv-7.0.7-61.1
php7-imap-7.0.7-61.1
php7-intl-7.0.7-61.1
php7-json-7.0.7-61.1
php7-ldap-7.0.7-61.1
php7-mbstring-7.0.7-61.1
php7-mcrypt-7.0.7-61.1
php7-mysql-7.0.7-61.1
php7-odbc-7.0.7-61.1
php7-opcache-7.0.7-61.1
php7-openssl-7.0.7-61.1
php7-pcntl-7.0.7-61.1
php7-pdo-7.0.7-61.1
php7-pear-7.0.7-61.1
php7-pear-Archive_Tar-7.0.7-61.1
php7-pgsql-7.0.7-61.1
php7-phar-7.0.7-61.1
php7-posix-7.0.7-61.1
php7-pspell-7.0.7-61.1
php7-readline-7.0.7-61.1
php7-shmop-7.0.7-61.1
php7-snmp-7.0.7-61.1
php7-soap-7.0.7-61.1
php7-sockets-7.0.7-61.1
php7-sqlite-7.0.7-61.1
php7-sysvmsg-7.0.7-61.1
php7-sysvsem-7.0.7-61.1
php7-sysvshm-7.0.7-61.1
php7-tidy-7.0.7-61.1
php7-tokenizer-7.0.7-61.1
php7-wddx-7.0.7-61.1
php7-xmlreader-7.0.7-61.1
php7-xmlrpc-7.0.7-61.1
php7-xmlwriter-7.0.7-61.1
php7-xsl-7.0.7-61.1
php7-zip-7.0.7-61.1
php7-zlib-7.0.7-61.1

Ссылки

Описание

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.

Затронутые продукты
openSUSE Leap 42.3:apache2-mod_php7-7.0.7-61.1
openSUSE Leap 42.3:php7-7.0.7-61.1
openSUSE Leap 42.3:php7-bcmath-7.0.7-61.1
openSUSE Leap 42.3:php7-bz2-7.0.7-61.1
Ссылки

Описание

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.

Затронутые продукты
openSUSE Leap 42.3:apache2-mod_php7-7.0.7-61.1
openSUSE Leap 42.3:php7-7.0.7-61.1
openSUSE Leap 42.3:php7-bcmath-7.0.7-61.1
openSUSE Leap 42.3:php7-bz2-7.0.7-61.1
Ссылки

Описание

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.

Затронутые продукты
openSUSE Leap 42.3:apache2-mod_php7-7.0.7-61.1
openSUSE Leap 42.3:php7-7.0.7-61.1
openSUSE Leap 42.3:php7-bcmath-7.0.7-61.1
openSUSE Leap 42.3:php7-bz2-7.0.7-61.1
Ссылки
Уязвимость openSUSE-SU-2019:1501-1