openSUSE-SU-2019:1778-1

Опубликовано: 21 июл. 2019

Источник: suse-cvrf

Описание

Security update for php7

This update for php7 fixes the following issues:

Security issues fixed:

CVE-2019-11039: Fixed a heap-buffer-overflow on php_jpg_get16 (bsc#1138173).
CVE-2019-11040: Fixed an out-of-bounds read due to an integer overflow in iconv.c:_php_iconv_mime_decode() (bsc#1138172).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0

apache2-mod_php7-7.2.5-lp151.6.6.1

php7-7.2.5-lp151.6.6.1

php7-bcmath-7.2.5-lp151.6.6.1

php7-bz2-7.2.5-lp151.6.6.1

php7-calendar-7.2.5-lp151.6.6.1

php7-ctype-7.2.5-lp151.6.6.1

php7-curl-7.2.5-lp151.6.6.1

php7-dba-7.2.5-lp151.6.6.1

php7-devel-7.2.5-lp151.6.6.1

php7-dom-7.2.5-lp151.6.6.1

php7-embed-7.2.5-lp151.6.6.1

php7-enchant-7.2.5-lp151.6.6.1

php7-exif-7.2.5-lp151.6.6.1

php7-fastcgi-7.2.5-lp151.6.6.1

php7-fileinfo-7.2.5-lp151.6.6.1

php7-firebird-7.2.5-lp151.6.6.1

php7-fpm-7.2.5-lp151.6.6.1

php7-ftp-7.2.5-lp151.6.6.1

php7-gd-7.2.5-lp151.6.6.1

php7-gettext-7.2.5-lp151.6.6.1

php7-gmp-7.2.5-lp151.6.6.1

php7-iconv-7.2.5-lp151.6.6.1

php7-intl-7.2.5-lp151.6.6.1

php7-json-7.2.5-lp151.6.6.1

php7-ldap-7.2.5-lp151.6.6.1

php7-mbstring-7.2.5-lp151.6.6.1

php7-mysql-7.2.5-lp151.6.6.1

php7-odbc-7.2.5-lp151.6.6.1

php7-opcache-7.2.5-lp151.6.6.1

php7-openssl-7.2.5-lp151.6.6.1

php7-pcntl-7.2.5-lp151.6.6.1

php7-pdo-7.2.5-lp151.6.6.1

php7-pear-7.2.5-lp151.6.6.1

php7-pear-Archive_Tar-7.2.5-lp151.6.6.1

php7-pgsql-7.2.5-lp151.6.6.1

php7-phar-7.2.5-lp151.6.6.1

php7-posix-7.2.5-lp151.6.6.1

php7-readline-7.2.5-lp151.6.6.1

php7-shmop-7.2.5-lp151.6.6.1

php7-snmp-7.2.5-lp151.6.6.1

php7-soap-7.2.5-lp151.6.6.1

php7-sockets-7.2.5-lp151.6.6.1

php7-sodium-7.2.5-lp151.6.6.1

php7-sqlite-7.2.5-lp151.6.6.1

php7-sysvmsg-7.2.5-lp151.6.6.1

php7-sysvsem-7.2.5-lp151.6.6.1

php7-sysvshm-7.2.5-lp151.6.6.1

php7-testresults-7.2.5-lp151.6.6.1

php7-tidy-7.2.5-lp151.6.6.1

php7-tokenizer-7.2.5-lp151.6.6.1

php7-wddx-7.2.5-lp151.6.6.1

php7-xmlreader-7.2.5-lp151.6.6.1

php7-xmlrpc-7.2.5-lp151.6.6.1

php7-xmlwriter-7.2.5-lp151.6.6.1

php7-xsl-7.2.5-lp151.6.6.1

php7-zip-7.2.5-lp151.6.6.1

php7-zlib-7.2.5-lp151.6.6.1

openSUSE Leap 15.1

apache2-mod_php7-7.2.5-lp151.6.6.1

php7-7.2.5-lp151.6.6.1

php7-bcmath-7.2.5-lp151.6.6.1

php7-bz2-7.2.5-lp151.6.6.1

php7-calendar-7.2.5-lp151.6.6.1

php7-ctype-7.2.5-lp151.6.6.1

php7-curl-7.2.5-lp151.6.6.1

php7-dba-7.2.5-lp151.6.6.1

php7-devel-7.2.5-lp151.6.6.1

php7-dom-7.2.5-lp151.6.6.1

php7-embed-7.2.5-lp151.6.6.1

php7-enchant-7.2.5-lp151.6.6.1

php7-exif-7.2.5-lp151.6.6.1

php7-fastcgi-7.2.5-lp151.6.6.1

php7-fileinfo-7.2.5-lp151.6.6.1

php7-firebird-7.2.5-lp151.6.6.1

php7-fpm-7.2.5-lp151.6.6.1

php7-ftp-7.2.5-lp151.6.6.1

php7-gd-7.2.5-lp151.6.6.1

php7-gettext-7.2.5-lp151.6.6.1

php7-gmp-7.2.5-lp151.6.6.1

php7-iconv-7.2.5-lp151.6.6.1

php7-intl-7.2.5-lp151.6.6.1

php7-json-7.2.5-lp151.6.6.1

php7-ldap-7.2.5-lp151.6.6.1

php7-mbstring-7.2.5-lp151.6.6.1

php7-mysql-7.2.5-lp151.6.6.1

php7-odbc-7.2.5-lp151.6.6.1

php7-opcache-7.2.5-lp151.6.6.1

php7-openssl-7.2.5-lp151.6.6.1

php7-pcntl-7.2.5-lp151.6.6.1

php7-pdo-7.2.5-lp151.6.6.1

php7-pear-7.2.5-lp151.6.6.1

php7-pear-Archive_Tar-7.2.5-lp151.6.6.1

php7-pgsql-7.2.5-lp151.6.6.1

php7-phar-7.2.5-lp151.6.6.1

php7-posix-7.2.5-lp151.6.6.1

php7-readline-7.2.5-lp151.6.6.1

php7-shmop-7.2.5-lp151.6.6.1

php7-snmp-7.2.5-lp151.6.6.1

php7-soap-7.2.5-lp151.6.6.1

php7-sockets-7.2.5-lp151.6.6.1

php7-sodium-7.2.5-lp151.6.6.1

php7-sqlite-7.2.5-lp151.6.6.1

php7-sysvmsg-7.2.5-lp151.6.6.1

php7-sysvsem-7.2.5-lp151.6.6.1

php7-sysvshm-7.2.5-lp151.6.6.1

php7-testresults-7.2.5-lp151.6.6.1

php7-tidy-7.2.5-lp151.6.6.1

php7-tokenizer-7.2.5-lp151.6.6.1

php7-wddx-7.2.5-lp151.6.6.1

php7-xmlreader-7.2.5-lp151.6.6.1

php7-xmlrpc-7.2.5-lp151.6.6.1

php7-xmlwriter-7.2.5-lp151.6.6.1

php7-xsl-7.2.5-lp151.6.6.1

php7-zip-7.2.5-lp151.6.6.1

php7-zlib-7.2.5-lp151.6.6.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UEGF2CF5IZDAIUBFJDSM3U2PLHWIWISH/#UEGF2CF5IZDAIUBFJDSM3U2PLHWIWISH
E-Mail link for openSUSE-SU-2019:1778-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1138172
SUSE Bug 1138172
https://bugzilla.suse.com/1138173
SUSE Bug 1138173
https://www.suse.com/security/cve/CVE-2019-11039/
SUSE CVE CVE-2019-11039 page
https://www.suse.com/security/cve/CVE-2019-11040/
SUSE CVE CVE-2019-11040 page

Описание

Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.

Затронутые продукты

openSUSE Leap 15.0:apache2-mod_php7-7.2.5-lp151.6.6.1

openSUSE Leap 15.0:php7-7.2.5-lp151.6.6.1

openSUSE Leap 15.0:php7-bcmath-7.2.5-lp151.6.6.1

openSUSE Leap 15.0:php7-bz2-7.2.5-lp151.6.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-11039.html
CVE-2019-11039
https://bugzilla.suse.com/1138173
SUSE Bug 1138173

Описание

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

Затронутые продукты

openSUSE Leap 15.0:apache2-mod_php7-7.2.5-lp151.6.6.1

openSUSE Leap 15.0:php7-7.2.5-lp151.6.6.1

openSUSE Leap 15.0:php7-bcmath-7.2.5-lp151.6.6.1

openSUSE Leap 15.0:php7-bz2-7.2.5-lp151.6.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-11040.html
CVE-2019-11040
https://bugzilla.suse.com/1138172
SUSE Bug 1138172

openSUSE-SU-2019:1778-1

Описание

Список пакетов

openSUSE Leap 15.0

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2019-11039

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2019-11040

Описание

Затронутые продукты

Ссылки