openSUSE-SU-2019:2441-1

Опубликовано: 05 нояб. 2019

Источник: suse-cvrf

Описание

Security update for php7

This update for php7 fixes the following issues:

Security issue fixed:

CVE-2019-11043: Fixed possible remote code execution via env_path_info underflow in fpm_main.c (bsc#1154999).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.1

apache2-mod_php7-7.2.5-lp151.6.13.1

php7-7.2.5-lp151.6.13.1

php7-bcmath-7.2.5-lp151.6.13.1

php7-bz2-7.2.5-lp151.6.13.1

php7-calendar-7.2.5-lp151.6.13.1

php7-ctype-7.2.5-lp151.6.13.1

php7-curl-7.2.5-lp151.6.13.1

php7-dba-7.2.5-lp151.6.13.1

php7-devel-7.2.5-lp151.6.13.1

php7-dom-7.2.5-lp151.6.13.1

php7-embed-7.2.5-lp151.6.13.1

php7-enchant-7.2.5-lp151.6.13.1

php7-exif-7.2.5-lp151.6.13.1

php7-fastcgi-7.2.5-lp151.6.13.1

php7-fileinfo-7.2.5-lp151.6.13.1

php7-firebird-7.2.5-lp151.6.13.1

php7-fpm-7.2.5-lp151.6.13.1

php7-ftp-7.2.5-lp151.6.13.1

php7-gd-7.2.5-lp151.6.13.1

php7-gettext-7.2.5-lp151.6.13.1

php7-gmp-7.2.5-lp151.6.13.1

php7-iconv-7.2.5-lp151.6.13.1

php7-intl-7.2.5-lp151.6.13.1

php7-json-7.2.5-lp151.6.13.1

php7-ldap-7.2.5-lp151.6.13.1

php7-mbstring-7.2.5-lp151.6.13.1

php7-mysql-7.2.5-lp151.6.13.1

php7-odbc-7.2.5-lp151.6.13.1

php7-opcache-7.2.5-lp151.6.13.1

php7-openssl-7.2.5-lp151.6.13.1

php7-pcntl-7.2.5-lp151.6.13.1

php7-pdo-7.2.5-lp151.6.13.1

php7-pear-7.2.5-lp151.6.13.1

php7-pear-Archive_Tar-7.2.5-lp151.6.13.1

php7-pgsql-7.2.5-lp151.6.13.1

php7-phar-7.2.5-lp151.6.13.1

php7-posix-7.2.5-lp151.6.13.1

php7-readline-7.2.5-lp151.6.13.1

php7-shmop-7.2.5-lp151.6.13.1

php7-snmp-7.2.5-lp151.6.13.1

php7-soap-7.2.5-lp151.6.13.1

php7-sockets-7.2.5-lp151.6.13.1

php7-sodium-7.2.5-lp151.6.13.1

php7-sqlite-7.2.5-lp151.6.13.1

php7-sysvmsg-7.2.5-lp151.6.13.1

php7-sysvsem-7.2.5-lp151.6.13.1

php7-sysvshm-7.2.5-lp151.6.13.1

php7-test-7.2.5-lp151.6.13.1

php7-tidy-7.2.5-lp151.6.13.1

php7-tokenizer-7.2.5-lp151.6.13.1

php7-wddx-7.2.5-lp151.6.13.1

php7-xmlreader-7.2.5-lp151.6.13.1

php7-xmlrpc-7.2.5-lp151.6.13.1

php7-xmlwriter-7.2.5-lp151.6.13.1

php7-xsl-7.2.5-lp151.6.13.1

php7-zip-7.2.5-lp151.6.13.1

php7-zlib-7.2.5-lp151.6.13.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XR434E7JZFRASEGMKXAGLV6276BG7CJ2/#XR434E7JZFRASEGMKXAGLV6276BG7CJ2
E-Mail link for openSUSE-SU-2019:2441-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1154999
SUSE Bug 1154999
https://www.suse.com/security/cve/CVE-2019-11043/
SUSE CVE CVE-2019-11043 page

Описание

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

Затронутые продукты

openSUSE Leap 15.1:apache2-mod_php7-7.2.5-lp151.6.13.1

openSUSE Leap 15.1:php7-7.2.5-lp151.6.13.1

openSUSE Leap 15.1:php7-bcmath-7.2.5-lp151.6.13.1

openSUSE Leap 15.1:php7-bz2-7.2.5-lp151.6.13.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-11043.html
CVE-2019-11043
https://bugzilla.suse.com/1154999
SUSE Bug 1154999

openSUSE-SU-2019:2441-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2019-11043

Описание

Затронутые продукты

Ссылки