Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-4527-1:75FBD
HistorySep 19, 2019 - 8:47 p.m.

[SECURITY] [DSA 4527-1] php7.3 security update

2019-09-1920:47:45
lists.debian.org
92

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

0.002 Low

EPSS

Percentile

56.6%

JSON

Debian Security Advisory DSA-4527-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
September 19, 2019 https://www.debian.org/security/faq

Package : php7.3
CVE ID : CVE-2019-11036 CVE-2019-11039 CVE-2019-11040 CVE-2019-11041
CVE-2019-11042

Multiple security issues were found in PHP, a widely-used open source
general purpose scripting language: Missing sanitising in the EXIF
extension and the iconv_mime_decode_headers() function could result in
information disclosure or denial of service.

For the stable distribution (buster), these problems have been fixed in
version 7.3.9-1~deb10u1.

We recommend that you upgrade your php7.3 packages.

For the detailed security status of php7.3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php7.3

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian9armhfphp7.0-common-dbgsym< 7.0.33-0+deb9u5php7.0-common-dbgsym_7.0.33-0+deb9u5_armhf.deb
Debian10armelphp7.3-ldap-dbgsym< 7.3.9-1~deb10u1php7.3-ldap-dbgsym_7.3.9-1~deb10u1_armel.deb
Debian9armhfphp7.0-json-dbgsym< 7.0.33-0+deb9u5php7.0-json-dbgsym_7.0.33-0+deb9u5_armhf.deb
Debian10mipsphp7.3-mysql-dbgsym< 7.3.9-1~deb10u1php7.3-mysql-dbgsym_7.3.9-1~deb10u1_mips.deb
Debian8amd64php5-common< 5.6.40+dfsg-0+deb8u5php5-common_5.6.40+dfsg-0+deb8u5_amd64.deb
Debian9s390xphp7.0-xmlrpc-dbgsym< 7.0.33-0+deb9u5php7.0-xmlrpc-dbgsym_7.0.33-0+deb9u5_s390x.deb
Debian9i386php7.0-interbase< 7.0.33-0+deb9u5php7.0-interbase_7.0.33-0+deb9u5_i386.deb
Debian9amd64php7.0-phpdbg< 7.0.33-0+deb9u5php7.0-phpdbg_7.0.33-0+deb9u5_amd64.deb
Debian10mipselphp7.3-gd< 7.3.9-1~deb10u1php7.3-gd_7.3.9-1~deb10u1_mipsel.deb
Debian10mipsphp7.3-cgi-dbgsym< 7.3.9-1~deb10u1php7.3-cgi-dbgsym_7.3.9-1~deb10u1_mips.deb
Rows per page:
1-10 of 15741

Related

nessus 63
openvas 43
osv 14
ubuntu 4
debian 4
suse 3
altlinux 8
mageia 1
amazon 4
ibm 2
fedora 7
veracode 3
cve 5
redhat 3
rocky 1
almalinux 1
debiancve 5
oraclelinux 2
ubuntucve 5
redhatcve 5
prion 5
alpinelinux 5
hackerone 4
symantec 2
nessus
nessus
Debian DSA-4527-1 : php7.3 - security update
2019-09-20 00:00:00
Ubuntu 16.04 LTS / 18.04 LTS : PHP vulnerabilities (USN-4009-1)
2019-06-07 00:00:00
Debian DSA-4529-1 : php7.0 - security update
2019-09-23 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-4527-1)
2019-09-21 00:00:00
Ubuntu: Security Advisory (USN-4009-1)
2019-06-06 00:00:00
Debian: Security Advisory (DSA-4529-1)
2019-09-24 00:00:00
osv
osv
php7.3 - security update
2019-09-19 00:00:00
php7.0 - security update
2019-09-20 00:00:00
php5 - security update
2019-06-03 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2019-06-05 00:00:00
PHP vulnerabilities
2019-08-13 00:00:00
PHP vulnerabilities
2019-08-13 00:00:00
debian
debian
[SECURITY] [DSA 4529-1] php7.0 security update
2019-09-20 17:58:44
[SECURITY] [DLA 1813-1] php5 security update
2019-06-03 11:19:11
[SECURITY] [DLA 1878-1] php5 security update
2019-08-12 21:24:17
suse
suse
Security update for php7 (moderate)
2019-07-21 00:00:00
Security update for php7 (important)
2019-10-07 00:00:00
Security update for php7 (moderate)
2019-06-03 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package php8.0 version 7.2.21-alt1
2019-08-03 00:00:00
Security fix for the ALT Linux 10 package php8.1 version 7.2.21-alt1
2019-08-03 00:00:00
Security fix for the ALT Linux 8 package php7 version 7.2.21-alt1
2019-08-03 00:00:00
mageia
mageia
Updated php packages fix security vulnerabilities
2019-08-10 03:12:28
amazon
amazon
Low: php72
2019-09-13 22:55:00
Medium: php71, php72, php73
2019-07-17 23:33:00
Low: php71, php73
2019-09-13 22:53:00
ibm
ibm
Security Bulletin: IBM API Connect Developer Portal is impacted by multiple PHP vulnerabilities(CVE-2019-11038 CVE-2019-11039 CVE-2019-11040)
2019-06-27 15:35:01
Security Bulletin: API Connect's Developer Portal is impacted by vulnerabilities in PHP
2020-03-03 02:43:43
fedora
fedora
[SECURITY] Fedora 30 Update: php-7.3.6-1.fc30
2019-06-06 01:07:20
[SECURITY] Fedora 29 Update: php-7.2.19-2.fc29
2019-06-08 02:13:48
[SECURITY] Fedora 30 Update: php-7.3.5-1.fc30
2019-05-11 01:58:09
veracode
veracode
Information Disclosure
2019-08-20 00:10:42
Denial Of Service (Dos)
2019-08-20 00:10:42
Information Disclosure
2019-08-20 00:10:42
cve
cve
CVE-2019-11036
2019-05-03 20:29:00
CVE-2019-11040
2019-06-19 00:15:00
CVE-2019-11039
2019-06-19 00:15:00
redhat
redhat
(RHSA-2020:1624) Moderate: php:7.2 security, bug fix, and enhancement update
2020-04-28 08:57:54
(RHSA-2019:3299) Critical: rh-php72-php security update
2019-11-01 12:22:19
(RHSA-2020:3662) Moderate: php:7.3 security, bug fix, and enhancement update
2020-09-08 08:38:31
rocky
rocky
php:7.2 security, bug fix, and enhancement update
2020-04-28 08:57:54
almalinux
almalinux
Moderate: php:7.2 security, bug fix, and enhancement update
2020-04-28 08:57:54
debiancve
debiancve
CVE-2019-11036
2019-05-03 20:29:00
CVE-2019-11039
2019-06-19 00:15:00
CVE-2019-11042
2019-08-09 20:15:00
oraclelinux
oraclelinux
php:7.2 security, bug fix, and enhancement update
2020-05-05 00:00:00
php:7.3 security, bug fix, and enhancement update
2020-09-09 00:00:00
ubuntucve
ubuntucve
CVE-2019-11036
2019-05-03 00:00:00
CVE-2019-11041
2019-08-09 00:00:00
CVE-2019-11040
2019-06-03 00:00:00
redhatcve
redhatcve
CVE-2019-11036
2020-04-05 05:17:53
CVE-2019-11042
2020-04-08 21:40:48
CVE-2019-11041
2020-04-05 05:03:18
prion
prion
Information disclosure
2019-05-03 20:29:00
Information disclosure
2019-06-19 00:15:00
Information disclosure
2019-08-09 20:15:00
alpinelinux
alpinelinux
CVE-2019-11036
2019-05-03 20:29:00
CVE-2019-11042
2019-08-09 20:15:00
CVE-2019-11040
2019-06-19 00:15:00
hackerone
hackerone
Internet Bug Bounty: Out of Bounds Memory Read in exif_scan_thumbnail
2019-08-17 16:33:30
Internet Bug Bounty: Out of Bounds Memory Read in php_jpg_get16
2019-08-01 05:45:21
Internet Bug Bounty: Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow
2019-05-31 09:58:15
symantec
symantec
PHP CVE-2019-11041 Heap Buffer Overflow Vulnerability
2019-06-27 00:00:00
PHP CVE-2019-11042 Heap Buffer Overflow Vulnerability
2019-07-05 00:00:00

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

0.002 Low

EPSS

Percentile

56.6%

JSON
Related for DEBIAN:DSA-4527-1:75FBD
nessus63openvas43osv14ubuntu4debian4suse3altlinux8mageia1amazon4ibm2fedora7veracode3cve5redhat3rocky1almalinux1debiancve5oraclelinux2ubuntucve5redhatcve5prion5alpinelinux5hackerone4symantec2