FreeBSD -- iconv buffer overflow

Problem Description: With certain inputs, iconv may write beyond the end of the output buffer. Impact: Depending on the way in which iconv is used, an attacker may be able to create a denial of service, provoke incorrect program behavior, or induce a remote code execution. iconv is a libc library...

Fedora 29 : php (2019-8c4b25b5ec)

"PHP version 7.2.19 30 May 2019 EXIF: - Fixed bug php77988 heap-buffer-overflow on phpjpgget16. CVE-2019-11040 Stas FPM: - Fixed bug php77934 php-fpm kill -USR2 not working. Jakub Zelenka - Fixed bug php77921 static.php.net doesn't work anymore. Peter Kokot GD: - Fixed bug php77943...

Fedora 30 : php (2019-be4f895015)

"PHP version 7.3.6 30 May 2019 cURL: - Implemented FR php72189 Add missing CURLVERSION constants. Javier Spagnoletti EXIF: - Fixed bug php77988 heap-buffer-overflow on phpjpgget16. CVE-2019-11040 Stas FPM: - Fixed bug php77934 php-fpm kill -USR2 not working. Jakub Zelenka - Fixed bug php77921...

EulerOS Virtualization 2.5.3 : php (EulerOS-SA-2019-1247)

According to the version of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - An infinite loop vulnerability was found in ext/iconv/iconv.c in PHP due to the iconv stream not rejecting invalid multibyte sequences....

EulerOS Virtualization 2.5.4 : php (EulerOS-SA-2019-1249)

According to the version of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - An infinite loop vulnerability was found in ext/iconv/iconv.c in PHP due to the iconv stream not rejecting invalid multibyte sequences....

EulerOS 2.0 SP5 : php (EulerOS-SA-2019-1069)

According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An infinite loop vulnerability was found in ext/iconv/iconv.c in PHP due to the iconv stream not rejecting invalid multibyte sequences. A remote...

Fedora 28 : php (2018-b6072889db)

PHP version 7.2.10 13 Sep 2018 Core: - Fixed bug php76754 parent private constant in extends class memory leak. Laruence - Fixed bug php72443 Generate enabled extension. petk - Fixed bug php75797 Memory leak when using classalias in non-debug mode. Massimiliano Braglia Apache2: - Fixed bug php765...

Fedora 29 : php (2018-7ebfe1e6f2)

PHP version 7.2.13 06 Dec 2018 ftp: - Fixed bug php77151 ftpclose: SSLread on shutdown. Remi CLI: - Fixed bug php77111 php-win.exe corrupts unicode symbols from cli parameters. Anatol Fileinfo: - Fixed bug php77095 slowness regression in 7.2/7.3 compared to 7.1. Anatol iconv: - Fixed bug php77147...

Fedora 28 : php (2018-dfe1f0bac6)

PHP version 7.2.13 06 Dec 2018 ftp: - Fixed bug php77151 ftpclose: SSLread on shutdown. Remi CLI: - Fixed bug php77111 php-win.exe corrupts unicode symbols from cli parameters. Anatol Fileinfo: - Fixed bug php77095 slowness regression in 7.2/7.3 compared to 7.1. Anatol iconv: - Fixed bug php77147...

Fedora 29 : php (2018-791c3cfe21)

PHP version 7.2.10 13 Sep 2018 Core: - Fixed bug php76754 parent private constant in extends class memory leak. Laruence - Fixed bug php72443 Generate enabled extension. petk - Fixed bug php75797 Memory leak when using classalias in non-debug mode. Massimiliano Braglia Apache2: - Fixed bug php765...

Fedora 28 : php (2018-b13b720a3d)

PHP version 7.2.4 29 Mar 2018 Core: - Fixed bug php76025 Segfault while throwing exception in errorhandler. Dmitry, Laruence - Fixed bug php76044 'date: illegal option -- -' in ./configure on FreeBSD. Anatol FPM: - Fixed bug php75605 Dumpable FPM child processes allow bypassing opcache access...

EulerOS 2.0 SP3 : php (EulerOS-SA-2018-1310)

According to the version of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An infinite loop vulnerability was found in ext/iconv/iconv.c in PHP due to the iconv stream not rejecting invalid multibyte sequences. A remote...

EulerOS 2.0 SP2 : php (EulerOS-SA-2018-1309)

According to the version of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An infinite loop vulnerability was found in ext/iconv/iconv.c in PHP due to the iconv stream not rejecting invalid multibyte sequences. A remote...

Fedora 27 : php (2018-25100b492c)

PHP version 7.1.22 13 Sep 2018 Core: - Fixed bug php76754 parent private constant in extends class memory leak. Laruence - Fixed bug php72443 Generate enabled extension. petk Apache2: - Fixed bug php76582 Apache bucket brigade sometimes becomes invalid. stas Bz2: - Fixed arginfo for bzcompress...

Security Bulletin: IBM API Connect Developer Portal is impacted by PHP vulnerabilities (CVE-2018-10548, CVE-2018-10546)

Summary IBM API Connect has addressed the following vulnerabilities. PHP is vulnerable to a denial of service, caused by a NULL pointer dereference in ext/ldap/ldap.c. By sending specially crafted data, an attacker could exploit this vulnerability to mishandle the ldapgetdn return value and cause...

Security Bulletin: GNU C library (glibc) vulnerability affect IBM DataPower Gateway appliances (CVE-2014-6040)

Summary GNU C library glibc vulnerability in iconv function affects IBM DataPower Gateway appliances. Vulnerability Details CVEID: CVE-2014-6040 DESCRIPTION: The GNU C Library glibc is vulnerable to a denial of service, caused by the improper validation of input by the iconv function when...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : PHP vulnerabilities (USN-3646-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3646-1 advisory. It was discovered that PHP incorrectly handled opcache access controls when configured to use PHP-FPM. A local user could possibl...

USN-3646-1 php5, php7.0, php7.1, php7.2 vulnerabilities

It was discovered that PHP incorrectly handled opcache access controls when configured to use PHP-FPM. A local user could possibly use this issue to obtain sensitive information from another user's PHP applications. CVE-2018-10545 It was discovered that the PHP iconv stream filter incorrect handl...

Medium: php56, php70, php71

Issue Overview: Null pointer dereference due to mishandling of ldapgetdn return value allows denial-of-service by malicious LDAP server or man-in-the-middle attacker An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c...

Fedora 27 : php (2018-04f6056c42)

PHP version 7.1.17 26 Apr 2018 Date: - Fixed bug php76131 mismatch arginfo for datecreate. carusogabriel Exif: - Fixed bug php76130 Heap Buffer Overflow READ: 1786 in exifiifaddvalue. Stas FPM: - Fixed bug php68440 ERROR: failed to reload: execvp failed: Argument list too long. Jacob Hipps - Fixe...