Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: Two buffer overflows in string and mbstring handling have been found CVE-2020-7059, CVE-2020-7060. Other security fixes have been applied: - Session: Fixed bug 79091 heap use-after-free in sessioncreateid. - Date: Fixed bug 79015...

Fedora 30 : php (2019-437d94e271)

PHP version 7.3.13 18 Dec 2019 Bcmath: - Fixed bug php78878 Buffer underflow in bcshiftaddsub. CVE-2019-11046. cmb Core: - Fixed bug php78862 link silently truncates after a null byte on Windows. CVE-2019-11044. cmb - Fixed bug php78863 DirectoryIterator class silently truncates after a null byte...

PT-2019-4809 · Php +7 · Php +7

Name of the Vulnerable Software and Affected Versions: PHP versions 7.2.x through 7.2.26 PHP versions 7.3.x through 7.3.13 PHP versions 7.4.x through 7.4.1 Description: The issue is related to the use of certain mbstring functions for converting multibyte encodings, which can cause the mbfl filt...

php:php-fuzz-mbstring: Use-of-uninitialized-value in tune_look_behind

Detailed Report: https://oss-fuzz.com/testcase?key=5689949945069568 Project: php Fuzzing Engine: libFuzzer Fuzz Target: php-fuzz-mbstring Job Type: libfuzzermsanphp Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: tunelookbehind tuneanchor tunetree Sanitizer:...

Debian: Security Advisory (DLA-2020-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2020-1 : libonig security update

Several vulnerabilities were discovered in the Oniguruma regular expressions library, notably used in PHP mbstring. CVE-2019-19012 An integer overflow in the searchinrange function in regexec.c leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker...

[SECURITY] [DLA 2020-1] libonig security update

Package : libonig Version : 5.9.5-3.2+deb8u4 CVE ID : CVE-2019-19012 CVE-2019-19204 CVE-2019-19246 Debian Bug : 944959 945313 Several vulnerabilities were discovered in the Oniguruma regular expressions library, notably used in PHP mbstring. CVE-2019-19012 An integer overflow in the searchinrange...

Fedora 30 : php (2019-7bb07c3b02)

PHP version 7.3.11 24 Oct 2019 Core: - Fixed bug php78535 autodetectlineendings value not parsed as bool. bugreportuser - Fixed bug php78620 Out of memory error. cmb, Nikita Exif : - Fixed bug php78442 'Illegal component' on exifreaddata since PHP7 Kalle FPM: - Fixed bug php78599 envpathinfo...

Fedora 29 : php (2019-187ae3128d)

PHP version 7.2.24 24 Oct 2019 Core: - Fixed bug php78535 autodetectlineendings value not parsed as bool. bugreportuser - Fixed bug php78620 Out of memory error. cmb, Nikita Exif: - Fixed bug php78442 'Illegal component' on exifreaddata since PHP7 Kalle FPM: - Fixed bug php78599 envpathinfo...

php: Heap-based buffer over-read in mbstring regular expression functions

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in...

Fedora 31 : php (2019-4adc49a476)

PHP version 7.3.11 24 Oct 2019 Core: - Fixed bug php78535 autodetectlineendings value not parsed as bool. bugreportuser - Fixed bug php78620 Out of memory error. cmb, Nikita Exif : - Fixed bug php78442 'Illegal component' on exifreaddata since PHP7 Kalle FPM: - Fixed bug php78599 envpathinfo...

Updated php and pcre2 packages fix security vulnerabilities

Updated php and pcre2 packages fix security vulnerabilities: - FPM 78599 envpathinfo underflow in fpmmain.c can lead to RCE. CVE-2019-11043 - MBString 78633 Heap buffer overflow read in mberegi. - Mysqlnd 78525 Memory leak in pdo when reusing native prepared statements. - PCRE 78272 calling...

CVE-2019-9023

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in...

Debian DLA-1918-1 : libonig security update

The Oniguruma regular expressions library, notably used in PHP mbstring, is vulnerable to stack exhaustion. A crafted regular expression can crash the process. For Debian 8 'Jessie', this problem has been fixed in version 5.9.5-3.2+deb8u3. We recommend that you upgrade your libonig packages. NOTE...

Arbitrary Code Execution

php is vulnerable to arbitrary code execution. A heap-based buffer over-read in the mbstring regular expression functions allows an attacker to execute arbitrary code on the system...

Fedora 30 : php (2019-6350c4e21a)

PHP version 7.3.5 02 May 2019 Core: - Fixed bug php77903 ArrayIterator stops iterating after offsetSet call. Nikita CLI: - Fixed bug php77794 Incorrect Date header format in built-in server. kelunik EXIF - Fixed bug php77950 Heap-buffer-overflow in estrndup via exifprocessIFDTAG. CVE-2019-11036...

openSUSE: Security Advisory for php5 (openSUSE-SU-2019:1256-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for php5 (moderate)

openSUSE Security Update: Security update for php5 Announcement ID: openSUSE-SU-2019:1256-1 Rating: moderate References: 1126711 1126713 1126821 1126823 1127122 1128722 Cross-References: CVE-2018-20783 CVE-2019-9020 CVE-2019-9021 CVE-2019-9023 CVE-2019-9024 CVE-2019-9641 Affected Products: openSU...

SUSE SLES11 Security Update : php53 (SUSE-SU-2019:14013-1)

This update for php53 fixes the following issues : Security issues fixed : CVE-2019-9637: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension bsc1128892. CVE-2019-9675: Fixed improper implementation of rename function and multiple invalid memory...

USN-3902-2: PHP vulnerabilities

USN-3902-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that the PHP XML-RPC module incorrectly handled decoding XML data. A remote attacker could possibly use this issue to cause PHP to crash,...