Amazon Linux AMI : php71 / php72, php73, php56 (ALAS-2019-1315)

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code...

Low: php72

Issue Overview: When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead...

SUSE SLES12 Security Update : php72 (SUSE-SU-2019:2270-1)

This update for php72 fixes the following issues : Security issues fixed : CVE-2019-11041: Fixed heap buffer over-read in exifscanthumbnail bsc1146360. CVE-2019-11042: Fixed heap buffer over-read in exifprocessusercomment bsc1145095. Note that Tenable Network Security has extracted the preceding...

SUSE-SU-2019:2270-1 Security update for php72

This update for php72 fixes the following issues: Security issues fixed: - CVE-2019-11041: Fixed heap buffer over-read in exifscanthumbnail bsc1146360. - CVE-2019-11042: Fixed heap buffer over-read in exifprocessusercomment bsc1145095...

Amazon Linux AMI : php71 / php72,php73 (ALAS-2019-1240)

Function iconvmimedecodeheaders in PHP may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.CVE-2019-11039 When using gdImageCreateFromXbm function of PHP gd extension, it is possible to supply data that will cause the...

Amazon Linux AMI : php54-pecl-imagick / php55-pecl-imagick,php56-pecl-imagick,php70-pecl-imagick,php71-pecl-imagick,php72-pecl-imagick (ALAS-2019-1237)

In PHP imagick extension, writing to an array of values in ImagickKernel::fromMatrix function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party. CVE-2019-11037 C...

Medium: php71, php72, php73

Issue Overview: Function iconvmimedecodeheaders in PHP may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.CVE-2019-11039 When using gdImageCreateFromXbm function of PHP gd extension, it is possible to supply data that...

SUSE SLES12 Security Update : php72 (SUSE-SU-2019:1724-1)

This update for php72 fixes the following issues : Security issues fixed : CVE-2019-11039: Fixed a heap-buffer-overflow on phpjpgget16 bsc1138173. CVE-2019-11040: Fixed an out-of-bounds read due to an integer overflow in iconv.c:phpiconvmimedecode bsc1138172. Note that Tenable Network Security ha...

SUSE-SU-2019:1724-1 Security update for php72

This update for php72 fixes the following issues: Security issues fixed: - CVE-2019-11039: Fixed a heap-buffer-overflow on phpjpgget16 bsc1138173. - CVE-2019-11040: Fixed an out-of-bounds read due to an integer overflow in iconv.c:phpiconvmimedecode bsc1138172...

SUSE SLES12 Security Update : php72 (SUSE-SU-2019:1360-1)

This update for php72 fixes the following issues : Security issues fixed : CVE-2019-11034: Fixed a heap-buffer overflow in phpifdget32si bsc1132838. CVE-2019-11035: Fixed a heap-buffer overflow in exifiifaddvalue bsc1132837. CVE-2019-11036: Fixed buffer over-read in exifprocessIFDTAG function...

SUSE-SU-2019:1360-1 Security update for php72

This update for php72 fixes the following issues: Security issues fixed: - CVE-2019-11034: Fixed a heap-buffer overflow in phpifdget32si bsc1132838. - CVE-2019-11035: Fixed a heap-buffer overflow in exifiifaddvalue bsc1132837. - CVE-2019-11036: Fixed buffer over-read in exifprocessIFDTAG function...

SUSE SLES12 Security Update : php72 (SUSE-SU-2019:0988-1)

This update for php72 fixes the following issues : CVE-2019-9637: Due to the way rename across filesystems is implemented, it was possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data. bsc11288...

SUSE-SU-2019:0988-1 Security update for php72

This update for php72 fixes the following issues: - CVE-2019-9637: Due to the way rename across filesystems is implemented, it was possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data...

Amazon Linux AMI : php72 (ALAS-2018-1067)

exifprocessIFDinMAKERNOTE in ext/exif/exif.c in PHP 7.2.x before 7.2.8 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted JPEG file.CVE-2018-14851 exifreadfromimpl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a...

Medium: php72

Issue Overview: exifprocessIFDinMAKERNOTE in ext/exif/exif.c in PHP 7.2.x before 7.2.8 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted JPEG file.CVE-2018-14851 exifreadfromimpl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attacke...