Lucene search
SuseOPENSUSE-SU-2019:1573-1HistoryJun 18, 2019 - 12:00 a.m.
Security update for php7 (moderate)
2019-06-1800:00:00
lists.opensuse.org
182
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.606 Medium
EPSS
Percentile
97.5%
An update that solves 16 vulnerabilities and has two fixes
is now available.
Description:
This update for php7 fixes the following issues:
Security issues fixed:
- CVE-2019-9637: Fixed improper implementation of rename function and
multiple invalid memory access in EXIF extension (bsc#1128892). - CVE-2019-9675: Fixed improper implementation of rename function and
multiple invalid memory access in EXIF extension (bsc#1128886). - CVE-2019-9638: Fixed improper implementation of rename function and
multiple invalid memory access in EXIF extension ((bsc#1128889). - CVE-2019-9639: Fixed improper implementation of rename function and
multiple invalid memory access in EXIF extension (bsc#1128887). - CVE-2019-9640: Fixed improper implementation of rename function and
multiple invalid memory access in EXIF extension (bsc#1128883). - CVE-2019-9022: Fixed a vulnerability which could allow a hostile DNS
server to make PHP misuse memcpy (bsc#1126827). - CVE-2019-9024: Fixed a vulnerability in xmlrpc_decode function which
could allow to a hostile XMLRPC server to cause memory read outside the
allocated areas (bsc#1126821). - CVE-2019-9020: Fixed a heap out of bounds in xmlrpc_decode function
(bsc#1126711). - CVE-2018-20783: Fixed a buffer over-read in PHAR reading functions which
could allow an attacker to read allocated and unallocated memory when
parsing a phar file (bsc#1127122). - CVE-2019-9021: Fixed a heap buffer-based buffer over-read in PHAR
reading functions which could allow an attacker to read allocated and
unallocated memory when parsing a phar file (bsc#1126713). - CVE-2019-9023: Fixed multiple heap-based buffer over-read instances in
mbstring regular expression functions (bsc#1126823). - CVE-2019-9641: Fixed multiple invalid memory access in EXIF extension
and improved insecure implementation
of rename function (bsc#1128722). - CVE-2018-19935: Fixed a Denial of Service in php_imap.c which could be
triggered via an empty string in the message argument to imap_mail
(bsc#1118832). - CVE-2019-11034: Fixed a heap-buffer overflow in php_ifd_get32si()
(bsc#1132838). - CVE-2019-11035: Fixed a heap-buffer overflow in exif_iif_add_value()
(bsc#1132837). - CVE-2019-11036: Fixed buffer over-read in exif_process_IFD_TAG function
leading to information disclosure (bsc#1134322).
Other issue addressed:
- Deleted README.default_socket_timeout which is not needed anymore
(bsc#1129032). - Enabled php7 testsuite (bsc#1119396).
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
-
openSUSE Leap 15.0:
zypper in -t patch openSUSE-2019-1573=1
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE Leap | 15.0 | i586 | < - openSUSE Leap 15.0 (i586 x86_64): | - openSUSE Leap 15.0 (i586 x86_64):.i586.rpm | |
| openSUSE Leap | 15.0 | x86_64 | < - openSUSE Leap 15.0 (i586 x86_64): | - openSUSE Leap 15.0 (i586 x86_64):.x86_64.rpm | |
| openSUSE Leap | 15.0 | noarch | < - openSUSE Leap 15.0 (noarch): | - openSUSE Leap 15.0 (noarch):.noarch.rpm |
Related
nessus
nessus
SUSE SLED15 / SLES15 Security Update : php7 (SUSE-SU-2019:1461-1)
2019-06-12 00:00:00
openSUSE Security Update : php7 (openSUSE-2019-1573)
2019-06-19 00:00:00
openSUSE Security Update : php7 (openSUSE-2019-1572)
2019-06-19 00:00:00
openvas
openvas
openSUSE: Security Advisory for php7 (openSUSE-SU-2019:1573-1)
2019-06-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:1461-1)
2021-06-09 00:00:00
openSUSE: Security Advisory for php7 (openSUSE-SU-2019:1572-1)
2020-01-09 00:00:00
suse
suse
Security update for php7 (moderate)
2019-06-18 00:00:00
Security update for php7 (moderate)
2019-04-29 00:00:00
Security update for php5 (moderate)
2019-06-03 00:00:00
ibm
ibm
ubuntu
ubuntu
PHP vulnerabilities
2019-04-23 00:00:00
PHP vulnerabilities
2019-04-25 00:00:00
PHP vulnerabilities
2019-03-06 00:00:00
osv
osv
php7.0 - security update
2019-03-08 00:00:00
Moderate: php:7.2 security, bug fix, and enhancement update
2020-04-28 08:57:54
Moderate: php:7.2 security, bug fix, and enhancement update
2020-04-28 08:57:54
debian
debian
[SECURITY] [DLA 1741-1] php5 security update
2019-03-31 14:37:39
[SECURITY] [DSA 4398-1] php7.0 security update
2019-02-28 22:04:23
[SECURITY] [DLA 1803-1] php5 security update
2019-05-25 10:53:33
oraclelinux
oraclelinux
php:7.2 security, bug fix, and enhancement update
2020-05-05 00:00:00
almalinux
almalinux
Moderate: php:7.2 security, bug fix, and enhancement update
2020-04-28 08:57:54
rocky
rocky
php:7.2 security, bug fix, and enhancement update
2020-04-28 08:57:54
redhat
redhat
(RHSA-2020:1624) Moderate: php:7.2 security, bug fix, and enhancement update
2020-04-28 08:57:54
(RHSA-2019:3299) Critical: rh-php72-php security update
2019-11-01 12:22:19
f5
f5
K25544541 : PHP vulnerabilities CVE-2019-9638, CVE-2019-9639, CVE-2019-9640, and CVE-2019-9641
2019-03-14 00:00:00
K50602063 : PHP vulnerability CVE-2019-9021
2019-02-28 00:00:00
K44590877 : PHP vulnerabilities CVE-2019-11034 and CVE-2019-11035
2019-05-14 00:00:00
amazon
amazon
Low: php71, php72, php73
2019-06-11 23:00:00
Medium: php71, php72, php73
2019-09-13 22:49:00
fedora
fedora
[SECURITY] Fedora 28 Update: php-7.2.18-1.fc28
2019-05-11 23:10:56
[SECURITY] Fedora 29 Update: php-7.2.18-1.fc29
2019-05-11 02:37:44
[SECURITY] Fedora 28 Update: php-7.2.17-1.fc28
2019-04-13 01:31:20
cve
cve
prion
prion
Heap overflow
2019-02-22 23:29:00
Design/Logic Flaw
2019-02-21 19:29:00
Design/Logic Flaw
2019-02-22 23:29:00
alpinelinux
alpinelinux
CVE-2019-9021
2019-02-22 23:29:00
CVE-2019-11035
2019-04-18 17:29:00
freebsd
freebsd
PHP -- Multiple vulnerabilities in EXIF module
2019-04-04 00:00:00
redhatcve
redhatcve
debiancve
debiancve
ubuntucve
ubuntucve
veracode
veracode
Information Disclosure
2019-08-20 00:10:41
Information Disclosure
2019-08-20 00:10:42
hackerone
hackerone
Internet Bug Bounty: heap buffer overflow in phar_detect_phar_fname_ext
2019-01-07 08:54:00
Internet Bug Bounty: Uninitialized read in exif_process_IFD_in_TIFF
2019-03-15 14:21:28
altlinux
altlinux
Security fix for the ALT Linux 10 package php8.1 version Jan.
2019-01-15 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.606 Medium
EPSS
Percentile
97.5%
Related for OPENSUSE-SU-2019:1573-1