| Revision Date: | 2019-04-25 | Version: | 1 |
| Title: | Security update for php7 (Moderate) |
| Description: |
This update for php7 fixes the following issues: Security issues fixed:
- CVE-2019-9637: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128892). - CVE-2019-9675: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128886). - CVE-2019-9638: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension ((bsc#1128889). - CVE-2019-9639: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128887). - CVE-2019-9640: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128883). - CVE-2019-9024: Fixed a vulnerability in xmlrpc_decode function which could allow to a hostile XMLRPC server to cause memory read outside the allocated areas (bsc#1126821). - CVE-2019-9020: Fixed a heap out of bounds in xmlrpc_decode function (bsc#1126711). - CVE-2018-20783: Fixed a buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1127122). - CVE-2019-9021: Fixed a heap buffer-based buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1126713). - CVE-2019-9023: Fixed multiple heap-based buffer over-read instances in mbstring regular expression functions (bsc#1126823). - CVE-2019-9641: Fixed multiple invalid memory access in EXIF extension and improved insecure implementation of rename function (bsc#1128722).
Other issue addressed:
- Deleted README.default_socket_timeout which is not needed anymore (bsc#1129032).
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1126711
1126713
1126821
1126823
1127122
1128722
1128883
1128886
1128887
1128889
1128892
1129032
CVE-2018-20783
CVE-2019-9020
CVE-2019-9021
CVE-2019-9023
CVE-2019-9024
CVE-2019-9637
CVE-2019-9638
CVE-2019-9639
CVE-2019-9640
CVE-2019-9641
CVE-2019-9675
|
| Platform(s): | SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Software Development Kit 12 SP4
| Product(s): | |
| Definition Synopsis |
| Release Information SUSE Linux Enterprise Desktop 12 SP4 is installed
OR SUSE Linux Enterprise Server 12 SP4 is installed
OR SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed
OR SUSE Linux Enterprise Software Development Kit 12 SP4 is installed
AND php7-devel-7.0.7-50.70.1 is installed
|