| Revision Date: | 2019-04-18 | Version: | 1 |
| Title: | Security update for php5 (Moderate) |
| Description: |
This update for php5 fixes the following issues:
Security issues fixed:
- CVE-2019-9024: Fixed a vulnerability in xmlrpc_decode function which could allow to a hostile XMLRPC server to cause memory read outside the allocated areas (bsc#1126821). - CVE-2019-9020: Fixed a heap out of bounds in xmlrpc_decode function (bsc#1126711). - CVE-2018-20783: Fixed a buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1127122). - CVE-2019-9021: Fixed a heap buffer-based buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1126713). - CVE-2019-9023: Fixed multiple heap-based buffer over-read instances in mbstring regular expression functions (bsc#1126823). - CVE-2019-9641: Fixed multiple invalid memory access in EXIF extension and improved insecure implementation of rename function (bsc#1128722).
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1126711
1126713
1126821
1126823
1127122
1128722
CVE-2018-20783
CVE-2019-9020
CVE-2019-9021
CVE-2019-9023
CVE-2019-9024
CVE-2019-9641
SUSE-SU-2019:0985-1
|
| Platform(s): | SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Software Development Kit 12 SP4
| Product(s): | |
| Definition Synopsis |
| Release Information SUSE Linux Enterprise Desktop 12 SP4 is installed
OR SUSE Linux Enterprise Server 12 SP4 is installed
OR SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed
OR SUSE Linux Enterprise Software Development Kit 12 SP4 is installed
AND php5-devel-5.5.14-109.51.6 is installed
|