Oval Definition:oval:org.opensuse.security:def:126146
Revision Date:2020-02-28Version:1
Title:Security update for php5 (Moderate)
Description:

This update for php5 fixes the following issues:

Security issues fixed:

- CVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail() (bsc#1146360). - CVE-2019-11042: Fixed heap buffer over-read in exif_process_user_comment() (bsc#1145095). - CVE-2019-11043: Fixed possible remote code execution via env_path_info underflow in fpm_main.c (bsc#1154999). - CVE-2019-11045: Fixed an issue with the PHP DirectoryIterator class that accepts filenames with embedded \0 bytes (bsc#1159923). - CVE-2019-11046: Fixed an out-of-bounds read in bc_shift_addsub (bsc#1159924). - CVE-2019-11047: Fixed an information disclosure in exif_read_data (bsc#1159922). - CVE-2019-11050: Fixed a buffer over-read in the EXIF extension (bsc#1159927). - CVE-2020-7059: Fixed an out-of-bounds read in php_strip_tags_ex (bsc#1162629). - CVE-2020-7060: Fixed a global buffer-overflow in mbfl_filt_conv_big5_wchar (bsc#1162632).
Family:unixClass:patch
Status:Reference(s):1145095
1146360
1154999
1159922
1159923
1159924
1159927
1161982
1162629
1162632
CVE-2019-11041
CVE-2019-11042
CVE-2019-11043
CVE-2019-11045
CVE-2019-11046
CVE-2019-11047
CVE-2019-11050
CVE-2020-7059
CVE-2020-7060
SUSE-SU-2020:0522-1
Platform(s):SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Software Development Kit 12 SP4
Product(s):
Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • OR SUSE Linux Enterprise Server 12 SP4 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed
  • OR SUSE Linux Enterprise Software Development Kit 12 SP4 is installed
  • AND php5-devel-5.5.14-109.68.1 is installed
    • BACK