SUSE-SU-2018:1936-1

Details

This update for php7 fixes the following issues:

CVE-2018-12882: exif_read_from_impl allowed attackers to trigger a use-after-free (in exif_read_from_file) because it closed a stream that it is not responsible for closing (bsc#1099098).

Affected Packages(51 packages)

apache2-mod_php7

SUSE Linux Enterprise Module for Web and Scripting 15

Fixed in:

7.2.5-4.3.1

php7

SUSE Linux Enterprise Module for Web and Scripting 15

Fixed in:

7.2.5-4.3.1

php7-bcmath

SUSE Linux Enterprise Module for Web and Scripting 15

Fixed in:

7.2.5-4.3.1

php7-bz2

SUSE Linux Enterprise Module for Web and Scripting 15

Fixed in:

7.2.5-4.3.1

php7-calendar

SUSE Linux Enterprise Module for Web and Scripting 15

Fixed in:

7.2.5-4.3.1

php7-ctype

SUSE Linux Enterprise Module for Web and Scripting 15

Fixed in:

7.2.5-4.3.1

php7-curl

SUSE Linux Enterprise Module for Web and Scripting 15

Fixed in:

7.2.5-4.3.1

php7-dba

SUSE Linux Enterprise Module for Web and Scripting 15

Fixed in:

7.2.5-4.3.1

php7-devel

SUSE Linux Enterprise Module for Web and Scripting 15

Fixed in:

7.2.5-4.3.1

php7-dom

SUSE Linux Enterprise Module for Web and Scripting 15

Fixed in:

7.2.5-4.3.1

References

REPORT

https://bugzilla.suse.com/1099098

WEB

https://www.suse.com/security/cve/CVE-2018-12882

ADVISORY

https://www.suse.com/support/update/announcement/2018/suse-su-20181936-1/