SUSE-SU-2019:1832-1

MEDIUM4.3

Security update for php7

Published Jul 12, 2019

Modified 6 years ago

Fix available

Details

Description of the patch:

This update for php7 fixes the following issues:

Security issues fixed:

CVE-2019-11039: Fixed a heap-buffer-overflow on php_jpg_get16 (bsc#1138173).
CVE-2019-11040: Fixed an out-of-bounds read due to an integer overflow in iconv.c:_php_iconv_mime_decode() (bsc#1138172).

Affected Packages(53 packages)

php7-embed

SUSE Linux Enterprise Module for Package Hub 15

Fixed in:

7.2.5-4.35.3

apache2-mod_php7

SUSE Linux Enterprise Module for Web and Scripting 15SUSE Linux Enterprise Module for Web and Scripting 15 SP1

Fixed in:

7.2.5-4.35.3

php7

SUSE Linux Enterprise Module for Web and Scripting 15SUSE Linux Enterprise Module for Web and Scripting 15 SP1

Fixed in:

7.2.5-4.35.3

php7-bcmath

SUSE Linux Enterprise Module for Web and Scripting 15SUSE Linux Enterprise Module for Web and Scripting 15 SP1

Fixed in:

7.2.5-4.35.3

php7-bz2

SUSE Linux Enterprise Module for Web and Scripting 15SUSE Linux Enterprise Module for Web and Scripting 15 SP1

Fixed in:

7.2.5-4.35.3

php7-calendar

SUSE Linux Enterprise Module for Web and Scripting 15SUSE Linux Enterprise Module for Web and Scripting 15 SP1

Fixed in:

7.2.5-4.35.3

php7-ctype

SUSE Linux Enterprise Module for Web and Scripting 15SUSE Linux Enterprise Module for Web and Scripting 15 SP1

Fixed in:

7.2.5-4.35.3

php7-curl

SUSE Linux Enterprise Module for Web and Scripting 15SUSE Linux Enterprise Module for Web and Scripting 15 SP1

Fixed in:

7.2.5-4.35.3

php7-dba

SUSE Linux Enterprise Module for Web and Scripting 15SUSE Linux Enterprise Module for Web and Scripting 15 SP1

Fixed in:

7.2.5-4.35.3

php7-devel

SUSE Linux Enterprise Module for Web and Scripting 15SUSE Linux Enterprise Module for Web and Scripting 15 SP1

Fixed in:

7.2.5-4.35.3

References

https://bugzilla.suse.com/1138172

https://bugzilla.suse.com/1138173

https://lists.suse.com/pipermail/sle-security-updates/2019-July/005701.html

https://www.suse.com/security/cve/CVE-2019-11039/

https://www.suse.com/security/cve/CVE-2019-11040/

https://www.suse.com/support/security/rating/

https://www.suse.com/support/update/announcement/2019/suse-su-20191832-1/

CVSS Analysis

CVSS v3.0

4.3

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

LowC:L

Integrity

NoneI:N

Availability

NoneA:N

4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Upstream

CVE-2019-11039 CVE-2019-11040

Ecosystems

SUSE Linux Enterprise Module for Package Hub 15 SUSE Linux Enterprise Module for Web and Scripting 15 SUSE Linux Enterprise Module for Web and Scripting 15 SP1

Timeline

PublishedJul 12, 2019

ModifiedJul 12, 2019

SUSE-SU-2019:1832-1 | Mondoo Vulnerability Intelligence