CVE-2019-11039: Fixed a heap-buffer-overflow on php_jpg_get16 (bsc#1138173).
CVE-2019-11040: Fixed an out-of-bounds read due to an integer overflow in
iconv.c:_php_iconv_mime_decode() (bsc#1138172).
Affected Packages(53 packages)
php7
SUSE Linux Enterprise Module for Package Hub 15SUSE Linux Enterprise Module for Web and Scripting 15SUSE Linux Enterprise Module for Web and Scripting 15 SP1
Fixed in:
7.2.5-4.35.3
php7-embed
SUSE Linux Enterprise Module for Package Hub 15
Fixed in:
7.2.5-4.35.3
apache2-mod_php7
SUSE Linux Enterprise Module for Web and Scripting 15SUSE Linux Enterprise Module for Web and Scripting 15 SP1
Fixed in:
7.2.5-4.35.3
php7-bcmath
SUSE Linux Enterprise Module for Web and Scripting 15SUSE Linux Enterprise Module for Web and Scripting 15 SP1
Fixed in:
7.2.5-4.35.3
php7-bz2
SUSE Linux Enterprise Module for Web and Scripting 15SUSE Linux Enterprise Module for Web and Scripting 15 SP1
Fixed in:
7.2.5-4.35.3
php7-calendar
SUSE Linux Enterprise Module for Web and Scripting 15SUSE Linux Enterprise Module for Web and Scripting 15 SP1
Fixed in:
7.2.5-4.35.3
php7-ctype
SUSE Linux Enterprise Module for Web and Scripting 15SUSE Linux Enterprise Module for Web and Scripting 15 SP1
Fixed in:
7.2.5-4.35.3
php7-curl
SUSE Linux Enterprise Module for Web and Scripting 15SUSE Linux Enterprise Module for Web and Scripting 15 SP1
Fixed in:
7.2.5-4.35.3
php7-dba
SUSE Linux Enterprise Module for Web and Scripting 15SUSE Linux Enterprise Module for Web and Scripting 15 SP1
Fixed in:
7.2.5-4.35.3
php7-devel
SUSE Linux Enterprise Module for Web and Scripting 15SUSE Linux Enterprise Module for Web and Scripting 15 SP1