CVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail() (bsc#1146360).
CVE-2019-11042: Fixed heap buffer over-read in exif_process_user_comment() (bsc#1145095).
Non-security issue fixed:
Drop -n from php invocation from pecl (bsc#1151793).
Affected Packages(53 packages)
php7
SUSE Linux Enterprise Module for Package Hub 15SUSE Linux Enterprise Module for Web and Scripting 15SUSE Linux Enterprise Module for Web and Scripting 15 SP1
Fixed in:
7.2.5-4.40.1
php7-embed
SUSE Linux Enterprise Module for Package Hub 15
Fixed in:
7.2.5-4.40.1
apache2-mod_php7
SUSE Linux Enterprise Module for Web and Scripting 15SUSE Linux Enterprise Module for Web and Scripting 15 SP1
Fixed in:
7.2.5-4.40.1
php7-bcmath
SUSE Linux Enterprise Module for Web and Scripting 15SUSE Linux Enterprise Module for Web and Scripting 15 SP1
Fixed in:
7.2.5-4.40.1
php7-bz2
SUSE Linux Enterprise Module for Web and Scripting 15SUSE Linux Enterprise Module for Web and Scripting 15 SP1
Fixed in:
7.2.5-4.40.1
php7-calendar
SUSE Linux Enterprise Module for Web and Scripting 15SUSE Linux Enterprise Module for Web and Scripting 15 SP1
Fixed in:
7.2.5-4.40.1
php7-ctype
SUSE Linux Enterprise Module for Web and Scripting 15SUSE Linux Enterprise Module for Web and Scripting 15 SP1
Fixed in:
7.2.5-4.40.1
php7-curl
SUSE Linux Enterprise Module for Web and Scripting 15SUSE Linux Enterprise Module for Web and Scripting 15 SP1
Fixed in:
7.2.5-4.40.1
php7-dba
SUSE Linux Enterprise Module for Web and Scripting 15SUSE Linux Enterprise Module for Web and Scripting 15 SP1
Fixed in:
7.2.5-4.40.1
php7-devel
SUSE Linux Enterprise Module for Web and Scripting 15SUSE Linux Enterprise Module for Web and Scripting 15 SP1