Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.2087 SUSE-SU-2019:1461-1 Security update for php7 12 June 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: php7 Publisher: SUSE Operating System: SUSE Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Access Privileged Data -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-11036 CVE-2019-11035 CVE-2019-11034 CVE-2019-9675 CVE-2019-9641 CVE-2019-9640 CVE-2019-9639 CVE-2019-9638 CVE-2019-9637 CVE-2019-9024 CVE-2019-9023 CVE-2019-9022 CVE-2019-9021 CVE-2019-9020 CVE-2018-20783 CVE-2018-19935 Reference: ESB-2019.2058 ESB-2019.2019 ESB-2019.1920 ESB-2019.1912 Original Bulletin: https://www.suse.com/support/update/announcement/2019/suse-su-20191461-1.html - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1461-1 Rating: moderate References: #1118832 #1119396 #1126711 #1126713 #1126821 #1126823 #1126827 #1127122 #1128722 #1128883 #1128886 #1128887 #1128889 #1128892 #1129032 #1132837 #1132838 #1134322 Cross-References: CVE-2018-19935 CVE-2018-20783 CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 CVE-2019-9020 CVE-2019-9021 CVE-2019-9022 CVE-2019-9023 CVE-2019-9024 CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 CVE-2019-9641 CVE-2019-9675 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15 SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that solves 16 vulnerabilities and has two fixes is now available. Description: This update for php7 fixes the following issues: Security issues fixed: o CVE-2019-9637: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128892). o CVE-2019-9675: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128886). o CVE-2019-9638: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension ((bsc#1128889). o CVE-2019-9639: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128887). o CVE-2019-9640: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128883). o CVE-2019-9022: Fixed a vulnerability which could allow a hostile DNS server to make PHP misuse memcpy (bsc#1126827). o CVE-2019-9024: Fixed a vulnerability in xmlrpc_decode function which could allow to a hostile XMLRPC server to cause memory read outside the allocated areas (bsc#1126821). o CVE-2019-9020: Fixed a heap out of bounds in xmlrpc_decode function (bsc# 1126711). o CVE-2018-20783: Fixed a buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1127122). o CVE-2019-9021: Fixed a heap buffer-based buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1126713). o CVE-2019-9023: Fixed multiple heap-based buffer over-read instances in mbstring regular expression functions (bsc#1126823). o CVE-2019-9641: Fixed multiple invalid memory access in EXIF extension and improved insecure implementation of rename function (bsc#1128722). o CVE-2018-19935: Fixed a Denial of Service in php_imap.c which could be triggered via an empty string in the message argument to imap_mail (bsc# 1118832). o CVE-2019-11034: Fixed a heap-buffer overflow in php_ifd_get32si() (bsc# 1132838). o CVE-2019-11035: Fixed a heap-buffer overflow in exif_iif_add_value() (bsc# 1132837). o CVE-2019-11036: Fixed buffer over-read in exif_process_IFD_TAG function leading to information disclosure (bsc#1134322). Other issue addressed: o Deleted README.default_socket_timeout which is not needed anymore (bsc# 1129032). o Enabled php7 testsuite (bsc#1119396). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Module for Web Scripting 15: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2019-1461=1 o SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-1461=1 o SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1461=1 Package List: o SUSE Linux Enterprise Module for Web Scripting 15 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.2.5-4.32.1 apache2-mod_php7-debuginfo-7.2.5-4.32.1 php7-7.2.5-4.32.1 php7-bcmath-7.2.5-4.32.1 php7-bcmath-debuginfo-7.2.5-4.32.1 php7-bz2-7.2.5-4.32.1 php7-bz2-debuginfo-7.2.5-4.32.1 php7-calendar-7.2.5-4.32.1 php7-calendar-debuginfo-7.2.5-4.32.1 php7-ctype-7.2.5-4.32.1 php7-ctype-debuginfo-7.2.5-4.32.1 php7-curl-7.2.5-4.32.1 php7-curl-debuginfo-7.2.5-4.32.1 php7-dba-7.2.5-4.32.1 php7-dba-debuginfo-7.2.5-4.32.1 php7-debuginfo-7.2.5-4.32.1 php7-debugsource-7.2.5-4.32.1 php7-devel-7.2.5-4.32.1 php7-dom-7.2.5-4.32.1 php7-dom-debuginfo-7.2.5-4.32.1 php7-enchant-7.2.5-4.32.1 php7-enchant-debuginfo-7.2.5-4.32.1 php7-exif-7.2.5-4.32.1 php7-exif-debuginfo-7.2.5-4.32.1 php7-fastcgi-7.2.5-4.32.1 php7-fastcgi-debuginfo-7.2.5-4.32.1 php7-fileinfo-7.2.5-4.32.1 php7-fileinfo-debuginfo-7.2.5-4.32.1 php7-fpm-7.2.5-4.32.1 php7-fpm-debuginfo-7.2.5-4.32.1 php7-ftp-7.2.5-4.32.1 php7-ftp-debuginfo-7.2.5-4.32.1 php7-gd-7.2.5-4.32.1 php7-gd-debuginfo-7.2.5-4.32.1 php7-gettext-7.2.5-4.32.1 php7-gettext-debuginfo-7.2.5-4.32.1 php7-gmp-7.2.5-4.32.1 php7-gmp-debuginfo-7.2.5-4.32.1 php7-iconv-7.2.5-4.32.1 php7-iconv-debuginfo-7.2.5-4.32.1 php7-intl-7.2.5-4.32.1 php7-intl-debuginfo-7.2.5-4.32.1 php7-json-7.2.5-4.32.1 php7-json-debuginfo-7.2.5-4.32.1 php7-ldap-7.2.5-4.32.1 php7-ldap-debuginfo-7.2.5-4.32.1 php7-mbstring-7.2.5-4.32.1 php7-mbstring-debuginfo-7.2.5-4.32.1 php7-mysql-7.2.5-4.32.1 php7-mysql-debuginfo-7.2.5-4.32.1 php7-odbc-7.2.5-4.32.1 php7-odbc-debuginfo-7.2.5-4.32.1 php7-opcache-7.2.5-4.32.1 php7-opcache-debuginfo-7.2.5-4.32.1 php7-openssl-7.2.5-4.32.1 php7-openssl-debuginfo-7.2.5-4.32.1 php7-pcntl-7.2.5-4.32.1 php7-pcntl-debuginfo-7.2.5-4.32.1 php7-pdo-7.2.5-4.32.1 php7-pdo-debuginfo-7.2.5-4.32.1 php7-pgsql-7.2.5-4.32.1 php7-pgsql-debuginfo-7.2.5-4.32.1 php7-phar-7.2.5-4.32.1 php7-phar-debuginfo-7.2.5-4.32.1 php7-posix-7.2.5-4.32.1 php7-posix-debuginfo-7.2.5-4.32.1 php7-shmop-7.2.5-4.32.1 php7-shmop-debuginfo-7.2.5-4.32.1 php7-snmp-7.2.5-4.32.1 php7-snmp-debuginfo-7.2.5-4.32.1 php7-soap-7.2.5-4.32.1 php7-soap-debuginfo-7.2.5-4.32.1 php7-sockets-7.2.5-4.32.1 php7-sockets-debuginfo-7.2.5-4.32.1 php7-sodium-7.2.5-4.32.1 php7-sodium-debuginfo-7.2.5-4.32.1 php7-sqlite-7.2.5-4.32.1 php7-sqlite-debuginfo-7.2.5-4.32.1 php7-sysvmsg-7.2.5-4.32.1 php7-sysvmsg-debuginfo-7.2.5-4.32.1 php7-sysvsem-7.2.5-4.32.1 php7-sysvsem-debuginfo-7.2.5-4.32.1 php7-sysvshm-7.2.5-4.32.1 php7-sysvshm-debuginfo-7.2.5-4.32.1 php7-tokenizer-7.2.5-4.32.1 php7-tokenizer-debuginfo-7.2.5-4.32.1 php7-wddx-7.2.5-4.32.1 php7-wddx-debuginfo-7.2.5-4.32.1 php7-xmlreader-7.2.5-4.32.1 php7-xmlreader-debuginfo-7.2.5-4.32.1 php7-xmlrpc-7.2.5-4.32.1 php7-xmlrpc-debuginfo-7.2.5-4.32.1 php7-xmlwriter-7.2.5-4.32.1 php7-xmlwriter-debuginfo-7.2.5-4.32.1 php7-xsl-7.2.5-4.32.1 php7-xsl-debuginfo-7.2.5-4.32.1 php7-zip-7.2.5-4.32.1 php7-zip-debuginfo-7.2.5-4.32.1 php7-zlib-7.2.5-4.32.1 php7-zlib-debuginfo-7.2.5-4.32.1 o SUSE Linux Enterprise Module for Web Scripting 15 (noarch): php7-pear-7.2.5-4.32.1 php7-pear-Archive_Tar-7.2.5-4.32.1 o SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.2.5-4.32.1 php7-debugsource-7.2.5-4.32.1 php7-embed-7.2.5-4.32.1 php7-embed-debuginfo-7.2.5-4.32.1 o SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.2.5-4.32.1 php7-debugsource-7.2.5-4.32.1 php7-embed-7.2.5-4.32.1 php7-embed-debuginfo-7.2.5-4.32.1 php7-readline-7.2.5-4.32.1 php7-readline-debuginfo-7.2.5-4.32.1 php7-sodium-7.2.5-4.32.1 php7-sodium-debuginfo-7.2.5-4.32.1 php7-tidy-7.2.5-4.32.1 php7-tidy-debuginfo-7.2.5-4.32.1 References: o https://www.suse.com/security/cve/CVE-2018-19935.html o https://www.suse.com/security/cve/CVE-2018-20783.html o https://www.suse.com/security/cve/CVE-2019-11034.html o https://www.suse.com/security/cve/CVE-2019-11035.html o https://www.suse.com/security/cve/CVE-2019-11036.html o https://www.suse.com/security/cve/CVE-2019-9020.html o https://www.suse.com/security/cve/CVE-2019-9021.html o https://www.suse.com/security/cve/CVE-2019-9022.html o https://www.suse.com/security/cve/CVE-2019-9023.html o https://www.suse.com/security/cve/CVE-2019-9024.html o https://www.suse.com/security/cve/CVE-2019-9637.html o https://www.suse.com/security/cve/CVE-2019-9638.html o https://www.suse.com/security/cve/CVE-2019-9639.html o https://www.suse.com/security/cve/CVE-2019-9640.html o https://www.suse.com/security/cve/CVE-2019-9641.html o https://www.suse.com/security/cve/CVE-2019-9675.html o https://bugzilla.suse.com/1118832 o https://bugzilla.suse.com/1119396 o https://bugzilla.suse.com/1126711 o https://bugzilla.suse.com/1126713 o https://bugzilla.suse.com/1126821 o https://bugzilla.suse.com/1126823 o https://bugzilla.suse.com/1126827 o https://bugzilla.suse.com/1127122 o https://bugzilla.suse.com/1128722 o https://bugzilla.suse.com/1128883 o https://bugzilla.suse.com/1128886 o https://bugzilla.suse.com/1128887 o https://bugzilla.suse.com/1128889 o https://bugzilla.suse.com/1128892 o https://bugzilla.suse.com/1129032 o https://bugzilla.suse.com/1132837 o https://bugzilla.suse.com/1132838 o https://bugzilla.suse.com/1134322 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXQCF+2aOgq3Tt24GAQgPvRAApJklLutZuiP6P/4iQDzjEJautgyJmPZB awxp8uZtYDYsQMdpgIXwgXhKoFK1THzpXsWh3brg5HGV/Ghr5Vi5aCKOTynWgnug Z0p87z3cMRbAcF6sjkn0Pqnzsew0Qg8K6zfVxbvJ9p1IrP0ky3YEGt99PzWfq0yM SGUK1BrSIEpDfyvICwCSOyGgW+Y7+YZr7UlA8FSf+ffT31e/cDFI8Aj1IJ7vUNlH yoFz52tFJtUXZUfPMdg2PPjWGGkOClFq2Cyu7uh/azXP8sNzvTAIieS8DNjfVQE5 rDZJsdcpmmMJQiCySffIWeDkXM78PGKKFKicNr0j4FJ8IjxgGJrQFk4WVqM3AJSD QWZOqeIDu2awCHe17kFZlevMLd27kVuEGhTVTtZ/aHMK9CZ2b8ftOImijuuyV899 ncO7HwDeZQiCk6BSTZfQmUO42CYkLUn9S0ZYxQKF5ppBISzcmg9ybPZqO4gg+4+L IXUoOx92K3Fg76/L1AxuKWDhqDAfjRrJnLtyyukXnC6sESU0eutChOvfRQd5XNOn 3xOvR60UifCZw37y22/LRTigjkA+n3sGq4jNnLNr9g6tL9YCWaH8rDYj4Qn7Ki/R K/DEMJdku5XdaDv+UzIa0ALt5GjnvdMKrMPrfaTtWEGO3V/Vcy0TT2lZNt3ELqkV A37iulf8Zpg= =/UcK -----END PGP SIGNATURE-----