SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-2020-101

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-2020-101

Security update for php7

Type: security

Severity: moderate

Issued: 2020-01-14

Description:

This update for php7 fixes the following issues:

- CVE-2019-11045: Fixed an issue with improper input validation in the filename handling of the DirectoryIterator class (bsc#1159923).
- CVE-2019-11046: Fixed an information leak in bc_shift_addsub() (bsc#1159924).
- CVE-2019-11047, CVE-2019-11050: Fixed multiple information leaks in exif_read_data() (bsc#1159922, bsc#1159927).

References

CVE: CVE-2019-11050
CVE: CVE-2019-11047
CVE: CVE-2019-11046
CVE: CVE-2019-11045
Bugzilla: 1159927 VUL-0: CVE-2019-11050: php5,php72,php7,php53: PHP EXIF extension is parsing EXIF information from an image that can cause it to read past the allocated buffer
Bugzilla: 1159924 VUL-0: CVE-2019-11046: php5,php72,php7,php53: OOB read in bc_shift_addsub
Bugzilla: 1159923 VUL-0: CVE-2019-11045: php5,php72,php7,php53: PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte
Bugzilla: 1159922 VUL-0: CVE-2019-11047: php5,php72,php7,php53: information disclosure in exif_read_data()

Packages

php7-7.2.5-4.49.1