Mageia: 2019-0218 Critical: PHP EXIF Parsing Security Flaws
mageia
August 9, 2019
Updated php packages fixes atleast the following security issues: When PHP EXIF extension is parsing EXIF information from an image, e.g
Summary
Updated php packages fixes atleast the following security issues:
When PHP EXIF extension is parsing EXIF information from an image, e.g.
via exif_read_data() function, in PHP versions 7.1.x below 7.1.31,
7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with
data what will cause it to read past the allocated buffer. This may lead
to information disclosure or crash (CVE-2019-11041, CVE-2019-11041).
For other fixes in this update, see the referenced changelogs.
References
- https://bugs.mageia.org/show_bug.cgi?id=25044
- https://www.php.net/ChangeLog-7.php#7.3.7
- https://www.php.net/ChangeLog-7.php#7.3.8
- https://www.cve.org/CVERecord?id=CVE-2019-11041
- https://www.cve.org/CVERecord?id=CVE-2019-11042
Resolution
SRPMS
- 7/core/php-7.3.8-1.mga7
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 10 Aug 2019
URL: https://advisories.mageia.org/MGASA-2019-0218.html
Type: security
CVE: CVE-2019-11041,
CVE-2019-11042
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!