Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Mageia 7: Critical PHP And PCRE2 Remote Exec And Heap Overflow Issues

mageia
Calendar Grey October 29, 2019
Dist Mageia Esm H88
The recent updates to the php and pcre2 packages address critical security flaws in Mageia 7, bolstering system defenses against potential threats.
Updated php and pcre2 packages fix security vulnerabilities: - FPM (#78599) env_path_info underflow in fpm_main.c can lead to RCE

Summary

Updated php and pcre2 packages fix security vulnerabilities:
- FPM (#78599) env_path_info underflow in fpm_main.c can lead to RCE. (CVE-2019-11043) - MBString (#78633) Heap buffer overflow (read) in mb_eregi. - Mysqlnd (#78525) Memory leak in pdo when reusing native prepared statements. - PCRE (#78272) calling preg_match() before pcntl_fork() will freeze child process. - Base (#78612) strtr leaks memory when integer keys are used and the subject string shorter.

References

- https://bugs.mageia.org/show_bug.cgi?id=25603

- https://www.php.net/ChangeLog-7.php#7.3.11

- https://bugs.php.net/bug.php?id=78272

- https://www.cve.org/CVERecord?id=CVE-2019-11043

Topics%20covered

Topics Covered

security advisory php remote execution heap overflow pcre2 mageia

Resolution

SRPMS

- 7/core/php-7.3.11-1.mga7

- 7/core/pcre2-10.33-1.1.mga7

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 29 Oct 2019
URL: https://advisories.mageia.org/MGASA-2019-0307.html
Type: security
CVE: CVE-2019-11043

Topics%20covered

Topics Covered

security advisory php remote execution heap overflow pcre2 mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here