SUSE: 2018:2682-1 Moderate Security Update for php5 DoS Fix
suse
September 10, 2018
An update that fixes four vulnerabilities is now available
Summary
This update for php5 fixes the following issues: The following security issues were fixed: - CVE-2018-10360: Fixed an out-of-bounds read in the do_core_note function in readelf.c in libmagic.a, which allowed remote attackers to cause a denial of service via a crafted ELF file (bsc#1096984) - CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) - CVE-2018-12882: Fixed an use-after-free in exif_read_from_impl in ext/exif/exif.c (bsc#1099098) - CVE-2017-9118: Fixed an out of bounds access in php_pcre_replace_impl via a crafted preg_replace call (bsc#1105466) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods
Topics Covered
References
#1096984 #1099098 #1103659 #1105466
Cross- CVE-2017-9118 CVE-2018-10360 CVE-2018-12882
CVE-2018-14851
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Module for Web Scripting 12
https://www.suse.com/security/cve/CVE-2017-9118.html
https://www.suse.com/security/cve/CVE-2018-10360.html
https://www.suse.com/security/cve/CVE-2018-12882.html
https://www.suse.com/security/cve/CVE-2018-14851.html
https://bugzilla.suse.com/1096984
https://bugzilla.suse.com/1099098
https://bugzilla.suse.com/1103659
https://bugzilla.suse.com/1105466
PREVIOUS
NEXT
Announcement ID: SUSE-SU-2018:2682-1
Rating: moderate
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!