SUSE: 2019:0985-1 moderate: php5

    Date18 Apr 2019
    CategorySuSE
    479
    Posted ByLinuxSecurity Advisories
    An update that fixes 6 vulnerabilities is now available.
    
       SUSE Security Update: Security update for php5
    ______________________________________________________________________________
    
    Announcement ID:    SUSE-SU-2019:0985-1
    Rating:             moderate
    References:         #1126711 #1126713 #1126821 #1126823 #1127122 
                        #1128722 
    Cross-References:   CVE-2018-20783 CVE-2019-9020 CVE-2019-9021
                        CVE-2019-9023 CVE-2019-9024 CVE-2019-9641
                       
    Affected Products:
                        SUSE Linux Enterprise Software Development Kit 12-SP4
                        SUSE Linux Enterprise Software Development Kit 12-SP3
                        SUSE Linux Enterprise Module for Web Scripting 12
    ______________________________________________________________________________
    
       An update that fixes 6 vulnerabilities is now available.
    
    Description:
    
       This update for php5 fixes the following issues:
    
       Security issues fixed:
    
       - CVE-2019-9024: Fixed a vulnerability in xmlrpc_decode function which
         could allow to a hostile XMLRPC server to cause memory read outside the
         allocated areas (bsc#1126821).
       - CVE-2019-9020: Fixed a heap out of bounds in xmlrpc_decode function
         (bsc#1126711).
       - CVE-2018-20783: Fixed a buffer over-read in PHAR reading functions which
         could allow an attacker to read allocated and unallocated memory when
         parsing a phar file (bsc#1127122).
       - CVE-2019-9021: Fixed a heap buffer-based buffer over-read in PHAR
         reading functions which could allow an attacker to read allocated and
         unallocated memory when parsing a phar file (bsc#1126713).
       - CVE-2019-9023: Fixed multiple heap-based buffer over-read instances in
         mbstring regular expression functions (bsc#1126823).
       - CVE-2019-9641: Fixed multiple invalid memory access in EXIF extension
         and improved insecure implementation
         of rename function (bsc#1128722).
    
    
    Patch Instructions:
    
       To install this SUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - SUSE Linux Enterprise Software Development Kit 12-SP4:
    
          zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-985=1
    
       - SUSE Linux Enterprise Software Development Kit 12-SP3:
    
          zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-985=1
    
       - SUSE Linux Enterprise Module for Web Scripting 12:
    
          zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-985=1
    
    
    
    Package List:
    
       - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64):
    
          php5-debuginfo-5.5.14-109.51.6
          php5-debugsource-5.5.14-109.51.6
          php5-devel-5.5.14-109.51.6
    
       - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):
    
          php5-debuginfo-5.5.14-109.51.6
          php5-debugsource-5.5.14-109.51.6
          php5-devel-5.5.14-109.51.6
    
       - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64):
    
          apache2-mod_php5-5.5.14-109.51.6
          apache2-mod_php5-debuginfo-5.5.14-109.51.6
          php5-5.5.14-109.51.6
          php5-bcmath-5.5.14-109.51.6
          php5-bcmath-debuginfo-5.5.14-109.51.6
          php5-bz2-5.5.14-109.51.6
          php5-bz2-debuginfo-5.5.14-109.51.6
          php5-calendar-5.5.14-109.51.6
          php5-calendar-debuginfo-5.5.14-109.51.6
          php5-ctype-5.5.14-109.51.6
          php5-ctype-debuginfo-5.5.14-109.51.6
          php5-curl-5.5.14-109.51.6
          php5-curl-debuginfo-5.5.14-109.51.6
          php5-dba-5.5.14-109.51.6
          php5-dba-debuginfo-5.5.14-109.51.6
          php5-debuginfo-5.5.14-109.51.6
          php5-debugsource-5.5.14-109.51.6
          php5-dom-5.5.14-109.51.6
          php5-dom-debuginfo-5.5.14-109.51.6
          php5-enchant-5.5.14-109.51.6
          php5-enchant-debuginfo-5.5.14-109.51.6
          php5-exif-5.5.14-109.51.6
          php5-exif-debuginfo-5.5.14-109.51.6
          php5-fastcgi-5.5.14-109.51.6
          php5-fastcgi-debuginfo-5.5.14-109.51.6
          php5-fileinfo-5.5.14-109.51.6
          php5-fileinfo-debuginfo-5.5.14-109.51.6
          php5-fpm-5.5.14-109.51.6
          php5-fpm-debuginfo-5.5.14-109.51.6
          php5-ftp-5.5.14-109.51.6
          php5-ftp-debuginfo-5.5.14-109.51.6
          php5-gd-5.5.14-109.51.6
          php5-gd-debuginfo-5.5.14-109.51.6
          php5-gettext-5.5.14-109.51.6
          php5-gettext-debuginfo-5.5.14-109.51.6
          php5-gmp-5.5.14-109.51.6
          php5-gmp-debuginfo-5.5.14-109.51.6
          php5-iconv-5.5.14-109.51.6
          php5-iconv-debuginfo-5.5.14-109.51.6
          php5-imap-5.5.14-109.51.6
          php5-imap-debuginfo-5.5.14-109.51.6
          php5-intl-5.5.14-109.51.6
          php5-intl-debuginfo-5.5.14-109.51.6
          php5-json-5.5.14-109.51.6
          php5-json-debuginfo-5.5.14-109.51.6
          php5-ldap-5.5.14-109.51.6
          php5-ldap-debuginfo-5.5.14-109.51.6
          php5-mbstring-5.5.14-109.51.6
          php5-mbstring-debuginfo-5.5.14-109.51.6
          php5-mcrypt-5.5.14-109.51.6
          php5-mcrypt-debuginfo-5.5.14-109.51.6
          php5-mysql-5.5.14-109.51.6
          php5-mysql-debuginfo-5.5.14-109.51.6
          php5-odbc-5.5.14-109.51.6
          php5-odbc-debuginfo-5.5.14-109.51.6
          php5-opcache-5.5.14-109.51.6
          php5-opcache-debuginfo-5.5.14-109.51.6
          php5-openssl-5.5.14-109.51.6
          php5-openssl-debuginfo-5.5.14-109.51.6
          php5-pcntl-5.5.14-109.51.6
          php5-pcntl-debuginfo-5.5.14-109.51.6
          php5-pdo-5.5.14-109.51.6
          php5-pdo-debuginfo-5.5.14-109.51.6
          php5-pgsql-5.5.14-109.51.6
          php5-pgsql-debuginfo-5.5.14-109.51.6
          php5-phar-5.5.14-109.51.6
          php5-phar-debuginfo-5.5.14-109.51.6
          php5-posix-5.5.14-109.51.6
          php5-posix-debuginfo-5.5.14-109.51.6
          php5-pspell-5.5.14-109.51.6
          php5-pspell-debuginfo-5.5.14-109.51.6
          php5-shmop-5.5.14-109.51.6
          php5-shmop-debuginfo-5.5.14-109.51.6
          php5-snmp-5.5.14-109.51.6
          php5-snmp-debuginfo-5.5.14-109.51.6
          php5-soap-5.5.14-109.51.6
          php5-soap-debuginfo-5.5.14-109.51.6
          php5-sockets-5.5.14-109.51.6
          php5-sockets-debuginfo-5.5.14-109.51.6
          php5-sqlite-5.5.14-109.51.6
          php5-sqlite-debuginfo-5.5.14-109.51.6
          php5-suhosin-5.5.14-109.51.6
          php5-suhosin-debuginfo-5.5.14-109.51.6
          php5-sysvmsg-5.5.14-109.51.6
          php5-sysvmsg-debuginfo-5.5.14-109.51.6
          php5-sysvsem-5.5.14-109.51.6
          php5-sysvsem-debuginfo-5.5.14-109.51.6
          php5-sysvshm-5.5.14-109.51.6
          php5-sysvshm-debuginfo-5.5.14-109.51.6
          php5-tokenizer-5.5.14-109.51.6
          php5-tokenizer-debuginfo-5.5.14-109.51.6
          php5-wddx-5.5.14-109.51.6
          php5-wddx-debuginfo-5.5.14-109.51.6
          php5-xmlreader-5.5.14-109.51.6
          php5-xmlreader-debuginfo-5.5.14-109.51.6
          php5-xmlrpc-5.5.14-109.51.6
          php5-xmlrpc-debuginfo-5.5.14-109.51.6
          php5-xmlwriter-5.5.14-109.51.6
          php5-xmlwriter-debuginfo-5.5.14-109.51.6
          php5-xsl-5.5.14-109.51.6
          php5-xsl-debuginfo-5.5.14-109.51.6
          php5-zip-5.5.14-109.51.6
          php5-zip-debuginfo-5.5.14-109.51.6
          php5-zlib-5.5.14-109.51.6
          php5-zlib-debuginfo-5.5.14-109.51.6
    
       - SUSE Linux Enterprise Module for Web Scripting 12 (noarch):
    
          php5-pear-5.5.14-109.51.6
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2018-20783.html
       https://www.suse.com/security/cve/CVE-2019-9020.html
       https://www.suse.com/security/cve/CVE-2019-9021.html
       https://www.suse.com/security/cve/CVE-2019-9023.html
       https://www.suse.com/security/cve/CVE-2019-9024.html
       https://www.suse.com/security/cve/CVE-2019-9641.html
       https://bugzilla.suse.com/1126711
       https://bugzilla.suse.com/1126713
       https://bugzilla.suse.com/1126821
       https://bugzilla.suse.com/1126823
       https://bugzilla.suse.com/1127122
       https://bugzilla.suse.com/1128722
    
    _______________________________________________
    sle-security-updates mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://lists.suse.com/mailman/listinfo/sle-security-updates
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    In your opinion, what is the biggest advantage associated with choosing open-source software/technology?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /component/communitypolls/?task=poll.vote
    16
    radio
    [{"id":"61","title":"High levels of security","votes":"1","type":"x","order":"1","pct":16.67,"resources":[]},{"id":"62","title":"High levels of quality ","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"63","title":"Cost-effectiveness ","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"64","title":"Freedom and flexibility ","votes":"5","type":"x","order":"4","pct":83.33,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.