Bug 1126821 (CVE-2019-9024)

Summary: VUL-0: CVE-2019-9024: php5,php7,php53: xmlrpc_decode() can allow a hostile XMLRPC server to read memory outside of allocated areas
Product: [Novell Products] SUSE Security Incidents Reporter: Robert Frohl <rfrohl>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P3 - Medium CC: gboiko, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/225270/
Whiteboard: maint:released:sle10-sp3:64227
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Robert Frohl 2019-02-25 14:48:11 UTC
CVE-2019-9024

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before
7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC
server to cause PHP to read memory outside of allocated areas in
base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9024
https://bugs.php.net/bug.php?id=77380
Comment 1 Robert Frohl 2019-02-25 14:56:17 UTC
All php versions in all codestream are affected:
- SUSE:SLE-10-SP3:Update
- SUSE:SLE-11:Update
- SUSE:SLE-11-SP3:Update
- SUSE:SLE-12:Update
- SUSE:SLE-15:Update
Comment 4 Petr Gajdos 2019-03-05 15:10:50 UTC
BEFORE

TW/php7

$ php -r '$a=xmlrpc_decode(base64_decode("PGJhc2U2ND7CkzwvYmFzZTY0Pgo="));'
$
[no issues observed]

15/php7, 12/php7, 12/php5

=================================================================
==7890==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7ffff19ff5f3 at pc 0x7ffff17e1f09 bp 0x7fffffffc0d0 sp 0x7fffffffc0c8
READ of size 1 at 0x7ffff19ff5f3 thread T0
    #0 0x7ffff17e1f08  (/usr/lib64/php7/extensions/xmlrpc.so+0x10f08)
    #1 0x7ffff17e564e  (/usr/lib64/php7/extensions/xmlrpc.so+0x1464e)
    #2 0x7ffff17e57bf  (/usr/lib64/php7/extensions/xmlrpc.so+0x147bf)
    #3 0x7ffff17ecfa7  (/usr/lib64/php7/extensions/xmlrpc.so+0x1bfa7)
    #4 0x7ffff17dceee  (/usr/lib64/php7/extensions/xmlrpc.so+0xbeee)
    #5 0x7ffff17dd7fb  (/usr/lib64/php7/extensions/xmlrpc.so+0xc7fb)
    #6 0x5555561ce102 in execute_ex (/usr/bin/php+0xc7a102)
    #7 0x5555561f5e88 in zend_execute (/usr/bin/php+0xca1e88)
    #8 0x555555f3b817 in zend_eval_stringl (/usr/bin/php+0x9e7817)
    #9 0x555555f3be3a in zend_eval_stringl_ex (/usr/bin/php+0x9e7e3a)
    #10 0x555555f3beb6 in zend_eval_string_ex (/usr/bin/php+0x9e7eb6)
    #11 0x5555561fb0fa  (/usr/bin/php+0xca70fa)
    #12 0x5555561fcbfb  (/usr/bin/php+0xca8bfb)
    #13 0x7ffff5247f49 in __libc_start_main (/lib64/libc.so.6+0x20f49)
    #14 0x555555ac5839 in _start (/usr/bin/php+0x571839)

0x7ffff19ff5f3 is located 13 bytes to the left of global variable 'le_xmlrpc_server' defined in '/home/abuild/rpmbuild/BUILD/php-7.2.5/ext/xmlrpc/xmlrpc-epi-php.c:76:12' (0x7ffff19ff600) of size 4
0x7ffff19ff5f3 is located 43 bytes to the right of global variable 'str_mapping' defined in '/home/abuild/rpmbuild/BUILD/php-7.2.5/ext/xmlrpc/xmlrpc-epi-php.c:1197:21' (0x7ffff19ff560) of size 104
SUMMARY: AddressSanitizer: global-buffer-overflow (/usr/lib64/php7/extensions/xmlrpc.so+0x10f08) 
Shadow bytes around the buggy address:
  0x10007e337e60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10007e337e70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10007e337e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10007e337e90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10007e337ea0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x10007e337eb0: 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9[f9]f9
  0x10007e337ec0: 04 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
  0x10007e337ed0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10007e337ee0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10007e337ef0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10007e337f00: 00 00 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
[reproduces asan report]

11sp3/php53, 11/php5

$ valgrind -q php -r $a=xmlrpc_decode(base64_decode("PGJhc2U2ND7CkzwvYmFzZTY0Pgo="));
$
[no issue observed]

PATCH

http://git.php.net/?p=php-src.git;a=commit;h=1cc2182bcc81e185c14837e659d12b268cb99d63
Can be applied in 15/php7 trough 10sp3/php5

AFTER

15/php7

$ php -r '$a=xmlrpc_decode(base64_decode("PGJhc2U2ND7CkzwvYmFzZTY0Pgo="));'
$

12/php7, 12/php5

$ php -r '$a=xmlrpc_decode(base64_decode("PGJhc2U2ND7CkzwvYmFzZTY0Pgo="));'
*** Error in `php': free(): invalid pointer: 0x000060040000ce30 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x74c99)[0x7fdfab0afc99]
/lib64/libc.so.6(+0x7a566)[0x7fdfab0b5566]
/usr/lib64/php7/extensions/xmlrpc.so(+0x15e58)[0x7fdfaa3e4e58]
/usr/lib64/php7/extensions/xmlrpc.so(+0x15ecd)[0x7fdfaa3e4ecd]
/usr/lib64/php7/extensions/xmlrpc.so(+0x1a087)[0x7fdfaa3e9087]
/usr/lib64/php7/extensions/xmlrpc.so(+0x9892)[0x7fdfaa3d8892]
/usr/lib64/php7/extensions/xmlrpc.so(+0xa018)[0x7fdfaa3d9018]
php(+0x73bde4)[0x561ba594ede4]
php(execute_ex+0x42)[0x561ba58cbab7]
php(zend_execute+0xd04)[0x561ba59fa1c0]
php(zend_eval_stringl+0x6bc)[0x561ba57db5c2]
php(zend_eval_stringl_ex+0x9)[0x561ba57db8fa]
php(zend_eval_string_ex+0x79)[0x561ba57db9be]
php(+0x7eab80)[0x561ba59fdb80]
php(+0x7ec946)[0x561ba59ff946]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7fdfab05ccb5]
php(+0x19bca9)[0x561ba53aeca9]
======= Memory map: ========
7fff7000-8fff7000 rw-p 00000000 00:00 0 
8fff7000-2008fff7000 ---p 00000000 00:00 0 
2008fff7000-10007fff8000 rw-p 00000000 00:00 0 
561ba5213000-561ba5ce7000 r-xp 00000000 08:04 270784918                  /usr/bin/php
561ba5ee6000-561ba5f79000 r--p 00ad3000 08:04 270784918                  /usr/bin/php
561ba5f79000-561ba6037000 rw-p 00b66000 08:04 270784918                  /usr/bin/php
561ba6037000-561ba6043000 rw-p 00000000 00:00 0 
561ba61eb000-561ba620c000 rw-p 00000000 00:00 0                          [heap]
600000000000-600400000000 ---p 00000000 00:00 0 
600400000000-600400010000 rw-p 00000000 00:00 0 
600400010000-600600000000 ---p 00000000 00:00 0 
600600000000-600600020000 rw-p 00000000 00:00 0 
600600020000-600800000000 ---p 00000000 00:00 0 
600800000000-600800040000 rw-p 00000000 00:00 0 
600800040000-600c00000000 ---p 00000000 00:00 0 
600c00000000-600c00010000 rw-p 00000000 00:00 0 
600c00010000-600e00000000 ---p 00000000 00:00 0 
600e00000000-600e00010000 rw-p 00000000 00:00 0 
600e00010000-601000000000 ---p 00000000 00:00 0 
601000000000-601000050000 rw-p 00000000 00:00 0 
601000050000-601600000000 ---p 00000000 00:00 0 
601600000000-601600010000 rw-p 00000000 00:00 0 
601600010000-601800000000 ---p 00000000 00:00 0 
601800000000-601800010000 rw-p 00000000 00:00 0 
601800010000-601c00000000 ---p 00000000 00:00 0 
601c00000000-601c00010000 rw-p 00000000 00:00 0 
601c00010000-601e00000000 ---p 00000000 00:00 0 
601e00000000-601e00010000 rw-p 00000000 00:00 0 
601e00010000-602000000000 ---p 00000000 00:00 0 
602000000000-602000020000 rw-p 00000000 00:00 0 
602000020000-602200000000 ---p 00000000 00:00 0 
602200000000-602200020000 rw-p 00000000 00:00 0 
602200020000-602400000000 ---p 00000000 00:00 0 
602400000000-602400020000 rw-p 00000000 00:00 0 
602400020000-602600000000 ---p 00000000 00:00 0 
602600000000-602600020000 rw-p 00000000 00:00 0 
602600020000-602e00000000 ---p 00000000 00:00 0 
602e00000000-602e00020000 rw-p 00000000 00:00 0 
602e00020000-603400000000 ---p 00000000 00:00 0 
603400000000-603400030000 rw-p 00000000 00:00 0 
603400030000-603600000000 ---p 00000000 00:00 0 
603600000000-603600020000 rw-p 00000000 00:00 0 
603600020000-603800000000 ---p 00000000 00:00 0 
603800000000-603800020000 rw-p 00000000 00:00 0 
603800020000-603c00000000 ---p 00000000 00:00 0 
603c00000000-603c00020000 rw-p 00000000 00:00 0 
603c00020000-603e00000000 ---p 00000000 00:00 0 
603e00000000-603e00020000 rw-p 00000000 00:00 0 
603e00020000-604200000000 ---p 00000000 00:00 0 
604200000000-604200020000 rw-p 00000000 00:00 0 
604200020000-604400000000 ---p 00000000 00:00 0 
604400000000-604400020000 rw-p 00000000 00:00 0 
604400020000-604600000000 ---p 00000000 00:00 0 
604600000000-604600020000 rw-p 00000000 00:00 0 
604600020000-604800000000 ---p 00000000 00:00 0 
604800000000-604800020000 rw-p 00000000 00:00 0 
604800020000-604c00000000 ---p 00000000 00:00 0 
604c00000000-604c00020000 rw-p 00000000 00:00 0 
604c00020000-605200000000 ---p 00000000 00:00 0 
605200000000-605200020000 rw-p 00000000 00:00 0 
605200020000-605400000000 ---p 00000000 00:00 0 
605400000000-605400020000 rw-p 00000000 00:00 0 
605400020000-606200000000 ---p 00000000 00:00 0 
606200000000-606200020000 rw-p 00000000 00:00 0 
606200020000-606400000000 ---p 00000000 00:00 0 
606400000000-606400020000 rw-p 00000000 00:00 0 
606400020000-607200000000 ---p 00000000 00:00 0 
607200000000-607200020000 rw-p 00000000 00:00 0 
607200020000-607400000000 ---p 00000000 00:00 0 
607400000000-607400020000 rw-p 00000000 00:00 0 
607400020000-608400000000 ---p 00000000 00:00 0 
608400000000-608400010000 rw-p 00000000 00:00 0 
608400010000-609200000000 ---p 00000000 00:00 0 
609200000000-609200020000 rw-p 00000000 00:00 0 
609200020000-609400000000 ---p 00000000 00:00 0 
609400000000-609400030000 rw-p 00000000 00:00 0 
609400030000-60a400000000 ---p 00000000 00:00 0 
60a400000000-60a400030000 rw-p 00000000 00:00 0 
60a400030000-610000000000 ---p 00000000 00:00 0 
610000000000-610000005000 rw-p 00000000 00:00 0 
7fdfaa1cc000-7fdfaa1ce000 r-xp 00000000 08:04 277690319                  /usr/lib64/gconv/ISO8859-1.so
7fdfaa1ce000-7fdfaa3cd000 ---p 00002000 08:04 277690319                  /usr/lib64/gconv/ISO8859-1.so
7fdfaa3cd000-7fdfaa3ce000 r--p 00001000 08:04 277690319                  /usr/lib64/gconv/ISO8859-1.so
7fdfaa3ce000-7fdfaa3cf000 rw-p 00002000 08:04 277690319                  /usr/lib64/gconv/ISO8859-1.so
7fdfaa3cf000-7fdfaa3fc000 r-xp 00000000 08:04 226166537                  /usr/lib64/php7/extensions/xmlrpc.so
7fdfaa3fc000-7fdfaa5fb000 ---p 0002d000 08:04 226166537                  /usr/lib64/php7/extensions/xmlrpc.so
7fdfaa5fb000-7fdfaa5fc000 r--p 0002c000 08:04 226166537                  /usr/lib64/php7/extensions/xmlrpc.so
7fdfaa5fc000-7fdfaa600000 rw-p 0002d000 08:04 226166537                  /usr/lib64/php7/extensions/xmlrpc.so
7fdfaa600000-7fdfaa800000 rw-p 00000000 00:00 0 
7fdfaa9e0000-7fdfaaa05000 r-xp 00000000 08:04 136409888                  /usr/lib64/liblzma.so.5.0.5
7fdfaaa05000-7fdfaac04000 ---p 00025000 08:04 136409888                  /usr/lib64/liblzma.so.5.0.5
7fdfaac04000-7fdfaac05000 r--p 00024000 08:04 136409888                  /usr/lib64/liblzma.so.5.0.5
7fdfaac05000-7fdfaac06000 rw-p 00025000 08:04 136409888                  /usr/lib64/liblzma.so.5.0.5
7fdfaac06000-7fdfaac1d000 r-xp 00000000 08:04 277563543                  /lib64/libgcc_s.so.1
7fdfaac1d000-7fdfaae1c000 ---p 00017000 08:04 277563543                  /lib64/libgcc_s.so.1
7fdfaae1c000-7fdfaae1d000 r--p 00016000 08:04 277563543                  /lib64/libgcc_s.so.1
7fdfaae1d000-7fdfaae1e000 rw-p 00017000 08:04 277563543                  /lib64/libgcc_s.so.1
7fdfaae1e000-7fdfaae36000 r-xp 00000000 08:04 277390136                  /lib64/libpthread-2.19.so
7fdfaae36000-7fdfab035000 ---p 00018000 08:04 277390136                  /lib64/libpthread-2.19.so
7fdfab035000-7fdfab036000 r--p 00017000 08:04 277390136                  /lib64/libpthread-2.19.so
7fdfab036000-7fdfab037000 rw-p 00018000 08:04 277390136                  /lib64/libpthread-2.19.so
7fdfab037000-7fdfab03b000 rw-p 00000000 00:00 0 
7fdfab03b000-7fdfab1db000 r-xp 00000000 08:04 277390108                  /lib64/libc-2.19.so
7fdfab1db000-7fdfab3db000 ---p 001a0000 08:04 277390108                  /lib64/libc-2.19.so
7fdfab3db000-7fdfab3df000 r--p 001a0000 08:04 277390108                  /lib64/libc-2.19.so
7fdfab3df000-7fdfab3e1000 rw-p 001a4000 08:04 277390108                  /lib64/libc-2.19.so
7fdfab3e1000-7fdfab3e5000 rw-p 00000000 00:00 0 
7fdfab3e5000-7fdfab5ab000 r-xp 00000000 08:04 277563541                  /lib64/libcrypto.so.1.0.0
7fdfab5ab000-7fdfab7ab000 ---p 001c6000 08:04 277563541                  /lib64/libcrypto.so.1.0.0
7fdfab7ab000-7fdfab7c5000 r--p 001c6000 08:04 277563541                  /lib64/libcrypto.so.1.0.0
7fdfab7c5000-7fdfab7d2000 rw-p 001e0000 08:04 277563541                  /lib64/libcrypto.so.1.0.0
7fdfab7d2000-7fdfab7d6000 rw-p 00000000 00:00 0 
7fdfab7d6000-7fdfab936000 r-xp 00000000 08:04 138407980                  /usr/lib64/libxml2.so.2.9.1
7fdfab936000-7fdfabb35000 ---p 00160000 08:04 138407980                  /usr/lib64/libxml2.so.2.9.1
7fdfabb35000-7fdfabb3d000 r--p 0015f000 08:04 138407980                  /usr/lib64/libxml2.so.2.9.1
7fdfabb3d000-7fdfabb3f000 rw-p 00167000 08:04 138407980                  /usr/lib64/libxml2.so.2.9.1
7fdfabb3f000-7fdfabb40000 rw-p 00000000 00:00 0 
7fdfabb40000-7fdfabb55000 r-xp 00000000 08:04 277376636                  /lib64/libz.so.1.2.8
7fdfabb55000-7fdfabd54000 ---p 00015000 08:04 277376636                  /lib64/libz.so.1.2.8
7fdfabd54000-7fdfabd55000 r--p 00014000 08:04 277376636                  /lib64/libz.so.1.2.8
7fdfabd55000-7fdfabd56000 rw-p 00015000 08:04 277376636                  /lib64/libz.so.1.2.8
7fdfabd56000-7fdfabd58000 r-xp 00000000 08:04 277390114                  /lib64/libdl-2.19.so
7fdfabd58000-7fdfabf58000 ---p 00002000 08:04 277390114                  /lib64/libdl-2.19.so
7fdfabf58000-7fdfabf59000 r--p 00002000 08:04 277390114                  /lib64/libdl-2.19.so
7fdfabf59000-7fdfabf5a000 rw-p 00003000 08:04 277390114                  /lib64/libdl-2.19.so
7fdfabf5a000-7fdfac05a000 r-xp 00000000 08:04 277390116                  /lib64/libm-2.19.so
7fdfac05a000-7fdfac259000 ---p 00100000 08:04 277390116                  /lib64/libm-2.19.so
7fdfac259000-7fdfac25a000 r--p 000ff000 08:04 277390116                  /lib64/libm-2.19.so
7fdfac25a000-7fdfac25b000 rw-p 00100000 08:04 277390116                  /lib64/libm-2.19.so
7fdfac25b000-7fdfac2c9000 r-xp 00000000 08:04 136409890                  /usr/lib64/libpcre.so.1.2.7
7fdfac2c9000-7fdfac4c8000 ---p 0006e000 08:04 136409890                  /usr/lib64/libpcre.so.1.2.7
7fdfac4c8000-7fdfac4c9000 r--p 0006d000 08:04 136409890                  /usr/lib64/libpcre.so.1.2.7
7fdfac4c9000-7fdfac4ca000 rw-p 0006e000 08:04 136409890                  /usr/lib64/libpcre.so.1.2.7
7fdfac4ca000-7fdfac4de000 r-xp 00000000 08:04 277390138                  /lib64/libresolv-2.19.so
7fdfac4de000-7fdfac6dd000 ---p 00014000 08:04 277390138                  /lib64/libresolv-2.19.so
7fdfac6dd000-7fdfac6de000 r--p 00013000 08:04 277390138                  /lib64/libresolv-2.19.so
7fdfac6de000-7fdfac6df000 rw-p 00014000 08:04 277390138                  /lib64/libresolv-2.19.so
7fdfac6df000-7fdfac6e1000 rw-p 00000000 00:00 0 
7fdfac6e1000-7fdfac6ed000 r-xp 00000000 08:04 277390112                  /lib64/libcrypt-2.19.so
7fdfac6ed000-7fdfac8ec000 ---p 0000c000 08:04 277390112                  /lib64/libcrypt-2.19.so
7fdfac8ec000-7fdfac8ed000 r--p 0000b000 08:04 277390112                  /lib64/libcrypt-2.19.so
7fdfac8ed000-7fdfac8ee000 rw-p 0000c000 08:04 277390112                  /lib64/libcrypt-2.19.so
7fdfac8ee000-7fdfac91c000 rw-p 00000000 00:00 0 
7fdfac91c000-7fdfac945000 r-xp 00000000 08:04 142113487                  /usr/lib64/libasan.so.0.0.0
7fdfac945000-7fdfacb44000 ---p 00029000 08:04 142113487                  /usr/lib64/libasan.so.0.0.0
7fdfacb44000-7fdfacb45000 r--p 00028000 08:04 142113487                  /usr/lib64/libasan.so.0.0.0
7fdfacb45000-7fdfacb46000 rw-p 00029000 08:04 142113487                  /usr/lib64/libasan.so.0.0.0
7fdfacb46000-7fdfaf8ab000 rw-p 00000000 00:00 0 
7fdfaf8ab000-7fdfaf8cc000 r-xp 00000000 08:04 277563528                  /lib64/ld-2.19.so
7fdfaf9bc000-7fdfafa22000 rw-p 00000000 00:00 0 
7fdfafa22000-7fdfafa29000 r--s 00000000 08:04 277695728                  /usr/lib64/gconv/gconv-modules.cache
7fdfafa29000-7fdfafa68000 r--p 00000000 08:04 415728585                  /usr/lib/locale/en_GB.utf8/LC_CTYPE
7fdfafa68000-7fdfafac2000 rw-p 00000000 00:00 0 
7fdfafac2000-7fdfafacb000 rw-p 00000000 00:00 0 
7fdfafacb000-7fdfafacc000 r--p 00020000 08:04 277563528                  /lib64/ld-2.19.so
7fdfafacc000-7fdfafacd000 rw-p 00021000 08:04 277563528                  /lib64/ld-2.19.so
7fdfafacd000-7fdfaface000 rw-p 00000000 00:00 0 
7ffef6eb4000-7ffef6ed5000 rw-p 00000000 00:00 0                          [stack]
7ffef6f55000-7ffef6f58000 r--p 00000000 00:00 0                          [vvar]
7ffef6f58000-7ffef6f5a000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Aborted (core dumped)
$
[the patch seem to be incomplete]

11sp3/php53, 11/php5

$ valgrind -q php -r $a=xmlrpc_decode(base64_decode("PGJhc2U2ND7CkzwvYmFzZTY0Pgo="));
$
[no issues observed]
Comment 5 Petr Gajdos 2019-03-06 14:36:38 UTC
Bailing out from base64_decode_xmlrpc() when negative input is encountered resolves the issue for me.
Comment 6 Petr Gajdos 2019-03-06 14:37:52 UTC
Will submit for: 15/php7, 15/php72, 12/php7, 12/php5, 11sp3/php53, 11/php5 and 10sp3/php5.
Comment 7 Petr Gajdos 2019-03-07 07:44:57 UTC
Will also submit into devel:languages:php:php56/php5.
Comment 8 Petr Gajdos 2019-03-07 07:46:56 UTC
(In reply to Petr Gajdos from comment #7)
> Will also submit into devel:languages:php:php56/php5.

Actually no: it is already fixed in 5.6.40.
Comment 9 Petr Gajdos 2019-03-11 21:04:00 UTC
I believe all fixed.
Comment 11 Swamp Workflow Management 2019-03-13 17:37:15 UTC
An update workflow for this issue was started.
This issue was rated as low.
Please submit fixed packages until 2019-04-10.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/64226
Comment 15 Swamp Workflow Management 2019-04-05 19:19:44 UTC
SUSE-SU-2019:14013-1: An update that fixes 11 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1126711,1126713,1126821,1126823,1127122,1128722,1128883,1128886,1128887,1128889,1128892
CVE References: CVE-2018-20783,CVE-2019-9020,CVE-2019-9021,CVE-2019-9023,CVE-2019-9024,CVE-2019-9637,CVE-2019-9638,CVE-2019-9639,CVE-2019-9640,CVE-2019-9641,CVE-2019-9675
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    php53-5.3.17-112.58.1
SUSE Linux Enterprise Server 11-SP4 (src):    php53-5.3.17-112.58.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    php53-5.3.17-112.58.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    php53-5.3.17-112.58.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 16 Swamp Workflow Management 2019-04-18 16:12:19 UTC
SUSE-SU-2019:0985-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1126711,1126713,1126821,1126823,1127122,1128722
CVE References: CVE-2018-20783,CVE-2019-9020,CVE-2019-9021,CVE-2019-9023,CVE-2019-9024,CVE-2019-9641
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    php5-5.5.14-109.51.6
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    php5-5.5.14-109.51.6
SUSE Linux Enterprise Module for Web Scripting 12 (src):    php5-5.5.14-109.51.6

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 17 Swamp Workflow Management 2019-04-23 15:07:20 UTC
openSUSE-SU-2019:1256-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1126711,1126713,1126821,1126823,1127122,1128722
CVE References: CVE-2018-20783,CVE-2019-9020,CVE-2019-9021,CVE-2019-9023,CVE-2019-9024,CVE-2019-9641
Sources used:
openSUSE Leap 42.3 (src):    php5-5.5.14-115.1
Comment 19 Swamp Workflow Management 2019-04-29 13:09:34 UTC
openSUSE-SU-2019:1293-1: An update that solves 11 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1126711,1126713,1126821,1126823,1127122,1128722,1128883,1128886,1128887,1128889,1128892,1129032
CVE References: CVE-2018-20783,CVE-2019-9020,CVE-2019-9021,CVE-2019-9023,CVE-2019-9024,CVE-2019-9637,CVE-2019-9638,CVE-2019-9639,CVE-2019-9640,CVE-2019-9641,CVE-2019-9675
Sources used:
openSUSE Leap 42.3 (src):    php7-7.0.7-58.1
Comment 21 Swamp Workflow Management 2019-06-11 22:11:30 UTC
SUSE-SU-2019:1461-1: An update that solves 16 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1118832,1119396,1126711,1126713,1126821,1126823,1126827,1127122,1128722,1128883,1128886,1128887,1128889,1128892,1129032,1132837,1132838,1134322
CVE References: CVE-2018-19935,CVE-2018-20783,CVE-2019-11034,CVE-2019-11035,CVE-2019-11036,CVE-2019-9020,CVE-2019-9021,CVE-2019-9022,CVE-2019-9023,CVE-2019-9024,CVE-2019-9637,CVE-2019-9638,CVE-2019-9639,CVE-2019-9640,CVE-2019-9641,CVE-2019-9675
Sources used:
SUSE Linux Enterprise Module for Web Scripting 15 (src):    php7-7.2.5-4.32.1
SUSE Linux Enterprise Module for Packagehub Subpackages 15 (src):    php7-7.2.5-4.32.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    php7-7.2.5-4.32.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 22 Swamp Workflow Management 2019-06-18 16:37:54 UTC
openSUSE-SU-2019:1572-1: An update that solves 16 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1118832,1119396,1126711,1126713,1126821,1126823,1126827,1127122,1128722,1128883,1128886,1128887,1128889,1128892,1129032,1132837,1132838,1134322
CVE References: CVE-2018-19935,CVE-2018-20783,CVE-2019-11034,CVE-2019-11035,CVE-2019-11036,CVE-2019-9020,CVE-2019-9021,CVE-2019-9022,CVE-2019-9023,CVE-2019-9024,CVE-2019-9637,CVE-2019-9638,CVE-2019-9639,CVE-2019-9640,CVE-2019-9641,CVE-2019-9675
Sources used:
openSUSE Leap 15.1 (src):    php7-7.2.5-lp151.6.3.1
Comment 23 Swamp Workflow Management 2019-06-18 16:43:04 UTC
openSUSE-SU-2019:1573-1: An update that solves 16 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1118832,1119396,1126711,1126713,1126821,1126823,1126827,1127122,1128722,1128883,1128886,1128887,1128889,1128892,1129032,1132837,1132838,1134322
CVE References: CVE-2018-19935,CVE-2018-20783,CVE-2019-11034,CVE-2019-11035,CVE-2019-11036,CVE-2019-9020,CVE-2019-9021,CVE-2019-9022,CVE-2019-9023,CVE-2019-9024,CVE-2019-9637,CVE-2019-9638,CVE-2019-9639,CVE-2019-9640,CVE-2019-9641,CVE-2019-9675
Sources used:
openSUSE Leap 15.0 (src):    php7-7.2.5-lp150.2.19.1
Comment 24 Marcus Meissner 2019-07-16 06:07:48 UTC
done
Comment 27 OBSbugzilla Bot 2020-05-12 08:00:47 UTC
This is an autogenerated message for OBS integration:
This bug (1126821) was mentioned in
https://build.opensuse.org/request/show/802846 Factory / php7
Comment 28 OBSbugzilla Bot 2020-05-12 14:00:32 UTC
This is an autogenerated message for OBS integration:
This bug (1126821) was mentioned in
https://build.opensuse.org/request/show/802978 Factory / php7
Comment 29 OBSbugzilla Bot 2020-05-13 08:20:30 UTC
This is an autogenerated message for OBS integration:
This bug (1126821) was mentioned in
https://build.opensuse.org/request/show/804946 Factory / php7
Comment 31 OBSbugzilla Bot 2020-05-13 13:30:12 UTC
This is an autogenerated message for OBS integration:
This bug (1126821) was mentioned in
https://build.opensuse.org/request/show/805287 Factory / php7