Bugzilla – Bug 1126821
VUL-0: CVE-2019-9024: php5,php7,php53: xmlrpc_decode() can allow a hostile XMLRPC server to read memory outside of allocated areas
Last modified: 2021-09-14 12:48:19 UTC
CVE-2019-9024 An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9024 https://bugs.php.net/bug.php?id=77380
All php versions in all codestream are affected: - SUSE:SLE-10-SP3:Update - SUSE:SLE-11:Update - SUSE:SLE-11-SP3:Update - SUSE:SLE-12:Update - SUSE:SLE-15:Update
BEFORE TW/php7 $ php -r '$a=xmlrpc_decode(base64_decode("PGJhc2U2ND7CkzwvYmFzZTY0Pgo="));' $ [no issues observed] 15/php7, 12/php7, 12/php5 ================================================================= ==7890==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7ffff19ff5f3 at pc 0x7ffff17e1f09 bp 0x7fffffffc0d0 sp 0x7fffffffc0c8 READ of size 1 at 0x7ffff19ff5f3 thread T0 #0 0x7ffff17e1f08 (/usr/lib64/php7/extensions/xmlrpc.so+0x10f08) #1 0x7ffff17e564e (/usr/lib64/php7/extensions/xmlrpc.so+0x1464e) #2 0x7ffff17e57bf (/usr/lib64/php7/extensions/xmlrpc.so+0x147bf) #3 0x7ffff17ecfa7 (/usr/lib64/php7/extensions/xmlrpc.so+0x1bfa7) #4 0x7ffff17dceee (/usr/lib64/php7/extensions/xmlrpc.so+0xbeee) #5 0x7ffff17dd7fb (/usr/lib64/php7/extensions/xmlrpc.so+0xc7fb) #6 0x5555561ce102 in execute_ex (/usr/bin/php+0xc7a102) #7 0x5555561f5e88 in zend_execute (/usr/bin/php+0xca1e88) #8 0x555555f3b817 in zend_eval_stringl (/usr/bin/php+0x9e7817) #9 0x555555f3be3a in zend_eval_stringl_ex (/usr/bin/php+0x9e7e3a) #10 0x555555f3beb6 in zend_eval_string_ex (/usr/bin/php+0x9e7eb6) #11 0x5555561fb0fa (/usr/bin/php+0xca70fa) #12 0x5555561fcbfb (/usr/bin/php+0xca8bfb) #13 0x7ffff5247f49 in __libc_start_main (/lib64/libc.so.6+0x20f49) #14 0x555555ac5839 in _start (/usr/bin/php+0x571839) 0x7ffff19ff5f3 is located 13 bytes to the left of global variable 'le_xmlrpc_server' defined in '/home/abuild/rpmbuild/BUILD/php-7.2.5/ext/xmlrpc/xmlrpc-epi-php.c:76:12' (0x7ffff19ff600) of size 4 0x7ffff19ff5f3 is located 43 bytes to the right of global variable 'str_mapping' defined in '/home/abuild/rpmbuild/BUILD/php-7.2.5/ext/xmlrpc/xmlrpc-epi-php.c:1197:21' (0x7ffff19ff560) of size 104 SUMMARY: AddressSanitizer: global-buffer-overflow (/usr/lib64/php7/extensions/xmlrpc.so+0x10f08) Shadow bytes around the buggy address: 0x10007e337e60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007e337e70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007e337e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007e337e90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007e337ea0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x10007e337eb0: 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9[f9]f9 0x10007e337ec0: 04 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 0x10007e337ed0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007e337ee0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007e337ef0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007e337f00: 00 00 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb [reproduces asan report] 11sp3/php53, 11/php5 $ valgrind -q php -r $a=xmlrpc_decode(base64_decode("PGJhc2U2ND7CkzwvYmFzZTY0Pgo=")); $ [no issue observed] PATCH http://git.php.net/?p=php-src.git;a=commit;h=1cc2182bcc81e185c14837e659d12b268cb99d63 Can be applied in 15/php7 trough 10sp3/php5 AFTER 15/php7 $ php -r '$a=xmlrpc_decode(base64_decode("PGJhc2U2ND7CkzwvYmFzZTY0Pgo="));' $ 12/php7, 12/php5 $ php -r '$a=xmlrpc_decode(base64_decode("PGJhc2U2ND7CkzwvYmFzZTY0Pgo="));' *** Error in `php': free(): invalid pointer: 0x000060040000ce30 *** ======= Backtrace: ========= /lib64/libc.so.6(+0x74c99)[0x7fdfab0afc99] /lib64/libc.so.6(+0x7a566)[0x7fdfab0b5566] /usr/lib64/php7/extensions/xmlrpc.so(+0x15e58)[0x7fdfaa3e4e58] /usr/lib64/php7/extensions/xmlrpc.so(+0x15ecd)[0x7fdfaa3e4ecd] /usr/lib64/php7/extensions/xmlrpc.so(+0x1a087)[0x7fdfaa3e9087] /usr/lib64/php7/extensions/xmlrpc.so(+0x9892)[0x7fdfaa3d8892] /usr/lib64/php7/extensions/xmlrpc.so(+0xa018)[0x7fdfaa3d9018] php(+0x73bde4)[0x561ba594ede4] php(execute_ex+0x42)[0x561ba58cbab7] php(zend_execute+0xd04)[0x561ba59fa1c0] php(zend_eval_stringl+0x6bc)[0x561ba57db5c2] php(zend_eval_stringl_ex+0x9)[0x561ba57db8fa] php(zend_eval_string_ex+0x79)[0x561ba57db9be] php(+0x7eab80)[0x561ba59fdb80] php(+0x7ec946)[0x561ba59ff946] /lib64/libc.so.6(__libc_start_main+0xf5)[0x7fdfab05ccb5] php(+0x19bca9)[0x561ba53aeca9] ======= Memory map: ======== 7fff7000-8fff7000 rw-p 00000000 00:00 0 8fff7000-2008fff7000 ---p 00000000 00:00 0 2008fff7000-10007fff8000 rw-p 00000000 00:00 0 561ba5213000-561ba5ce7000 r-xp 00000000 08:04 270784918 /usr/bin/php 561ba5ee6000-561ba5f79000 r--p 00ad3000 08:04 270784918 /usr/bin/php 561ba5f79000-561ba6037000 rw-p 00b66000 08:04 270784918 /usr/bin/php 561ba6037000-561ba6043000 rw-p 00000000 00:00 0 561ba61eb000-561ba620c000 rw-p 00000000 00:00 0 [heap] 600000000000-600400000000 ---p 00000000 00:00 0 600400000000-600400010000 rw-p 00000000 00:00 0 600400010000-600600000000 ---p 00000000 00:00 0 600600000000-600600020000 rw-p 00000000 00:00 0 600600020000-600800000000 ---p 00000000 00:00 0 600800000000-600800040000 rw-p 00000000 00:00 0 600800040000-600c00000000 ---p 00000000 00:00 0 600c00000000-600c00010000 rw-p 00000000 00:00 0 600c00010000-600e00000000 ---p 00000000 00:00 0 600e00000000-600e00010000 rw-p 00000000 00:00 0 600e00010000-601000000000 ---p 00000000 00:00 0 601000000000-601000050000 rw-p 00000000 00:00 0 601000050000-601600000000 ---p 00000000 00:00 0 601600000000-601600010000 rw-p 00000000 00:00 0 601600010000-601800000000 ---p 00000000 00:00 0 601800000000-601800010000 rw-p 00000000 00:00 0 601800010000-601c00000000 ---p 00000000 00:00 0 601c00000000-601c00010000 rw-p 00000000 00:00 0 601c00010000-601e00000000 ---p 00000000 00:00 0 601e00000000-601e00010000 rw-p 00000000 00:00 0 601e00010000-602000000000 ---p 00000000 00:00 0 602000000000-602000020000 rw-p 00000000 00:00 0 602000020000-602200000000 ---p 00000000 00:00 0 602200000000-602200020000 rw-p 00000000 00:00 0 602200020000-602400000000 ---p 00000000 00:00 0 602400000000-602400020000 rw-p 00000000 00:00 0 602400020000-602600000000 ---p 00000000 00:00 0 602600000000-602600020000 rw-p 00000000 00:00 0 602600020000-602e00000000 ---p 00000000 00:00 0 602e00000000-602e00020000 rw-p 00000000 00:00 0 602e00020000-603400000000 ---p 00000000 00:00 0 603400000000-603400030000 rw-p 00000000 00:00 0 603400030000-603600000000 ---p 00000000 00:00 0 603600000000-603600020000 rw-p 00000000 00:00 0 603600020000-603800000000 ---p 00000000 00:00 0 603800000000-603800020000 rw-p 00000000 00:00 0 603800020000-603c00000000 ---p 00000000 00:00 0 603c00000000-603c00020000 rw-p 00000000 00:00 0 603c00020000-603e00000000 ---p 00000000 00:00 0 603e00000000-603e00020000 rw-p 00000000 00:00 0 603e00020000-604200000000 ---p 00000000 00:00 0 604200000000-604200020000 rw-p 00000000 00:00 0 604200020000-604400000000 ---p 00000000 00:00 0 604400000000-604400020000 rw-p 00000000 00:00 0 604400020000-604600000000 ---p 00000000 00:00 0 604600000000-604600020000 rw-p 00000000 00:00 0 604600020000-604800000000 ---p 00000000 00:00 0 604800000000-604800020000 rw-p 00000000 00:00 0 604800020000-604c00000000 ---p 00000000 00:00 0 604c00000000-604c00020000 rw-p 00000000 00:00 0 604c00020000-605200000000 ---p 00000000 00:00 0 605200000000-605200020000 rw-p 00000000 00:00 0 605200020000-605400000000 ---p 00000000 00:00 0 605400000000-605400020000 rw-p 00000000 00:00 0 605400020000-606200000000 ---p 00000000 00:00 0 606200000000-606200020000 rw-p 00000000 00:00 0 606200020000-606400000000 ---p 00000000 00:00 0 606400000000-606400020000 rw-p 00000000 00:00 0 606400020000-607200000000 ---p 00000000 00:00 0 607200000000-607200020000 rw-p 00000000 00:00 0 607200020000-607400000000 ---p 00000000 00:00 0 607400000000-607400020000 rw-p 00000000 00:00 0 607400020000-608400000000 ---p 00000000 00:00 0 608400000000-608400010000 rw-p 00000000 00:00 0 608400010000-609200000000 ---p 00000000 00:00 0 609200000000-609200020000 rw-p 00000000 00:00 0 609200020000-609400000000 ---p 00000000 00:00 0 609400000000-609400030000 rw-p 00000000 00:00 0 609400030000-60a400000000 ---p 00000000 00:00 0 60a400000000-60a400030000 rw-p 00000000 00:00 0 60a400030000-610000000000 ---p 00000000 00:00 0 610000000000-610000005000 rw-p 00000000 00:00 0 7fdfaa1cc000-7fdfaa1ce000 r-xp 00000000 08:04 277690319 /usr/lib64/gconv/ISO8859-1.so 7fdfaa1ce000-7fdfaa3cd000 ---p 00002000 08:04 277690319 /usr/lib64/gconv/ISO8859-1.so 7fdfaa3cd000-7fdfaa3ce000 r--p 00001000 08:04 277690319 /usr/lib64/gconv/ISO8859-1.so 7fdfaa3ce000-7fdfaa3cf000 rw-p 00002000 08:04 277690319 /usr/lib64/gconv/ISO8859-1.so 7fdfaa3cf000-7fdfaa3fc000 r-xp 00000000 08:04 226166537 /usr/lib64/php7/extensions/xmlrpc.so 7fdfaa3fc000-7fdfaa5fb000 ---p 0002d000 08:04 226166537 /usr/lib64/php7/extensions/xmlrpc.so 7fdfaa5fb000-7fdfaa5fc000 r--p 0002c000 08:04 226166537 /usr/lib64/php7/extensions/xmlrpc.so 7fdfaa5fc000-7fdfaa600000 rw-p 0002d000 08:04 226166537 /usr/lib64/php7/extensions/xmlrpc.so 7fdfaa600000-7fdfaa800000 rw-p 00000000 00:00 0 7fdfaa9e0000-7fdfaaa05000 r-xp 00000000 08:04 136409888 /usr/lib64/liblzma.so.5.0.5 7fdfaaa05000-7fdfaac04000 ---p 00025000 08:04 136409888 /usr/lib64/liblzma.so.5.0.5 7fdfaac04000-7fdfaac05000 r--p 00024000 08:04 136409888 /usr/lib64/liblzma.so.5.0.5 7fdfaac05000-7fdfaac06000 rw-p 00025000 08:04 136409888 /usr/lib64/liblzma.so.5.0.5 7fdfaac06000-7fdfaac1d000 r-xp 00000000 08:04 277563543 /lib64/libgcc_s.so.1 7fdfaac1d000-7fdfaae1c000 ---p 00017000 08:04 277563543 /lib64/libgcc_s.so.1 7fdfaae1c000-7fdfaae1d000 r--p 00016000 08:04 277563543 /lib64/libgcc_s.so.1 7fdfaae1d000-7fdfaae1e000 rw-p 00017000 08:04 277563543 /lib64/libgcc_s.so.1 7fdfaae1e000-7fdfaae36000 r-xp 00000000 08:04 277390136 /lib64/libpthread-2.19.so 7fdfaae36000-7fdfab035000 ---p 00018000 08:04 277390136 /lib64/libpthread-2.19.so 7fdfab035000-7fdfab036000 r--p 00017000 08:04 277390136 /lib64/libpthread-2.19.so 7fdfab036000-7fdfab037000 rw-p 00018000 08:04 277390136 /lib64/libpthread-2.19.so 7fdfab037000-7fdfab03b000 rw-p 00000000 00:00 0 7fdfab03b000-7fdfab1db000 r-xp 00000000 08:04 277390108 /lib64/libc-2.19.so 7fdfab1db000-7fdfab3db000 ---p 001a0000 08:04 277390108 /lib64/libc-2.19.so 7fdfab3db000-7fdfab3df000 r--p 001a0000 08:04 277390108 /lib64/libc-2.19.so 7fdfab3df000-7fdfab3e1000 rw-p 001a4000 08:04 277390108 /lib64/libc-2.19.so 7fdfab3e1000-7fdfab3e5000 rw-p 00000000 00:00 0 7fdfab3e5000-7fdfab5ab000 r-xp 00000000 08:04 277563541 /lib64/libcrypto.so.1.0.0 7fdfab5ab000-7fdfab7ab000 ---p 001c6000 08:04 277563541 /lib64/libcrypto.so.1.0.0 7fdfab7ab000-7fdfab7c5000 r--p 001c6000 08:04 277563541 /lib64/libcrypto.so.1.0.0 7fdfab7c5000-7fdfab7d2000 rw-p 001e0000 08:04 277563541 /lib64/libcrypto.so.1.0.0 7fdfab7d2000-7fdfab7d6000 rw-p 00000000 00:00 0 7fdfab7d6000-7fdfab936000 r-xp 00000000 08:04 138407980 /usr/lib64/libxml2.so.2.9.1 7fdfab936000-7fdfabb35000 ---p 00160000 08:04 138407980 /usr/lib64/libxml2.so.2.9.1 7fdfabb35000-7fdfabb3d000 r--p 0015f000 08:04 138407980 /usr/lib64/libxml2.so.2.9.1 7fdfabb3d000-7fdfabb3f000 rw-p 00167000 08:04 138407980 /usr/lib64/libxml2.so.2.9.1 7fdfabb3f000-7fdfabb40000 rw-p 00000000 00:00 0 7fdfabb40000-7fdfabb55000 r-xp 00000000 08:04 277376636 /lib64/libz.so.1.2.8 7fdfabb55000-7fdfabd54000 ---p 00015000 08:04 277376636 /lib64/libz.so.1.2.8 7fdfabd54000-7fdfabd55000 r--p 00014000 08:04 277376636 /lib64/libz.so.1.2.8 7fdfabd55000-7fdfabd56000 rw-p 00015000 08:04 277376636 /lib64/libz.so.1.2.8 7fdfabd56000-7fdfabd58000 r-xp 00000000 08:04 277390114 /lib64/libdl-2.19.so 7fdfabd58000-7fdfabf58000 ---p 00002000 08:04 277390114 /lib64/libdl-2.19.so 7fdfabf58000-7fdfabf59000 r--p 00002000 08:04 277390114 /lib64/libdl-2.19.so 7fdfabf59000-7fdfabf5a000 rw-p 00003000 08:04 277390114 /lib64/libdl-2.19.so 7fdfabf5a000-7fdfac05a000 r-xp 00000000 08:04 277390116 /lib64/libm-2.19.so 7fdfac05a000-7fdfac259000 ---p 00100000 08:04 277390116 /lib64/libm-2.19.so 7fdfac259000-7fdfac25a000 r--p 000ff000 08:04 277390116 /lib64/libm-2.19.so 7fdfac25a000-7fdfac25b000 rw-p 00100000 08:04 277390116 /lib64/libm-2.19.so 7fdfac25b000-7fdfac2c9000 r-xp 00000000 08:04 136409890 /usr/lib64/libpcre.so.1.2.7 7fdfac2c9000-7fdfac4c8000 ---p 0006e000 08:04 136409890 /usr/lib64/libpcre.so.1.2.7 7fdfac4c8000-7fdfac4c9000 r--p 0006d000 08:04 136409890 /usr/lib64/libpcre.so.1.2.7 7fdfac4c9000-7fdfac4ca000 rw-p 0006e000 08:04 136409890 /usr/lib64/libpcre.so.1.2.7 7fdfac4ca000-7fdfac4de000 r-xp 00000000 08:04 277390138 /lib64/libresolv-2.19.so 7fdfac4de000-7fdfac6dd000 ---p 00014000 08:04 277390138 /lib64/libresolv-2.19.so 7fdfac6dd000-7fdfac6de000 r--p 00013000 08:04 277390138 /lib64/libresolv-2.19.so 7fdfac6de000-7fdfac6df000 rw-p 00014000 08:04 277390138 /lib64/libresolv-2.19.so 7fdfac6df000-7fdfac6e1000 rw-p 00000000 00:00 0 7fdfac6e1000-7fdfac6ed000 r-xp 00000000 08:04 277390112 /lib64/libcrypt-2.19.so 7fdfac6ed000-7fdfac8ec000 ---p 0000c000 08:04 277390112 /lib64/libcrypt-2.19.so 7fdfac8ec000-7fdfac8ed000 r--p 0000b000 08:04 277390112 /lib64/libcrypt-2.19.so 7fdfac8ed000-7fdfac8ee000 rw-p 0000c000 08:04 277390112 /lib64/libcrypt-2.19.so 7fdfac8ee000-7fdfac91c000 rw-p 00000000 00:00 0 7fdfac91c000-7fdfac945000 r-xp 00000000 08:04 142113487 /usr/lib64/libasan.so.0.0.0 7fdfac945000-7fdfacb44000 ---p 00029000 08:04 142113487 /usr/lib64/libasan.so.0.0.0 7fdfacb44000-7fdfacb45000 r--p 00028000 08:04 142113487 /usr/lib64/libasan.so.0.0.0 7fdfacb45000-7fdfacb46000 rw-p 00029000 08:04 142113487 /usr/lib64/libasan.so.0.0.0 7fdfacb46000-7fdfaf8ab000 rw-p 00000000 00:00 0 7fdfaf8ab000-7fdfaf8cc000 r-xp 00000000 08:04 277563528 /lib64/ld-2.19.so 7fdfaf9bc000-7fdfafa22000 rw-p 00000000 00:00 0 7fdfafa22000-7fdfafa29000 r--s 00000000 08:04 277695728 /usr/lib64/gconv/gconv-modules.cache 7fdfafa29000-7fdfafa68000 r--p 00000000 08:04 415728585 /usr/lib/locale/en_GB.utf8/LC_CTYPE 7fdfafa68000-7fdfafac2000 rw-p 00000000 00:00 0 7fdfafac2000-7fdfafacb000 rw-p 00000000 00:00 0 7fdfafacb000-7fdfafacc000 r--p 00020000 08:04 277563528 /lib64/ld-2.19.so 7fdfafacc000-7fdfafacd000 rw-p 00021000 08:04 277563528 /lib64/ld-2.19.so 7fdfafacd000-7fdfaface000 rw-p 00000000 00:00 0 7ffef6eb4000-7ffef6ed5000 rw-p 00000000 00:00 0 [stack] 7ffef6f55000-7ffef6f58000 r--p 00000000 00:00 0 [vvar] 7ffef6f58000-7ffef6f5a000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Aborted (core dumped) $ [the patch seem to be incomplete] 11sp3/php53, 11/php5 $ valgrind -q php -r $a=xmlrpc_decode(base64_decode("PGJhc2U2ND7CkzwvYmFzZTY0Pgo=")); $ [no issues observed]
Bailing out from base64_decode_xmlrpc() when negative input is encountered resolves the issue for me.
Will submit for: 15/php7, 15/php72, 12/php7, 12/php5, 11sp3/php53, 11/php5 and 10sp3/php5.
Will also submit into devel:languages:php:php56/php5.
(In reply to Petr Gajdos from comment #7) > Will also submit into devel:languages:php:php56/php5. Actually no: it is already fixed in 5.6.40.
I believe all fixed.
An update workflow for this issue was started. This issue was rated as low. Please submit fixed packages until 2019-04-10. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/64226
SUSE-SU-2019:14013-1: An update that fixes 11 vulnerabilities is now available. Category: security (moderate) Bug References: 1126711,1126713,1126821,1126823,1127122,1128722,1128883,1128886,1128887,1128889,1128892 CVE References: CVE-2018-20783,CVE-2019-9020,CVE-2019-9021,CVE-2019-9023,CVE-2019-9024,CVE-2019-9637,CVE-2019-9638,CVE-2019-9639,CVE-2019-9640,CVE-2019-9641,CVE-2019-9675 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): php53-5.3.17-112.58.1 SUSE Linux Enterprise Server 11-SP4 (src): php53-5.3.17-112.58.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): php53-5.3.17-112.58.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): php53-5.3.17-112.58.1 *** NOTE: This information is not intended to be used for external communication, because this may only be a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:0985-1: An update that fixes 6 vulnerabilities is now available. Category: security (moderate) Bug References: 1126711,1126713,1126821,1126823,1127122,1128722 CVE References: CVE-2018-20783,CVE-2019-9020,CVE-2019-9021,CVE-2019-9023,CVE-2019-9024,CVE-2019-9641 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP4 (src): php5-5.5.14-109.51.6 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): php5-5.5.14-109.51.6 SUSE Linux Enterprise Module for Web Scripting 12 (src): php5-5.5.14-109.51.6 *** NOTE: This information is not intended to be used for external communication, because this may only be a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:1256-1: An update that fixes 6 vulnerabilities is now available. Category: security (moderate) Bug References: 1126711,1126713,1126821,1126823,1127122,1128722 CVE References: CVE-2018-20783,CVE-2019-9020,CVE-2019-9021,CVE-2019-9023,CVE-2019-9024,CVE-2019-9641 Sources used: openSUSE Leap 42.3 (src): php5-5.5.14-115.1
openSUSE-SU-2019:1293-1: An update that solves 11 vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1126711,1126713,1126821,1126823,1127122,1128722,1128883,1128886,1128887,1128889,1128892,1129032 CVE References: CVE-2018-20783,CVE-2019-9020,CVE-2019-9021,CVE-2019-9023,CVE-2019-9024,CVE-2019-9637,CVE-2019-9638,CVE-2019-9639,CVE-2019-9640,CVE-2019-9641,CVE-2019-9675 Sources used: openSUSE Leap 42.3 (src): php7-7.0.7-58.1
SUSE-SU-2019:1461-1: An update that solves 16 vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1118832,1119396,1126711,1126713,1126821,1126823,1126827,1127122,1128722,1128883,1128886,1128887,1128889,1128892,1129032,1132837,1132838,1134322 CVE References: CVE-2018-19935,CVE-2018-20783,CVE-2019-11034,CVE-2019-11035,CVE-2019-11036,CVE-2019-9020,CVE-2019-9021,CVE-2019-9022,CVE-2019-9023,CVE-2019-9024,CVE-2019-9637,CVE-2019-9638,CVE-2019-9639,CVE-2019-9640,CVE-2019-9641,CVE-2019-9675 Sources used: SUSE Linux Enterprise Module for Web Scripting 15 (src): php7-7.2.5-4.32.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15 (src): php7-7.2.5-4.32.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): php7-7.2.5-4.32.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:1572-1: An update that solves 16 vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1118832,1119396,1126711,1126713,1126821,1126823,1126827,1127122,1128722,1128883,1128886,1128887,1128889,1128892,1129032,1132837,1132838,1134322 CVE References: CVE-2018-19935,CVE-2018-20783,CVE-2019-11034,CVE-2019-11035,CVE-2019-11036,CVE-2019-9020,CVE-2019-9021,CVE-2019-9022,CVE-2019-9023,CVE-2019-9024,CVE-2019-9637,CVE-2019-9638,CVE-2019-9639,CVE-2019-9640,CVE-2019-9641,CVE-2019-9675 Sources used: openSUSE Leap 15.1 (src): php7-7.2.5-lp151.6.3.1
openSUSE-SU-2019:1573-1: An update that solves 16 vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1118832,1119396,1126711,1126713,1126821,1126823,1126827,1127122,1128722,1128883,1128886,1128887,1128889,1128892,1129032,1132837,1132838,1134322 CVE References: CVE-2018-19935,CVE-2018-20783,CVE-2019-11034,CVE-2019-11035,CVE-2019-11036,CVE-2019-9020,CVE-2019-9021,CVE-2019-9022,CVE-2019-9023,CVE-2019-9024,CVE-2019-9637,CVE-2019-9638,CVE-2019-9639,CVE-2019-9640,CVE-2019-9641,CVE-2019-9675 Sources used: openSUSE Leap 15.0 (src): php7-7.2.5-lp150.2.19.1
done
This is an autogenerated message for OBS integration: This bug (1126821) was mentioned in https://build.opensuse.org/request/show/802846 Factory / php7
This is an autogenerated message for OBS integration: This bug (1126821) was mentioned in https://build.opensuse.org/request/show/802978 Factory / php7
This is an autogenerated message for OBS integration: This bug (1126821) was mentioned in https://build.opensuse.org/request/show/804946 Factory / php7
This is an autogenerated message for OBS integration: This bug (1126821) was mentioned in https://build.opensuse.org/request/show/805287 Factory / php7