Bugzilla – Bug 1128722
VUL-1: CVE-2019-9641: php5,php7,php53: Uninitialized read in exif_process_IFD_in_TIFF
Last modified: 2023-10-26 10:35:33 UTC
CVE-2019-9641 Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: The EXIF extension had multiple cases of invalid memory access and rename() was implemented insecurely. For the stable distribution (stretch), this problem has been fixed in version 7.0.33-0+deb9u3. We recommend that you upgrade your php7.0 packages. For the detailed security status of php7.0 please refer to its security tracker page at: \ https://security-tracker.debian.org/tracker/php7.0 References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9641 http://www.debian.org/security/2019/dsa-4403 https://bugs.php.net/bug.php?id=77509
$ cat test.php <?php file_put_contents(dirname(__FILE__).'\exif.jpg',hex2bin('49492A00FFFFFFFF')); exif_read_data(dirname(__FILE__).'\exif.jpg','ANY_TAG'); ?> $ USE_ZEND_ALLOC=0 ZEND_DONT_UNLOAD_MODULES=1 php test.php PHP Warning: exif_read_data(128722\exif.jpg): Error in TIFF: filesize(x0008) less than start of IFD dir(x0001) in /128722/test.php on line 2 PHP Warning: exif_read_data(128722\exif.jpg): Invalid TIFF file in /128722/test.php on line 2 $ valgrind does not report any relevant error for me.
PATCH https://gist.github.com/smalyshev/37b30041c1ca47225dd0993d1683097f
Will submit for: 15/php7, 12/php72, 12/php7, 12/php5, 11sp3/php53, 11/php5 and 10sp3/php5.
I believe all fixed.
An update workflow for this issue was started. This issue was rated as low. Please submit fixed packages until 2019-04-10. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/64226
SUSE-SU-2019:14013-1: An update that fixes 11 vulnerabilities is now available. Category: security (moderate) Bug References: 1126711,1126713,1126821,1126823,1127122,1128722,1128883,1128886,1128887,1128889,1128892 CVE References: CVE-2018-20783,CVE-2019-9020,CVE-2019-9021,CVE-2019-9023,CVE-2019-9024,CVE-2019-9637,CVE-2019-9638,CVE-2019-9639,CVE-2019-9640,CVE-2019-9641,CVE-2019-9675 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): php53-5.3.17-112.58.1 SUSE Linux Enterprise Server 11-SP4 (src): php53-5.3.17-112.58.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): php53-5.3.17-112.58.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): php53-5.3.17-112.58.1 *** NOTE: This information is not intended to be used for external communication, because this may only be a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:0985-1: An update that fixes 6 vulnerabilities is now available. Category: security (moderate) Bug References: 1126711,1126713,1126821,1126823,1127122,1128722 CVE References: CVE-2018-20783,CVE-2019-9020,CVE-2019-9021,CVE-2019-9023,CVE-2019-9024,CVE-2019-9641 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP4 (src): php5-5.5.14-109.51.6 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): php5-5.5.14-109.51.6 SUSE Linux Enterprise Module for Web Scripting 12 (src): php5-5.5.14-109.51.6 *** NOTE: This information is not intended to be used for external communication, because this may only be a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:1256-1: An update that fixes 6 vulnerabilities is now available. Category: security (moderate) Bug References: 1126711,1126713,1126821,1126823,1127122,1128722 CVE References: CVE-2018-20783,CVE-2019-9020,CVE-2019-9021,CVE-2019-9023,CVE-2019-9024,CVE-2019-9641 Sources used: openSUSE Leap 42.3 (src): php5-5.5.14-115.1
openSUSE-SU-2019:1293-1: An update that solves 11 vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1126711,1126713,1126821,1126823,1127122,1128722,1128883,1128886,1128887,1128889,1128892,1129032 CVE References: CVE-2018-20783,CVE-2019-9020,CVE-2019-9021,CVE-2019-9023,CVE-2019-9024,CVE-2019-9637,CVE-2019-9638,CVE-2019-9639,CVE-2019-9640,CVE-2019-9641,CVE-2019-9675 Sources used: openSUSE Leap 42.3 (src): php7-7.0.7-58.1
SUSE-SU-2019:1461-1: An update that solves 16 vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1118832,1119396,1126711,1126713,1126821,1126823,1126827,1127122,1128722,1128883,1128886,1128887,1128889,1128892,1129032,1132837,1132838,1134322 CVE References: CVE-2018-19935,CVE-2018-20783,CVE-2019-11034,CVE-2019-11035,CVE-2019-11036,CVE-2019-9020,CVE-2019-9021,CVE-2019-9022,CVE-2019-9023,CVE-2019-9024,CVE-2019-9637,CVE-2019-9638,CVE-2019-9639,CVE-2019-9640,CVE-2019-9641,CVE-2019-9675 Sources used: SUSE Linux Enterprise Module for Web Scripting 15 (src): php7-7.2.5-4.32.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15 (src): php7-7.2.5-4.32.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): php7-7.2.5-4.32.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:1572-1: An update that solves 16 vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1118832,1119396,1126711,1126713,1126821,1126823,1126827,1127122,1128722,1128883,1128886,1128887,1128889,1128892,1129032,1132837,1132838,1134322 CVE References: CVE-2018-19935,CVE-2018-20783,CVE-2019-11034,CVE-2019-11035,CVE-2019-11036,CVE-2019-9020,CVE-2019-9021,CVE-2019-9022,CVE-2019-9023,CVE-2019-9024,CVE-2019-9637,CVE-2019-9638,CVE-2019-9639,CVE-2019-9640,CVE-2019-9641,CVE-2019-9675 Sources used: openSUSE Leap 15.1 (src): php7-7.2.5-lp151.6.3.1
openSUSE-SU-2019:1573-1: An update that solves 16 vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1118832,1119396,1126711,1126713,1126821,1126823,1126827,1127122,1128722,1128883,1128886,1128887,1128889,1128892,1129032,1132837,1132838,1134322 CVE References: CVE-2018-19935,CVE-2018-20783,CVE-2019-11034,CVE-2019-11035,CVE-2019-11036,CVE-2019-9020,CVE-2019-9021,CVE-2019-9022,CVE-2019-9023,CVE-2019-9024,CVE-2019-9637,CVE-2019-9638,CVE-2019-9639,CVE-2019-9640,CVE-2019-9641,CVE-2019-9675 Sources used: openSUSE Leap 15.0 (src): php7-7.2.5-lp150.2.19.1
This is an autogenerated message for OBS integration: This bug (1128722) was mentioned in https://build.opensuse.org/request/show/802846 Factory / php7
This is an autogenerated message for OBS integration: This bug (1128722) was mentioned in https://build.opensuse.org/request/show/802978 Factory / php7
This is an autogenerated message for OBS integration: This bug (1128722) was mentioned in https://build.opensuse.org/request/show/804946 Factory / php7
Done
This is an autogenerated message for OBS integration: This bug (1128722) was mentioned in https://build.opensuse.org/request/show/1120490 Backports:SLE-15-SP5 / php81