Bugzilla – Bug 1159922
VUL-0: CVE-2019-11047: php5,php72,php7,php53: information disclosure in exif_read_data()
Last modified: 2020-04-29 13:46:11 UTC
rh#1786570 A vulnerability was found in PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. Reference: https://bugs.php.net/bug.php?id=78910 References: https://bugzilla.redhat.com/show_bug.cgi?id=1786570 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11047 http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11047.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11047 https://bugs.php.net/bug.php?id=78910
I cannot reproduce. $ valgrind -q php test.php --5039-- WARNING: Serious error when reading debug info --5039-- When reading debug info from /usr/lib64/php7/extensions/exif.so: --5039-- get_Form_contents: DW_FORM_GNU_strp_alt used, but no alternate .debug_str PHP Notice: exif_read_data(): Read from TIFF: tag(0x927C, MakerNote ): Illegal format code 0x2020, switching to BYTE in /159922/test.php on line 3 PHP Warning: exif_read_data(): Process tag(x927C=MakerNote ): Illegal format code 0x2020, suppose BYTE in /159922/test.php on line 3 PHP Warning: exif_read_data(): Process tag(x927C=MakerNote ): Illegal components(0) in /159922/test.php on line 3 PHP Warning: exif_read_data(): Invalid TIFF file in /159922/test.php on line 3 bool(false) $
Patch applies cleanly everywhere. Will submit for: 15/php7, 12/php72, 12/php7, 11sp3/php53, 11/php5 and 10sp3/php5.
(Testcase from the upstream bug.)
I have also submitted 7.3.13 version update into 15sp2.
Packages submitted. I believe all fixed.
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2020-01-22. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/64405
SUSE-SU-2020:0101-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1159922,1159923,1159924,1159927 CVE References: CVE-2019-11045,CVE-2019-11046,CVE-2019-11047,CVE-2019-11050 Sources used: SUSE Linux Enterprise Module for Web Scripting 15-SP1 (src): php7-7.2.5-4.49.1 SUSE Linux Enterprise Module for Web Scripting 15 (src): php7-7.2.5-4.49.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15 (src): php7-7.2.5-4.49.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): php7-7.2.5-4.49.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): php7-7.2.5-4.49.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2020:0080-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1159922,1159923,1159924,1159927 CVE References: CVE-2019-11045,CVE-2019-11046,CVE-2019-11047,CVE-2019-11050 Sources used: openSUSE Leap 15.1 (src): php7-7.2.5-lp151.6.19.2, php7-test-7.2.5-lp151.6.19.2
SUSE-SU-2020:0267-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1159922,1159923,1159924,1159927 CVE References: CVE-2019-11045,CVE-2019-11046,CVE-2019-11047,CVE-2019-11050 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): php72-7.2.5-1.32.1 SUSE Linux Enterprise Software Development Kit 12-SP4 (src): php72-7.2.5-1.32.1 SUSE Linux Enterprise Module for Web Scripting 12 (src): php72-7.2.5-1.32.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:0352-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1159922,1159923,1159924,1159927 CVE References: CVE-2019-11045,CVE-2019-11046,CVE-2019-11047,CVE-2019-11050 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): php7-7.0.7-50.91.1 SUSE Linux Enterprise Software Development Kit 12-SP4 (src): php7-7.0.7-50.91.1 SUSE Linux Enterprise Module for Web Scripting 12 (src): php7-7.0.7-50.91.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Submitted also for devel:languages:php:php56/php5. Submitted also for 12/php5.
SUSE-SU-2020:14289-1: An update that fixes 6 vulnerabilities is now available. Category: security (moderate) Bug References: 1159922,1159923,1159924,1159927,1161982,1162629 CVE References: CVE-2019-11045,CVE-2019-11046,CVE-2019-11047,CVE-2019-11050,CVE-2019-20433,CVE-2020-7059 Sources used: SUSE Linux Enterprise Server 11-SP4-LTSS (src): php53-5.3.17-112.79.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): php53-5.3.17-112.79.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): php53-5.3.17-112.79.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): php53-5.3.17-112.79.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:0522-1: An update that solves 9 vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1145095,1146360,1154999,1159922,1159923,1159924,1159927,1161982,1162629,1162632 CVE References: CVE-2019-11041,CVE-2019-11042,CVE-2019-11043,CVE-2019-11045,CVE-2019-11046,CVE-2019-11047,CVE-2019-11050,CVE-2020-7059,CVE-2020-7060 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP4 (src): php5-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web Scripting 12 (src): php5-5.5.14-109.68.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Done