Bug 1171999 (CVE-2019-11048) - VUL-0: CVE-2019-11048: php5,php72,php7,php53: supplying overly long filenames or field names if HTTP file uploads are allowed could lead to exhausting disk space on the server
Summary: VUL-0: CVE-2019-11048: php5,php72,php7,php53: supplying overly long filenames...
Status: RESOLVED FIXED
Alias: CVE-2019-11048
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Minor
Target Milestone: ---
Deadline: 2020-06-12
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/259708/
Whiteboard: CVSSv2:NVD:CVE-2019-11048:5.0:(AV:N/A...
Keywords:
Depends on:
Blocks:
 
Reported: 2020-05-22 12:46 UTC by Robert Frohl
Modified: 2020-07-07 16:25 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2020-05-22 12:46:57 UTC
CVE-2019-11048

In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below
7.4.6, when HTTP file uploads are allowed, supplying overly long filenames
or field names could lead PHP engine to try to allocate oversized memory
storage, hit the memory limit and stop processing the request, without
cleaning up temporary files created by upload request. This potentially
could lead to accumulation of uncleaned temporary files exhausting the disk
space on the target server.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11048
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11048.html
Comment 1 Robert Frohl 2020-05-22 12:47:45 UTC
upstream bugs:
https://bugs.php.net/bug.php?id=78875
https://bugs.php.net/bug.php?id=78876
Comment 2 Robert Frohl 2020-05-22 12:51:55 UTC
patch seems to be this one I believe:
http://git.php.net/?p=php-src.git;a=commit;h=8fd927768991df88df0c338b2b7c29e490392430
Comment 3 Robert Frohl 2020-05-22 12:54:47 UTC
(In reply to Robert Frohl from comment #2)
> patch seems to be this one I believe:
> http://git.php.net/?p=php-src.git;a=commit;
> h=8fd927768991df88df0c338b2b7c29e490392430

only half the truth I think, the second part of the patch seems to be:
https://git.php.net/?p=php-src.git;a=commitdiff;h=c71416cba2ad7b596233e3c0da117a90a2e78bbf
Comment 4 Petr Gajdos 2020-05-25 14:06:32 UTC
Will submit for: 15/php7, 12/php72, 12/php5, 11sp3/php53, 11/php5 and 10sp3/php5
Already part of: TW/php7, 15sp2/php7, 12/php74
Comment 5 Petr Gajdos 2020-05-25 14:18:48 UTC
Packages submitted, I believe all fixed.
Comment 7 Swamp Workflow Management 2020-05-29 13:28:55 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2020-06-12.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/64458
Comment 8 Swamp Workflow Management 2020-06-05 14:41:50 UTC
SUSE-SU-2020:1546-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1168326,1168352,1171999
CVE References: CVE-2019-11048,CVE-2020-7064,CVE-2020-7066
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    php72-7.2.5-1.46.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    php72-7.2.5-1.46.1
SUSE Linux Enterprise Module for Web Scripting 12 (src):    php72-7.2.5-1.46.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2020-06-05 14:43:25 UTC
SUSE-SU-2020:1545-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1171999
CVE References: CVE-2019-11048
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    php7-7.0.7-50.94.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    php7-7.0.7-50.94.1
SUSE Linux Enterprise Module for Web Scripting 12 (src):    php7-7.0.7-50.94.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Swamp Workflow Management 2020-06-18 13:55:55 UTC
SUSE-SU-2020:1661-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1171999
CVE References: CVE-2019-11048
Sources used:
SUSE Linux Enterprise Module for Web Scripting 15-SP1 (src):    php7-7.2.5-4.58.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Swamp Workflow Management 2020-06-22 22:18:28 UTC
openSUSE-SU-2020:0847-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1171999
CVE References: CVE-2019-11048
Sources used:
openSUSE Leap 15.1 (src):    php7-7.2.5-lp151.6.28.1, php7-test-7.2.5-lp151.6.28.1
Comment 12 Swamp Workflow Management 2020-06-23 16:13:25 UTC
SUSE-SU-2020:1714-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1168326,1168352,1171999
CVE References: CVE-2019-11048,CVE-2020-7064,CVE-2020-7066
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    php5-5.5.14-109.76.1
SUSE Linux Enterprise Module for Web Scripting 12 (src):    php5-5.5.14-109.76.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Alexandros Toptsoglou 2020-07-02 15:07:58 UTC
Done
Comment 14 Swamp Workflow Management 2020-07-07 16:25:52 UTC
SUSE-SU-2020:1661-2: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1171999
CVE References: CVE-2019-11048
Sources used:
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (src):    php7-7.2.5-4.58.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.