Security update for php7 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:0080-1 Final 1 1 2020-01-20T09:15:29Z current 2020-01-20T09:15:29Z 2020-01-20T09:15:29Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for php7 This update for php7 fixes the following issues: - CVE-2019-11045: Fixed an issue with improper input validation in the filename handling of the DirectoryIterator class (bsc#1159923). - CVE-2019-11046: Fixed an information leak in bc_shift_addsub() (bsc#1159924). - CVE-2019-11047, CVE-2019-11050: Fixed multiple information leaks in exif_read_data() (bsc#1159922, bsc#1159927). This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-80 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AJ75XT7HO4E46GU3GJ7IVL7DJR3SYG2A/ E-Mail link for openSUSE-SU-2020:0080-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1159922 SUSE Bug 1159922 https://bugzilla.suse.com/1159923 SUSE Bug 1159923 https://bugzilla.suse.com/1159924 SUSE Bug 1159924 https://bugzilla.suse.com/1159927 SUSE Bug 1159927 https://www.suse.com/security/cve/CVE-2019-11045/ SUSE CVE CVE-2019-11045 page https://www.suse.com/security/cve/CVE-2019-11046/ SUSE CVE CVE-2019-11046 page https://www.suse.com/security/cve/CVE-2019-11047/ SUSE CVE CVE-2019-11047 page https://www.suse.com/security/cve/CVE-2019-11050/ SUSE CVE CVE-2019-11050 page openSUSE Leap 15.1 apache2-mod_php7-7.2.5-lp151.6.19.2 php7-7.2.5-lp151.6.19.2 php7-bcmath-7.2.5-lp151.6.19.2 php7-bz2-7.2.5-lp151.6.19.2 php7-calendar-7.2.5-lp151.6.19.2 php7-ctype-7.2.5-lp151.6.19.2 php7-curl-7.2.5-lp151.6.19.2 php7-dba-7.2.5-lp151.6.19.2 php7-devel-7.2.5-lp151.6.19.2 php7-dom-7.2.5-lp151.6.19.2 php7-embed-7.2.5-lp151.6.19.2 php7-enchant-7.2.5-lp151.6.19.2 php7-exif-7.2.5-lp151.6.19.2 php7-fastcgi-7.2.5-lp151.6.19.2 php7-fileinfo-7.2.5-lp151.6.19.2 php7-firebird-7.2.5-lp151.6.19.2 php7-fpm-7.2.5-lp151.6.19.2 php7-ftp-7.2.5-lp151.6.19.2 php7-gd-7.2.5-lp151.6.19.2 php7-gettext-7.2.5-lp151.6.19.2 php7-gmp-7.2.5-lp151.6.19.2 php7-iconv-7.2.5-lp151.6.19.2 php7-intl-7.2.5-lp151.6.19.2 php7-json-7.2.5-lp151.6.19.2 php7-ldap-7.2.5-lp151.6.19.2 php7-mbstring-7.2.5-lp151.6.19.2 php7-mysql-7.2.5-lp151.6.19.2 php7-odbc-7.2.5-lp151.6.19.2 php7-opcache-7.2.5-lp151.6.19.2 php7-openssl-7.2.5-lp151.6.19.2 php7-pcntl-7.2.5-lp151.6.19.2 php7-pdo-7.2.5-lp151.6.19.2 php7-pear-7.2.5-lp151.6.19.2 php7-pear-Archive_Tar-7.2.5-lp151.6.19.2 php7-pgsql-7.2.5-lp151.6.19.2 php7-phar-7.2.5-lp151.6.19.2 php7-posix-7.2.5-lp151.6.19.2 php7-readline-7.2.5-lp151.6.19.2 php7-shmop-7.2.5-lp151.6.19.2 php7-snmp-7.2.5-lp151.6.19.2 php7-soap-7.2.5-lp151.6.19.2 php7-sockets-7.2.5-lp151.6.19.2 php7-sodium-7.2.5-lp151.6.19.2 php7-sqlite-7.2.5-lp151.6.19.2 php7-sysvmsg-7.2.5-lp151.6.19.2 php7-sysvsem-7.2.5-lp151.6.19.2 php7-sysvshm-7.2.5-lp151.6.19.2 php7-test-7.2.5-lp151.6.19.2 php7-tidy-7.2.5-lp151.6.19.2 php7-tokenizer-7.2.5-lp151.6.19.2 php7-wddx-7.2.5-lp151.6.19.2 php7-xmlreader-7.2.5-lp151.6.19.2 php7-xmlrpc-7.2.5-lp151.6.19.2 php7-xmlwriter-7.2.5-lp151.6.19.2 php7-xsl-7.2.5-lp151.6.19.2 php7-zip-7.2.5-lp151.6.19.2 php7-zlib-7.2.5-lp151.6.19.2 apache2-mod_php7-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-bcmath-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-bz2-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-calendar-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-ctype-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-curl-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-dba-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-devel-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-dom-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-embed-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-enchant-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-exif-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-fastcgi-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-fileinfo-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-firebird-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-fpm-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-ftp-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-gd-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-gettext-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-gmp-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-iconv-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-intl-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-json-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-ldap-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-mbstring-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-mysql-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-odbc-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-opcache-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-openssl-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-pcntl-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-pdo-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-pear-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-pear-Archive_Tar-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-pgsql-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-phar-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-posix-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-readline-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-shmop-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-snmp-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-soap-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-sockets-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-sodium-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-sqlite-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-sysvmsg-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-sysvsem-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-sysvshm-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-test-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-tidy-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-tokenizer-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-wddx-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-xmlreader-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-xmlrpc-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-xmlwriter-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-xsl-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-zip-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 php7-zlib-7.2.5-lp151.6.19.2 as a component of openSUSE Leap 15.1 In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access. CVE-2019-11045 openSUSE Leap 15.1:apache2-mod_php7-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-bcmath-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-bz2-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-calendar-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-ctype-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-curl-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-dba-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-devel-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-dom-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-embed-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-enchant-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-exif-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-fastcgi-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-fileinfo-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-firebird-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-fpm-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-ftp-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-gd-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-gettext-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-gmp-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-iconv-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-intl-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-json-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-ldap-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-mbstring-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-mysql-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-odbc-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-opcache-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-openssl-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-pcntl-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-pdo-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-pear-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-pear-Archive_Tar-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-pgsql-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-phar-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-posix-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-readline-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-shmop-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-snmp-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-soap-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-sockets-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-sodium-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-sqlite-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-sysvmsg-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-sysvsem-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-sysvshm-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-test-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-tidy-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-tokenizer-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-wddx-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-xmlreader-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-xmlrpc-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-xmlwriter-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-xsl-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-zip-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-zlib-7.2.5-lp151.6.19.2 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AJ75XT7HO4E46GU3GJ7IVL7DJR3SYG2A/ https://www.suse.com/security/cve/CVE-2019-11045.html CVE-2019-11045 https://bugzilla.suse.com/1159923 SUSE Bug 1159923 In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations. CVE-2019-11046 openSUSE Leap 15.1:apache2-mod_php7-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-bcmath-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-bz2-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-calendar-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-ctype-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-curl-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-dba-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-devel-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-dom-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-embed-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-enchant-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-exif-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-fastcgi-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-fileinfo-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-firebird-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-fpm-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-ftp-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-gd-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-gettext-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-gmp-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-iconv-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-intl-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-json-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-ldap-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-mbstring-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-mysql-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-odbc-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-opcache-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-openssl-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-pcntl-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-pdo-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-pear-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-pear-Archive_Tar-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-pgsql-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-phar-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-posix-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-readline-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-shmop-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-snmp-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-soap-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-sockets-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-sodium-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-sqlite-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-sysvmsg-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-sysvsem-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-sysvshm-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-test-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-tidy-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-tokenizer-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-wddx-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-xmlreader-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-xmlrpc-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-xmlwriter-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-xsl-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-zip-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-zlib-7.2.5-lp151.6.19.2 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AJ75XT7HO4E46GU3GJ7IVL7DJR3SYG2A/ https://www.suse.com/security/cve/CVE-2019-11046.html CVE-2019-11046 https://bugzilla.suse.com/1159924 SUSE Bug 1159924 When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. CVE-2019-11047 openSUSE Leap 15.1:apache2-mod_php7-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-bcmath-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-bz2-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-calendar-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-ctype-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-curl-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-dba-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-devel-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-dom-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-embed-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-enchant-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-exif-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-fastcgi-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-fileinfo-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-firebird-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-fpm-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-ftp-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-gd-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-gettext-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-gmp-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-iconv-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-intl-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-json-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-ldap-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-mbstring-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-mysql-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-odbc-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-opcache-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-openssl-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-pcntl-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-pdo-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-pear-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-pear-Archive_Tar-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-pgsql-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-phar-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-posix-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-readline-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-shmop-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-snmp-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-soap-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-sockets-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-sodium-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-sqlite-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-sysvmsg-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-sysvsem-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-sysvshm-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-test-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-tidy-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-tokenizer-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-wddx-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-xmlreader-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-xmlrpc-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-xmlwriter-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-xsl-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-zip-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-zlib-7.2.5-lp151.6.19.2 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AJ75XT7HO4E46GU3GJ7IVL7DJR3SYG2A/ https://www.suse.com/security/cve/CVE-2019-11047.html CVE-2019-11047 https://bugzilla.suse.com/1159922 SUSE Bug 1159922 When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. CVE-2019-11050 openSUSE Leap 15.1:apache2-mod_php7-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-bcmath-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-bz2-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-calendar-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-ctype-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-curl-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-dba-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-devel-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-dom-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-embed-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-enchant-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-exif-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-fastcgi-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-fileinfo-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-firebird-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-fpm-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-ftp-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-gd-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-gettext-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-gmp-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-iconv-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-intl-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-json-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-ldap-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-mbstring-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-mysql-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-odbc-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-opcache-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-openssl-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-pcntl-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-pdo-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-pear-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-pear-Archive_Tar-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-pgsql-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-phar-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-posix-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-readline-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-shmop-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-snmp-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-soap-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-sockets-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-sodium-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-sqlite-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-sysvmsg-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-sysvsem-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-sysvshm-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-test-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-tidy-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-tokenizer-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-wddx-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-xmlreader-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-xmlrpc-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-xmlwriter-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-xsl-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-zip-7.2.5-lp151.6.19.2 openSUSE Leap 15.1:php7-zlib-7.2.5-lp151.6.19.2 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AJ75XT7HO4E46GU3GJ7IVL7DJR3SYG2A/ https://www.suse.com/security/cve/CVE-2019-11050.html CVE-2019-11050 https://bugzilla.suse.com/1159927 SUSE Bug 1159927