Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux SE 1.5
Astra Linux SE 1.6
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:com.altx-soft.nix:def:102419
[Rus]
Version
4
Class
patch
ALTXid
285291
Language
English
Severity
Medium
Title
openSUSE-SU-2019:1573-1 -- Security update for php7
Description
This update for php7 fixes the security issues.
Family
unix
Platform
openSUSE Leap 15.0
Product
php7
Reference
VENDOR: openSUSE-SU-2019:1573-1
VENDOR: openSUSE-SU-2019:1573-1
Id:
openSUSE-SU-2019:1573-1
Reference:
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html
CVE: CVE-2018-19935
CVE: CVE-2018-19935
Id:
CVE-2018-19935
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19935
Comment
: ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
7.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://bugs.php.net/bug.php?id=77020 (MISC)
106143 (BID)
DSA-4353 (DEBIAN)
[debian-lts-announce] 20181217 [SECURITY] [DLA 1608-1] php5 security update (MLIST)
https://security.netapp.com/advisory/ntap-20181221-0003/ (CONFIRM)
openSUSE-SU-2019:1572 (SUSE)
openSUSE-SU-2019:1573 (SUSE)
CVE: CVE-2018-20783
CVE: CVE-2018-20783
Id:
CVE-2018-20783
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20783
Comment
: In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in ext/phar/phar.c.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSSv3 Score:
7.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE:
125 (Out-of-bounds Read)
References:
https://bugs.php.net/bug.php?id=77143 (MISC)
http://php.net/ChangeLog-7.php (MISC)
http://php.net/ChangeLog-5.php (MISC)
openSUSE-SU-2019:1256 (SUSE)
openSUSE-SU-2019:1293 (SUSE)
USN-3566-2 (UBUNTU)
openSUSE-SU-2019:1572 (SUSE)
openSUSE-SU-2019:1573 (SUSE)
RHSA-2019:2519 (REDHAT)
RHSA-2019:3299 (REDHAT)
CVE: CVE-2019-11034
CVE: CVE-2019-11034
Id:
CVE-2019-11034
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11034
Comment
: When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
CVSSv2 Score:
6.4
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSSv3 Score:
9.1
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://bugs.php.net/bug.php?id=77753 (MISC)
USN-3953-1 (UBUNTU)
USN-3953-2 (UBUNTU)
https://security.netapp.com/advisory/ntap-20190502-0001/ (CONFIRM)
https://support.f5.com/csp/article/K44590877 (CONFIRM)
[debian-lts-announce] 20190525 [SECURITY] [DLA 1803-1] php5 security update (MLIST)
openSUSE-SU-2019:1503 (SUSE)
openSUSE-SU-2019:1501 (SUSE)
openSUSE-SU-2019:1572 (SUSE)
openSUSE-SU-2019:1573 (SUSE)
RHSA-2019:2519 (REDHAT)
20190923 [SECURITY] [DSA 4529-1] php7.0 security update (BUGTRAQ)
DSA-4529 (DEBIAN)
RHSA-2019:3299 (REDHAT)
CVE: CVE-2019-11035
CVE: CVE-2019-11035
Id:
CVE-2019-11035
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11035
Comment
: When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.
CVSSv2 Score:
6.4
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSSv3 Score:
9.1
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://bugs.php.net/bug.php?id=77831 (MISC)
USN-3953-1 (UBUNTU)
USN-3953-2 (UBUNTU)
https://security.netapp.com/advisory/ntap-20190502-0001/ (CONFIRM)
https://support.f5.com/csp/article/K44590877 (CONFIRM)
[debian-lts-announce] 20190525 [SECURITY] [DLA 1803-1] php5 security update (MLIST)
openSUSE-SU-2019:1503 (SUSE)
openSUSE-SU-2019:1501 (SUSE)
openSUSE-SU-2019:1572 (SUSE)
openSUSE-SU-2019:1573 (SUSE)
RHSA-2019:2519 (REDHAT)
20190923 [SECURITY] [DSA 4529-1] php7.0 security update (BUGTRAQ)
DSA-4529 (DEBIAN)
RHSA-2019:3299 (REDHAT)
CVE: CVE-2019-11036
CVE: CVE-2019-11036
Id:
CVE-2019-11036
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11036
Comment
: When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
CVSSv2 Score:
6.4
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSSv3 Score:
9.1
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://bugs.php.net/bug.php?id=77950 (MISC)
108177 (BID)
https://security.netapp.com/advisory/ntap-20190517-0003/ (CONFIRM)
USN-3566-2 (UBUNTU)
[debian-lts-announce] 20190525 [SECURITY] [DLA 1803-1] php5 security update (MLIST)
openSUSE-SU-2019:1503 (SUSE)
openSUSE-SU-2019:1501 (SUSE)
USN-4009-1 (UBUNTU)
openSUSE-SU-2019:1572 (SUSE)
openSUSE-SU-2019:1573 (SUSE)
RHSA-2019:2519 (REDHAT)
20190920 [SECURITY] [DSA 4527-1] php7.3 security update (BUGTRAQ)
DSA-4527 (DEBIAN)
20190923 [SECURITY] [DSA 4529-1] php7.0 security update (BUGTRAQ)
DSA-4529 (DEBIAN)
RHSA-2019:3299 (REDHAT)
FEDORA-2019-6350c4e21a ()
FEDORA-2019-6e325234a4 ()
FEDORA-2019-bab3944fee ()
CVE: CVE-2019-9020
CVE: CVE-2019-9020
Id:
CVE-2019-9020
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9020
Comment
: An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
9.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://bugs.php.net/bug.php?id=77249 (MISC)
https://bugs.php.net/bug.php?id=77242 (MISC)
107156 (BID)
DSA-4398 (DEBIAN)
USN-3902-1 (UBUNTU)
USN-3902-2 (UBUNTU)
https://security.netapp.com/advisory/ntap-20190321-0001/ (CONFIRM)
openSUSE-SU-2019:1256 (SUSE)
openSUSE-SU-2019:1293 (SUSE)
openSUSE-SU-2019:1572 (SUSE)
openSUSE-SU-2019:1573 (SUSE)
RHSA-2019:2519 (REDHAT)
RHSA-2019:3299 (REDHAT)
CVE: CVE-2019-9021
CVE: CVE-2019-9021
Id:
CVE-2019-9021
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9021
Comment
: An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
9.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://bugs.php.net/bug.php?id=77247 (MISC)
107156 (BID)
106747 (BID)
DSA-4398 (DEBIAN)
USN-3902-1 (UBUNTU)
USN-3902-2 (UBUNTU)
https://security.netapp.com/advisory/ntap-20190321-0001/ (CONFIRM)
openSUSE-SU-2019:1256 (SUSE)
openSUSE-SU-2019:1293 (SUSE)
openSUSE-SU-2019:1572 (SUSE)
openSUSE-SU-2019:1573 (SUSE)
RHSA-2019:2519 (REDHAT)
RHSA-2019:3299 (REDHAT)
CVE: CVE-2019-9022
CVE: CVE-2019-9022
Id:
CVE-2019-9022
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9022
Comment
: An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSSv3 Score:
7.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE:
125 (Out-of-bounds Read)
References:
https://bugs.php.net/bug.php?id=77369 (MISC)
DSA-4398 (DEBIAN)
USN-3902-1 (UBUNTU)
https://security.netapp.com/advisory/ntap-20190321-0001/ (CONFIRM)
[debian-lts-announce] 20190331 [SECURITY] [DLA 1741-1] php5 security update (MLIST)
USN-3922-2 (UBUNTU)
USN-3922-3 (UBUNTU)
openSUSE-SU-2019:1572 (SUSE)
openSUSE-SU-2019:1573 (SUSE)
RHSA-2019:2519 (REDHAT)
RHSA-2019:3299 (REDHAT)
https://www.tenable.com/security/tns-2019-07 (CONFIRM)
CVE: CVE-2019-9023
CVE: CVE-2019-9023
Id:
CVE-2019-9023
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9023
Comment
: An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
9.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://bugs.php.net/bug.php?id=77418 (MISC)
https://bugs.php.net/bug.php?id=77394 (MISC)
https://bugs.php.net/bug.php?id=77385 (MISC)
https://bugs.php.net/bug.php?id=77382 (MISC)
https://bugs.php.net/bug.php?id=77381 (MISC)
https://bugs.php.net/bug.php?id=77371 (MISC)
https://bugs.php.net/bug.php?id=77370 (MISC)
107156 (BID)
DSA-4398 (DEBIAN)
USN-3902-1 (UBUNTU)
USN-3902-2 (UBUNTU)
https://security.netapp.com/advisory/ntap-20190321-0001/ (CONFIRM)
https://support.f5.com/csp/article/K06372014 (CONFIRM)
openSUSE-SU-2019:1256 (SUSE)
openSUSE-SU-2019:1293 (SUSE)
openSUSE-SU-2019:1572 (SUSE)
openSUSE-SU-2019:1573 (SUSE)
RHSA-2019:2519 (REDHAT)
RHSA-2019:3299 (REDHAT)
CVE: CVE-2019-9024
CVE: CVE-2019-9024
Id:
CVE-2019-9024
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9024
Comment
: An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSSv3 Score:
7.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE:
125 (Out-of-bounds Read)
References:
https://bugs.php.net/bug.php?id=77380 (MISC)
107156 (BID)
DSA-4398 (DEBIAN)
USN-3902-1 (UBUNTU)
USN-3902-2 (UBUNTU)
https://security.netapp.com/advisory/ntap-20190321-0001/ (CONFIRM)
openSUSE-SU-2019:1256 (SUSE)
openSUSE-SU-2019:1293 (SUSE)
openSUSE-SU-2019:1572 (SUSE)
openSUSE-SU-2019:1573 (SUSE)
RHSA-2019:2519 (REDHAT)
RHSA-2019:3299 (REDHAT)
CVE: CVE-2019-9637
CVE: CVE-2019-9637
Id:
CVE-2019-9637
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9637
Comment
: An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSSv3 Score:
7.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
https://bugs.php.net/bug.php?id=77630 (MISC)
DSA-4403 (DEBIAN)
USN-3922-1 (UBUNTU)
https://support.f5.com/csp/article/K53825211 (CONFIRM)
[debian-lts-announce] 20190331 [SECURITY] [DLA 1741-1] php5 security update (MLIST)
USN-3922-2 (UBUNTU)
USN-3922-3 (UBUNTU)
openSUSE-SU-2019:1293 (SUSE)
https://security.netapp.com/advisory/ntap-20190502-0007/ (CONFIRM)
openSUSE-SU-2019:1503 (SUSE)
openSUSE-SU-2019:1572 (SUSE)
openSUSE-SU-2019:1573 (SUSE)
RHSA-2019:2519 (REDHAT)
RHSA-2019:3299 (REDHAT)
https://www.tenable.com/security/tns-2019-07 (CONFIRM)
CVE: CVE-2019-9638
CVE: CVE-2019-9638
Id:
CVE-2019-9638
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9638
Comment
: An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSSv3 Score:
7.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE:
125 (Out-of-bounds Read)
References:
https://bugs.php.net/bug.php?id=77563 (MISC)
DSA-4403 (DEBIAN)
USN-3922-1 (UBUNTU)
[debian-lts-announce] 20190331 [SECURITY] [DLA 1741-1] php5 security update (MLIST)
USN-3922-2 (UBUNTU)
USN-3922-3 (UBUNTU)
openSUSE-SU-2019:1293 (SUSE)
https://security.netapp.com/advisory/ntap-20190502-0007/ (CONFIRM)
openSUSE-SU-2019:1503 (SUSE)
openSUSE-SU-2019:1572 (SUSE)
openSUSE-SU-2019:1573 (SUSE)
RHSA-2019:2519 (REDHAT)
RHSA-2019:3299 (REDHAT)
CVE: CVE-2019-9639
CVE: CVE-2019-9639
Id:
CVE-2019-9639
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9639
Comment
: An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSSv3 Score:
7.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE:
908 ()
References:
https://bugs.php.net/bug.php?id=77659 (MISC)
DSA-4403 (DEBIAN)
USN-3922-1 (UBUNTU)
[debian-lts-announce] 20190331 [SECURITY] [DLA 1741-1] php5 security update (MLIST)
USN-3922-2 (UBUNTU)
USN-3922-3 (UBUNTU)
openSUSE-SU-2019:1293 (SUSE)
https://security.netapp.com/advisory/ntap-20190502-0007/ (CONFIRM)
openSUSE-SU-2019:1503 (SUSE)
openSUSE-SU-2019:1572 (SUSE)
openSUSE-SU-2019:1573 (SUSE)
RHSA-2019:2519 (REDHAT)
RHSA-2019:3299 (REDHAT)
CVE: CVE-2019-9640
CVE: CVE-2019-9640
Id:
CVE-2019-9640
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9640
Comment
: An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSSv3 Score:
7.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE:
125 (Out-of-bounds Read)
References:
https://bugs.php.net/bug.php?id=77540 (MISC)
DSA-4403 (DEBIAN)
USN-3922-1 (UBUNTU)
[debian-lts-announce] 20190331 [SECURITY] [DLA 1741-1] php5 security update (MLIST)
USN-3922-2 (UBUNTU)
USN-3922-3 (UBUNTU)
openSUSE-SU-2019:1293 (SUSE)
https://security.netapp.com/advisory/ntap-20190502-0007/ (CONFIRM)
openSUSE-SU-2019:1503 (SUSE)
openSUSE-SU-2019:1572 (SUSE)
openSUSE-SU-2019:1573 (SUSE)
RHSA-2019:2519 (REDHAT)
RHSA-2019:3299 (REDHAT)
CVE: CVE-2019-9641
CVE: CVE-2019-9641
Id:
CVE-2019-9641
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9641
Comment
: An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
9.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE:
908 ()
References:
https://bugs.php.net/bug.php?id=77509 (MISC)
DSA-4403 (DEBIAN)
USN-3922-1 (UBUNTU)
[debian-lts-announce] 20190331 [SECURITY] [DLA 1741-1] php5 security update (MLIST)
USN-3922-2 (UBUNTU)
openSUSE-SU-2019:1256 (SUSE)
USN-3922-3 (UBUNTU)
openSUSE-SU-2019:1293 (SUSE)
https://security.netapp.com/advisory/ntap-20190502-0007/ (CONFIRM)
openSUSE-SU-2019:1572 (SUSE)
openSUSE-SU-2019:1573 (SUSE)
CVE: CVE-2019-9675
CVE: CVE-2019-9675
Id:
CVE-2019-9675
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9675
Comment
: An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: "This issue allows theoretical compromise of security, but a practical attack is usually impossible.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.1
Attack vector:
NETWORK
Attack complexity:
HIGH
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://bugs.php.net/bug.php?id=77586 (MISC)
http://php.net/ChangeLog-7.php (MISC)
USN-3922-2 (UBUNTU)
USN-3922-3 (UBUNTU)
openSUSE-SU-2019:1293 (SUSE)
openSUSE-SU-2019:1503 (SUSE)
openSUSE-SU-2019:1572 (SUSE)
openSUSE-SU-2019:1573 (SUSE)
Content available only for registered users!
ovaldb@altx-soft.com