openSUSE-SU-2019:1256

openSUSE-SU-2019:1293

openSUSE-SU-2019:1572

openSUSE-SU-2019:1573

https://bugs.php.net/bug.php?id=77509

[debian-lts-announce] 20190331 [SECURITY] [DLA 1741-1] php5 security update

https://security.netapp.com/advisory/ntap-20190502-0007/

USN-3922-1

USN-3922-2

USN-3922-3

DSA-4403

This update for php7 fixes the following issues :

Security issues fixed :

  - CVE-2019-9637: Fixed improper implementation of rename     function and multiple invalid memory access in EXIF     extension (bsc#1128892).

  - CVE-2019-9675: Fixed improper implementation of rename     function and multiple invalid memory access in EXIF     extension (bsc#1128886).

  - CVE-2019-9638: Fixed improper implementation of rename     function and multiple invalid memory access in EXIF     extension ((bsc#1128889).

  - CVE-2019-9639: Fixed improper implementation of rename     function and multiple invalid memory access in EXIF     extension (bsc#1128887).

  - CVE-2019-9640: Fixed improper implementation of rename     function and multiple invalid memory access in EXIF     extension (bsc#1128883).

  - CVE-2019-9022: Fixed a vulnerability which could allow a     hostile DNS server to make PHP misuse memcpy     (bsc#1126827).

  - CVE-2019-9024: Fixed a vulnerability in xmlrpc_decode     function which could allow to a hostile XMLRPC server to     cause memory read outside the allocated areas     (bsc#1126821).

  - CVE-2019-9020: Fixed a heap out of bounds in     xmlrpc_decode function (bsc#1126711).

  - CVE-2018-20783: Fixed a buffer over-read in PHAR reading     functions which could allow an attacker to read     allocated and unallocated memory when parsing a phar     file (bsc#1127122).

  - CVE-2019-9021: Fixed a heap buffer-based buffer     over-read in PHAR reading functions which could allow an     attacker to read allocated and unallocated memory when     parsing a phar file (bsc#1126713).

  - CVE-2019-9023: Fixed multiple heap-based buffer     over-read instances in mbstring regular expression     functions (bsc#1126823).

  - CVE-2019-9641: Fixed multiple invalid memory access in     EXIF extension and improved insecure implementation of     rename function (bsc#1128722).

  - CVE-2018-19935: Fixed a Denial of Service in php_imap.c     which could be triggered via an empty string in the     message argument to imap_mail (bsc#1118832).

  - CVE-2019-11034: Fixed a heap-buffer overflow in     php_ifd_get32si() (bsc#1132838).

  - CVE-2019-11035: Fixed a heap-buffer overflow in     exif_iif_add_value() (bsc#1132837).

  - CVE-2019-11036: Fixed buffer over-read in     exif_process_IFD_TAG function leading to information     disclosure (bsc#1134322).

Other issue addressed :

  - Deleted README.default_socket_timeout which is not     needed anymore (bsc#1129032).

  - Enabled php7 testsuite (bsc#1119396).

This update was imported from the SUSE:SLE-15:Update update project.

This update for php7 fixes the following issues :

Security issues fixed :

CVE-2019-9637: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128892).

CVE-2019-9675: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128886).

CVE-2019-9638: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension ((bsc#1128889).

CVE-2019-9639: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128887).

CVE-2019-9640: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128883).

CVE-2019-9022: Fixed a vulnerability which could allow a hostile DNS server to make PHP misuse memcpy (bsc#1126827).

CVE-2019-9024: Fixed a vulnerability in xmlrpc_decode function which could allow to a hostile XMLRPC server to cause memory read outside the allocated areas (bsc#1126821).

CVE-2019-9020: Fixed a heap out of bounds in xmlrpc_decode function (bsc#1126711).

CVE-2018-20783: Fixed a buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1127122).

CVE-2019-9021: Fixed a heap buffer-based buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1126713).

CVE-2019-9023: Fixed multiple heap-based buffer over-read instances in mbstring regular expression functions (bsc#1126823).

CVE-2019-9641: Fixed multiple invalid memory access in EXIF extension and improved insecure implementation of rename function (bsc#1128722).

CVE-2018-19935: Fixed a Denial of Service in php_imap.c which could be triggered via an empty string in the message argument to imap_mail (bsc#1118832).

CVE-2019-11034: Fixed a heap-buffer overflow in php_ifd_get32si() (bsc#1132838).

CVE-2019-11035: Fixed a heap-buffer overflow in exif_iif_add_value() (bsc#1132837).

CVE-2019-11036: Fixed buffer over-read in exif_process_IFD_TAG function leading to information disclosure (bsc#1134322).

Other issue addressed: Deleted README.default_socket_timeout which is not needed anymore (bsc#1129032).

Enabled php7 testsuite (bsc#1119396).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for php7 fixes the following issues: &#9; Security issues fixed: &#9; 

  - CVE-2019-9637: Fixed improper implementation of rename     function and multiple invalid memory access in EXIF     extension (bsc#1128892).

  - CVE-2019-9675: Fixed improper implementation of rename     function and multiple invalid memory access in EXIF     extension (bsc#1128886).

  - CVE-2019-9638: Fixed improper implementation of rename     function and multiple invalid memory access in EXIF     extension ((bsc#1128889).

  - CVE-2019-9639: Fixed improper implementation of rename     function and multiple invalid memory access in EXIF     extension (bsc#1128887).

  - CVE-2019-9640: Fixed improper implementation of rename     function and multiple invalid memory access in EXIF     extension (bsc#1128883).

  - CVE-2019-9024: Fixed a vulnerability in xmlrpc_decode     function which could allow to a hostile XMLRPC server to     cause memory read outside the allocated areas     (bsc#1126821).

  - CVE-2019-9020: Fixed a heap out of bounds in     xmlrpc_decode function (bsc#1126711).

  - CVE-2018-20783: Fixed a buffer over-read in PHAR reading     functions which could allow an attacker to read     allocated and unallocated memory when parsing a phar     file (bsc#1127122).

  - CVE-2019-9021: Fixed a heap buffer-based buffer     over-read in PHAR reading functions which could allow an     attacker to read allocated and unallocated memory when     parsing a phar file (bsc#1126713).

  - CVE-2019-9023: Fixed multiple heap-based buffer     over-read instances in mbstring regular expression     functions (bsc#1126823).

  - CVE-2019-9641: Fixed multiple invalid memory access in     EXIF extension and improved insecure implementation of     rename function (bsc#1128722).

Other issue addressed :

  - Deleted README.default_socket_timeout which is not     needed anymore (bsc#1129032).

This update was imported from the SUSE:SLE-12:Update update project.

USN-3922-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 14.04 LTS.

It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. (CVE-2019-9022)

It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code.
(CVE-2019-9675)

Original advisory details :

It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2019-9637, CVE-2019-9638, CVE-2019-9639, CVE-2019-9640, CVE-2019-9641).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for php5 fixes the following issues :

Security issues fixed: &#9; 

  - CVE-2019-9024: Fixed a vulnerability in xmlrpc_decode     function which could allow to a hostile XMLRPC server to     cause memory read outside the allocated areas     (bsc#1126821).

  - CVE-2019-9020: Fixed a heap out of bounds in     xmlrpc_decode function (bsc#1126711).

  - CVE-2018-20783: Fixed a buffer over-read in PHAR reading     functions which could allow an attacker to read     allocated and unallocated memory when parsing a phar     file (bsc#1127122).

  - CVE-2019-9021: Fixed a heap buffer-based buffer     over-read in PHAR reading functions which could allow an     attacker to read allocated and unallocated memory when     parsing a phar file (bsc#1126713).

  - CVE-2019-9023: Fixed multiple heap-based buffer     over-read instances in mbstring regular expression     functions (bsc#1126823).

  - CVE-2019-9641: Fixed multiple invalid memory access in     EXIF extension and improved insecure implementation of     rename function (bsc#1128722).

This update was imported from the SUSE:SLE-12:Update update project.

This update for php5 fixes the following issues :

Security issues fixed :

CVE-2019-9024: Fixed a vulnerability in xmlrpc_decode function which could allow to a hostile XMLRPC server to cause memory read outside the allocated areas (bsc#1126821).

CVE-2019-9020: Fixed a heap out of bounds in xmlrpc_decode function (bsc#1126711).

CVE-2018-20783: Fixed a buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1127122).

CVE-2019-9021: Fixed a heap buffer-based buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1126713).

CVE-2019-9023: Fixed multiple heap-based buffer over-read instances in mbstring regular expression functions (bsc#1126823).

CVE-2019-9641: Fixed multiple invalid memory access in EXIF extension and improved insecure implementation of rename function (bsc#1128722).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to its banner, the version of PHP running on the remote web server is 7.3.x prior to 7.3.3. It is, therefore, affected by multiple vulnerabilities:

  - Uninitialized reads in the EXIF component of PHP due     to the mishandling of data in exif_process_IFD_in_MAKERNOTE,     and exif_process_IFD_in_TIFF. (CVE-2019-9638, CVE-2019-9639,     CVE-2019-9641)

  - An invalid read in the EXIF component of PHP due to a     mishandling of data in exif_process_SOFn. (CVE-2019-9640)

  - An access control bypass vulnerability exists due to the     way rename() is implemented. This could allow unauthorized     users to access data they otherwise would not have access     to (CVE-2019-9637).

According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.16. It is, therefore, affected by multiple vulnerabilities:

  - Uninitialized reads in the EXIF component of PHP due     to the mishandling of data in exif_process_IFD_in_MAKERNOTE,     and exif_process_IFD_in_TIFF. (CVE-2019-9638, CVE-2019-9639,     CVE-2019-9641)

  - An invalid read in the EXIF component of PHP due to a     mishandling of data in exif_process_SOFn. (CVE-2019-9640)

  - An access control bypass vulnerability exists due to the     way rename() is implemented. This could allow unauthorized     users to access data they otherwise would not have access     to (CVE-2019-9637).

According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.27. It is, therefore, affected by multiple vulnerabilities:

  - Uninitialized reads in the EXIF component of PHP due     to the mishandling of data in exif_process_IFD_in_MAKERNOTE,     and exif_process_IFD_in_TIFF. (CVE-2019-9638, CVE-2019-9639,     CVE-2019-9641)

  - An invalid read in the EXIF component of PHP due to a     mishandling of data in exif_process_SOFn. (CVE-2019-9640)

  - An access control bypass vulnerability exists due to the     way rename() is implemented. This could allow unauthorized     users to access data they otherwise would not have access     to (CVE-2019-9637).

This update for php53 fixes the following issues :

Security issues fixed :

CVE-2019-9637: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128892).

CVE-2019-9675: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128886).

CVE-2019-9638: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension ((bsc#1128889).

CVE-2019-9639: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128887).

CVE-2019-9640: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128883).

CVE-2019-9024: Fixed a vulnerability in xmlrpc_decode function which could allow to a hostile XMLRPC server to cause memory read outside the allocated areas (bsc#1126821).

CVE-2019-9020: Fixed a heap out of bounds in xmlrpc_decode function (bsc#1126711).

CVE-2018-20783: Fixed a buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1127122).

CVE-2019-9021: Fixed a heap buffer-based buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1126713).

CVE-2019-9023: Fixed multiple heap-based buffer over-read instances in mbstring regular expression functions (bsc#1126823).

CVE-2019-9641: Fixed multiple invalid memory access in EXIF extension and improved insecure implementation of rename function (bsc#1128722).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities have been found in php5, a server-side, HTML-embedded scripting language.

CVE-2019-9637 rename() across the device may allow unwanted access during processing.

CVE-2019-9638, CVE-2019-9639 Uninitialized read in exif_process_IFD_in_MAKERNOTE.

CVE-2019-9640 Invalid Read on exif_process_SOFn.

CVE-2019-9641 Uninitialized read in exif_process_IFD_in_TIFF.

CVE-2019-9022 An issue during parsing of DNS responses allows a hostile DNS server to misuse memcpy, which leads to a read operation past an allocated buffer.

For Debian 8 'Jessie', these problems have been fixed in version 5.6.40+dfsg-0+deb8u2.

We recommend that you upgrade your php5 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: The EXIF extension had multiple cases of invalid memory access and rename() was implemented insecurely.

ID	Name	Product	Family	Severity
137966	EulerOS Virtualization 3.0.6.0 : php (EulerOS-SA-2020-1747)	Nessus	Huawei Local Security Checks	critical
126035	openSUSE Security Update : php7 (openSUSE-2019-1573)	Nessus	SuSE Local Security Checks	high
126034	openSUSE Security Update : php7 (openSUSE-2019-1572)	Nessus	SuSE Local Security Checks	high
125850	SUSE SLED15 / SLES15 Security Update : php7 (SUSE-SU-2019:1461-1)	Nessus	SuSE Local Security Checks	high
124401	openSUSE Security Update : php7 (openSUSE-2019-1293)	Nessus	SuSE Local Security Checks	high
124271	Ubuntu 14.04 LTS : php5 vulnerabilities (USN-3922-2)	Nessus	Ubuntu Local Security Checks	high
124263	openSUSE Security Update : php5 (openSUSE-2019-1256)	Nessus	SuSE Local Security Checks	high
124190	SUSE SLES12 Security Update : php5 (SUSE-SU-2019:0985-1)	Nessus	SuSE Local Security Checks	high
123829	PHP 7.3.x < 7.3.3 Multiple vulnerabilities.	Nessus	CGI abuses	high
123828	PHP 7.2.x < 7.2.16 Multiple vulnerabilities.	Nessus	CGI abuses	high
123827	PHP 7.1.x < 7.1.27 Multiple vulnerabilities.	Nessus	CGI abuses	high
123826	SUSE SLES11 Security Update : php53 (SUSE-SU-2019:14013-1)	Nessus	SuSE Local Security Checks	high
123528	Debian DLA-1741-1 : php5 security update	Nessus	Debian Local Security Checks	high
122722	Debian DSA-4403-1 : php7.0 - security update	Nessus	Debian Local Security Checks	high

CVE-2019-9641

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Configuration 5

Tenable Plugins