Summary: | <dev-lang/php-{5.6.40-r1,7.1.27,7.2.16}: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Brian Evans (RETIRED) <grknight> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | php-bugs |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A4 [noglsa cve] | ||
Package list: |
dev-lang/php-5.6.40-r1
dev-lang/php-7.1.27
dev-lang/php-7.2.16
|
Runtime testing required: | --- |
Description
Brian Evans (RETIRED)
2019-03-20 19:30:53 UTC
Arches, please test and mark stable amd64 stable arm stable sparc stable ia64 stable ppc stable ppc64 stable alpha stable hppa stable CVE ID: CVE-2019-9637 Summary: An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data. CVE ID: CVE-2019-9641 Summary: An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF. CVE ID: CVE-2019-9640 Summary: An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn CVE ID: CVE-2019-9638 Summary: An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len. CVE ID: CVE-2019-9639 Summary: An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable. x86 stable @maintainers, please drop vulnerable. x86 stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=07ec5a4c06ae6ea67f7fc450550ed142ca5c3869 commit 07ec5a4c06ae6ea67f7fc450550ed142ca5c3869 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2019-03-28 00:01:54 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2019-03-28 00:02:09 +0000 dev-lang/php: security cleanup Bug: https://bugs.gentoo.org/681074 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> dev-lang/php/Manifest | 6 - dev-lang/php/php-5.6.40.ebuild | 785 ----------------------------------------- dev-lang/php/php-7.1.26.ebuild | 736 -------------------------------------- dev-lang/php/php-7.2.14.ebuild | 748 --------------------------------------- dev-lang/php/php-7.2.15.ebuild | 748 --------------------------------------- dev-lang/php/php-7.3.1.ebuild | 748 --------------------------------------- dev-lang/php/php-7.3.2.ebuild | 749 --------------------------------------- 7 files changed, 4520 deletions(-) tree is clean |