Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 681074 (CVE-2019-9637, CVE-2019-9638, CVE-2019-9639, CVE-2019-9640, CVE-2019-9641) - <dev-lang/php-{5.6.40-r1,7.1.27,7.2.16}: multiple vulnerabilities
Summary: <dev-lang/php-{5.6.40-r1,7.1.27,7.2.16}: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2019-9637, CVE-2019-9638, CVE-2019-9639, CVE-2019-9640, CVE-2019-9641
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A4 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2019-03-20 19:30 UTC by Brian Evans
Modified: 2019-04-20 02:17 UTC (History)
1 user (show)

See Also:
Package list:
dev-lang/php-5.6.40-r1 dev-lang/php-7.1.27 dev-lang/php-7.2.16
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Brian Evans Gentoo Infrastructure gentoo-dev 2019-03-20 19:30:53 UTC
For PHP 5.6, the Gentoo PHP team has backported the patches from 7.1:

PHP 5.6.40-r1, 7.1.27, 7.2.16, 7.3.3:
Core:
Fixed bug #77630 (rename() across the device may allow unwanted access during processing). CVE-2019-9637
EXIF:
Fixed bug #77509 (Uninitialized read in exif_process_IFD_in_TIFF). CVE-2019-9641
Fixed bug #77540 (Invalid Read on exif_process_SOFn). CVE-2019-9640
Fixed bug #77563 (Uninitialized read in exif_process_IFD_in_MAKERNOTE). CVE-2019-9638
Fixed bug #77659 (Uninitialized read in exif_process_IFD_in_MAKERNOTE). CVE-2019-9639
PHAR:
Fixed bug #77396 (Null Pointer Dereference in phar_create_or_parse_filename). No CVE
Fixed bug #77586 (phar_tar_writeheaders_int() buffer overflow). No CVE
SPL:
Fixed bug #77431 (openFile() silently truncates after a null byte). No CVE
Comment 1 Brian Evans Gentoo Infrastructure gentoo-dev 2019-03-20 20:06:37 UTC
Arches, please test and mark stable
Comment 2 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-03-20 21:02:40 UTC
amd64 stable
Comment 3 Markus Meier gentoo-dev 2019-03-21 20:39:07 UTC
arm stable
Comment 4 Rolf Eike Beer 2019-03-22 17:34:16 UTC
sparc stable
Comment 5 Sergei Trofimovich gentoo-dev 2019-03-24 19:56:34 UTC
ia64 stable
Comment 6 Sergei Trofimovich gentoo-dev 2019-03-24 20:34:02 UTC
ppc stable
Comment 7 Sergei Trofimovich gentoo-dev 2019-03-24 20:37:02 UTC
ppc64 stable
Comment 8 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-03-25 12:15:58 UTC
alpha stable
Comment 9 Sergei Trofimovich gentoo-dev 2019-03-25 23:14:05 UTC
hppa stable
Comment 10 Yury German Gentoo Infrastructure gentoo-dev Security 2019-03-27 05:07:18 UTC
CVE ID: CVE-2019-9637
   Summary: An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data.

CVE ID: CVE-2019-9641
   Summary: An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.

CVE ID: CVE-2019-9640
   Summary: An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn

CVE ID: CVE-2019-9638
   Summary: An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.

CVE ID: CVE-2019-9639
   Summary: An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.
Comment 11 Thomas Deutschmann gentoo-dev Security 2019-03-27 23:21:40 UTC
x86 stable
Comment 12 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2019-03-27 23:30:09 UTC
@maintainers, please drop vulnerable.
Comment 13 Thomas Deutschmann gentoo-dev Security 2019-03-27 23:46:35 UTC
x86 stable
Comment 14 Larry the Git Cow gentoo-dev 2019-03-28 00:02:20 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=07ec5a4c06ae6ea67f7fc450550ed142ca5c3869

commit 07ec5a4c06ae6ea67f7fc450550ed142ca5c3869
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2019-03-28 00:01:54 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2019-03-28 00:02:09 +0000

    dev-lang/php: security cleanup
    
    Bug: https://bugs.gentoo.org/681074
    Package-Manager: Portage-2.3.62, Repoman-2.3.12
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 dev-lang/php/Manifest          |   6 -
 dev-lang/php/php-5.6.40.ebuild | 785 -----------------------------------------
 dev-lang/php/php-7.1.26.ebuild | 736 --------------------------------------
 dev-lang/php/php-7.2.14.ebuild | 748 ---------------------------------------
 dev-lang/php/php-7.2.15.ebuild | 748 ---------------------------------------
 dev-lang/php/php-7.3.1.ebuild  | 748 ---------------------------------------
 dev-lang/php/php-7.3.2.ebuild  | 749 ---------------------------------------
 7 files changed, 4520 deletions(-)
Comment 15 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2019-04-20 02:17:35 UTC
tree is clean