Univention Bugzilla – Bug 48950
php7.0: Multiple issues (4.3)
Last modified: 2019-03-13 14:22:15 CET
New Debian php7.0 7.0.33-0+deb9u3 fixes: This update addresses the following issues: * 7.0.33-0+deb9u3 (Fri, 08 Mar 2019 10:01:24 +0000) * Pull security fixes from https://github.com/Microsoft/php-src, a shared effort by Remi Collet and Anatol Belski to keep up with security issues in PHP 5.6.40 after EOL. * Security Issues Fixed: + Core: - Fixed bug #77630 (rename() across the device may allow unwanted access during processing). + EXIF: - Fixed bug #77509 (Uninitialized read in exif_process_IFD_in_TIFF). - Fixed bug #77540 (Invalid Read on exif_process_SOFn). - Fixed bug #77563 (Uninitialized read in exif_process_IFD_in_MAKERNOTE). - Fixed bug #77659 (Uninitialized read in exif_process_IFD_in_MAKERNOTE). + PHAR: - Fixed bug #77396 (Null Pointer Dereference in phar_create_or_parse_filename). - Fixed bug #77586 (phar_tar_writeheaders_int() buffer overflow). + SPL: - Fixed bug #77431 (openFile() silently truncates after a null byte). * An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data. (CVE-2019-9637) * An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len. (CVE-2019-9638) * An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable. (CVE-2019-9639) * An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn. (CVE-2019-9640) * An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF. (CVE-2019-9641)
--- mirror/ftp/4.3/unmaintained/component/4.3-3-errata/source/php7.0_7.0.33-0+deb9u1.dsc +++ apt/ucs_4.3-0-errata4.3-3/source/php7.0_7.0.33-0+deb9u3.dsc @@ -1,3 +1,30 @@ +7.0.33-0+deb9u3 [Fri, 08 Mar 2019 10:01:24 +0000] Ondřej Surý <ondrej@debian.org>: + + * Pull security fixes from https://github.com/Microsoft/php-src, a + shared effort by Remi Collet and Anatol Belski to keep up with + security issues in PHP 5.6.40 after EOL. + * Security Issues Fixed: + + Core: + - Fixed bug #77630 (rename() across the device may allow unwanted access during processing). + + EXIF: + - Fixed bug #77509 (Uninitialized read in exif_process_IFD_in_TIFF). + - Fixed bug #77540 (Invalid Read on exif_process_SOFn). + - Fixed bug #77563 (Uninitialized read in exif_process_IFD_in_MAKERNOTE). + - Fixed bug #77659 (Uninitialized read in exif_process_IFD_in_MAKERNOTE). + + PHAR: + - Fixed bug #77396 (Null Pointer Dereference in phar_create_or_parse_filename). + - Fixed bug #77586 (phar_tar_writeheaders_int() buffer overflow). + + SPL: + - Fixed bug #77431 (openFile() silently truncates after a null byte). + +7.0.33-0+deb9u2 [Tue, 26 Feb 2019 00:13:19 +0100] Moritz Mühlenhoff <jmm@debian.org>: + + * CVE-2019-9020 + * CVE-2019-9021 + * CVE-2019-9022 (plus backport for CAA support) + * CVE-2019-9023 + * CVE-2019-9024 + 7.0.33-0+deb9u1 [Fri, 07 Dec 2018 11:36:49 +0000] Ondřej Surý <ondrej@debian.org>: * New upstream version 7.0.33 <http://10.200.17.11/4.3-3/#1523152681876572718>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-3] 6b7c7c71d5 Bug #48950: php7.0 7.0.33-0+deb9u3 doc/errata/staging/php7.0.yaml | 42 ++++++++++-------------------------------- 1 file changed, 10 insertions(+), 32 deletions(-) [4.3-3] 2570d1500a Bug #48950: php7.0 7.0.33-0+deb9u3 doc/errata/staging/php7.0.yaml | 47 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+)
<http://errata.software-univention.de/ucs/4.3/455.html>