Bug 50238 - php7.0: Multiple issues (4.4)
php7.0: Multiple issues (4.4)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.4
All Linux
: P3 normal (vote)
: UCS 4.4-1-errata
Assigned To: Quality Assurance
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-09-21 15:18 CEST by Philipp Hahn
Modified: 2019-09-25 14:37 CEST (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Philipp Hahn univentionstaff 2019-09-21 15:18:13 CEST
New Debian php7.0 7.0.33-0+deb9u5 fixes:
This update addresses the following issues:
* Heap buffer overflow in function xif_process_IFD_TAG (CVE-2019-11034)
* Heap buffer overflow in function exif_iif_add_value (CVE-2019-11035)
* Buffer over-read in exif_process_IFD_TAG function leading to information disclosure (CVE-2019-11036)
* Information disclosure in function gdImageCreateFromXbm() (CVE-2019-11038)
* Out-of-bounds read due to integer overflow in function iconv_mime_decode_headers() (CVE-2019-11039)
* Information disclosure in function exif_read_data() leads to denial of service (CVE-2019-11040)
* Heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041)
* Heap buffer over-read in exif_process_user_comment() (CVE-2019-11042)
Comment 1 Quality Assurance univentionstaff 2019-09-21 15:39:33 CEST
--- mirror/ftp/4.4/unmaintained/4.4-0/source/php7.0_7.0.33-0+deb9u3.dsc
+++ apt/ucs_4.4-0-errata4.4-1/source/php7.0_7.0.33-0+deb9u5.dsc
@@ -1,3 +1,70 @@
+7.0.33-0+deb9u5 [Wed, 18 Sep 2019 11:55:34 +0200] Ondřej Surý <ondrej@sury.org>:
+
+  * Backported security fixes from PHP 7.1.29:
+   - EXIF:
+    . Fixed bug #77950 (Heap-buffer-overflow in _estrndup via
+      exif_process_IFD_TAG).
+   - Mail:
+    . Fixed bug #77821 (Potential heap corruption in TSendMail()).
+  * Backported from 7.1.30
+   - EXIF:
+    . Fixed bug #77988 (heap-buffer-overflow on php_jpg_get16).
+      (CVE-2019-11040)
+   - GD:
+    . Fixed bug #77973 (Uninitialized read in gdImageCreateFromXbm).
+      (CVE-2019-11038)
+   - Iconv:
+    . Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode()
+      due to integer overflow). (CVE-2019-11039).
+   - SQLite:
+    . Fixed bug #77967 (Bypassing open_basedir restrictions via file uris).
+  * Backported from 7.1.31
+   - EXIF:
+    . Fixed bug #78256 (heap-buffer-overflow on exif_process_user_comment).
+      (CVE-2019-11042)
+    . Fixed bug #78222 (heap-buffer-overflow on exif_scan_thumbnail).
+      (CVE-2019-11041)
+   - Phar:
+    . Fixed bug #77919 (Potential UAF in Phar RSHUTDOWN).
+   - SQLite:
+    . Upgraded to SQLite 3.28.0.
+  * Backported from 7.1.32
+   - mbstring:
+    . Fixed CVE-2019-13224 (don't allow different encodings for onig_new_deluxe)
+   - pcre:
+    . Fixed bug #75457 (heap use-after-free in pcrelib)
+
+7.0.33-0+deb9u4 [Sun, 09 Jun 2019 11:25:27 +0200] Ondřej Surý <ondrej@sury.org>:
+
+  * Update d/watch for new php.net pages
+  * Backported from 7.1.28
+    - EXIF:
+      . (CVE-2019-11034) Fixed bug #77753 (Heap-buffer-overflow in
+        php_ifd_get32s).
+      . (CVE-2019-11035) Fixed bug #77831 (Heap-buffer-overflow in
+        exif_iif_add_value).
+    - SQLite3:
+      . Added sqlite3.defensive INI directive.
+  * Backported from PHP 7.1.29
+    - EXIF:
+      . (CVE-2019-11036) Fixed bug #77950 (Heap-buffer-overflow in
+        _estrndup via exif_process_IFD_TAG).
+    - Mail:
+      . Fixed bug #77821 (Potential heap corruption in TSendMail()).  
+  * Backported from 7.1.30
+    - EXIF:
+      . (CVE-2019-11040) Fixed bug #77988 (heap-buffer-overflow on
+        php_jpg_get16).
+    - GD:
+      . (CVE-2019-11038) Fixed bug #77973 (Uninitialized read in
+        gdImageCreateFromXbm).
+    - Iconv:
+      . (CVE-2019-11039) Fixed bug #78069 (Out-of-bounds read in
+        iconv.c:_php_iconv_mime_decode() due to integer overflow).
+    - SQLite:
+      . Fixed bug #77967 (Bypassing open_basedir restrictions via file
+        uris).
+
 7.0.33-0+deb9u3 [Fri, 08 Mar 2019 10:01:24 +0000] Ondřej Surý <ondrej@debian.org>:
 
   * Pull security fixes from https://github.com/Microsoft/php-src, a

<http://10.200.17.11/4.4-1/#1523152681870077568>
Comment 2 Philipp Hahn univentionstaff 2019-09-21 16:17:00 CEST
OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[4.4-1] 904760430f Bug #50238: php7.0_7.0.33-0+deb9u5
 doc/errata/staging/php7.0.yaml | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
Comment 3 Philipp Hahn univentionstaff 2019-09-25 14:37:42 CEST
<http://errata.software-univention.de/ucs/4.4/290.html>