Bug 48309

Summary: php7.0: Multiple issues (4.3)
Product: UCS Reporter: Quality Assurance <qa>
Component: Security updatesAssignee: Quality Assurance <qa>
Status: CLOSED FIXED QA Contact: Philipp Hahn <hahn>
Severity: normal    
Priority: P3    
Version: UCS 4.3   
Target Milestone: UCS 4.3-3-errata   
Hardware: All   
OS: Linux   
What kind of report is it?: Security Issue What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score: 8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) Debian RedHat

Description Quality Assurance univentionstaff 2018-12-11 08:43:49 CET 
New Debian php7.0 7.0.33-0+deb9u1 fixes:
This update addresses the following issues:
* exif: buffer over-read in exif_process_IFD_in_MAKERNOTE() (CVE-2018-14851)
* exif: integer overflow leading to out-of-bound buffer read in  exif_thumbnail_extract() (CVE-2018-14883)
* Cross-site scripting (XSS) flaw in Apache2 component via body of  'Transfer-Encoding: chunked' request (CVE-2018-17082)
* imap_open() allows running arbitrary shell commands via mailbox parameter  (CVE-2018-19518)
* ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers  to cause a denial of service (NULL pointer dereference and application  crash) via an empty string in the message argument to the imap_mail  function. (CVE-2018-19935)
Comment 1 Quality Assurance univentionstaff 2018-12-11 09:56:52 CET 
--- mirror/ftp/4.3/unmaintained/4.3-2/source/php7.0_7.0.30-0+deb9u1.dsc
+++ apt/ucs_4.3-0-errata4.3-3/source/php7.0_7.0.33-0+deb9u1.dsc
@@ -1,3 +1,14 @@
+7.0.33-0+deb9u1 [Fri, 07 Dec 2018 11:36:49 +0000] Ondřej Surý <ondrej@debian.org>:
+
+  * New upstream version 7.0.33
+  * Fixed security bugs:
+   + [CVE-2018-19518]: imap_open() function command injection
+   + [CVE-2018-14851]: heap-buffer-overflow (READ of size 48) while
+                       reading exif data
+   + [CVE-2018-14883]: Int Overflow lead to Heap OverFlow in
+                       exif_thumbnail_extract of exif.c
+   + [CVE-2018-17082]: XSS due to the header Transfer-Encoding: chunked
+
 7.0.30-0+deb9u1 [Thu, 14 Jun 2018 13:50:25 +0000] Ondřej Surý <ondrej@debian.org>:
 
   * New upstream version 7.0.30

<http://10.200.17.11/4.3-3/#1523152681874407668>
Comment 2 Philipp Hahn univentionstaff 2018-12-11 13:39:31 CET 
OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[4.3-3] 2e404c0d93 Bug #48309: php7.0 7.0.33-0+deb9u1
 doc/errata/staging/php7.0.yaml | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

[4.3-3] ef46a22c9e Bug #48309: php7.0 7.0.33-0+deb9u1
 doc/errata/staging/php7.0.yaml | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
Comment 3 Arvid Requate univentionstaff 2018-12-12 13:45:44 CET 
<http://errata.software-univention.de/ucs/4.3/380.html>