Univention Bugzilla – Bug 48309
php7.0: Multiple issues (4.3)
Last modified: 2018-12-12 13:45:44 CET
New Debian php7.0 7.0.33-0+deb9u1 fixes: This update addresses the following issues: * exif: buffer over-read in exif_process_IFD_in_MAKERNOTE() (CVE-2018-14851) * exif: integer overflow leading to out-of-bound buffer read in exif_thumbnail_extract() (CVE-2018-14883) * Cross-site scripting (XSS) flaw in Apache2 component via body of 'Transfer-Encoding: chunked' request (CVE-2018-17082) * imap_open() allows running arbitrary shell commands via mailbox parameter (CVE-2018-19518) * ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function. (CVE-2018-19935)
--- mirror/ftp/4.3/unmaintained/4.3-2/source/php7.0_7.0.30-0+deb9u1.dsc +++ apt/ucs_4.3-0-errata4.3-3/source/php7.0_7.0.33-0+deb9u1.dsc @@ -1,3 +1,14 @@ +7.0.33-0+deb9u1 [Fri, 07 Dec 2018 11:36:49 +0000] Ondřej Surý <ondrej@debian.org>: + + * New upstream version 7.0.33 + * Fixed security bugs: + + [CVE-2018-19518]: imap_open() function command injection + + [CVE-2018-14851]: heap-buffer-overflow (READ of size 48) while + reading exif data + + [CVE-2018-14883]: Int Overflow lead to Heap OverFlow in + exif_thumbnail_extract of exif.c + + [CVE-2018-17082]: XSS due to the header Transfer-Encoding: chunked + 7.0.30-0+deb9u1 [Thu, 14 Jun 2018 13:50:25 +0000] Ondřej Surý <ondrej@debian.org>: * New upstream version 7.0.30 <http://10.200.17.11/4.3-3/#1523152681874407668>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-3] 2e404c0d93 Bug #48309: php7.0 7.0.33-0+deb9u1 doc/errata/staging/php7.0.yaml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) [4.3-3] ef46a22c9e Bug #48309: php7.0 7.0.33-0+deb9u1 doc/errata/staging/php7.0.yaml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+)
<http://errata.software-univention.de/ucs/4.3/380.html>