Bug 48950 - php7.0: Multiple issues (4.3)
php7.0: Multiple issues (4.3)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.3
All Linux
: P5 normal (vote)
: UCS 4.3-3-errata
Assigned To: Quality Assurance
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-03-11 12:33 CET by Quality Assurance
Modified: 2019-03-13 14:22 CET (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 0.0 () NVD


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2019-03-11 12:33:57 CET
New Debian php7.0 7.0.33-0+deb9u3 fixes:
This update addresses the following issues:

* 7.0.33-0+deb9u3 (Fri, 08 Mar 2019 10:01:24 +0000) * Pull security fixes  from https://github.com/Microsoft/php-src, a shared effort by Remi Collet  and Anatol Belski to keep up with security issues in PHP 5.6.40 after EOL.  * Security Issues Fixed: + Core: - Fixed bug #77630 (rename() across the  device may allow unwanted access during processing). + EXIF: - Fixed bug  #77509 (Uninitialized read in exif_process_IFD_in_TIFF). - Fixed bug #77540  (Invalid Read on exif_process_SOFn). - Fixed bug #77563 (Uninitialized read  in exif_process_IFD_in_MAKERNOTE). - Fixed bug #77659 (Uninitialized read  in exif_process_IFD_in_MAKERNOTE). + PHAR: - Fixed bug #77396 (Null Pointer  Dereference in phar_create_or_parse_filename). - Fixed bug #77586  (phar_tar_writeheaders_int() buffer overflow). + SPL: - Fixed bug #77431  (openFile() silently truncates after a null byte).
* An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and  7.3.x before 7.3.3. Due to the way rename() across filesystems is  implemented, it is possible that file being renamed is briefly available  with wrong permissions while the rename is ongoing, thus enabling  unauthorized users to access the data. (CVE-2019-9637)
* An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x  before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in  exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset  relationship to value_len. (CVE-2019-9638)
* An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x  before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in  exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.  (CVE-2019-9639)
* An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x  before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in  exif_process_SOFn. (CVE-2019-9640)
* An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x  before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in  exif_process_IFD_in_TIFF. (CVE-2019-9641)
Comment 1 Quality Assurance univentionstaff 2019-03-11 13:01:14 CET
--- mirror/ftp/4.3/unmaintained/component/4.3-3-errata/source/php7.0_7.0.33-0+deb9u1.dsc
+++ apt/ucs_4.3-0-errata4.3-3/source/php7.0_7.0.33-0+deb9u3.dsc
@@ -1,3 +1,30 @@
+7.0.33-0+deb9u3 [Fri, 08 Mar 2019 10:01:24 +0000] Ondřej Surý <ondrej@debian.org>:
+
+  * Pull security fixes from https://github.com/Microsoft/php-src, a
+    shared effort by Remi Collet and Anatol Belski to keep up with
+    security issues in PHP 5.6.40 after EOL.
+  * Security Issues Fixed:
+   + Core:
+    - Fixed bug #77630 (rename() across the device may allow unwanted access during processing).
+   + EXIF:
+    - Fixed bug #77509 (Uninitialized read in exif_process_IFD_in_TIFF).
+    - Fixed bug #77540 (Invalid Read on exif_process_SOFn).
+    - Fixed bug #77563 (Uninitialized read in exif_process_IFD_in_MAKERNOTE).
+    - Fixed bug #77659 (Uninitialized read in exif_process_IFD_in_MAKERNOTE).
+   + PHAR:
+    - Fixed bug #77396 (Null Pointer Dereference in phar_create_or_parse_filename).
+    - Fixed bug #77586 (phar_tar_writeheaders_int() buffer overflow).
+   + SPL:
+    - Fixed bug #77431 (openFile() silently truncates after a null byte).
+
+7.0.33-0+deb9u2 [Tue, 26 Feb 2019 00:13:19 +0100] Moritz Mühlenhoff <jmm@debian.org>:
+
+  * CVE-2019-9020
+  * CVE-2019-9021
+  * CVE-2019-9022 (plus backport for CAA support)
+  * CVE-2019-9023
+  * CVE-2019-9024
+
 7.0.33-0+deb9u1 [Fri, 07 Dec 2018 11:36:49 +0000] Ondřej Surý <ondrej@debian.org>:
 
   * New upstream version 7.0.33

<http://10.200.17.11/4.3-3/#1523152681876572718>
Comment 2 Philipp Hahn univentionstaff 2019-03-11 16:27:40 CET
OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[4.3-3] 6b7c7c71d5 Bug #48950: php7.0 7.0.33-0+deb9u3
 doc/errata/staging/php7.0.yaml | 42 ++++++++++--------------------------------
 1 file changed, 10 insertions(+), 32 deletions(-)

[4.3-3] 2570d1500a Bug #48950: php7.0 7.0.33-0+deb9u3
 doc/errata/staging/php7.0.yaml | 47 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)
Comment 3 Arvid Requate univentionstaff 2019-03-13 14:22:15 CET
<http://errata.software-univention.de/ucs/4.3/455.html>