Bug 50867 – php7.0: Multiple issues (4.4)

Bug 50867 - php7.0: Multiple issues (4.4)


Summary:	php7.0: Multiple issues (4.4)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 4.4
Hardware:	All Linux

Importance:	P3 normal (vote)
Target Milestone:	UCS 4.4-3-errata
Assigned To:	Quality Assurance
QA Contact:	Philipp Hahn

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2020-02-27 15:33 CET by Quality Assurance
Modified:	2020-03-11 14:41 CET (History)
CC List:	0 users

See Also:
What kind of report is it?:	Security Issue
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:	6.7 (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Quality Assurance

2020-02-27 15:33:05 CET

New Debian php7.0 7.0.33-0+deb9u7 fixes:
This update addresses the following issues:
* PHP DirectoryIterator class accepts filenames with embedded \0 byte and  treats them as terminating at that byte (CVE-2019-11045)
* OOB read in bc_shift_addsub (CVE-2019-11046)
* information disclosure in exif_read_data() (CVE-2019-11047)
* out-of-bounds read when parsing EXIF information (CVE-2019-11050)
* Out of bounds read in php_strip_tags_ex (CVE-2020-7059)
* Global buffer-overflow in mbfl_filt_conv_big5_wchar function  (CVE-2020-7060)

Comment 1 Quality Assurance

2020-02-27 16:01:01 CET

--- mirror/ftp/4.4/unmaintained/4.4-3/source/php7.0_7.0.33-0+deb9u6.dsc
+++ apt/ucs_4.4-0-errata4.4-3/source/php7.0_7.0.33-0+deb9u7.dsc
@@ -1,3 +1,28 @@
+7.0.33-0+deb9u7 [Sun, 16 Feb 2020 16:11:40 +0100] Ondřej Surý <ondrej@debian.org>:
+
+  * Use mysqld --initialize-insecure for MySQL 8.0 (for Ubuntu 19.10)
+  * Disable MySQL X Plugin in the tests
+  * Remove --skip-grant-tables to fix FTBFS with MySQL 8.0
+  * Remove --without-mysqlx from MySQL 5.7
+  * Backported from 7.2.27
+   - Mbstring:
+    . Fixed bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`).
+      (CVE-2020-7060)
+   - Standard:
+    . Fixed bug #79099 (OOB read in php_strip_tags_ex). (CVE-2020-7059).
+  * Backported from 7.2.26
+   - Bcmath:
+    . Fixed bug #78878 (Buffer underflow in bc_shift_addsub). (CVE-2019-11046).
+   - Core:
+    . Fixed bug #78862 (link() silently truncates after a null byte on Windows).
+      (CVE-2019-11044).
+    . Fixed bug #78863 (DirectoryIterator class silently truncates after a null
+      byte). (CVE-2019-11045).
+   - EXIF:
+    . Fixed bug #78793 (Use-after-free in exif parsing under memory sanitizer).
+      (CVE-2019-11050).
+    . Fixed bug #78910 (Heap-buffer-overflow READ in exif). (CVE-2019-11047).
+
 7.0.33-0+deb9u6 [Thu, 24 Oct 2019 20:50:20 +0200] Ondřej Surý <ondrej@debian.org>:
 
   * Backported from 7.1.33

<http://10.200.17.11/4.4-3/#1523152681872242618>

Comment 2 Philipp Hahn

2020-03-09 13:13:17 CET

OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[4.4-3] 776999f366 Bug #50867: php7.0 7.0.33-0+deb9u7
 doc/errata/staging/php7.0.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

[4.4-3] 9ad5248aca Bug #50867: php7.0 7.0.33-0+deb9u7
 doc/errata/staging/php7.0.yaml | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

Comment 3 Erik Damrose

2020-03-11 14:41:57 CET

<http://errata.software-univention.de/ucs/4.4/466.html>