MGASA-2019-0218

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2019-0218.html

Import Source

https://advisories.mageia.org/MGASA-2019-0218.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2019-0218

Related

Published

2019-08-10T00:12:28Z

Modified

2022-02-17T18:21:47Z

Summary

Updated php packages fix security vulnerabilities

Details

Updated php packages fixes at least the following security issues:

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash (CVE-2019-11041, CVE-2019-11041).

For other fixes in this update, see the referenced changelogs.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / php

Package

Name: php
Purl: pkg:rpm/mageia/php?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.3.8-1.mga7

Ecosystem specific

{
    "section": "core"
}