MGASA-2019-0307

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2019-0307.html
Import Source
https://advisories.mageia.org/MGASA-2019-0307.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2019-0307
Related
Published
2019-10-29T14:54:30Z
Modified
2019-10-29T14:36:47Z
Summary
Updated php and pcre2 packages fix security vulnerabilities
Details

Updated php and pcre2 packages fix security vulnerabilities:

  • FPM (#78599) envpathinfo underflow in fpm_main.c can lead to RCE. (CVE-2019-11043)
  • MBString (#78633) Heap buffer overflow (read) in mb_eregi.
  • Mysqlnd (#78525) Memory leak in pdo when reusing native prepared statements.
  • PCRE (#78272) calling pregmatch() before pcntlfork() will freeze child process.
  • Base (#78612) strtr leaks memory when integer keys are used and the subject string shorter.
References
Credits

Affected packages

Mageia:7 / php

Package

Name
php
Purl
pkg:rpm/mageia/php?distro=mageia-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.3.11-1.mga7

Ecosystem specific 

{
    "section": "core"
}

Mageia:7 / pcre2

Package

Name
pcre2
Purl
pkg:rpm/mageia/pcre2?distro=mageia-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.33-1.1.mga7

Ecosystem specific 

{
    "section": "core"
}