SB2019121738 - Fedora 30 update for php

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019121738

SB2019121738 - Fedora 30 update for php

Published: December 17, 2019 Updated: April 25, 2025

Security Bulletin ID SB2019121738
Severity
High
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 17% Medium 83%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Out-of-bounds read (CVE-ID: CVE-2019-11046)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.


2) Input validation error (CVE-ID: CVE-2019-11044)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.


3) Input validation error (CVE-ID: CVE-2019-11045)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.


4) Double Free (CVE-ID: CVE-2019-11049)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within mail() function implementation. A remote attacker can pass specially crafted header in lowercase, trigger double free error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


5) Use-after-free (CVE-ID: CVE-2019-11050)

The vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.


6) Out-of-bounds read (CVE-ID: CVE-2019-11047)

The vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.


Remediation

Install update from vendor's website.

References