|
|
Subscribe / Log in / New account

Mageia alert MGASA-2019-0253 (php)



From:
              Mageia Updates <buildsystem-daemon@mageia.org> 


To:
              updates-announce@ml.mageia.org 


Subject:
              [updates-announce] MGASA-2019-0253: Updated php packages fix security vulnerabilities 


Date:
              Fri, 6 Sep 2019 23:10:27 +0200


Message-ID:
              <20190906211027.2449F9F950@duvel.mageia.org>


MGASA-2019-0253 - Updated php packages fix security vulnerabilities

Publication date: 06 Sep 2019
URL: https://advisories.mageia.org/MGASA-2019-0253.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2019-13224,
     CVE-2019-13225

Description:
Updated php packages fix security vulnerabilities:

A use-after-free in onig_new_deluxe() in regext.c in the bundled
Oniguruma allows attackers to potentially cause information disclosure,
denial of service, or possibly code execution by providing a crafted
regular expression (CVE-2019-13224).

A NULL Pointer Dereference in match_at() in regexec.c in the bundled
Oniguruma allows attackers to potentially cause denial of service by
providing a crafted regular expression (CVE-2019-13225).

For other fixes in this update, see the referenced changelog.

References:
- https://bugs.mageia.org/show_bug.cgi?id=25380
- https://www.php.net/ChangeLog-7.php#PHP_7_3_9
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1...

SRPMS:
- 7/core/php-7.3.9-1.mga7
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds