Mageia alert MGASA-2019-0307 (php, pcre2) [LWN.net]


From:
               Mageia Updates <buildsystem-daemon@mageia.org> 
To:
               updates-announce@ml.mageia.org 
Subject:
               [updates-announce] MGASA-2019-0307: Updated php and pcre2 packages fix security vulnerabilities 
Date:
               Tue, 29 Oct 2019 15:55:30 +0100
Message-ID:
               <20191029145530.497489F6EB@duvel.mageia.org>
MGASA-2019-0307 - Updated php and pcre2 packages fix security vulnerabilities

Publication date: 29 Oct 2019
URL: https://advisories.mageia.org/MGASA-2019-0307.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2019-11043

Description:
Updated php and pcre2 packages fix security vulnerabilities:

- FPM (#78599) env_path_info underflow in fpm_main.c can lead to RCE.
  (CVE-2019-11043)
- MBString (#78633) Heap buffer overflow (read) in mb_eregi.
- Mysqlnd (#78525) Memory leak in pdo when reusing native prepared
  statements.
- PCRE (#78272) calling preg_match() before pcntl_fork() will freeze
  child process.
- Base (#78612) strtr leaks memory when integer keys are used and the
  subject string shorter.

References:
- https://bugs.mageia.org/show_bug.cgi?id=25603
- https://www.php.net/ChangeLog-7.php#7.3.11
- https://bugs.php.net/bug.php?id=78272
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1...

SRPMS:
- 7/core/php-7.3.11-1.mga7
- 7/core/pcre2-10.33-1.1.mga7

From:		Mageia Updates <buildsystem-daemon@mageia.org>
To:		updates-announce@ml.mageia.org
Subject:		[updates-announce] MGASA-2019-0307: Updated php and pcre2 packages fix security vulnerabilities
Date:		Tue, 29 Oct 2019 15:55:30 +0100
Message-ID:		<20191029145530.497489F6EB@duvel.mageia.org>