Security update for php5 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2020:0522-1 Final 1 1 2020-02-28T08:28:56Z current 2020-02-28T08:28:56Z 2020-02-28T08:28:56Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for php5 This update for php5 fixes the following issues: Security issues fixed: - CVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail() (bsc#1146360). - CVE-2019-11042: Fixed heap buffer over-read in exif_process_user_comment() (bsc#1145095). - CVE-2019-11043: Fixed possible remote code execution via env_path_info underflow in fpm_main.c (bsc#1154999). - CVE-2019-11045: Fixed an issue with the PHP DirectoryIterator class that accepts filenames with embedded \0 bytes (bsc#1159923). - CVE-2019-11046: Fixed an out-of-bounds read in bc_shift_addsub (bsc#1159924). - CVE-2019-11047: Fixed an information disclosure in exif_read_data (bsc#1159922). - CVE-2019-11050: Fixed a buffer over-read in the EXIF extension (bsc#1159927). - CVE-2020-7059: Fixed an out-of-bounds read in php_strip_tags_ex (bsc#1162629). - CVE-2020-7060: Fixed a global buffer-overflow in mbfl_filt_conv_big5_wchar (bsc#1162632). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2020-522,SUSE-SLE-Module-Web-Scripting-12-2020-522,SUSE-SLE-SDK-12-SP4-2020-522 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2020/suse-su-20200522-1/ Link for SUSE-SU-2020:0522-1 https://lists.suse.com/pipermail/sle-security-updates/2020-February/006550.html E-Mail link for SUSE-SU-2020:0522-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1145095 SUSE Bug 1145095 https://bugzilla.suse.com/1146360 SUSE Bug 1146360 https://bugzilla.suse.com/1154999 SUSE Bug 1154999 https://bugzilla.suse.com/1159922 SUSE Bug 1159922 https://bugzilla.suse.com/1159923 SUSE Bug 1159923 https://bugzilla.suse.com/1159924 SUSE Bug 1159924 https://bugzilla.suse.com/1159927 SUSE Bug 1159927 https://bugzilla.suse.com/1161982 SUSE Bug 1161982 https://bugzilla.suse.com/1162629 SUSE Bug 1162629 https://bugzilla.suse.com/1162632 SUSE Bug 1162632 https://www.suse.com/security/cve/CVE-2019-11041/ SUSE CVE CVE-2019-11041 page https://www.suse.com/security/cve/CVE-2019-11042/ SUSE CVE CVE-2019-11042 page https://www.suse.com/security/cve/CVE-2019-11043/ SUSE CVE CVE-2019-11043 page https://www.suse.com/security/cve/CVE-2019-11045/ SUSE CVE CVE-2019-11045 page https://www.suse.com/security/cve/CVE-2019-11046/ SUSE CVE CVE-2019-11046 page https://www.suse.com/security/cve/CVE-2019-11047/ SUSE CVE CVE-2019-11047 page https://www.suse.com/security/cve/CVE-2019-11050/ SUSE CVE CVE-2019-11050 page https://www.suse.com/security/cve/CVE-2020-7059/ SUSE CVE CVE-2020-7059 page https://www.suse.com/security/cve/CVE-2020-7060/ SUSE CVE CVE-2020-7060 page SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Software Development Kit 12 SP4 apache2-mod_php5-5.5.14-109.68.1 php5-5.5.14-109.68.1 php5-bcmath-5.5.14-109.68.1 php5-bz2-5.5.14-109.68.1 php5-calendar-5.5.14-109.68.1 php5-ctype-5.5.14-109.68.1 php5-curl-5.5.14-109.68.1 php5-dba-5.5.14-109.68.1 php5-devel-5.5.14-109.68.1 php5-dom-5.5.14-109.68.1 php5-enchant-5.5.14-109.68.1 php5-exif-5.5.14-109.68.1 php5-fastcgi-5.5.14-109.68.1 php5-fileinfo-5.5.14-109.68.1 php5-firebird-5.5.14-109.68.1 php5-fpm-5.5.14-109.68.1 php5-ftp-5.5.14-109.68.1 php5-gd-5.5.14-109.68.1 php5-gettext-5.5.14-109.68.1 php5-gmp-5.5.14-109.68.1 php5-iconv-5.5.14-109.68.1 php5-imap-5.5.14-109.68.1 php5-intl-5.5.14-109.68.1 php5-json-5.5.14-109.68.1 php5-ldap-5.5.14-109.68.1 php5-mbstring-5.5.14-109.68.1 php5-mcrypt-5.5.14-109.68.1 php5-mssql-5.5.14-109.68.1 php5-mysql-5.5.14-109.68.1 php5-odbc-5.5.14-109.68.1 php5-opcache-5.5.14-109.68.1 php5-openssl-5.5.14-109.68.1 php5-pcntl-5.5.14-109.68.1 php5-pdo-5.5.14-109.68.1 php5-pear-5.5.14-109.68.1 php5-pgsql-5.5.14-109.68.1 php5-phar-5.5.14-109.68.1 php5-posix-5.5.14-109.68.1 php5-pspell-5.5.14-109.68.1 php5-readline-5.5.14-109.68.1 php5-shmop-5.5.14-109.68.1 php5-snmp-5.5.14-109.68.1 php5-soap-5.5.14-109.68.1 php5-sockets-5.5.14-109.68.1 php5-sqlite-5.5.14-109.68.1 php5-suhosin-5.5.14-109.68.1 php5-sysvmsg-5.5.14-109.68.1 php5-sysvsem-5.5.14-109.68.1 php5-sysvshm-5.5.14-109.68.1 php5-tidy-5.5.14-109.68.1 php5-tokenizer-5.5.14-109.68.1 php5-wddx-5.5.14-109.68.1 php5-xmlreader-5.5.14-109.68.1 php5-xmlrpc-5.5.14-109.68.1 php5-xmlwriter-5.5.14-109.68.1 php5-xsl-5.5.14-109.68.1 php5-zip-5.5.14-109.68.1 php5-zlib-5.5.14-109.68.1 apache2-mod_php5-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-bcmath-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-bz2-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-calendar-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-ctype-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-curl-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-dba-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-dom-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-enchant-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-exif-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-fastcgi-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-fileinfo-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-fpm-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-ftp-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-gd-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-gettext-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-gmp-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-iconv-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-imap-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-intl-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-json-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-ldap-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-mbstring-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-mcrypt-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-mysql-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-odbc-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-opcache-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-openssl-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-pcntl-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-pdo-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-pear-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-pgsql-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-phar-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-posix-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-pspell-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-shmop-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-snmp-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-soap-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-sockets-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-sqlite-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-suhosin-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-sysvmsg-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-sysvsem-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-sysvshm-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-tokenizer-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-wddx-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-xmlreader-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-xmlrpc-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-xmlwriter-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-xsl-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-zip-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-zlib-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-devel-5.5.14-109.68.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP4 When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. CVE-2019-11041 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-imap-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-opcache-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-phar-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-posix-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-109.68.1 SUSE Linux Enterprise Software Development Kit 12 SP4:php5-devel-5.5.14-109.68.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20200522-1/ https://www.suse.com/security/cve/CVE-2019-11041.html CVE-2019-11041 https://bugzilla.suse.com/1146360 SUSE Bug 1146360 When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. CVE-2019-11042 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-imap-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-opcache-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-phar-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-posix-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-109.68.1 SUSE Linux Enterprise Software Development Kit 12 SP4:php5-devel-5.5.14-109.68.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20200522-1/ https://www.suse.com/security/cve/CVE-2019-11042.html CVE-2019-11042 https://bugzilla.suse.com/1145095 SUSE Bug 1145095 In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. CVE-2019-11043 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-imap-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-opcache-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-phar-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-posix-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-109.68.1 SUSE Linux Enterprise Software Development Kit 12 SP4:php5-devel-5.5.14-109.68.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20200522-1/ https://www.suse.com/security/cve/CVE-2019-11043.html CVE-2019-11043 https://bugzilla.suse.com/1154999 SUSE Bug 1154999 In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access. CVE-2019-11045 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-imap-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-opcache-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-phar-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-posix-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-109.68.1 SUSE Linux Enterprise Software Development Kit 12 SP4:php5-devel-5.5.14-109.68.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20200522-1/ https://www.suse.com/security/cve/CVE-2019-11045.html CVE-2019-11045 https://bugzilla.suse.com/1159923 SUSE Bug 1159923 In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations. CVE-2019-11046 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-imap-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-opcache-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-phar-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-posix-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-109.68.1 SUSE Linux Enterprise Software Development Kit 12 SP4:php5-devel-5.5.14-109.68.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20200522-1/ https://www.suse.com/security/cve/CVE-2019-11046.html CVE-2019-11046 https://bugzilla.suse.com/1159924 SUSE Bug 1159924 When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. CVE-2019-11047 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-imap-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-opcache-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-phar-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-posix-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-109.68.1 SUSE Linux Enterprise Software Development Kit 12 SP4:php5-devel-5.5.14-109.68.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20200522-1/ https://www.suse.com/security/cve/CVE-2019-11047.html CVE-2019-11047 https://bugzilla.suse.com/1159922 SUSE Bug 1159922 When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. CVE-2019-11050 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-imap-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-opcache-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-phar-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-posix-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-109.68.1 SUSE Linux Enterprise Software Development Kit 12 SP4:php5-devel-5.5.14-109.68.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20200522-1/ https://www.suse.com/security/cve/CVE-2019-11050.html CVE-2019-11050 https://bugzilla.suse.com/1159927 SUSE Bug 1159927 When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash. CVE-2020-7059 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-imap-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-opcache-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-phar-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-posix-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-109.68.1 SUSE Linux Enterprise Software Development Kit 12 SP4:php5-devel-5.5.14-109.68.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20200522-1/ https://www.suse.com/security/cve/CVE-2020-7059.html CVE-2020-7059 https://bugzilla.suse.com/1162629 SUSE Bug 1162629 When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash. CVE-2020-7060 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-imap-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-opcache-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-phar-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-posix-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-109.68.1 SUSE Linux Enterprise Software Development Kit 12 SP4:php5-devel-5.5.14-109.68.1 important 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20200522-1/ https://www.suse.com/security/cve/CVE-2020-7060.html CVE-2020-7060 https://bugzilla.suse.com/1162632 SUSE Bug 1162632