{"id":"SUSE-SU-2019:1360-1","summary":"Security update for php72","details":"This update for php72 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-11034: Fixed a heap-buffer overflow in php_ifd_get32si() (bsc#1132838).\n- CVE-2019-11035: Fixed a heap-buffer overflow in exif_iif_add_value() (bsc#1132837).\n- CVE-2019-11036: Fixed buffer over-read in exif_process_IFD_TAG function leading to information disclosure (bsc#1134322).\n\nNon-security issue fixed:\n\n- Use system gd (bsc#1133714).\n","modified":"2026-02-04T04:19:17.915087Z","published":"2019-05-27T13:30:37Z","related":["CVE-2019-11034","CVE-2019-11035","CVE-2019-11036"],"upstream":["CVE-2019-11034","CVE-2019-11035","CVE-2019-11036"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2019/suse-su-20191360-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1132837"},{"type":"REPORT","url":"https://bugzilla.suse.com/1132838"},{"type":"REPORT","url":"https://bugzilla.suse.com/1133714"},{"type":"REPORT","url":"https://bugzilla.suse.com/1134322"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11034"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11035"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11036"}],"affected":[{"package":{"name":"php72","ecosystem":"SUSE:Linux Enterprise Module for Web and Scripting 12","purl":"pkg:rpm/suse/php72&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.2.5-1.17.1"}]}],"ecosystem_specific":{"binaries":[{"php72-enchant":"7.2.5-1.17.1","php72-fileinfo":"7.2.5-1.17.1","php72-calendar":"7.2.5-1.17.1","php72-ctype":"7.2.5-1.17.1","php72-pgsql":"7.2.5-1.17.1","php72-xmlreader":"7.2.5-1.17.1","php72-zip":"7.2.5-1.17.1","php72-phar":"7.2.5-1.17.1","php72-sqlite":"7.2.5-1.17.1","php72-opcache":"7.2.5-1.17.1","php72-tidy":"7.2.5-1.17.1","php72-odbc":"7.2.5-1.17.1","php72-sysvshm":"7.2.5-1.17.1","php72-intl":"7.2.5-1.17.1","apache2-mod_php72":"7.2.5-1.17.1","php72-gettext":"7.2.5-1.17.1","php72-imap":"7.2.5-1.17.1","php72-ldap":"7.2.5-1.17.1","php72-dom":"7.2.5-1.17.1","php72-snmp":"7.2.5-1.17.1","php72-openssl":"7.2.5-1.17.1","php72-posix":"7.2.5-1.17.1","php72-sockets":"7.2.5-1.17.1","php72-zlib":"7.2.5-1.17.1","php72-xsl":"7.2.5-1.17.1","php72-pear":"7.2.5-1.17.1","php72-xmlwriter":"7.2.5-1.17.1","php72-readline":"7.2.5-1.17.1","php72-wddx":"7.2.5-1.17.1","php72-tokenizer":"7.2.5-1.17.1","php72-gd":"7.2.5-1.17.1","php72-shmop":"7.2.5-1.17.1","php72-xmlrpc":"7.2.5-1.17.1","php72-iconv":"7.2.5-1.17.1","php72-pdo":"7.2.5-1.17.1","php72-ftp":"7.2.5-1.17.1","php72-fpm":"7.2.5-1.17.1","php72-sysvmsg":"7.2.5-1.17.1","php72-pspell":"7.2.5-1.17.1","php72-sysvsem":"7.2.5-1.17.1","php72":"7.2.5-1.17.1","php72-pear-Archive_Tar":"7.2.5-1.17.1","php72-pcntl":"7.2.5-1.17.1","php72-gmp":"7.2.5-1.17.1","php72-soap":"7.2.5-1.17.1","php72-fastcgi":"7.2.5-1.17.1","php72-exif":"7.2.5-1.17.1","php72-bz2":"7.2.5-1.17.1","php72-curl":"7.2.5-1.17.1","php72-json":"7.2.5-1.17.1","php72-bcmath":"7.2.5-1.17.1","php72-dba":"7.2.5-1.17.1","php72-mysql":"7.2.5-1.17.1","php72-mbstring":"7.2.5-1.17.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2019:1360-1.json"}},{"package":{"name":"php72","ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP3","purl":"pkg:rpm/suse/php72&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.2.5-1.17.1"}]}],"ecosystem_specific":{"binaries":[{"php72-devel":"7.2.5-1.17.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2019:1360-1.json"}},{"package":{"name":"php72","ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP4","purl":"pkg:rpm/suse/php72&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.2.5-1.17.1"}]}],"ecosystem_specific":{"binaries":[{"php72-devel":"7.2.5-1.17.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2019:1360-1.json"}}],"schema_version":"1.7.3"}