Security update for php5 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:1256-1 Final 1 1 2019-04-23T11:08:09Z current 2019-04-23T11:08:09Z 2019-04-23T11:08:09Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for php5 This update for php5 fixes the following issues: Security issues fixed: - CVE-2019-9024: Fixed a vulnerability in xmlrpc_decode function which could allow to a hostile XMLRPC server to cause memory read outside the allocated areas (bsc#1126821). - CVE-2019-9020: Fixed a heap out of bounds in xmlrpc_decode function (bsc#1126711). - CVE-2018-20783: Fixed a buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1127122). - CVE-2019-9021: Fixed a heap buffer-based buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1126713). - CVE-2019-9023: Fixed multiple heap-based buffer over-read instances in mbstring regular expression functions (bsc#1126823). - CVE-2019-9641: Fixed multiple invalid memory access in EXIF extension and improved insecure implementation of rename function (bsc#1128722). This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html E-Mail link for openSUSE-SU-2019:1256-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 apache2-mod_php5-5.5.14-115.1 php5-5.5.14-115.1 php5-bcmath-5.5.14-115.1 php5-bz2-5.5.14-115.1 php5-calendar-5.5.14-115.1 php5-ctype-5.5.14-115.1 php5-curl-5.5.14-115.1 php5-dba-5.5.14-115.1 php5-devel-5.5.14-115.1 php5-dom-5.5.14-115.1 php5-enchant-5.5.14-115.1 php5-exif-5.5.14-115.1 php5-fastcgi-5.5.14-115.1 php5-fileinfo-5.5.14-115.1 php5-firebird-5.5.14-115.1 php5-fpm-5.5.14-115.1 php5-ftp-5.5.14-115.1 php5-gd-5.5.14-115.1 php5-gettext-5.5.14-115.1 php5-gmp-5.5.14-115.1 php5-iconv-5.5.14-115.1 php5-imap-5.5.14-115.1 php5-intl-5.5.14-115.1 php5-json-5.5.14-115.1 php5-ldap-5.5.14-115.1 php5-mbstring-5.5.14-115.1 php5-mcrypt-5.5.14-115.1 php5-mssql-5.5.14-115.1 php5-mysql-5.5.14-115.1 php5-odbc-5.5.14-115.1 php5-opcache-5.5.14-115.1 php5-openssl-5.5.14-115.1 php5-pcntl-5.5.14-115.1 php5-pdo-5.5.14-115.1 php5-pear-5.5.14-115.1 php5-pgsql-5.5.14-115.1 php5-phar-5.5.14-115.1 php5-posix-5.5.14-115.1 php5-pspell-5.5.14-115.1 php5-readline-5.5.14-115.1 php5-shmop-5.5.14-115.1 php5-snmp-5.5.14-115.1 php5-soap-5.5.14-115.1 php5-sockets-5.5.14-115.1 php5-sqlite-5.5.14-115.1 php5-suhosin-5.5.14-115.1 php5-sysvmsg-5.5.14-115.1 php5-sysvsem-5.5.14-115.1 php5-sysvshm-5.5.14-115.1 php5-tidy-5.5.14-115.1 php5-tokenizer-5.5.14-115.1 php5-wddx-5.5.14-115.1 php5-xmlreader-5.5.14-115.1 php5-xmlrpc-5.5.14-115.1 php5-xmlwriter-5.5.14-115.1 php5-xsl-5.5.14-115.1 php5-zip-5.5.14-115.1 php5-zlib-5.5.14-115.1 apache2-mod_php5-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-bcmath-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-bz2-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-calendar-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-ctype-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-curl-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-dba-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-devel-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-dom-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-enchant-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-exif-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-fastcgi-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-fileinfo-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-firebird-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-fpm-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-ftp-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-gd-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-gettext-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-gmp-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-iconv-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-imap-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-intl-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-json-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-ldap-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-mbstring-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-mcrypt-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-mssql-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-mysql-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-odbc-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-opcache-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-openssl-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-pcntl-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-pdo-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-pear-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-pgsql-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-phar-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-posix-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-pspell-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-readline-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-shmop-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-snmp-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-soap-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-sockets-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-sqlite-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-suhosin-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-sysvmsg-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-sysvsem-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-sysvshm-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-tidy-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-tokenizer-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-wddx-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-xmlreader-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-xmlrpc-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-xmlwriter-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-xsl-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-zip-5.5.14-115.1 as a component of openSUSE Leap 42.3 php5-zlib-5.5.14-115.1 as a component of openSUSE Leap 42.3 In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in ext/phar/phar.c. CVE-2018-20783 openSUSE Leap 42.3:apache2-mod_php5-5.5.14-115.1 openSUSE Leap 42.3:php5-5.5.14-115.1 openSUSE Leap 42.3:php5-bcmath-5.5.14-115.1 openSUSE Leap 42.3:php5-bz2-5.5.14-115.1 openSUSE Leap 42.3:php5-calendar-5.5.14-115.1 openSUSE Leap 42.3:php5-ctype-5.5.14-115.1 openSUSE Leap 42.3:php5-curl-5.5.14-115.1 openSUSE Leap 42.3:php5-dba-5.5.14-115.1 openSUSE Leap 42.3:php5-devel-5.5.14-115.1 openSUSE Leap 42.3:php5-dom-5.5.14-115.1 openSUSE Leap 42.3:php5-enchant-5.5.14-115.1 openSUSE Leap 42.3:php5-exif-5.5.14-115.1 openSUSE Leap 42.3:php5-fastcgi-5.5.14-115.1 openSUSE Leap 42.3:php5-fileinfo-5.5.14-115.1 openSUSE Leap 42.3:php5-firebird-5.5.14-115.1 openSUSE Leap 42.3:php5-fpm-5.5.14-115.1 openSUSE Leap 42.3:php5-ftp-5.5.14-115.1 openSUSE Leap 42.3:php5-gd-5.5.14-115.1 openSUSE Leap 42.3:php5-gettext-5.5.14-115.1 openSUSE Leap 42.3:php5-gmp-5.5.14-115.1 openSUSE Leap 42.3:php5-iconv-5.5.14-115.1 openSUSE Leap 42.3:php5-imap-5.5.14-115.1 openSUSE Leap 42.3:php5-intl-5.5.14-115.1 openSUSE Leap 42.3:php5-json-5.5.14-115.1 openSUSE Leap 42.3:php5-ldap-5.5.14-115.1 openSUSE Leap 42.3:php5-mbstring-5.5.14-115.1 openSUSE Leap 42.3:php5-mcrypt-5.5.14-115.1 openSUSE Leap 42.3:php5-mssql-5.5.14-115.1 openSUSE Leap 42.3:php5-mysql-5.5.14-115.1 openSUSE Leap 42.3:php5-odbc-5.5.14-115.1 openSUSE Leap 42.3:php5-opcache-5.5.14-115.1 openSUSE Leap 42.3:php5-openssl-5.5.14-115.1 openSUSE Leap 42.3:php5-pcntl-5.5.14-115.1 openSUSE Leap 42.3:php5-pdo-5.5.14-115.1 openSUSE Leap 42.3:php5-pear-5.5.14-115.1 openSUSE Leap 42.3:php5-pgsql-5.5.14-115.1 openSUSE Leap 42.3:php5-phar-5.5.14-115.1 openSUSE Leap 42.3:php5-posix-5.5.14-115.1 openSUSE Leap 42.3:php5-pspell-5.5.14-115.1 openSUSE Leap 42.3:php5-readline-5.5.14-115.1 openSUSE Leap 42.3:php5-shmop-5.5.14-115.1 openSUSE Leap 42.3:php5-snmp-5.5.14-115.1 openSUSE Leap 42.3:php5-soap-5.5.14-115.1 openSUSE Leap 42.3:php5-sockets-5.5.14-115.1 openSUSE Leap 42.3:php5-sqlite-5.5.14-115.1 openSUSE Leap 42.3:php5-suhosin-5.5.14-115.1 openSUSE Leap 42.3:php5-sysvmsg-5.5.14-115.1 openSUSE Leap 42.3:php5-sysvsem-5.5.14-115.1 openSUSE Leap 42.3:php5-sysvshm-5.5.14-115.1 openSUSE Leap 42.3:php5-tidy-5.5.14-115.1 openSUSE Leap 42.3:php5-tokenizer-5.5.14-115.1 openSUSE Leap 42.3:php5-wddx-5.5.14-115.1 openSUSE Leap 42.3:php5-xmlreader-5.5.14-115.1 openSUSE Leap 42.3:php5-xmlrpc-5.5.14-115.1 openSUSE Leap 42.3:php5-xmlwriter-5.5.14-115.1 openSUSE Leap 42.3:php5-xsl-5.5.14-115.1 openSUSE Leap 42.3:php5-zip-5.5.14-115.1 openSUSE Leap 42.3:php5-zlib-5.5.14-115.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html https://www.suse.com/security/cve/CVE-2018-20783.html CVE-2018-20783 https://bugzilla.suse.com/1126713 SUSE Bug 1126713 https://bugzilla.suse.com/1127122 SUSE Bug 1127122 An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c. CVE-2019-9020 openSUSE Leap 42.3:apache2-mod_php5-5.5.14-115.1 openSUSE Leap 42.3:php5-5.5.14-115.1 openSUSE Leap 42.3:php5-bcmath-5.5.14-115.1 openSUSE Leap 42.3:php5-bz2-5.5.14-115.1 openSUSE Leap 42.3:php5-calendar-5.5.14-115.1 openSUSE Leap 42.3:php5-ctype-5.5.14-115.1 openSUSE Leap 42.3:php5-curl-5.5.14-115.1 openSUSE Leap 42.3:php5-dba-5.5.14-115.1 openSUSE Leap 42.3:php5-devel-5.5.14-115.1 openSUSE Leap 42.3:php5-dom-5.5.14-115.1 openSUSE Leap 42.3:php5-enchant-5.5.14-115.1 openSUSE Leap 42.3:php5-exif-5.5.14-115.1 openSUSE Leap 42.3:php5-fastcgi-5.5.14-115.1 openSUSE Leap 42.3:php5-fileinfo-5.5.14-115.1 openSUSE Leap 42.3:php5-firebird-5.5.14-115.1 openSUSE Leap 42.3:php5-fpm-5.5.14-115.1 openSUSE Leap 42.3:php5-ftp-5.5.14-115.1 openSUSE Leap 42.3:php5-gd-5.5.14-115.1 openSUSE Leap 42.3:php5-gettext-5.5.14-115.1 openSUSE Leap 42.3:php5-gmp-5.5.14-115.1 openSUSE Leap 42.3:php5-iconv-5.5.14-115.1 openSUSE Leap 42.3:php5-imap-5.5.14-115.1 openSUSE Leap 42.3:php5-intl-5.5.14-115.1 openSUSE Leap 42.3:php5-json-5.5.14-115.1 openSUSE Leap 42.3:php5-ldap-5.5.14-115.1 openSUSE Leap 42.3:php5-mbstring-5.5.14-115.1 openSUSE Leap 42.3:php5-mcrypt-5.5.14-115.1 openSUSE Leap 42.3:php5-mssql-5.5.14-115.1 openSUSE Leap 42.3:php5-mysql-5.5.14-115.1 openSUSE Leap 42.3:php5-odbc-5.5.14-115.1 openSUSE Leap 42.3:php5-opcache-5.5.14-115.1 openSUSE Leap 42.3:php5-openssl-5.5.14-115.1 openSUSE Leap 42.3:php5-pcntl-5.5.14-115.1 openSUSE Leap 42.3:php5-pdo-5.5.14-115.1 openSUSE Leap 42.3:php5-pear-5.5.14-115.1 openSUSE Leap 42.3:php5-pgsql-5.5.14-115.1 openSUSE Leap 42.3:php5-phar-5.5.14-115.1 openSUSE Leap 42.3:php5-posix-5.5.14-115.1 openSUSE Leap 42.3:php5-pspell-5.5.14-115.1 openSUSE Leap 42.3:php5-readline-5.5.14-115.1 openSUSE Leap 42.3:php5-shmop-5.5.14-115.1 openSUSE Leap 42.3:php5-snmp-5.5.14-115.1 openSUSE Leap 42.3:php5-soap-5.5.14-115.1 openSUSE Leap 42.3:php5-sockets-5.5.14-115.1 openSUSE Leap 42.3:php5-sqlite-5.5.14-115.1 openSUSE Leap 42.3:php5-suhosin-5.5.14-115.1 openSUSE Leap 42.3:php5-sysvmsg-5.5.14-115.1 openSUSE Leap 42.3:php5-sysvsem-5.5.14-115.1 openSUSE Leap 42.3:php5-sysvshm-5.5.14-115.1 openSUSE Leap 42.3:php5-tidy-5.5.14-115.1 openSUSE Leap 42.3:php5-tokenizer-5.5.14-115.1 openSUSE Leap 42.3:php5-wddx-5.5.14-115.1 openSUSE Leap 42.3:php5-xmlreader-5.5.14-115.1 openSUSE Leap 42.3:php5-xmlrpc-5.5.14-115.1 openSUSE Leap 42.3:php5-xmlwriter-5.5.14-115.1 openSUSE Leap 42.3:php5-xsl-5.5.14-115.1 openSUSE Leap 42.3:php5-zip-5.5.14-115.1 openSUSE Leap 42.3:php5-zlib-5.5.14-115.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html https://www.suse.com/security/cve/CVE-2019-9020.html CVE-2019-9020 https://bugzilla.suse.com/1126711 SUSE Bug 1126711 An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c. CVE-2019-9021 openSUSE Leap 42.3:apache2-mod_php5-5.5.14-115.1 openSUSE Leap 42.3:php5-5.5.14-115.1 openSUSE Leap 42.3:php5-bcmath-5.5.14-115.1 openSUSE Leap 42.3:php5-bz2-5.5.14-115.1 openSUSE Leap 42.3:php5-calendar-5.5.14-115.1 openSUSE Leap 42.3:php5-ctype-5.5.14-115.1 openSUSE Leap 42.3:php5-curl-5.5.14-115.1 openSUSE Leap 42.3:php5-dba-5.5.14-115.1 openSUSE Leap 42.3:php5-devel-5.5.14-115.1 openSUSE Leap 42.3:php5-dom-5.5.14-115.1 openSUSE Leap 42.3:php5-enchant-5.5.14-115.1 openSUSE Leap 42.3:php5-exif-5.5.14-115.1 openSUSE Leap 42.3:php5-fastcgi-5.5.14-115.1 openSUSE Leap 42.3:php5-fileinfo-5.5.14-115.1 openSUSE Leap 42.3:php5-firebird-5.5.14-115.1 openSUSE Leap 42.3:php5-fpm-5.5.14-115.1 openSUSE Leap 42.3:php5-ftp-5.5.14-115.1 openSUSE Leap 42.3:php5-gd-5.5.14-115.1 openSUSE Leap 42.3:php5-gettext-5.5.14-115.1 openSUSE Leap 42.3:php5-gmp-5.5.14-115.1 openSUSE Leap 42.3:php5-iconv-5.5.14-115.1 openSUSE Leap 42.3:php5-imap-5.5.14-115.1 openSUSE Leap 42.3:php5-intl-5.5.14-115.1 openSUSE Leap 42.3:php5-json-5.5.14-115.1 openSUSE Leap 42.3:php5-ldap-5.5.14-115.1 openSUSE Leap 42.3:php5-mbstring-5.5.14-115.1 openSUSE Leap 42.3:php5-mcrypt-5.5.14-115.1 openSUSE Leap 42.3:php5-mssql-5.5.14-115.1 openSUSE Leap 42.3:php5-mysql-5.5.14-115.1 openSUSE Leap 42.3:php5-odbc-5.5.14-115.1 openSUSE Leap 42.3:php5-opcache-5.5.14-115.1 openSUSE Leap 42.3:php5-openssl-5.5.14-115.1 openSUSE Leap 42.3:php5-pcntl-5.5.14-115.1 openSUSE Leap 42.3:php5-pdo-5.5.14-115.1 openSUSE Leap 42.3:php5-pear-5.5.14-115.1 openSUSE Leap 42.3:php5-pgsql-5.5.14-115.1 openSUSE Leap 42.3:php5-phar-5.5.14-115.1 openSUSE Leap 42.3:php5-posix-5.5.14-115.1 openSUSE Leap 42.3:php5-pspell-5.5.14-115.1 openSUSE Leap 42.3:php5-readline-5.5.14-115.1 openSUSE Leap 42.3:php5-shmop-5.5.14-115.1 openSUSE Leap 42.3:php5-snmp-5.5.14-115.1 openSUSE Leap 42.3:php5-soap-5.5.14-115.1 openSUSE Leap 42.3:php5-sockets-5.5.14-115.1 openSUSE Leap 42.3:php5-sqlite-5.5.14-115.1 openSUSE Leap 42.3:php5-suhosin-5.5.14-115.1 openSUSE Leap 42.3:php5-sysvmsg-5.5.14-115.1 openSUSE Leap 42.3:php5-sysvsem-5.5.14-115.1 openSUSE Leap 42.3:php5-sysvshm-5.5.14-115.1 openSUSE Leap 42.3:php5-tidy-5.5.14-115.1 openSUSE Leap 42.3:php5-tokenizer-5.5.14-115.1 openSUSE Leap 42.3:php5-wddx-5.5.14-115.1 openSUSE Leap 42.3:php5-xmlreader-5.5.14-115.1 openSUSE Leap 42.3:php5-xmlrpc-5.5.14-115.1 openSUSE Leap 42.3:php5-xmlwriter-5.5.14-115.1 openSUSE Leap 42.3:php5-xsl-5.5.14-115.1 openSUSE Leap 42.3:php5-zip-5.5.14-115.1 openSUSE Leap 42.3:php5-zlib-5.5.14-115.1 low Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html https://www.suse.com/security/cve/CVE-2019-9021.html CVE-2019-9021 https://bugzilla.suse.com/1126713 SUSE Bug 1126713 An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences. CVE-2019-9023 openSUSE Leap 42.3:apache2-mod_php5-5.5.14-115.1 openSUSE Leap 42.3:php5-5.5.14-115.1 openSUSE Leap 42.3:php5-bcmath-5.5.14-115.1 openSUSE Leap 42.3:php5-bz2-5.5.14-115.1 openSUSE Leap 42.3:php5-calendar-5.5.14-115.1 openSUSE Leap 42.3:php5-ctype-5.5.14-115.1 openSUSE Leap 42.3:php5-curl-5.5.14-115.1 openSUSE Leap 42.3:php5-dba-5.5.14-115.1 openSUSE Leap 42.3:php5-devel-5.5.14-115.1 openSUSE Leap 42.3:php5-dom-5.5.14-115.1 openSUSE Leap 42.3:php5-enchant-5.5.14-115.1 openSUSE Leap 42.3:php5-exif-5.5.14-115.1 openSUSE Leap 42.3:php5-fastcgi-5.5.14-115.1 openSUSE Leap 42.3:php5-fileinfo-5.5.14-115.1 openSUSE Leap 42.3:php5-firebird-5.5.14-115.1 openSUSE Leap 42.3:php5-fpm-5.5.14-115.1 openSUSE Leap 42.3:php5-ftp-5.5.14-115.1 openSUSE Leap 42.3:php5-gd-5.5.14-115.1 openSUSE Leap 42.3:php5-gettext-5.5.14-115.1 openSUSE Leap 42.3:php5-gmp-5.5.14-115.1 openSUSE Leap 42.3:php5-iconv-5.5.14-115.1 openSUSE Leap 42.3:php5-imap-5.5.14-115.1 openSUSE Leap 42.3:php5-intl-5.5.14-115.1 openSUSE Leap 42.3:php5-json-5.5.14-115.1 openSUSE Leap 42.3:php5-ldap-5.5.14-115.1 openSUSE Leap 42.3:php5-mbstring-5.5.14-115.1 openSUSE Leap 42.3:php5-mcrypt-5.5.14-115.1 openSUSE Leap 42.3:php5-mssql-5.5.14-115.1 openSUSE Leap 42.3:php5-mysql-5.5.14-115.1 openSUSE Leap 42.3:php5-odbc-5.5.14-115.1 openSUSE Leap 42.3:php5-opcache-5.5.14-115.1 openSUSE Leap 42.3:php5-openssl-5.5.14-115.1 openSUSE Leap 42.3:php5-pcntl-5.5.14-115.1 openSUSE Leap 42.3:php5-pdo-5.5.14-115.1 openSUSE Leap 42.3:php5-pear-5.5.14-115.1 openSUSE Leap 42.3:php5-pgsql-5.5.14-115.1 openSUSE Leap 42.3:php5-phar-5.5.14-115.1 openSUSE Leap 42.3:php5-posix-5.5.14-115.1 openSUSE Leap 42.3:php5-pspell-5.5.14-115.1 openSUSE Leap 42.3:php5-readline-5.5.14-115.1 openSUSE Leap 42.3:php5-shmop-5.5.14-115.1 openSUSE Leap 42.3:php5-snmp-5.5.14-115.1 openSUSE Leap 42.3:php5-soap-5.5.14-115.1 openSUSE Leap 42.3:php5-sockets-5.5.14-115.1 openSUSE Leap 42.3:php5-sqlite-5.5.14-115.1 openSUSE Leap 42.3:php5-suhosin-5.5.14-115.1 openSUSE Leap 42.3:php5-sysvmsg-5.5.14-115.1 openSUSE Leap 42.3:php5-sysvsem-5.5.14-115.1 openSUSE Leap 42.3:php5-sysvshm-5.5.14-115.1 openSUSE Leap 42.3:php5-tidy-5.5.14-115.1 openSUSE Leap 42.3:php5-tokenizer-5.5.14-115.1 openSUSE Leap 42.3:php5-wddx-5.5.14-115.1 openSUSE Leap 42.3:php5-xmlreader-5.5.14-115.1 openSUSE Leap 42.3:php5-xmlrpc-5.5.14-115.1 openSUSE Leap 42.3:php5-xmlwriter-5.5.14-115.1 openSUSE Leap 42.3:php5-xsl-5.5.14-115.1 openSUSE Leap 42.3:php5-zip-5.5.14-115.1 openSUSE Leap 42.3:php5-zlib-5.5.14-115.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html https://www.suse.com/security/cve/CVE-2019-9023.html CVE-2019-9023 https://bugzilla.suse.com/1126823 SUSE Bug 1126823 An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c. CVE-2019-9024 openSUSE Leap 42.3:apache2-mod_php5-5.5.14-115.1 openSUSE Leap 42.3:php5-5.5.14-115.1 openSUSE Leap 42.3:php5-bcmath-5.5.14-115.1 openSUSE Leap 42.3:php5-bz2-5.5.14-115.1 openSUSE Leap 42.3:php5-calendar-5.5.14-115.1 openSUSE Leap 42.3:php5-ctype-5.5.14-115.1 openSUSE Leap 42.3:php5-curl-5.5.14-115.1 openSUSE Leap 42.3:php5-dba-5.5.14-115.1 openSUSE Leap 42.3:php5-devel-5.5.14-115.1 openSUSE Leap 42.3:php5-dom-5.5.14-115.1 openSUSE Leap 42.3:php5-enchant-5.5.14-115.1 openSUSE Leap 42.3:php5-exif-5.5.14-115.1 openSUSE Leap 42.3:php5-fastcgi-5.5.14-115.1 openSUSE Leap 42.3:php5-fileinfo-5.5.14-115.1 openSUSE Leap 42.3:php5-firebird-5.5.14-115.1 openSUSE Leap 42.3:php5-fpm-5.5.14-115.1 openSUSE Leap 42.3:php5-ftp-5.5.14-115.1 openSUSE Leap 42.3:php5-gd-5.5.14-115.1 openSUSE Leap 42.3:php5-gettext-5.5.14-115.1 openSUSE Leap 42.3:php5-gmp-5.5.14-115.1 openSUSE Leap 42.3:php5-iconv-5.5.14-115.1 openSUSE Leap 42.3:php5-imap-5.5.14-115.1 openSUSE Leap 42.3:php5-intl-5.5.14-115.1 openSUSE Leap 42.3:php5-json-5.5.14-115.1 openSUSE Leap 42.3:php5-ldap-5.5.14-115.1 openSUSE Leap 42.3:php5-mbstring-5.5.14-115.1 openSUSE Leap 42.3:php5-mcrypt-5.5.14-115.1 openSUSE Leap 42.3:php5-mssql-5.5.14-115.1 openSUSE Leap 42.3:php5-mysql-5.5.14-115.1 openSUSE Leap 42.3:php5-odbc-5.5.14-115.1 openSUSE Leap 42.3:php5-opcache-5.5.14-115.1 openSUSE Leap 42.3:php5-openssl-5.5.14-115.1 openSUSE Leap 42.3:php5-pcntl-5.5.14-115.1 openSUSE Leap 42.3:php5-pdo-5.5.14-115.1 openSUSE Leap 42.3:php5-pear-5.5.14-115.1 openSUSE Leap 42.3:php5-pgsql-5.5.14-115.1 openSUSE Leap 42.3:php5-phar-5.5.14-115.1 openSUSE Leap 42.3:php5-posix-5.5.14-115.1 openSUSE Leap 42.3:php5-pspell-5.5.14-115.1 openSUSE Leap 42.3:php5-readline-5.5.14-115.1 openSUSE Leap 42.3:php5-shmop-5.5.14-115.1 openSUSE Leap 42.3:php5-snmp-5.5.14-115.1 openSUSE Leap 42.3:php5-soap-5.5.14-115.1 openSUSE Leap 42.3:php5-sockets-5.5.14-115.1 openSUSE Leap 42.3:php5-sqlite-5.5.14-115.1 openSUSE Leap 42.3:php5-suhosin-5.5.14-115.1 openSUSE Leap 42.3:php5-sysvmsg-5.5.14-115.1 openSUSE Leap 42.3:php5-sysvsem-5.5.14-115.1 openSUSE Leap 42.3:php5-sysvshm-5.5.14-115.1 openSUSE Leap 42.3:php5-tidy-5.5.14-115.1 openSUSE Leap 42.3:php5-tokenizer-5.5.14-115.1 openSUSE Leap 42.3:php5-wddx-5.5.14-115.1 openSUSE Leap 42.3:php5-xmlreader-5.5.14-115.1 openSUSE Leap 42.3:php5-xmlrpc-5.5.14-115.1 openSUSE Leap 42.3:php5-xmlwriter-5.5.14-115.1 openSUSE Leap 42.3:php5-xsl-5.5.14-115.1 openSUSE Leap 42.3:php5-zip-5.5.14-115.1 openSUSE Leap 42.3:php5-zlib-5.5.14-115.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html https://www.suse.com/security/cve/CVE-2019-9024.html CVE-2019-9024 https://bugzilla.suse.com/1126821 SUSE Bug 1126821 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF. CVE-2019-9641 openSUSE Leap 42.3:apache2-mod_php5-5.5.14-115.1 openSUSE Leap 42.3:php5-5.5.14-115.1 openSUSE Leap 42.3:php5-bcmath-5.5.14-115.1 openSUSE Leap 42.3:php5-bz2-5.5.14-115.1 openSUSE Leap 42.3:php5-calendar-5.5.14-115.1 openSUSE Leap 42.3:php5-ctype-5.5.14-115.1 openSUSE Leap 42.3:php5-curl-5.5.14-115.1 openSUSE Leap 42.3:php5-dba-5.5.14-115.1 openSUSE Leap 42.3:php5-devel-5.5.14-115.1 openSUSE Leap 42.3:php5-dom-5.5.14-115.1 openSUSE Leap 42.3:php5-enchant-5.5.14-115.1 openSUSE Leap 42.3:php5-exif-5.5.14-115.1 openSUSE Leap 42.3:php5-fastcgi-5.5.14-115.1 openSUSE Leap 42.3:php5-fileinfo-5.5.14-115.1 openSUSE Leap 42.3:php5-firebird-5.5.14-115.1 openSUSE Leap 42.3:php5-fpm-5.5.14-115.1 openSUSE Leap 42.3:php5-ftp-5.5.14-115.1 openSUSE Leap 42.3:php5-gd-5.5.14-115.1 openSUSE Leap 42.3:php5-gettext-5.5.14-115.1 openSUSE Leap 42.3:php5-gmp-5.5.14-115.1 openSUSE Leap 42.3:php5-iconv-5.5.14-115.1 openSUSE Leap 42.3:php5-imap-5.5.14-115.1 openSUSE Leap 42.3:php5-intl-5.5.14-115.1 openSUSE Leap 42.3:php5-json-5.5.14-115.1 openSUSE Leap 42.3:php5-ldap-5.5.14-115.1 openSUSE Leap 42.3:php5-mbstring-5.5.14-115.1 openSUSE Leap 42.3:php5-mcrypt-5.5.14-115.1 openSUSE Leap 42.3:php5-mssql-5.5.14-115.1 openSUSE Leap 42.3:php5-mysql-5.5.14-115.1 openSUSE Leap 42.3:php5-odbc-5.5.14-115.1 openSUSE Leap 42.3:php5-opcache-5.5.14-115.1 openSUSE Leap 42.3:php5-openssl-5.5.14-115.1 openSUSE Leap 42.3:php5-pcntl-5.5.14-115.1 openSUSE Leap 42.3:php5-pdo-5.5.14-115.1 openSUSE Leap 42.3:php5-pear-5.5.14-115.1 openSUSE Leap 42.3:php5-pgsql-5.5.14-115.1 openSUSE Leap 42.3:php5-phar-5.5.14-115.1 openSUSE Leap 42.3:php5-posix-5.5.14-115.1 openSUSE Leap 42.3:php5-pspell-5.5.14-115.1 openSUSE Leap 42.3:php5-readline-5.5.14-115.1 openSUSE Leap 42.3:php5-shmop-5.5.14-115.1 openSUSE Leap 42.3:php5-snmp-5.5.14-115.1 openSUSE Leap 42.3:php5-soap-5.5.14-115.1 openSUSE Leap 42.3:php5-sockets-5.5.14-115.1 openSUSE Leap 42.3:php5-sqlite-5.5.14-115.1 openSUSE Leap 42.3:php5-suhosin-5.5.14-115.1 openSUSE Leap 42.3:php5-sysvmsg-5.5.14-115.1 openSUSE Leap 42.3:php5-sysvsem-5.5.14-115.1 openSUSE Leap 42.3:php5-sysvshm-5.5.14-115.1 openSUSE Leap 42.3:php5-tidy-5.5.14-115.1 openSUSE Leap 42.3:php5-tokenizer-5.5.14-115.1 openSUSE Leap 42.3:php5-wddx-5.5.14-115.1 openSUSE Leap 42.3:php5-xmlreader-5.5.14-115.1 openSUSE Leap 42.3:php5-xmlrpc-5.5.14-115.1 openSUSE Leap 42.3:php5-xmlwriter-5.5.14-115.1 openSUSE Leap 42.3:php5-xsl-5.5.14-115.1 openSUSE Leap 42.3:php5-zip-5.5.14-115.1 openSUSE Leap 42.3:php5-zlib-5.5.14-115.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html https://www.suse.com/security/cve/CVE-2019-9641.html CVE-2019-9641 https://bugzilla.suse.com/1128722 SUSE Bug 1128722