Mageia Advisory: MGASA-2019-0307 - Updated php and pcre2 packages fix security vulnerabilities

Updated php and pcre2 packages fix security vulnerabilities

Publication date: 29 Oct 2019
Modification date: 29 Oct 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-11043

Description

Updated php and pcre2 packages fix security vulnerabilities:

- FPM (#78599) env_path_info underflow in fpm_main.c can lead to RCE.
  (CVE-2019-11043)
- MBString (#78633) Heap buffer overflow (read) in mb_eregi.
- Mysqlnd (#78525) Memory leak in pdo when reusing native prepared
  statements.
- PCRE (#78272) calling preg_match() before pcntl_fork() will freeze
  child process.
- Base (#78612) strtr leaks memory when integer keys are used and the
  subject string shorter.

References

https://bugs.mageia.org/show_bug.cgi?id=25603
https://www.php.net/ChangeLog-7.php#7.3.11
https://bugs.php.net/bug.php?id=78272
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11043

SRPMS

7/core

php-7.3.11-1.mga7
pcre2-10.33-1.1.mga7

Advisories » MGASA-2019-0307

Updated php and pcre2 packages fix security vulnerabilities

Description

References

SRPMS

7/core