Updated php and pcre2 packages fix security vulnerabilities
Publication date: 29 Oct 2019Modification date: 29 Oct 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-11043
Description
Updated php and pcre2 packages fix security vulnerabilities: - FPM (#78599) env_path_info underflow in fpm_main.c can lead to RCE. (CVE-2019-11043) - MBString (#78633) Heap buffer overflow (read) in mb_eregi. - Mysqlnd (#78525) Memory leak in pdo when reusing native prepared statements. - PCRE (#78272) calling preg_match() before pcntl_fork() will freeze child process. - Base (#78612) strtr leaks memory when integer keys are used and the subject string shorter.
References
SRPMS
7/core
- php-7.3.11-1.mga7
- pcre2-10.33-1.1.mga7