The PHP team has published version 7.3.13 and 7.4.1 that fixes several CVEs. https://www.php.net/ChangeLog-7.php#7.3.13
Whiteboard: (none) => MGA7TOOCVE: (none) => CVE-2019-11044 CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11049 CVE-2019-11050
Thx, on release they often don't publish t
CVE: CVE-2019-11044 CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11049 CVE-2019-11050 => CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11049 CVE-2019-11050
Updated php packages fix security vulnerabilities: In php some buffer overflows and double frees have been fixed in mail and exif. Some small other bugs have been fixed too. References: https://www.php.net/ChangeLog-7.php#7.3.13 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11045 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11046 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11049 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11050 ======================== Updated packages in core/updates_testing: ======================== php-ini-7.3.13-1.mga7 apache-mod_php-7.3.13-1.mga7 php-cli-7.3.13-1.mga7 php-cgi-7.3.13-1.mga7 lib64php_common7-7.3.13-1.mga7 php-devel-7.3.13-1.mga7 php-openssl-7.3.13-1.mga7 php-zlib-7.3.13-1.mga7 php-doc-7.3.13-1.mga7 php-bcmath-7.3.13-1.mga7 php-bz2-7.3.13-1.mga7 php-calendar-7.3.13-1.mga7 php-ctype-7.3.13-1.mga7 php-curl-7.3.13-1.mga7 php-dba-7.3.13-1.mga7 php-dom-7.3.13-1.mga7 php-enchant-7.3.13-1.mga7 php-exif-7.3.13-1.mga7 php-fileinfo-7.3.13-1.mga7 php-filter-7.3.13-1.mga7 php-ftp-7.3.13-1.mga7 php-gd-7.3.13-1.mga7 php-gettext-7.3.13-1.mga7 php-gmp-7.3.13-1.mga7 php-hash-7.3.13-1.mga7 php-iconv-7.3.13-1.mga7 php-imap-7.3.13-1.mga7 php-interbase-7.3.13-1.mga7 php-intl-7.3.13-1.mga7 php-json-7.3.13-1.mga7 php-ldap-7.3.13-1.mga7 php-mbstring-7.3.13-1.mga7 php-mysqli-7.3.13-1.mga7 php-mysqlnd-7.3.13-1.mga7 php-odbc-7.3.13-1.mga7 php-opcache-7.3.13-1.mga7 php-pcntl-7.3.13-1.mga7 php-pdo-7.3.13-1.mga7 php-pdo_dblib-7.3.13-1.mga7 php-pdo_firebird-7.3.13-1.mga7 php-pdo_mysql-7.3.13-1.mga7 php-pdo_odbc-7.3.13-1.mga7 php-pdo_pgsql-7.3.13-1.mga7 php-pdo_sqlite-7.3.13-1.mga7 php-pgsql-7.3.13-1.mga7 php-phar-7.3.13-1.mga7 php-posix-7.3.13-1.mga7 php-readline-7.3.13-1.mga7 php-recode-7.3.13-1.mga7 php-session-7.3.13-1.mga7 php-shmop-7.3.13-1.mga7 php-snmp-7.3.13-1.mga7 php-soap-7.3.13-1.mga7 php-sockets-7.3.13-1.mga7 php-sodium-7.3.13-1.mga7 php-sqlite3-7.3.13-1.mga7 php-sysvmsg-7.3.13-1.mga7 php-sysvsem-7.3.13-1.mga7 php-sysvshm-7.3.13-1.mga7 php-tidy-7.3.13-1.mga7 php-tokenizer-7.3.13-1.mga7 php-xml-7.3.13-1.mga7 php-xmlreader-7.3.13-1.mga7 php-xmlrpc-7.3.13-1.mga7 php-xmlwriter-7.3.13-1.mga7 php-xsl-7.3.13-1.mga7 php-wddx-7.3.13-1.mga7 php-zip-7.3.13-1.mga7 php-fpm-7.3.13-1.mga7 phpdbg-7.3.13-1.mga7 php-debugsource-7.3.13-1.mga7 php-debuginfo-7.3.13-1.mga7 apache-mod_php-debuginfo-7.3.13-1.mga7 php-cli-debuginfo-7.3.13-1.mga7 php-cgi-debuginfo-7.3.13-1.mga7 lib64php_common7-debuginfo-7.3.13-1.mga7 php-openssl-debuginfo-7.3.13-1.mga7 php-zlib-debuginfo-7.3.13-1.mga7 php-bcmath-debuginfo-7.3.13-1.mga7 php-bz2-debuginfo-7.3.13-1.mga7 php-calendar-debuginfo-7.3.13-1.mga7 php-ctype-debuginfo-7.3.13-1.mga7 php-curl-debuginfo-7.3.13-1.mga7 php-dba-debuginfo-7.3.13-1.mga7 php-dom-debuginfo-7.3.13-1.mga7 php-enchant-debuginfo-7.3.13-1.mga7 php-exif-debuginfo-7.3.13-1.mga7 php-fileinfo-debuginfo-7.3.13-1.mga7 php-filter-debuginfo-7.3.13-1.mga7 php-ftp-debuginfo-7.3.13-1.mga7 php-gd-debuginfo-7.3.13-1.mga7 php-gettext-debuginfo-7.3.13-1.mga7 php-gmp-debuginfo-7.3.13-1.mga7 php-hash-debuginfo-7.3.13-1.mga7 php-iconv-debuginfo-7.3.13-1.mga7 php-imap-debuginfo-7.3.13-1.mga7 php-interbase-debuginfo-7.3.13-1.mga7 php-intl-debuginfo-7.3.13-1.mga7 php-json-debuginfo-7.3.13-1.mga7 php-ldap-debuginfo-7.3.13-1.mga7 php-mbstring-debuginfo-7.3.13-1.mga7 php-mysqli-debuginfo-7.3.13-1.mga7 php-mysqlnd-debuginfo-7.3.13-1.mga7 php-odbc-debuginfo-7.3.13-1.mga7 php-opcache-debuginfo-7.3.13-1.mga7 php-pcntl-debuginfo-7.3.13-1.mga7 php-pdo-debuginfo-7.3.13-1.mga7 php-pdo_dblib-debuginfo-7.3.13-1.mga7 php-pdo_firebird-debuginfo-7.3.13-1.mga7 php-pdo_mysql-debuginfo-7.3.13-1.mga7 php-pdo_odbc-debuginfo-7.3.13-1.mga7 php-pdo_pgsql-debuginfo-7.3.13-1.mga7 php-pdo_sqlite-debuginfo-7.3.13-1.mga7 php-pgsql-debuginfo-7.3.13-1.mga7 php-phar-debuginfo-7.3.13-1.mga7 php-posix-debuginfo-7.3.13-1.mga7 php-readline-debuginfo-7.3.13-1.mga7 php-recode-debuginfo-7.3.13-1.mga7 php-session-debuginfo-7.3.13-1.mga7 php-shmop-debuginfo-7.3.13-1.mga7 php-snmp-debuginfo-7.3.13-1.mga7 php-soap-debuginfo-7.3.13-1.mga7 php-sockets-debuginfo-7.3.13-1.mga7 php-sodium-debuginfo-7.3.13-1.mga7 php-sqlite3-debuginfo-7.3.13-1.mga7 php-sysvmsg-debuginfo-7.3.13-1.mga7 php-sysvsem-debuginfo-7.3.13-1.mga7 php-sysvshm-debuginfo-7.3.13-1.mga7 php-tidy-debuginfo-7.3.13-1.mga7 php-tokenizer-debuginfo-7.3.13-1.mga7 php-xml-debuginfo-7.3.13-1.mga7 php-xmlreader-debuginfo-7.3.13-1.mga7 php-xmlrpc-debuginfo-7.3.13-1.mga7 php-xmlwriter-debuginfo-7.3.13-1.mga7 php-xsl-debuginfo-7.3.13-1.mga7 php-wddx-debuginfo-7.3.13-1.mga7 php-zip-debuginfo-7.3.13-1.mga7 php-fpm-debuginfo-7.3.13-1.mga7 phpdbg-debuginfo-7.3.13-1.mga7 SRPM: php-7.3.13-1.mga7.src.rpm
Assignee: mageia => qa-bugsVersion: Cauldron => 7
Installed and tested without issues. Tested with various large (e.g. phpmyadmin, phpPgAdmin, wordpress, drupal, roundcubemail, custom), using HTTP(S) and CLI. System: Mageia 7, x86_64, Intel CPU. $ uname -a Linux marte 5.4.5-desktop-1.mga7 #1 SMP Wed Dec 18 16:37:20 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | grep php.*7.3.13 | sort apache-mod_php-7.3.13-1.mga7 lib64php_common7-7.3.13-1.mga7 php-bz2-7.3.13-1.mga7 php-cli-7.3.13-1.mga7 php-ctype-7.3.13-1.mga7 php-curl-7.3.13-1.mga7 php-dom-7.3.13-1.mga7 php-exif-7.3.13-1.mga7 php-fileinfo-7.3.13-1.mga7 php-filter-7.3.13-1.mga7 php-ftp-7.3.13-1.mga7 php-gd-7.3.13-1.mga7 php-gettext-7.3.13-1.mga7 php-hash-7.3.13-1.mga7 php-iconv-7.3.13-1.mga7 php-ini-7.3.13-1.mga7 php-intl-7.3.13-1.mga7 php-json-7.3.13-1.mga7 php-ldap-7.3.13-1.mga7 php-mbstring-7.3.13-1.mga7 php-mysqli-7.3.13-1.mga7 php-mysqlnd-7.3.13-1.mga7 php-openssl-7.3.13-1.mga7 php-pdo-7.3.13-1.mga7 php-pdo_mysql-7.3.13-1.mga7 php-pdo_sqlite-7.3.13-1.mga7 php-pgsql-7.3.13-1.mga7 php-posix-7.3.13-1.mga7 php-session-7.3.13-1.mga7 php-sockets-7.3.13-1.mga7 php-sysvsem-7.3.13-1.mga7 php-sysvshm-7.3.13-1.mga7 php-tokenizer-7.3.13-1.mga7 php-xml-7.3.13-1.mga7 php-xmlreader-7.3.13-1.mga7 php-xmlwriter-7.3.13-1.mga7 php-zip-7.3.13-1.mga7 php-zlib-7.3.13-1.mga7
CC: (none) => mageia
CC: (none) => tmbKeywords: (none) => advisoryWhiteboard: MGA7TOO => (none)
Works OK here too
Whiteboard: (none) => MGA7-64-OKKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0412.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED