Security update for php7 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:1573-1 Final 1 1 2019-06-18T11:38:13Z current 2019-06-18T11:38:13Z 2019-06-18T11:38:13Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for php7 This update for php7 fixes the following issues: Security issues fixed: - CVE-2019-9637: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128892). - CVE-2019-9675: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128886). - CVE-2019-9638: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension ((bsc#1128889). - CVE-2019-9639: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128887). - CVE-2019-9640: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128883). - CVE-2019-9022: Fixed a vulnerability which could allow a hostile DNS server to make PHP misuse memcpy (bsc#1126827). - CVE-2019-9024: Fixed a vulnerability in xmlrpc_decode function which could allow to a hostile XMLRPC server to cause memory read outside the allocated areas (bsc#1126821). - CVE-2019-9020: Fixed a heap out of bounds in xmlrpc_decode function (bsc#1126711). - CVE-2018-20783: Fixed a buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1127122). - CVE-2019-9021: Fixed a heap buffer-based buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1126713). - CVE-2019-9023: Fixed multiple heap-based buffer over-read instances in mbstring regular expression functions (bsc#1126823). - CVE-2019-9641: Fixed multiple invalid memory access in EXIF extension and improved insecure implementation of rename function (bsc#1128722). - CVE-2018-19935: Fixed a Denial of Service in php_imap.c which could be triggered via an empty string in the message argument to imap_mail (bsc#1118832). - CVE-2019-11034: Fixed a heap-buffer overflow in php_ifd_get32si() (bsc#1132838). - CVE-2019-11035: Fixed a heap-buffer overflow in exif_iif_add_value() (bsc#1132837). - CVE-2019-11036: Fixed buffer over-read in exif_process_IFD_TAG function leading to information disclosure (bsc#1134322). Other issue addressed: - Deleted README.default_socket_timeout which is not needed anymore (bsc#1129032). - Enabled php7 testsuite (bsc#1119396). This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-1573 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html E-Mail link for openSUSE-SU-2019:1573-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1118832 SUSE Bug 1118832 https://bugzilla.suse.com/1119396 SUSE Bug 1119396 https://bugzilla.suse.com/1126711 SUSE Bug 1126711 https://bugzilla.suse.com/1126713 SUSE Bug 1126713 https://bugzilla.suse.com/1126821 SUSE Bug 1126821 https://bugzilla.suse.com/1126823 SUSE Bug 1126823 https://bugzilla.suse.com/1126827 SUSE Bug 1126827 https://bugzilla.suse.com/1127122 SUSE Bug 1127122 https://bugzilla.suse.com/1128722 SUSE Bug 1128722 https://bugzilla.suse.com/1128883 SUSE Bug 1128883 https://bugzilla.suse.com/1128886 SUSE Bug 1128886 https://bugzilla.suse.com/1128887 SUSE Bug 1128887 https://bugzilla.suse.com/1128889 SUSE Bug 1128889 https://bugzilla.suse.com/1128892 SUSE Bug 1128892 https://bugzilla.suse.com/1129032 SUSE Bug 1129032 https://bugzilla.suse.com/1132837 SUSE Bug 1132837 https://bugzilla.suse.com/1132838 SUSE Bug 1132838 https://bugzilla.suse.com/1134322 SUSE Bug 1134322 https://www.suse.com/security/cve/CVE-2018-19935/ SUSE CVE CVE-2018-19935 page https://www.suse.com/security/cve/CVE-2018-20783/ SUSE CVE CVE-2018-20783 page https://www.suse.com/security/cve/CVE-2019-11034/ SUSE CVE CVE-2019-11034 page https://www.suse.com/security/cve/CVE-2019-11035/ SUSE CVE CVE-2019-11035 page https://www.suse.com/security/cve/CVE-2019-11036/ SUSE CVE CVE-2019-11036 page https://www.suse.com/security/cve/CVE-2019-9020/ SUSE CVE CVE-2019-9020 page https://www.suse.com/security/cve/CVE-2019-9021/ SUSE CVE CVE-2019-9021 page https://www.suse.com/security/cve/CVE-2019-9022/ SUSE CVE CVE-2019-9022 page https://www.suse.com/security/cve/CVE-2019-9023/ SUSE CVE CVE-2019-9023 page https://www.suse.com/security/cve/CVE-2019-9024/ SUSE CVE CVE-2019-9024 page https://www.suse.com/security/cve/CVE-2019-9637/ SUSE CVE CVE-2019-9637 page https://www.suse.com/security/cve/CVE-2019-9638/ SUSE CVE CVE-2019-9638 page https://www.suse.com/security/cve/CVE-2019-9639/ SUSE CVE CVE-2019-9639 page https://www.suse.com/security/cve/CVE-2019-9640/ SUSE CVE CVE-2019-9640 page https://www.suse.com/security/cve/CVE-2019-9641/ SUSE CVE CVE-2019-9641 page https://www.suse.com/security/cve/CVE-2019-9675/ SUSE CVE CVE-2019-9675 page openSUSE Leap 15.0 apache2-mod_php7-7.2.5-lp150.2.19.1 php7-7.2.5-lp150.2.19.1 php7-bcmath-7.2.5-lp150.2.19.1 php7-bz2-7.2.5-lp150.2.19.1 php7-calendar-7.2.5-lp150.2.19.1 php7-ctype-7.2.5-lp150.2.19.1 php7-curl-7.2.5-lp150.2.19.1 php7-dba-7.2.5-lp150.2.19.1 php7-devel-7.2.5-lp150.2.19.1 php7-dom-7.2.5-lp150.2.19.1 php7-embed-7.2.5-lp150.2.19.1 php7-enchant-7.2.5-lp150.2.19.1 php7-exif-7.2.5-lp150.2.19.1 php7-fastcgi-7.2.5-lp150.2.19.1 php7-fileinfo-7.2.5-lp150.2.19.1 php7-firebird-7.2.5-lp150.2.19.1 php7-fpm-7.2.5-lp150.2.19.1 php7-ftp-7.2.5-lp150.2.19.1 php7-gd-7.2.5-lp150.2.19.1 php7-gettext-7.2.5-lp150.2.19.1 php7-gmp-7.2.5-lp150.2.19.1 php7-iconv-7.2.5-lp150.2.19.1 php7-intl-7.2.5-lp150.2.19.1 php7-json-7.2.5-lp150.2.19.1 php7-ldap-7.2.5-lp150.2.19.1 php7-mbstring-7.2.5-lp150.2.19.1 php7-mysql-7.2.5-lp150.2.19.1 php7-odbc-7.2.5-lp150.2.19.1 php7-opcache-7.2.5-lp150.2.19.1 php7-openssl-7.2.5-lp150.2.19.1 php7-pcntl-7.2.5-lp150.2.19.1 php7-pdo-7.2.5-lp150.2.19.1 php7-pear-7.2.5-lp150.2.19.1 php7-pear-Archive_Tar-7.2.5-lp150.2.19.1 php7-pgsql-7.2.5-lp150.2.19.1 php7-phar-7.2.5-lp150.2.19.1 php7-posix-7.2.5-lp150.2.19.1 php7-readline-7.2.5-lp150.2.19.1 php7-shmop-7.2.5-lp150.2.19.1 php7-snmp-7.2.5-lp150.2.19.1 php7-soap-7.2.5-lp150.2.19.1 php7-sockets-7.2.5-lp150.2.19.1 php7-sodium-7.2.5-lp150.2.19.1 php7-sqlite-7.2.5-lp150.2.19.1 php7-sysvmsg-7.2.5-lp150.2.19.1 php7-sysvsem-7.2.5-lp150.2.19.1 php7-sysvshm-7.2.5-lp150.2.19.1 php7-testresults-7.2.5-lp150.2.19.1 php7-tidy-7.2.5-lp150.2.19.1 php7-tokenizer-7.2.5-lp150.2.19.1 php7-wddx-7.2.5-lp150.2.19.1 php7-xmlreader-7.2.5-lp150.2.19.1 php7-xmlrpc-7.2.5-lp150.2.19.1 php7-xmlwriter-7.2.5-lp150.2.19.1 php7-xsl-7.2.5-lp150.2.19.1 php7-zip-7.2.5-lp150.2.19.1 php7-zlib-7.2.5-lp150.2.19.1 apache2-mod_php7-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-bcmath-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-bz2-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-calendar-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-ctype-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-curl-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-dba-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-devel-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-dom-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-embed-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-enchant-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-exif-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-fastcgi-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-fileinfo-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-firebird-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-fpm-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-ftp-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-gd-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-gettext-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-gmp-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-iconv-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-intl-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-json-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-ldap-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-mbstring-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-mysql-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-odbc-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-opcache-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-openssl-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-pcntl-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-pdo-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-pear-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-pear-Archive_Tar-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-pgsql-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-phar-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-posix-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-readline-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-shmop-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-snmp-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-soap-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-sockets-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-sodium-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-sqlite-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-sysvmsg-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-sysvsem-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-sysvshm-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-testresults-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-tidy-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-tokenizer-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-wddx-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-xmlreader-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-xmlrpc-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-xmlwriter-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-xsl-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-zip-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 php7-zlib-7.2.5-lp150.2.19.1 as a component of openSUSE Leap 15.0 ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function. CVE-2018-19935 openSUSE Leap 15.0:apache2-mod_php7-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-bcmath-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-bz2-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-calendar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ctype-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-curl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-dba-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-devel-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-dom-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-embed-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-enchant-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-exif-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fastcgi-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fileinfo-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-firebird-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fpm-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ftp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gd-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gettext-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gmp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-iconv-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-intl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-json-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ldap-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-mbstring-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-mysql-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-odbc-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-opcache-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-openssl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pcntl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pdo-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pear-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pear-Archive_Tar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pgsql-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-phar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-posix-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-readline-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-shmop-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-snmp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-soap-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sockets-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sodium-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sqlite-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvmsg-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvsem-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvshm-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-testresults-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-tidy-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-tokenizer-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-wddx-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlreader-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlrpc-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlwriter-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xsl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-zip-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-zlib-7.2.5-lp150.2.19.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html https://www.suse.com/security/cve/CVE-2018-19935.html CVE-2018-19935 https://bugzilla.suse.com/1118832 SUSE Bug 1118832 In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in ext/phar/phar.c. CVE-2018-20783 openSUSE Leap 15.0:apache2-mod_php7-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-bcmath-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-bz2-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-calendar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ctype-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-curl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-dba-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-devel-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-dom-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-embed-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-enchant-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-exif-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fastcgi-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fileinfo-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-firebird-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fpm-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ftp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gd-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gettext-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gmp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-iconv-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-intl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-json-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ldap-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-mbstring-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-mysql-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-odbc-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-opcache-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-openssl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pcntl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pdo-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pear-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pear-Archive_Tar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pgsql-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-phar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-posix-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-readline-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-shmop-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-snmp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-soap-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sockets-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sodium-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sqlite-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvmsg-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvsem-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvshm-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-testresults-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-tidy-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-tokenizer-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-wddx-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlreader-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlrpc-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlwriter-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xsl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-zip-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-zlib-7.2.5-lp150.2.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html https://www.suse.com/security/cve/CVE-2018-20783.html CVE-2018-20783 https://bugzilla.suse.com/1126713 SUSE Bug 1126713 https://bugzilla.suse.com/1127122 SUSE Bug 1127122 When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. CVE-2019-11034 openSUSE Leap 15.0:apache2-mod_php7-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-bcmath-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-bz2-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-calendar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ctype-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-curl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-dba-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-devel-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-dom-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-embed-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-enchant-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-exif-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fastcgi-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fileinfo-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-firebird-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fpm-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ftp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gd-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gettext-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gmp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-iconv-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-intl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-json-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ldap-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-mbstring-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-mysql-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-odbc-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-opcache-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-openssl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pcntl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pdo-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pear-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pear-Archive_Tar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pgsql-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-phar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-posix-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-readline-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-shmop-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-snmp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-soap-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sockets-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sodium-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sqlite-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvmsg-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvsem-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvshm-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-testresults-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-tidy-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-tokenizer-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-wddx-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlreader-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlrpc-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlwriter-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xsl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-zip-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-zlib-7.2.5-lp150.2.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html https://www.suse.com/security/cve/CVE-2019-11034.html CVE-2019-11034 https://bugzilla.suse.com/1132838 SUSE Bug 1132838 When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash. CVE-2019-11035 openSUSE Leap 15.0:apache2-mod_php7-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-bcmath-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-bz2-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-calendar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ctype-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-curl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-dba-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-devel-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-dom-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-embed-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-enchant-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-exif-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fastcgi-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fileinfo-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-firebird-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fpm-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ftp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gd-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gettext-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gmp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-iconv-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-intl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-json-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ldap-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-mbstring-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-mysql-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-odbc-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-opcache-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-openssl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pcntl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pdo-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pear-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pear-Archive_Tar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pgsql-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-phar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-posix-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-readline-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-shmop-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-snmp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-soap-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sockets-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sodium-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sqlite-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvmsg-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvsem-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvshm-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-testresults-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-tidy-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-tokenizer-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-wddx-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlreader-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlrpc-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlwriter-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xsl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-zip-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-zlib-7.2.5-lp150.2.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html https://www.suse.com/security/cve/CVE-2019-11035.html CVE-2019-11035 https://bugzilla.suse.com/1132837 SUSE Bug 1132837 When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. CVE-2019-11036 openSUSE Leap 15.0:apache2-mod_php7-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-bcmath-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-bz2-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-calendar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ctype-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-curl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-dba-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-devel-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-dom-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-embed-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-enchant-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-exif-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fastcgi-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fileinfo-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-firebird-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fpm-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ftp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gd-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gettext-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gmp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-iconv-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-intl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-json-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ldap-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-mbstring-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-mysql-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-odbc-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-opcache-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-openssl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pcntl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pdo-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pear-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pear-Archive_Tar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pgsql-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-phar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-posix-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-readline-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-shmop-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-snmp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-soap-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sockets-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sodium-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sqlite-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvmsg-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvsem-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvshm-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-testresults-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-tidy-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-tokenizer-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-wddx-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlreader-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlrpc-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlwriter-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xsl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-zip-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-zlib-7.2.5-lp150.2.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html https://www.suse.com/security/cve/CVE-2019-11036.html CVE-2019-11036 https://bugzilla.suse.com/1134322 SUSE Bug 1134322 An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c. CVE-2019-9020 openSUSE Leap 15.0:apache2-mod_php7-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-bcmath-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-bz2-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-calendar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ctype-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-curl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-dba-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-devel-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-dom-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-embed-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-enchant-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-exif-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fastcgi-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fileinfo-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-firebird-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fpm-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ftp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gd-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gettext-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gmp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-iconv-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-intl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-json-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ldap-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-mbstring-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-mysql-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-odbc-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-opcache-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-openssl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pcntl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pdo-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pear-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pear-Archive_Tar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pgsql-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-phar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-posix-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-readline-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-shmop-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-snmp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-soap-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sockets-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sodium-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sqlite-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvmsg-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvsem-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvshm-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-testresults-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-tidy-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-tokenizer-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-wddx-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlreader-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlrpc-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlwriter-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xsl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-zip-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-zlib-7.2.5-lp150.2.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html https://www.suse.com/security/cve/CVE-2019-9020.html CVE-2019-9020 https://bugzilla.suse.com/1126711 SUSE Bug 1126711 An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c. CVE-2019-9021 openSUSE Leap 15.0:apache2-mod_php7-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-bcmath-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-bz2-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-calendar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ctype-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-curl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-dba-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-devel-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-dom-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-embed-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-enchant-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-exif-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fastcgi-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fileinfo-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-firebird-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fpm-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ftp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gd-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gettext-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gmp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-iconv-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-intl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-json-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ldap-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-mbstring-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-mysql-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-odbc-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-opcache-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-openssl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pcntl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pdo-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pear-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pear-Archive_Tar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pgsql-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-phar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-posix-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-readline-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-shmop-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-snmp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-soap-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sockets-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sodium-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sqlite-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvmsg-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvsem-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvshm-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-testresults-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-tidy-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-tokenizer-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-wddx-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlreader-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlrpc-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlwriter-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xsl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-zip-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-zlib-7.2.5-lp150.2.19.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html https://www.suse.com/security/cve/CVE-2019-9021.html CVE-2019-9021 https://bugzilla.suse.com/1126713 SUSE Bug 1126713 An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries. CVE-2019-9022 openSUSE Leap 15.0:apache2-mod_php7-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-bcmath-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-bz2-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-calendar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ctype-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-curl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-dba-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-devel-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-dom-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-embed-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-enchant-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-exif-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fastcgi-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fileinfo-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-firebird-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fpm-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ftp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gd-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gettext-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gmp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-iconv-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-intl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-json-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ldap-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-mbstring-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-mysql-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-odbc-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-opcache-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-openssl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pcntl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pdo-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pear-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pear-Archive_Tar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pgsql-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-phar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-posix-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-readline-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-shmop-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-snmp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-soap-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sockets-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sodium-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sqlite-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvmsg-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvsem-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvshm-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-testresults-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-tidy-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-tokenizer-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-wddx-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlreader-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlrpc-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlwriter-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xsl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-zip-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-zlib-7.2.5-lp150.2.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html https://www.suse.com/security/cve/CVE-2019-9022.html CVE-2019-9022 https://bugzilla.suse.com/1126827 SUSE Bug 1126827 An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences. CVE-2019-9023 openSUSE Leap 15.0:apache2-mod_php7-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-bcmath-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-bz2-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-calendar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ctype-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-curl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-dba-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-devel-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-dom-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-embed-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-enchant-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-exif-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fastcgi-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fileinfo-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-firebird-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fpm-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ftp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gd-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gettext-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gmp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-iconv-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-intl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-json-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ldap-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-mbstring-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-mysql-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-odbc-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-opcache-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-openssl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pcntl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pdo-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pear-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pear-Archive_Tar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pgsql-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-phar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-posix-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-readline-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-shmop-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-snmp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-soap-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sockets-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sodium-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sqlite-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvmsg-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvsem-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvshm-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-testresults-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-tidy-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-tokenizer-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-wddx-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlreader-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlrpc-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlwriter-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xsl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-zip-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-zlib-7.2.5-lp150.2.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html https://www.suse.com/security/cve/CVE-2019-9023.html CVE-2019-9023 https://bugzilla.suse.com/1126823 SUSE Bug 1126823 An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c. CVE-2019-9024 openSUSE Leap 15.0:apache2-mod_php7-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-bcmath-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-bz2-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-calendar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ctype-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-curl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-dba-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-devel-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-dom-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-embed-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-enchant-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-exif-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fastcgi-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fileinfo-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-firebird-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fpm-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ftp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gd-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gettext-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gmp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-iconv-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-intl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-json-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ldap-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-mbstring-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-mysql-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-odbc-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-opcache-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-openssl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pcntl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pdo-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pear-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pear-Archive_Tar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pgsql-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-phar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-posix-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-readline-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-shmop-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-snmp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-soap-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sockets-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sodium-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sqlite-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvmsg-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvsem-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvshm-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-testresults-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-tidy-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-tokenizer-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-wddx-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlreader-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlrpc-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlwriter-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xsl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-zip-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-zlib-7.2.5-lp150.2.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html https://www.suse.com/security/cve/CVE-2019-9024.html CVE-2019-9024 https://bugzilla.suse.com/1126821 SUSE Bug 1126821 An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data. CVE-2019-9637 openSUSE Leap 15.0:apache2-mod_php7-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-bcmath-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-bz2-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-calendar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ctype-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-curl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-dba-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-devel-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-dom-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-embed-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-enchant-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-exif-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fastcgi-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fileinfo-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-firebird-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fpm-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ftp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gd-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gettext-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gmp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-iconv-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-intl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-json-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ldap-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-mbstring-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-mysql-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-odbc-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-opcache-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-openssl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pcntl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pdo-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pear-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pear-Archive_Tar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pgsql-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-phar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-posix-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-readline-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-shmop-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-snmp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-soap-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sockets-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sodium-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sqlite-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvmsg-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvsem-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvshm-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-testresults-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-tidy-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-tokenizer-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-wddx-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlreader-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlrpc-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlwriter-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xsl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-zip-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-zlib-7.2.5-lp150.2.19.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html https://www.suse.com/security/cve/CVE-2019-9637.html CVE-2019-9637 https://bugzilla.suse.com/1128892 SUSE Bug 1128892 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len. CVE-2019-9638 openSUSE Leap 15.0:apache2-mod_php7-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-bcmath-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-bz2-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-calendar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ctype-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-curl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-dba-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-devel-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-dom-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-embed-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-enchant-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-exif-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fastcgi-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fileinfo-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-firebird-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fpm-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ftp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gd-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gettext-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gmp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-iconv-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-intl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-json-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ldap-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-mbstring-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-mysql-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-odbc-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-opcache-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-openssl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pcntl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pdo-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pear-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pear-Archive_Tar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pgsql-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-phar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-posix-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-readline-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-shmop-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-snmp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-soap-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sockets-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sodium-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sqlite-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvmsg-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvsem-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvshm-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-testresults-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-tidy-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-tokenizer-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-wddx-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlreader-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlrpc-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlwriter-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xsl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-zip-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-zlib-7.2.5-lp150.2.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html https://www.suse.com/security/cve/CVE-2019-9638.html CVE-2019-9638 https://bugzilla.suse.com/1128889 SUSE Bug 1128889 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable. CVE-2019-9639 openSUSE Leap 15.0:apache2-mod_php7-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-bcmath-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-bz2-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-calendar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ctype-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-curl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-dba-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-devel-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-dom-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-embed-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-enchant-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-exif-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fastcgi-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fileinfo-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-firebird-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fpm-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ftp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gd-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gettext-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gmp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-iconv-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-intl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-json-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ldap-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-mbstring-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-mysql-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-odbc-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-opcache-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-openssl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pcntl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pdo-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pear-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pear-Archive_Tar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pgsql-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-phar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-posix-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-readline-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-shmop-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-snmp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-soap-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sockets-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sodium-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sqlite-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvmsg-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvsem-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvshm-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-testresults-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-tidy-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-tokenizer-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-wddx-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlreader-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlrpc-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlwriter-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xsl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-zip-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-zlib-7.2.5-lp150.2.19.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html https://www.suse.com/security/cve/CVE-2019-9639.html CVE-2019-9639 https://bugzilla.suse.com/1128887 SUSE Bug 1128887 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn. CVE-2019-9640 openSUSE Leap 15.0:apache2-mod_php7-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-bcmath-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-bz2-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-calendar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ctype-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-curl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-dba-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-devel-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-dom-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-embed-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-enchant-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-exif-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fastcgi-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fileinfo-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-firebird-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fpm-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ftp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gd-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gettext-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gmp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-iconv-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-intl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-json-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ldap-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-mbstring-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-mysql-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-odbc-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-opcache-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-openssl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pcntl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pdo-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pear-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pear-Archive_Tar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pgsql-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-phar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-posix-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-readline-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-shmop-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-snmp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-soap-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sockets-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sodium-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sqlite-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvmsg-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvsem-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvshm-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-testresults-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-tidy-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-tokenizer-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-wddx-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlreader-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlrpc-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlwriter-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xsl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-zip-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-zlib-7.2.5-lp150.2.19.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html https://www.suse.com/security/cve/CVE-2019-9640.html CVE-2019-9640 https://bugzilla.suse.com/1128883 SUSE Bug 1128883 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF. CVE-2019-9641 openSUSE Leap 15.0:apache2-mod_php7-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-bcmath-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-bz2-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-calendar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ctype-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-curl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-dba-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-devel-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-dom-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-embed-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-enchant-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-exif-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fastcgi-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fileinfo-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-firebird-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fpm-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ftp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gd-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gettext-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gmp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-iconv-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-intl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-json-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ldap-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-mbstring-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-mysql-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-odbc-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-opcache-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-openssl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pcntl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pdo-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pear-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pear-Archive_Tar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pgsql-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-phar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-posix-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-readline-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-shmop-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-snmp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-soap-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sockets-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sodium-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sqlite-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvmsg-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvsem-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvshm-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-testresults-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-tidy-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-tokenizer-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-wddx-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlreader-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlrpc-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlwriter-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xsl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-zip-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-zlib-7.2.5-lp150.2.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html https://www.suse.com/security/cve/CVE-2019-9641.html CVE-2019-9641 https://bugzilla.suse.com/1128722 SUSE Bug 1128722 ** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: "This issue allows theoretical compromise of security, but a practical attack is usually impossible." CVE-2019-9675 openSUSE Leap 15.0:apache2-mod_php7-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-bcmath-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-bz2-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-calendar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ctype-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-curl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-dba-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-devel-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-dom-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-embed-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-enchant-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-exif-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fastcgi-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fileinfo-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-firebird-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-fpm-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ftp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gd-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gettext-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-gmp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-iconv-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-intl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-json-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-ldap-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-mbstring-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-mysql-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-odbc-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-opcache-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-openssl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pcntl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pdo-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pear-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pear-Archive_Tar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-pgsql-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-phar-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-posix-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-readline-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-shmop-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-snmp-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-soap-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sockets-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sodium-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sqlite-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvmsg-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvsem-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-sysvshm-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-testresults-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-tidy-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-tokenizer-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-wddx-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlreader-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlrpc-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xmlwriter-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-xsl-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-zip-7.2.5-lp150.2.19.1 openSUSE Leap 15.0:php7-zlib-7.2.5-lp150.2.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html https://www.suse.com/security/cve/CVE-2019-9675.html CVE-2019-9675 https://bugzilla.suse.com/1128886 SUSE Bug 1128886