UbuntuUpdates.org

Package "php7.0-dba"

Name: php7.0-dba

Description:

DBA module for PHP
Latest version: 7.0.33-0ubuntu0.16.04.6
Release: xenial (16.04)
Level: updates
Repository: universe
Head package: php7.0
Homepage: http://www.php.net/

Links

Save this URL for the latest version of "php7.0-dba": https://www.ubuntuupdates.org/php7.0-dba

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "php7.0-dba"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "php7.0-dba" in Xenial

Repository Area Version
security universe 7.0.33-0ubuntu0.16.04.6

Changelog

Version: 7.0.33-0ubuntu0.16.04.6 2019-08-13 20:07:14 UTC

  php7.0 (7.0.33-0ubuntu0.16.04.6) xenial-security; urgency=medium

  * SECURITY UPDATE: Heap-buffer-overflow
    - debian/patches/CVE-2019-11041.patch: check Thumbnail.size in order
      to avoid an overflow in ext/exif.exif.c and adding test to
      ext/exif/tests/bug78222.phpt.
    - CVE-2019-11041
  * SECURITY UPDATE: Heap-buffer-overflow
    - debian/patches/CVE-2019-11042.patch: check ByteCount in order to
      avoid an overflow in ext/exif/exif.c and adding tests to
      ext/exif/tests/bug78256.phpt.
    - CVE-2019-11042

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 12 Aug 2019 15:07:12 -0300
Source diff to previous version
CVE-2019-11041 When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x belo
CVE-2019-11042 When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x belo

Version: 7.0.33-0ubuntu0.16.04.5 2019-06-05 18:07:30 UTC

  php7.0 (7.0.33-0ubuntu0.16.04.5) xenial-security; urgency=medium

  * SECURITY UPDATE: overflow in exif_process_IFD_TAG
    - debian/patches/CVE-2019-11036.patch: check dir_entry in
      ext/exif/exif.c.
    - CVE-2019-11036
  * SECURITY UPDATE: out-of-bounds read in _php_iconv_mime_decode()
    - debian/patches/CVE-2019-11039.patch: add an extra check in
      ext/iconv/iconv.c.
    - CVE-2019-11039
  * SECURITY UPDATE: heap-buffer-overflow on php_jpg_get16
    - debian/patches/CVE-2019-11040.patch: add an extra check in
      ext/exif/exif.c.
    - CVE-2019-11040

 -- Marc Deslauriers <email address hidden> Tue, 04 Jun 2019 13:13:15 -0400
Source diff to previous version
CVE-2019-11036 When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past
CVE-2019-11039 Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow
CVE-2019-11040 heap-buffer-overflow on php_jpg_get16

Version: 7.0.33-0ubuntu0.16.04.4 2019-04-23 14:06:31 UTC

  php7.0 (7.0.33-0ubuntu0.16.04.4) xenial-security; urgency=medium

  * SECURITY UPDATE: Heap-buffer-overflow in php_ifd_get32s
    - debian/patches/CVE-2019-11034.patch: check size in ext/exif/exif.c.
    - CVE-2019-11034
  * SECURITY UPDATE: Heap-buffer-overflow in exif_iif_add_value in EXIF
    - debian/patches/CVE-2019-11035-1.patch: add checks to ext/exif/exif.c.
    - debian/patches/CVE-2019-11035-2.patch: add casts to ext/exif/exif.c.
    - debian/patches/CVE-2019-11035-3.patch: fix typo in ext/exif/exif.c.
    - CVE-2019-11035

 -- Marc Deslauriers <email address hidden> Thu, 18 Apr 2019 11:25:19 -0400
Source diff to previous version
CVE-2019-11034 When processing certain files, PHP EXIF extension in versions 7.1.x below 7.2.8, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past
CVE-2019-11035 When processing certain files, PHP EXIF extension in versions 7.1.x below 7.2.8, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past

Version: 7.0.33-0ubuntu0.16.04.3 2019-03-26 19:06:52 UTC

  php7.0 (7.0.33-0ubuntu0.16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Unauthorized users access
    - debian/patches/CVE-2019-9637.patch: fix in
      main/streams/plain_wrapper.c.
    - CVE-2019-9637
  * SECURITY UPDATE: Invalid read in exif_process_IFD_MAKERNOTE
    - debian/patches/CVE-2019-9638-and-CVE-2019-9639-*.patch: fix in
      ext/exif/exif.c, added tests in ext/exif/tests/bug77563.jpg,
      ext/exif/tests/bug77563.phpt.
    - CVE-2019-9638
    - CVE-2019-9639
  * SECURITY UPDATE: Invalid read
    - debian/patches/CVE-2019-9640.patch: fix in
      ext/exif/exif.c, added tests in ext/exif/tests/bug77540.jpg,
      ext/exif/tests/bug77540.phpt.
    - CVE-2019-9640
  * SECURITY UPDATE: Unitialized read
    - debian/patches/CVE-2019-9641.patch: fix in ext/exif/exif.c.
    - CVE-2019-9641
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2019-9675.patch: fix in
      ext/phar/tar.c, added tests in ext/phar/tests/bug71488.phpt,
      ext/phar/tests/bug77586,phpt, ext/phar/tests/bug77586/files/*.

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 21 Mar 2019 09:49:35 -0300
Source diff to previous version
CVE-2019-9637 An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented,
CVE-2019-9638 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in ex
CVE-2019-9639 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in ex
CVE-2019-9640 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_pro
CVE-2019-9641 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in ex
CVE-2019-9675 ** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer over

Version: 7.0.33-0ubuntu0.16.04.2 2019-03-06 17:07:05 UTC

  php7.0 (7.0.33-0ubuntu0.16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: invalid memory access in xmlrpc_decode()
    - debian/patches/CVE-2019-9020.patch: check length in
      ext/xmlrpc/libxmlrpc/xml_element.c, added test to
      ext/xmlrpc/tests/bug77242.phpt.
    - CVE-2019-9020
  * SECURITY UPDATE: buffer over-read in PHAR extension
    - debian/patches/CVE-2019-9021.patch: properly calculate position in
      ext/phar/phar.c, added test to ext/phar/tests/bug77247.phpt.
    - CVE-2019-9021
  * SECURITY UPDATE: buffer over-read in dns_get_record
    - debian/patches/CVE-2019-9022-pre.patch: fix DNS_CAA record results
      handling in ext/standard/dns.c,
      ext/standard/tests/network/dns_get_record_caa.phpt.
    - debian/patches/CVE-2019-9022.patch: check length in
      ext/standard/dns.c.
    - CVE-2019-9022
  * SECURITY UPDATE: buffer over-reads in mbstring regex functions
    - debian/patches/CVE-2019-9023-1.patch: don't read past buffer in
      ext/mbstring/oniguruma/regparse.c, added test to
      ext/mbstring/tests/bug77370.phpt.
    - debian/patches/CVE-2019-9023-2.patch: check bounds in
      ext/mbstring/oniguruma/regcomp.c, added test to
      ext/mbstring/tests/bug77371.phpt.
    - debian/patches/CVE-2019-9023-3.patch: add length checks to
      ext/mbstring/oniguruma/enc/unicode.c,
      ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regparse.c,
      ext/mbstring/oniguruma/regparse.h, added test to
      ext/mbstring/tests/bug77371.phpt, ext/mbstring/tests/bug77381.phpt.
    - debian/patches/CVE-2019-9023-4.patch: add new bounds checks to
      ext/mbstring/oniguruma/enc/utf16_be.c,
      ext/mbstring/oniguruma/enc/utf16_le.c,
      ext/mbstring/oniguruma/enc/utf32_be.c,
      ext/mbstring/oniguruma/enc/utf32_le.c, added test to
      ext/mbstring/tests/bug77418.phpt.
    - CVE-2019-9023
  * SECURITY UPDATE: buffer over-read in xmlrpc_decode()
    - debian/patches/CVE-2019-9024.patch: fix variable size in
      ext/xmlrpc/libxmlrpc/base64.c, added test to
      ext/xmlrpc/tests/bug77380.phpt.
    - CVE-2019-9024

 -- Marc Deslauriers <email address hidden> Tue, 05 Mar 2019 07:43:31 -0500
CVE-2019-9020 An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_de
CVE-2019-9021 An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR r
CVE-2019-9022 An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can all
CVE-2019-9023 An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read
CVE-2019-9024 An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XML


About   -   Send Feedback to @ubuntu_updates