ALT Linux Team

Branch p8 update on 2019-12-18

2019-12-18

ALT-BU-2019-4132-1

Branch p8 update bulletin.

ALT-PU-2019-3304-1

Package php7 updated to version 7.2.25-alt1 for branch p8 in task 242559.

Closed vulnerabilities

Published: 2020-01-08
Modified: 2025-02-18

BDU:2020-00013

Уязвимость компонента sapi/fpm/fpm/fpm_main.c расширения PHP-FPM интерпретатора языка программирования PHP, позволяющая нарушителю выполнять произвольные команды

Severity: HIGH (8.7) Vector: AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Severity: HIGH (7.1) Vector: AV:N/AC:H/Au:N/C:C/I:C/A:N
References:
Published: 2019-10-28
Modified: 2025-11-03

CVE-2019-11043

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2019-3305-1

Package php7-curl updated to version 7.2.25-alt1 for branch p8 in task 242559.

Closed vulnerabilities

Published: 2020-01-08
Modified: 2025-02-18

BDU:2020-00013

Уязвимость компонента sapi/fpm/fpm/fpm_main.c расширения PHP-FPM интерпретатора языка программирования PHP, позволяющая нарушителю выполнять произвольные команды

Severity: HIGH (8.7) Vector: AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Severity: HIGH (7.1) Vector: AV:N/AC:H/Au:N/C:C/I:C/A:N
References:
Published: 2019-10-28
Modified: 2025-11-03

CVE-2019-11043

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2019-3306-1

Package php7-openssl updated to version 7.2.25-alt1.1 for branch p8 in task 242559.

Closed vulnerabilities

Published: 2020-01-08
Modified: 2025-02-18

BDU:2020-00013

Уязвимость компонента sapi/fpm/fpm/fpm_main.c расширения PHP-FPM интерпретатора языка программирования PHP, позволяющая нарушителю выполнять произвольные команды

Severity: HIGH (8.7) Vector: AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Severity: HIGH (7.1) Vector: AV:N/AC:H/Au:N/C:C/I:C/A:N
References:
Published: 2019-10-28
Modified: 2025-11-03

CVE-2019-11043

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2019-3307-1

Package php7-pdo_mysql updated to version 7.2.25-alt1 for branch p8 in task 242559.

Closed vulnerabilities

Published: 2020-01-08
Modified: 2025-02-18

BDU:2020-00013

Уязвимость компонента sapi/fpm/fpm/fpm_main.c расширения PHP-FPM интерпретатора языка программирования PHP, позволяющая нарушителю выполнять произвольные команды

Severity: HIGH (8.7) Vector: AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Severity: HIGH (7.1) Vector: AV:N/AC:H/Au:N/C:C/I:C/A:N
References:
Published: 2019-10-28
Modified: 2025-11-03

CVE-2019-11043

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2019-3308-1

Package php7-pgsql updated to version 7.2.25-alt1.2 for branch p8 in task 242559.

Closed vulnerabilities

Published: 2020-01-08
Modified: 2025-02-18

BDU:2020-00013

Уязвимость компонента sapi/fpm/fpm/fpm_main.c расширения PHP-FPM интерпретатора языка программирования PHP, позволяющая нарушителю выполнять произвольные команды

Severity: HIGH (8.7) Vector: AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Severity: HIGH (7.1) Vector: AV:N/AC:H/Au:N/C:C/I:C/A:N
References:
Published: 2019-10-28
Modified: 2025-11-03

CVE-2019-11043

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2019-3309-1

Package php7-zip updated to version 7.2.25-alt1.1 for branch p8 in task 242559.

Closed vulnerabilities

Published: 2020-01-08
Modified: 2025-02-18

BDU:2020-00013

Уязвимость компонента sapi/fpm/fpm/fpm_main.c расширения PHP-FPM интерпретатора языка программирования PHP, позволяющая нарушителю выполнять произвольные команды

Severity: HIGH (8.7) Vector: AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Severity: HIGH (7.1) Vector: AV:N/AC:H/Au:N/C:C/I:C/A:N
References:
Published: 2019-10-28
Modified: 2025-11-03

CVE-2019-11043

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2019-3310-1

Package php7-xsl updated to version 7.2.25-alt1 for branch p8 in task 242559.

Closed vulnerabilities

Published: 2020-01-08
Modified: 2025-02-18

BDU:2020-00013

Уязвимость компонента sapi/fpm/fpm/fpm_main.c расширения PHP-FPM интерпретатора языка программирования PHP, позволяющая нарушителю выполнять произвольные команды

Severity: HIGH (8.7) Vector: AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Severity: HIGH (7.1) Vector: AV:N/AC:H/Au:N/C:C/I:C/A:N
References:
Published: 2019-10-28
Modified: 2025-11-03

CVE-2019-11043

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2019-3311-1

Package php7-intl updated to version 7.2.25-alt1 for branch p8 in task 242559.

Closed vulnerabilities

Published: 2020-01-08
Modified: 2025-02-18

BDU:2020-00013

Уязвимость компонента sapi/fpm/fpm/fpm_main.c расширения PHP-FPM интерпретатора языка программирования PHP, позволяющая нарушителю выполнять произвольные команды

Severity: HIGH (8.7) Vector: AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Severity: HIGH (7.1) Vector: AV:N/AC:H/Au:N/C:C/I:C/A:N
References:
Published: 2019-10-28
Modified: 2025-11-03

CVE-2019-11043

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2019-3312-1

Package php7-opcache updated to version 7.2.25-alt1.1 for branch p8 in task 242559.

Closed vulnerabilities

Published: 2020-01-08
Modified: 2025-02-18

BDU:2020-00013

Уязвимость компонента sapi/fpm/fpm/fpm_main.c расширения PHP-FPM интерпретатора языка программирования PHP, позволяющая нарушителю выполнять произвольные команды

Severity: HIGH (8.7) Vector: AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Severity: HIGH (7.1) Vector: AV:N/AC:H/Au:N/C:C/I:C/A:N
References:
Published: 2019-10-28
Modified: 2025-11-03

CVE-2019-11043

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2019-3313-1

Package php7-xmlrpc updated to version 7.2.25-alt1 for branch p8 in task 242559.

Closed vulnerabilities

Published: 2020-01-08
Modified: 2025-02-18

BDU:2020-00013

Уязвимость компонента sapi/fpm/fpm/fpm_main.c расширения PHP-FPM интерпретатора языка программирования PHP, позволяющая нарушителю выполнять произвольные команды

Severity: HIGH (8.7) Vector: AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Severity: HIGH (7.1) Vector: AV:N/AC:H/Au:N/C:C/I:C/A:N
References:
Published: 2019-10-28
Modified: 2025-11-03

CVE-2019-11043

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2019-3314-1

Package php7-tidy updated to version 7.2.25-alt1 for branch p8 in task 242559.

Closed vulnerabilities

Published: 2020-01-08
Modified: 2025-02-18

BDU:2020-00013

Уязвимость компонента sapi/fpm/fpm/fpm_main.c расширения PHP-FPM интерпретатора языка программирования PHP, позволяющая нарушителю выполнять произвольные команды

Severity: HIGH (8.7) Vector: AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Severity: HIGH (7.1) Vector: AV:N/AC:H/Au:N/C:C/I:C/A:N
References:
Published: 2019-10-28
Modified: 2025-11-03

CVE-2019-11043

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top