Package php7-xsl updated to version 7.2.25-alt1 for branch p8 in task 242559.

Published: 2019-10-28

BDU:2020-00013

Уязвимость компонента sapi/fpm/fpm/fpm_main.c расширения PHP-FPM интерпретатора языка программирования PHP, позволяющая нарушителю выполнять произвольные команды

Severity: HIGH (8.7) Vector: AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

Severity: HIGH (7.1) Vector: AV:N/AC:H/Au:N/C:C/I:C/A:N

References:

CVE-2019-11043

Published: 2019-10-28
Modified: 2025-02-14

CVE-2019-11043

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Version: 2.1.2

Package php7-xsl update in p8 on 2019-12-16

ALT-PU-2019-3310-1

Closed vulnerabilities

BDU:2020-00013

CVE-2019-11043