vulnerability
SUSE: CVE-2019-9020: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | 02/22/2019 | 04/06/2019 | 02/04/2022 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
02/22/2019
Added
04/06/2019
Modified
02/04/2022
Description
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c.
Solution(s)
suse-upgrade-apache2-mod_php5suse-upgrade-apache2-mod_php53suse-upgrade-apache2-mod_php7suse-upgrade-apache2-mod_php72suse-upgrade-libmemcachedsuse-upgrade-libmemcached-develsuse-upgrade-libmemcached11suse-upgrade-libmemcachedutil2suse-upgrade-libtidy-0_99-0suse-upgrade-libtidy-0_99-0-develsuse-upgrade-php5suse-upgrade-php5-bcmathsuse-upgrade-php5-bz2suse-upgrade-php5-calendarsuse-upgrade-php5-ctypesuse-upgrade-php5-curlsuse-upgrade-php5-dbasuse-upgrade-php5-develsuse-upgrade-php5-domsuse-upgrade-php5-enchantsuse-upgrade-php5-exifsuse-upgrade-php5-fastcgisuse-upgrade-php5-fileinfosuse-upgrade-php5-fpmsuse-upgrade-php5-ftpsuse-upgrade-php5-gdsuse-upgrade-php5-gettextsuse-upgrade-php5-gmpsuse-upgrade-php5-iconvsuse-upgrade-php5-imapsuse-upgrade-php5-intlsuse-upgrade-php5-jsonsuse-upgrade-php5-ldapsuse-upgrade-php5-mbstringsuse-upgrade-php5-mcryptsuse-upgrade-php5-mysqlsuse-upgrade-php5-odbcsuse-upgrade-php5-opcachesuse-upgrade-php5-opensslsuse-upgrade-php5-pcntlsuse-upgrade-php5-pdosuse-upgrade-php5-pearsuse-upgrade-php5-pgsqlsuse-upgrade-php5-pharsuse-upgrade-php5-posixsuse-upgrade-php5-pspellsuse-upgrade-php5-shmopsuse-upgrade-php5-snmpsuse-upgrade-php5-soapsuse-upgrade-php5-socketssuse-upgrade-php5-sqlitesuse-upgrade-php5-suhosinsuse-upgrade-php5-sysvmsgsuse-upgrade-php5-sysvsemsuse-upgrade-php5-sysvshmsuse-upgrade-php5-tokenizersuse-upgrade-php5-wddxsuse-upgrade-php5-xmlreadersuse-upgrade-php5-xmlrpcsuse-upgrade-php5-xmlwritersuse-upgrade-php5-xslsuse-upgrade-php5-zipsuse-upgrade-php5-zlibsuse-upgrade-php53suse-upgrade-php53-bcmathsuse-upgrade-php53-bz2suse-upgrade-php53-calendarsuse-upgrade-php53-ctypesuse-upgrade-php53-curlsuse-upgrade-php53-dbasuse-upgrade-php53-develsuse-upgrade-php53-domsuse-upgrade-php53-exifsuse-upgrade-php53-fastcgisuse-upgrade-php53-fileinfosuse-upgrade-php53-ftpsuse-upgrade-php53-gdsuse-upgrade-php53-gettextsuse-upgrade-php53-gmpsuse-upgrade-php53-iconvsuse-upgrade-php53-imapsuse-upgrade-php53-intlsuse-upgrade-php53-jsonsuse-upgrade-php53-ldapsuse-upgrade-php53-mbstringsuse-upgrade-php53-mcryptsuse-upgrade-php53-mysqlsuse-upgrade-php53-odbcsuse-upgrade-php53-opensslsuse-upgrade-php53-pcntlsuse-upgrade-php53-pdosuse-upgrade-php53-pearsuse-upgrade-php53-pgsqlsuse-upgrade-php53-posixsuse-upgrade-php53-pspellsuse-upgrade-php53-readlinesuse-upgrade-php53-shmopsuse-upgrade-php53-snmpsuse-upgrade-php53-soapsuse-upgrade-php53-socketssuse-upgrade-php53-sqlitesuse-upgrade-php53-suhosinsuse-upgrade-php53-sysvmsgsuse-upgrade-php53-sysvsemsuse-upgrade-php53-sysvshmsuse-upgrade-php53-tidysuse-upgrade-php53-tokenizersuse-upgrade-php53-wddxsuse-upgrade-php53-xmlreadersuse-upgrade-php53-xmlrpcsuse-upgrade-php53-xmlwritersuse-upgrade-php53-xslsuse-upgrade-php53-zipsuse-upgrade-php53-zlibsuse-upgrade-php7suse-upgrade-php7-bcmathsuse-upgrade-php7-bz2suse-upgrade-php7-calendarsuse-upgrade-php7-ctypesuse-upgrade-php7-curlsuse-upgrade-php7-dbasuse-upgrade-php7-develsuse-upgrade-php7-domsuse-upgrade-php7-embedsuse-upgrade-php7-enchantsuse-upgrade-php7-exifsuse-upgrade-php7-fastcgisuse-upgrade-php7-fileinfosuse-upgrade-php7-firebirdsuse-upgrade-php7-fpmsuse-upgrade-php7-ftpsuse-upgrade-php7-gdsuse-upgrade-php7-gettextsuse-upgrade-php7-gmpsuse-upgrade-php7-iconvsuse-upgrade-php7-imapsuse-upgrade-php7-intlsuse-upgrade-php7-jsonsuse-upgrade-php7-ldapsuse-upgrade-php7-mbstringsuse-upgrade-php7-mcryptsuse-upgrade-php7-mysqlsuse-upgrade-php7-odbcsuse-upgrade-php7-opcachesuse-upgrade-php7-opensslsuse-upgrade-php7-pcntlsuse-upgrade-php7-pdosuse-upgrade-php7-pearsuse-upgrade-php7-pear-archive_tarsuse-upgrade-php7-pgsqlsuse-upgrade-php7-pharsuse-upgrade-php7-posixsuse-upgrade-php7-pspellsuse-upgrade-php7-readlinesuse-upgrade-php7-shmopsuse-upgrade-php7-snmpsuse-upgrade-php7-soapsuse-upgrade-php7-socketssuse-upgrade-php7-sodiumsuse-upgrade-php7-sqlitesuse-upgrade-php7-sysvmsgsuse-upgrade-php7-sysvsemsuse-upgrade-php7-sysvshmsuse-upgrade-php7-testresultssuse-upgrade-php7-tidysuse-upgrade-php7-tokenizersuse-upgrade-php7-wddxsuse-upgrade-php7-xmlreadersuse-upgrade-php7-xmlrpcsuse-upgrade-php7-xmlwritersuse-upgrade-php7-xslsuse-upgrade-php7-zipsuse-upgrade-php7-zlibsuse-upgrade-php72suse-upgrade-php72-bcmathsuse-upgrade-php72-bz2suse-upgrade-php72-calendarsuse-upgrade-php72-ctypesuse-upgrade-php72-curlsuse-upgrade-php72-dbasuse-upgrade-php72-develsuse-upgrade-php72-domsuse-upgrade-php72-enchantsuse-upgrade-php72-exifsuse-upgrade-php72-fastcgisuse-upgrade-php72-fileinfosuse-upgrade-php72-fpmsuse-upgrade-php72-ftpsuse-upgrade-php72-gdsuse-upgrade-php72-gettextsuse-upgrade-php72-gmpsuse-upgrade-php72-iconvsuse-upgrade-php72-imapsuse-upgrade-php72-intlsuse-upgrade-php72-jsonsuse-upgrade-php72-ldapsuse-upgrade-php72-mbstringsuse-upgrade-php72-memcachedsuse-upgrade-php72-mysqlsuse-upgrade-php72-odbcsuse-upgrade-php72-opcachesuse-upgrade-php72-opensslsuse-upgrade-php72-pcntlsuse-upgrade-php72-pdosuse-upgrade-php72-pearsuse-upgrade-php72-pear-archive_tarsuse-upgrade-php72-pgsqlsuse-upgrade-php72-pharsuse-upgrade-php72-posixsuse-upgrade-php72-pspellsuse-upgrade-php72-readlinesuse-upgrade-php72-shmopsuse-upgrade-php72-snmpsuse-upgrade-php72-soapsuse-upgrade-php72-socketssuse-upgrade-php72-sqlitesuse-upgrade-php72-sysvmsgsuse-upgrade-php72-sysvsemsuse-upgrade-php72-sysvshmsuse-upgrade-php72-tidysuse-upgrade-php72-tokenizersuse-upgrade-php72-wddxsuse-upgrade-php72-xmlreadersuse-upgrade-php72-xmlrpcsuse-upgrade-php72-xmlwritersuse-upgrade-php72-xslsuse-upgrade-php72-zipsuse-upgrade-php72-zlibsuse-upgrade-tidy
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.