安全公告详情

NS-SA-2020-0001

2020-01-13 14:12:45

简介

critical: openslp/php security update

严重级别

critical

主题

An update for openslp/php is now available for NewStart CGSL MAIN 5.05/CGSL CORE 5.05.
NewStart Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

openslp: Service Location Protocol is an IETF standards track protocol that provides a framework to allow networking applications to discover the existence, location, and configuration of networked services in enterprise networks. OpenSLP is an open source implementation of the SLPv2 protocol as defined by RFC 2608 and RFC 2614.
php: This package provides debug information for package php. Debug information is useful when developing applications that use this package or when debugging this package.


Security Fix(es):
openslp: A heap-based buffer overflow was discovered in OpenSLP in the way the slpd service processes URLs in service request messages. A remote unauthenticated attacker could register a service with a specially crafted URL that, when used during a service request message, would trigger the flaw and cause the program to crash or to remotely execute code with the privileges of the slpd service.(CVE-2019-5544)
openslp: bugfix
php: An out-of-bounds write vulnerability was found in php-fpm. The flaw, when triggered under certain configurations when running behind nginx, could manipulate the PATH_INFO value in specific ways. This could lead to memory corruption and potentially arbitrary code execution.(CVE-2019-11043)
php: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.05.F8.

影响组件

  • openslp
  • php

影响产品

  • CGSL MAIN 5.05
  • CGSL CORE 5.05

更新包

{"fix":[{"product":"CGSL MAIN 5.05","pkgs":[{"binary":["openslp-2.0.0-8.el7_7.x86_64.rpm","openslp-debuginfo-2.0.0-8.el7_7.x86_64.rpm","openslp-devel-2.0.0-8.el7_7.x86_64.rpm","openslp-server-2.0.0-8.el7_7.x86_64.rpm"],"source":"openslp-2.0.0-8.el7_7.src.rpm"},{"binary":["php-debuginfo-5.4.16-46.1.el7_7.x86_64.rpm","php-devel-5.4.16-46.1.el7_7.x86_64.rpm","php-embedded-5.4.16-46.1.el7_7.x86_64.rpm","php-enchant-5.4.16-46.1.el7_7.x86_64.rpm","php-fpm-5.4.16-46.1.el7_7.x86_64.rpm","php-gd-5.4.16-46.1.el7_7.x86_64.rpm","php-intl-5.4.16-46.1.el7_7.x86_64.rpm","php-ldap-5.4.16-46.1.el7_7.x86_64.rpm","php-mbstring-5.4.16-46.1.el7_7.x86_64.rpm","php-mysql-5.4.16-46.1.el7_7.x86_64.rpm","php-mysqlnd-5.4.16-46.1.el7_7.x86_64.rpm","php-odbc-5.4.16-46.1.el7_7.x86_64.rpm","php-pdo-5.4.16-46.1.el7_7.x86_64.rpm","php-pgsql-5.4.16-46.1.el7_7.x86_64.rpm","php-process-5.4.16-46.1.el7_7.x86_64.rpm","php-pspell-5.4.16-46.1.el7_7.x86_64.rpm","php-recode-5.4.16-46.1.el7_7.x86_64.rpm","php-snmp-5.4.16-46.1.el7_7.x86_64.rpm","php-soap-5.4.16-46.1.el7_7.x86_64.rpm","php-xml-5.4.16-46.1.el7_7.x86_64.rpm","php-xmlrpc-5.4.16-46.1.el7_7.x86_64.rpm","php-5.4.16-46.1.el7_7.x86_64.rpm","php-bcmath-5.4.16-46.1.el7_7.x86_64.rpm","php-cli-5.4.16-46.1.el7_7.x86_64.rpm","php-common-5.4.16-46.1.el7_7.x86_64.rpm","php-dba-5.4.16-46.1.el7_7.x86_64.rpm"],"source":"php-5.4.16-46.1.el7_7.src.rpm"}]},{"product":"CGSL CORE 5.05","pkgs":[{"binary":["openslp-2.0.0-8.el7_7.x86_64.rpm","openslp-debuginfo-2.0.0-8.el7_7.x86_64.rpm","openslp-devel-2.0.0-8.el7_7.x86_64.rpm","openslp-server-2.0.0-8.el7_7.x86_64.rpm"],"source":"openslp-2.0.0-8.el7_7.src.rpm"},{"binary":["php-process-5.4.16-46.1.el7_7.x86_64.rpm","php-pspell-5.4.16-46.1.el7_7.x86_64.rpm","php-recode-5.4.16-46.1.el7_7.x86_64.rpm","php-snmp-5.4.16-46.1.el7_7.x86_64.rpm","php-soap-5.4.16-46.1.el7_7.x86_64.rpm","php-xml-5.4.16-46.1.el7_7.x86_64.rpm","php-xmlrpc-5.4.16-46.1.el7_7.x86_64.rpm","php-5.4.16-46.1.el7_7.x86_64.rpm","php-bcmath-5.4.16-46.1.el7_7.x86_64.rpm","php-cli-5.4.16-46.1.el7_7.x86_64.rpm","php-common-5.4.16-46.1.el7_7.x86_64.rpm","php-dba-5.4.16-46.1.el7_7.x86_64.rpm","php-debuginfo-5.4.16-46.1.el7_7.x86_64.rpm","php-devel-5.4.16-46.1.el7_7.x86_64.rpm","php-embedded-5.4.16-46.1.el7_7.x86_64.rpm","php-enchant-5.4.16-46.1.el7_7.x86_64.rpm","php-fpm-5.4.16-46.1.el7_7.x86_64.rpm","php-gd-5.4.16-46.1.el7_7.x86_64.rpm","php-intl-5.4.16-46.1.el7_7.x86_64.rpm","php-ldap-5.4.16-46.1.el7_7.x86_64.rpm","php-mbstring-5.4.16-46.1.el7_7.x86_64.rpm","php-mysql-5.4.16-46.1.el7_7.x86_64.rpm","php-mysqlnd-5.4.16-46.1.el7_7.x86_64.rpm","php-odbc-5.4.16-46.1.el7_7.x86_64.rpm","php-pdo-5.4.16-46.1.el7_7.x86_64.rpm","php-pgsql-5.4.16-46.1.el7_7.x86_64.rpm"],"source":"php-5.4.16-46.1.el7_7.src.rpm"}]}]}

CVE

参考