| Errata ID | 455 |
|---|---|
| Date | 2019-03-13 |
| Source package | php7.0 |
| Fixed in version | 7.0.33-0+deb9u3 |
| Description | This update addresses the following issues: * Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data. (CVE-2019-9637) * Uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len. (CVE-2019-9638) * Uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable. (CVE-2019-9639) * Invalid Read in exif_process_SOFn. (CVE-2019-9640) * Uninitialized read in exif_process_IFD_in_TIFF. (CVE-2019-9641) |
| Additional notes | |
| CVE ID | CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 CVE-2019-9641 |
| UCS Bug number | #48950 |
