Ops One AG

You can subscribe via email or RSS

Tuesday 4th June 2019

Managed Server Version 5: php5 security update, scheduled 2 months ago

Two vulnerabilities were found in PHP, a widely-used open source general purpose scripting language.

CVE-2019-11039

An integer underflow in the iconv module could be exploited to trigger
an out of bounds read.

CVE-2019-11040

A heap buffer overflow was discovered in the EXIF parsing code.

For Debian 8 "Jessie", these problems have been fixed in version 5.6.40+dfsg-0+deb8u4.