Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash. Reference: https://bugs.php.net/bug.php?id=78069
Created php tracking bugs for this issue: Affects: fedora-all [bug 1724156]
Upstream patches: http://git.php.net/?p=php-src.git;a=commit;h=7cf7148a8f8f4f55fb04de2a517d740bb6253eac http://git.php.net/?p=php-src.git;a=commit;h=70523ce41ff400ea00343a03f297332cb1f1b77b
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Via RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:2519
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-11039
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2019:3299 https://access.redhat.com/errata/RHSA-2019:3299
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1624 https://access.redhat.com/errata/RHSA-2020:1624
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:3662 https://access.redhat.com/errata/RHSA-2020:3662