FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

php -- env_path_info underflow in fpm_main.c can lead to RCE

Affected packages
php71 < 7.1.33
php72 < 7.2.24
php73 < 7.3.11
php74 < 7.4.0.rc5

Details

VuXML ID 6a7c2ab0-00dd-11ea-83ce-705a0f828759
Discovery 2019-10-24
Entry 2019-11-06

The PHP project reports:

The PHP development team announces the immediate availability of PHP 7.3.11. This is a security release which also contains several bug fixes.

The PHP development team announces the immediate availability of PHP 7.2.24. This is a security release which also contains several bug fixes.

The PHP development team announces the immediate availability of PHP 7.1.33. This is a security release which also contains several bug fixes.

References

CVE Name CVE-2019-11043
URL https://www.php.net/archive/2019.php#2019-10-24-1
URL https://www.php.net/archive/2019.php#2019-10-24-2
URL https://www.php.net/archive/2019.php#2019-10-24-3