CVE-2019-11043
php7.3 - security update
⚠ KEVEPSS 94.1%
Description
In some versions of PHP in certain configurations of FPM setup, it is possible to cause FPM module to write past allocated buffers allowing the possibility of remote code execution.
How to fix CVE-2019-11043
To remediate CVE-2019-11043, upgrade the affected package to a fixed version below.
- Debian/php5—upgrade to 5.6.40+dfsg-0+deb8u7 or later
- Debian/php7.0—upgrade to 7.0.33-0+deb9u6 or later
- Debian/php7.3—upgrade to 7.3.11-1~deb10u1 or later
Is CVE-2019-11043 being exploited?
Yes — CVE-2019-11043 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.
Affected packages (3)
- from 0, < 5.6.40+dfsg-0+deb8u7
- from 0, < 7.0.33-0+deb9u6
- from 0, < 7.3.11-1~deb10u1