For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon must be restarted
for the update to take effect.
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.
Security Fix(es):
* php: underflow in env_path_info in fpm_main.c (CVE-2019-11043)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
https://access.redhat.com/security/cve/CVE-2019-11043 https://access.redhat.com/security/updates/classification#critical
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source:
rh-php71-php-7.1.30-2.el7.src.rpm
aarch64:
rh-php71-php-7.1.30-2.el7.aarch64.rpm
rh-php71-php-bcmath-7.1.30-2.el7.aarch64.rpm
rh-php71-php-cli-7.1.30-2.el7.aarch64.rpm
rh-php71-php-common-7.1.30-2.el7.aarch64.rpm
rh-php71-php-dba-7.1.30-2.el7.aarch64.rpm
rh-php71-php-dbg-7.1.30-2.el7.aarch64.rpm
rh-php71-php-debuginfo-7.1.30-2.el7.aarch64.rpm
rh-php71-php-devel-7.1.30-2.el7.aarch64.rpm
rh-php71-php-embedded-7.1.30-2.el7.aarch64.rpm
rh-php71-php-enchant-7.1.30-2.el7.aarch64.rpm
rh-php71-php-fpm-7.1.30-2.el7.aarch64.rpm
rh-php71-php-gd-7.1.30-2.el7.aarch64.rpm
rh-php71-php-gmp-7.1.30-2.el7.aarch64.rpm
rh-php71-php-intl-7.1.30-2.el7.aarch64.rpm
rh-php71-php-json-7.1.30-2.el7.aarch64.rpm
rh-php71-php-ldap-7.1.30-2.el7.aarch64.rpm
rh-php71-php-mbstring-7.1.30-2.el7.aarch64.rpm
rh-php71-php-mysqlnd-7.1.30-2.el7.aarch64.rpm
rh-php71-php-odbc-7.1.30-2.el7.aarch64.rpm
rh-php71-php-opcache-7.1.30-2.el7.aarch64.rpm
rh-php71-php-pdo-7.1.30-2.el7.aarch64.rpm
rh-php71-php-pgsql-7.1.30-2.el7.aarch64.rpm
rh-php71-php-process-7.1.30-2.el7.aarch64.rpm
rh-php71-php-pspell-7.1.30-2.el7.aarch64.rpm
rh-php71-php-recode-7.1.30-2.el7.aarch64.rpm
Read the Full Advisory
An update for rh-php71-php is now available for Red Hat Software
Collections.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
1766378 - CVE-2019-11043 php: underflow in env_path_info in fpm_main.c
Get the latest Linux and open source security news straight to your inbox.