Alerts This Week
Warning Icon 1 483
Alerts This Week
Warning Icon 1 483

Red Hat: RHSA-2020-1112-01 Moderate: PHP Security Update

red hat
Calendar Grey March 31, 2020
Dist Redhat Esm H88
Recent security patches for PHP have tackled moderate vulnerabilities in Red Hat Enterprise Linux 7, such as cross-site scripting and memory overflow problems.
An update for php is now available for Red Hat Enterprise Linux 7

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

Summary

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
Security Fix(es):
* php: Reflected XSS on PHAR 404 page (CVE-2018-5712)
* php: Stack-based buffer under-read in php_stream_url_wrap_http_ex() in http_fopen_wrapper.c when parsing HTTP response (CVE-2018-7584)
* php: Reflected XSS vulnerability on PHAR 403 and 404 error pages (CVE-2018-10547)
* php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c (CVE-2019-9024)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.

References

https://access.redhat.com/security/cve/CVE-2018-5712 https://access.redhat.com/security/cve/CVE-2018-7584 https://access.redhat.com/security/cve/CVE-2018-10547 https://access.redhat.com/security/cve/CVE-2019-9024 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/7.8_release_notes/index

Package List

Red Hat Enterprise Linux Client Optional (v. 7):
Source: php-5.4.16-48.el7.src.rpm
x86_64: php-5.4.16-48.el7.x86_64.rpm php-bcmath-5.4.16-48.el7.x86_64.rpm php-cli-5.4.16-48.el7.x86_64.rpm php-common-5.4.16-48.el7.x86_64.rpm php-dba-5.4.16-48.el7.x86_64.rpm php-debuginfo-5.4.16-48.el7.x86_64.rpm php-devel-5.4.16-48.el7.x86_64.rpm php-embedded-5.4.16-48.el7.x86_64.rpm php-enchant-5.4.16-48.el7.x86_64.rpm php-fpm-5.4.16-48.el7.x86_64.rpm php-gd-5.4.16-48.el7.x86_64.rpm php-intl-5.4.16-48.el7.x86_64.rpm php-ldap-5.4.16-48.el7.x86_64.rpm php-mbstring-5.4.16-48.el7.x86_64.rpm php-mysql-5.4.16-48.el7.x86_64.rpm php-mysqlnd-5.4.16-48.el7.x86_64.rpm php-odbc-5.4.16-48.el7.x86_64.rpm php-pdo-5.4.16-48.el7.x86_64.rpm php-pgsql-5.4.16-48.el7.x86_64.rpm php-process-5.4.16-48.el7.x86_64.rpm php-pspell-5.4.16-48.el7.x86_64.rpm php-recode-5.4.16-48.el7.x86_64.rpm php-snmp-5.4.16-48.el7.x86_64.rpm php-soap-5.4.16-48.el7.x86_64.rpm php-xml-5.4.16-48.el7.x86_64.rpm php-xmlrpc-5.4.16-48.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
Source: php-5.4.16-48.el7.src.rpm
x86_64: php-5.4.16-48.el7.x86_64.rpm php-bcmath-5.4.16-48.el7.x86_64.rpm php-cli-5.4.16-48.el7.x86_64.rpm php-common-5.4.16-48.el7.x86_64.rpm php-dba-5.4.16-48.el7.x86_64.rpm

Read the Full Advisory


Advisory ID: RHSA-2020:1112-01
Product: Red Hat Enterprise Linux
Issue date: 2020-03-31

Topic

An update for php is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Relevant Releases Architectures

Red Hat Enterprise Linux Client Optional (v. 7) - x86_64

Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64

Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Workstation (v. 7) - x86_64

Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

Bugs Fixed

1535251 - CVE-2018-5712 php: Reflected XSS on PHAR 404 page

1551039 - CVE-2018-7584 php: Stack-based buffer under-read in php_stream_url_wrap_http_ex() in http_fopen_wrapper.c when parsing HTTP response

1573814 - CVE-2018-10547 php: Reflected XSS vulnerability on PHAR 403 and 404 error pages

1685404 - CVE-2019-9024 php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here