Red Hat Enterprise Linux PHP Update RHSA-2020-3662-01 Moderate Security
red hat
September 8, 2020
An update for the php:7.3 module is now available for Red Hat Enterprise Linux 8
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon must be restarted
for the update to take effect.
Summary
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.
The following packages have been upgraded to a later upstream version: php
(7.3.20). (BZ#1856655)
Security Fix(es):
* php: Out-of-bounds read due to integer overflow in
iconv_mime_decode_headers() (CVE-2019-11039)
* php: Buffer over-read in exif_read_data() (CVE-2019-11040)
* php: DirectoryIterator class accepts filenames with embedded � byte and
treats them as terminating at that byte (CVE-2019-11045)
* php: Information disclosure in exif_read_data() (CVE-2019-11047)
* php: Integer wraparounds when receiving multipart forms (CVE-2019-11048)
* oniguruma: Use-after-free in onig_new_deluxe() in regext.c
(CVE-2019-13224)
* oniguruma: NULL pointer dereference in match_at() in regexec.c
(CVE-2019-13225)
* oniguruma: Stack exhaustion in regcomp.c because of recursion in
regparse.c (CVE-2019-16163)
* oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in
file gb18030.c (CVE-2019-19203)
* oniguruma: Heap-based buffer over-read in function
fetch_interval_quantifier in regparse.c (CVE-2019-19204)
* pcre: Out of bounds read in JIT mode when X is used in non-UTF mode
(CVE-2019-20454)
* php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059)
* php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function
(CVE-2020-7060)
* php: NULL pointer dereference in PHP session upload progress
(CVE-2020-7062)
* php: Files added to tar with Phar::buildFromIterator have all-access
permissions (CVE-2020-7063)
* php: Information disclosure in exif_read_data() function (CVE-2020-7064)
* php: Using mb_strtolower() function with UTF-32LE encoding leads to
potential code execution (CVE-2020-7065)
* php: Heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041)
* php: Heap buffer over-read in exif_process_user_comment()
(CVE-2019-11042)
* php: Out of bounds read when parsing EXIF information (CVE-2019-11050)
* oniguruma: Heap-based buffer overflow in str_lower_case_match in
regexec.c (CVE-2019-19246)
* php: Information disclosure in function get_headers (CVE-2020-7066)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
References
https://access.redhat.com/security/cve/CVE-2019-11039 https://access.redhat.com/security/cve/CVE-2019-11040 https://access.redhat.com/security/cve/CVE-2019-11041 https://access.redhat.com/security/cve/CVE-2019-11042 https://access.redhat.com/security/cve/CVE-2019-11045 https://access.redhat.com/security/cve/CVE-2019-11047 https://access.redhat.com/security/cve/CVE-2019-11048 https://access.redhat.com/security/cve/CVE-2019-11050 https://access.redhat.com/security/cve/CVE-2019-13224 https://access.redhat.com/security/cve/CVE-2019-13225 https://access.redhat.com/security/cve/CVE-2019-16163 https://access.redhat.com/security/cve/CVE-2019-19203 https://access.redhat.com/security/cve/CVE-2019-19204 https://access.redhat.com/security/cve/CVE-2019-19246 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2020-7059 https://access.redhat.com/security/cve/CVE-2020-7060 https://access.redhat.com/security/cve/CVE-2020-7062 https://access.redhat.com/security/cve/CVE-2020-7063 https://access.redhat.com/security/cve/CVE-2020-7064 https://access.redhat.com/security/cve/CVE-2020-7065 https://access.redhat.com/security/cve/CVE-2020-7066 https://access.redhat.com/security/updates/classification#moderate
Package List
Red Hat Enterprise Linux AppStream (v. 8):
Source:
libzip-1.5.2-1.module+el8.1.0+3189+a1bff096.src.rpm
php-7.3.20-1.module+el8.2.0+7373+b272fdef.src.rpm
php-pear-1.10.9-1.module+el8.1.0+3189+a1bff096.src.rpm
php-pecl-apcu-5.1.17-1.module+el8.1.0+3189+a1bff096.src.rpm
php-pecl-rrd-2.0.1-1.module+el8.2.0+4968+1d5097db.src.rpm
php-pecl-xdebug-2.8.0-1.module+el8.2.0+4968+1d5097db.src.rpm
php-pecl-zip-1.15.4-1.module+el8.1.0+3189+a1bff096.src.rpm
aarch64:
libzip-1.5.2-1.module+el8.1.0+3189+a1bff096.aarch64.rpm
libzip-debuginfo-1.5.2-1.module+el8.1.0+3189+a1bff096.aarch64.rpm
libzip-debugsource-1.5.2-1.module+el8.1.0+3189+a1bff096.aarch64.rpm
libzip-devel-1.5.2-1.module+el8.1.0+3189+a1bff096.aarch64.rpm
libzip-tools-1.5.2-1.module+el8.1.0+3189+a1bff096.aarch64.rpm
libzip-tools-debuginfo-1.5.2-1.module+el8.1.0+3189+a1bff096.aarch64.rpm
php-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-bcmath-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-bcmath-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-cli-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-cli-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-common-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-common-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
Read the Full Advisory
PREVIOUS
NEXT
Advisory ID: RHSA-2020:3662-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3662
Issue date: 2020-09-08
Topic
An update for the php:7.3 module is now available for Red Hat EnterpriseLinux 8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Relevant Releases Architectures
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Bugs Fixed
1724152 - CVE-2019-11039 php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers()
1724154 - CVE-2019-11040 php: Buffer over-read in exif_read_data()
1728965 - CVE-2019-13225 oniguruma: NULL pointer dereference in match_at() in regexec.c
1728970 - CVE-2019-13224 oniguruma: Use-after-free in onig_new_deluxe() in regext.c
1735494 - CVE-2019-20454 pcre: Out of bounds read in JIT mode when X is used in non-UTF mode
1739459 - CVE-2019-11041 php: Heap buffer over-read in exif_scan_thumbnail()
1739465 - CVE-2019-11042 php: Heap buffer over-read in exif_process_user_comment()
1768997 - CVE-2019-16163 oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c
1777537 - CVE-2019-19246 oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c
1786570 - CVE-2019-11047 php: Information disclosure in exif_read_data()
1786572 - CVE-2019-11045 php: DirectoryIterator class accepts filenames with embedded � byte and treats them as terminating at that byte
1788258 - CVE-2019-11050 php: Out of bounds read when parsing EXIF information
1797776 - CVE-2020-7059 php: Out of bounds read in php_strip_tags_ex
1797779 - CVE-2020-7060 php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function
1802061 - CVE-2019-19203 oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!