RedHat: RHSA-2020-3662:01 Moderate: php:7.3 security, bug fix,
Summary
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.
The following packages have been upgraded to a later upstream version: php
(7.3.20). (BZ#1856655)
Security Fix(es):
* php: Out-of-bounds read due to integer overflow in
iconv_mime_decode_headers() (CVE-2019-11039)
* php: Buffer over-read in exif_read_data() (CVE-2019-11040)
* php: DirectoryIterator class accepts filenames with embedded \0 byte and
treats them as terminating at that byte (CVE-2019-11045)
* php: Information disclosure in exif_read_data() (CVE-2019-11047)
* php: Integer wraparounds when receiving multipart forms (CVE-2019-11048)
* oniguruma: Use-after-free in onig_new_deluxe() in regext.c
(CVE-2019-13224)
* oniguruma: NULL pointer dereference in match_at() in regexec.c
(CVE-2019-13225)
* oniguruma: Stack exhaustion in regcomp.c because of recursion in
regparse.c (CVE-2019-16163)
* oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in
file gb18030.c (CVE-2019-19203)
* oniguruma: Heap-based buffer over-read in function
fetch_interval_quantifier in regparse.c (CVE-2019-19204)
* pcre: Out of bounds read in JIT mode when \X is used in non-UTF mode
(CVE-2019-20454)
* php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059)
* php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function
(CVE-2020-7060)
* php: NULL pointer dereference in PHP session upload progress
(CVE-2020-7062)
* php: Files added to tar with Phar::buildFromIterator have all-access
permissions (CVE-2020-7063)
* php: Information disclosure in exif_read_data() function (CVE-2020-7064)
* php: Using mb_strtolower() function with UTF-32LE encoding leads to
potential code execution (CVE-2020-7065)
* php: Heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041)
* php: Heap buffer over-read in exif_process_user_comment()
(CVE-2019-11042)
* php: Out of bounds read when parsing EXIF information (CVE-2019-11050)
* oniguruma: Heap-based buffer overflow in str_lower_case_match in
regexec.c (CVE-2019-19246)
* php: Information disclosure in function get_headers (CVE-2020-7066)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Summary
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon must be restarted
for the update to take effect.
References
https://access.redhat.com/security/cve/CVE-2019-11039 https://access.redhat.com/security/cve/CVE-2019-11040 https://access.redhat.com/security/cve/CVE-2019-11041 https://access.redhat.com/security/cve/CVE-2019-11042 https://access.redhat.com/security/cve/CVE-2019-11045 https://access.redhat.com/security/cve/CVE-2019-11047 https://access.redhat.com/security/cve/CVE-2019-11048 https://access.redhat.com/security/cve/CVE-2019-11050 https://access.redhat.com/security/cve/CVE-2019-13224 https://access.redhat.com/security/cve/CVE-2019-13225 https://access.redhat.com/security/cve/CVE-2019-16163 https://access.redhat.com/security/cve/CVE-2019-19203 https://access.redhat.com/security/cve/CVE-2019-19204 https://access.redhat.com/security/cve/CVE-2019-19246 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2020-7059 https://access.redhat.com/security/cve/CVE-2020-7060 https://access.redhat.com/security/cve/CVE-2020-7062 https://access.redhat.com/security/cve/CVE-2020-7063 https://access.redhat.com/security/cve/CVE-2020-7064 https://access.redhat.com/security/cve/CVE-2020-7065 https://access.redhat.com/security/cve/CVE-2020-7066 https://access.redhat.com/security/updates/classification/#moderate
Package List
Red Hat Enterprise Linux AppStream (v. 8):
Source:
libzip-1.5.2-1.module+el8.1.0+3189+a1bff096.src.rpm
php-7.3.20-1.module+el8.2.0+7373+b272fdef.src.rpm
php-pear-1.10.9-1.module+el8.1.0+3189+a1bff096.src.rpm
php-pecl-apcu-5.1.17-1.module+el8.1.0+3189+a1bff096.src.rpm
php-pecl-rrd-2.0.1-1.module+el8.2.0+4968+1d5097db.src.rpm
php-pecl-xdebug-2.8.0-1.module+el8.2.0+4968+1d5097db.src.rpm
php-pecl-zip-1.15.4-1.module+el8.1.0+3189+a1bff096.src.rpm
aarch64:
libzip-1.5.2-1.module+el8.1.0+3189+a1bff096.aarch64.rpm
libzip-debuginfo-1.5.2-1.module+el8.1.0+3189+a1bff096.aarch64.rpm
libzip-debugsource-1.5.2-1.module+el8.1.0+3189+a1bff096.aarch64.rpm
libzip-devel-1.5.2-1.module+el8.1.0+3189+a1bff096.aarch64.rpm
libzip-tools-1.5.2-1.module+el8.1.0+3189+a1bff096.aarch64.rpm
libzip-tools-debuginfo-1.5.2-1.module+el8.1.0+3189+a1bff096.aarch64.rpm
php-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-bcmath-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-bcmath-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-cli-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-cli-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-common-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-common-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-dba-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-dba-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-dbg-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-dbg-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-debugsource-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-devel-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-embedded-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-embedded-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-enchant-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-enchant-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-fpm-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-fpm-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-gd-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-gd-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-gmp-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-gmp-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-intl-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-intl-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-json-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-json-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-ldap-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-ldap-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-mbstring-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-mbstring-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-mysqlnd-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-mysqlnd-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-odbc-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-odbc-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-opcache-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-opcache-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-pdo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-pdo-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-pecl-apcu-5.1.17-1.module+el8.1.0+3189+a1bff096.aarch64.rpm
php-pecl-apcu-debuginfo-5.1.17-1.module+el8.1.0+3189+a1bff096.aarch64.rpm
php-pecl-apcu-debugsource-5.1.17-1.module+el8.1.0+3189+a1bff096.aarch64.rpm
php-pecl-apcu-devel-5.1.17-1.module+el8.1.0+3189+a1bff096.aarch64.rpm
php-pecl-rrd-2.0.1-1.module+el8.2.0+4968+1d5097db.aarch64.rpm
php-pecl-rrd-debuginfo-2.0.1-1.module+el8.2.0+4968+1d5097db.aarch64.rpm
php-pecl-rrd-debugsource-2.0.1-1.module+el8.2.0+4968+1d5097db.aarch64.rpm
php-pecl-xdebug-2.8.0-1.module+el8.2.0+4968+1d5097db.aarch64.rpm
php-pecl-xdebug-debuginfo-2.8.0-1.module+el8.2.0+4968+1d5097db.aarch64.rpm
php-pecl-xdebug-debugsource-2.8.0-1.module+el8.2.0+4968+1d5097db.aarch64.rpm
php-pecl-zip-1.15.4-1.module+el8.1.0+3189+a1bff096.aarch64.rpm
php-pecl-zip-debuginfo-1.15.4-1.module+el8.1.0+3189+a1bff096.aarch64.rpm
php-pecl-zip-debugsource-1.15.4-1.module+el8.1.0+3189+a1bff096.aarch64.rpm
php-pgsql-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-pgsql-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-process-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-process-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-recode-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-recode-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-snmp-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-snmp-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-soap-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-soap-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-xml-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-xml-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-xmlrpc-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-xmlrpc-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
noarch:
apcu-panel-5.1.17-1.module+el8.1.0+3189+a1bff096.noarch.rpm
php-pear-1.10.9-1.module+el8.1.0+3189+a1bff096.noarch.rpm
ppc64le:
libzip-1.5.2-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm
libzip-debuginfo-1.5.2-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm
libzip-debugsource-1.5.2-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm
libzip-devel-1.5.2-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm
libzip-tools-1.5.2-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm
libzip-tools-debuginfo-1.5.2-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm
php-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-bcmath-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-bcmath-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-cli-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-cli-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-common-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-common-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-dba-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-dba-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-dbg-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-dbg-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-debugsource-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-devel-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-embedded-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-embedded-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-enchant-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-enchant-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-fpm-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-fpm-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-gd-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-gd-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-gmp-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-gmp-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-intl-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-intl-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-json-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-json-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-ldap-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-ldap-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-mbstring-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-mbstring-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-mysqlnd-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-mysqlnd-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-odbc-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-odbc-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-opcache-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-opcache-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-pdo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-pdo-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-pecl-apcu-5.1.17-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm
php-pecl-apcu-debuginfo-5.1.17-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm
php-pecl-apcu-debugsource-5.1.17-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm
php-pecl-apcu-devel-5.1.17-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm
php-pecl-rrd-2.0.1-1.module+el8.2.0+4968+1d5097db.ppc64le.rpm
php-pecl-rrd-debuginfo-2.0.1-1.module+el8.2.0+4968+1d5097db.ppc64le.rpm
php-pecl-rrd-debugsource-2.0.1-1.module+el8.2.0+4968+1d5097db.ppc64le.rpm
php-pecl-xdebug-2.8.0-1.module+el8.2.0+4968+1d5097db.ppc64le.rpm
php-pecl-xdebug-debuginfo-2.8.0-1.module+el8.2.0+4968+1d5097db.ppc64le.rpm
php-pecl-xdebug-debugsource-2.8.0-1.module+el8.2.0+4968+1d5097db.ppc64le.rpm
php-pecl-zip-1.15.4-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm
php-pecl-zip-debuginfo-1.15.4-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm
php-pecl-zip-debugsource-1.15.4-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm
php-pgsql-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-pgsql-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-process-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-process-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-recode-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-recode-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-snmp-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-snmp-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-soap-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-soap-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-xml-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-xml-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-xmlrpc-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-xmlrpc-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
s390x:
libzip-1.5.2-1.module+el8.1.0+3189+a1bff096.s390x.rpm
libzip-debuginfo-1.5.2-1.module+el8.1.0+3189+a1bff096.s390x.rpm
libzip-debugsource-1.5.2-1.module+el8.1.0+3189+a1bff096.s390x.rpm
libzip-devel-1.5.2-1.module+el8.1.0+3189+a1bff096.s390x.rpm
libzip-tools-1.5.2-1.module+el8.1.0+3189+a1bff096.s390x.rpm
libzip-tools-debuginfo-1.5.2-1.module+el8.1.0+3189+a1bff096.s390x.rpm
php-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-bcmath-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-bcmath-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-cli-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-cli-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-common-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-common-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-dba-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-dba-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-dbg-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-dbg-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-debugsource-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-devel-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-embedded-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-embedded-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-enchant-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-enchant-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-fpm-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-fpm-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-gd-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-gd-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-gmp-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-gmp-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-intl-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-intl-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-json-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-json-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-ldap-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-ldap-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-mbstring-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-mbstring-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-mysqlnd-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-mysqlnd-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-odbc-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-odbc-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-opcache-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-opcache-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-pdo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-pdo-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-pecl-apcu-5.1.17-1.module+el8.1.0+3189+a1bff096.s390x.rpm
php-pecl-apcu-debuginfo-5.1.17-1.module+el8.1.0+3189+a1bff096.s390x.rpm
php-pecl-apcu-debugsource-5.1.17-1.module+el8.1.0+3189+a1bff096.s390x.rpm
php-pecl-apcu-devel-5.1.17-1.module+el8.1.0+3189+a1bff096.s390x.rpm
php-pecl-rrd-2.0.1-1.module+el8.2.0+4968+1d5097db.s390x.rpm
php-pecl-rrd-debuginfo-2.0.1-1.module+el8.2.0+4968+1d5097db.s390x.rpm
php-pecl-rrd-debugsource-2.0.1-1.module+el8.2.0+4968+1d5097db.s390x.rpm
php-pecl-xdebug-2.8.0-1.module+el8.2.0+4968+1d5097db.s390x.rpm
php-pecl-xdebug-debuginfo-2.8.0-1.module+el8.2.0+4968+1d5097db.s390x.rpm
php-pecl-xdebug-debugsource-2.8.0-1.module+el8.2.0+4968+1d5097db.s390x.rpm
php-pecl-zip-1.15.4-1.module+el8.1.0+3189+a1bff096.s390x.rpm
php-pecl-zip-debuginfo-1.15.4-1.module+el8.1.0+3189+a1bff096.s390x.rpm
php-pecl-zip-debugsource-1.15.4-1.module+el8.1.0+3189+a1bff096.s390x.rpm
php-pgsql-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-pgsql-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-process-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-process-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-recode-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-recode-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-snmp-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-snmp-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-soap-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-soap-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-xml-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-xml-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-xmlrpc-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-xmlrpc-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
x86_64:
libzip-1.5.2-1.module+el8.1.0+3189+a1bff096.x86_64.rpm
libzip-debuginfo-1.5.2-1.module+el8.1.0+3189+a1bff096.x86_64.rpm
libzip-debugsource-1.5.2-1.module+el8.1.0+3189+a1bff096.x86_64.rpm
libzip-devel-1.5.2-1.module+el8.1.0+3189+a1bff096.x86_64.rpm
libzip-tools-1.5.2-1.module+el8.1.0+3189+a1bff096.x86_64.rpm
libzip-tools-debuginfo-1.5.2-1.module+el8.1.0+3189+a1bff096.x86_64.rpm
php-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-bcmath-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-bcmath-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-cli-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-cli-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-common-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-common-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-dba-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-dba-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-dbg-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-dbg-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-debugsource-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-devel-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-embedded-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-embedded-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-enchant-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-enchant-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-fpm-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-fpm-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-gd-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-gd-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-gmp-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-gmp-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-intl-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-intl-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-json-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-json-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-ldap-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-ldap-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-mbstring-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-mbstring-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-mysqlnd-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-mysqlnd-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-odbc-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-odbc-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-opcache-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-opcache-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-pdo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-pdo-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-pecl-apcu-5.1.17-1.module+el8.1.0+3189+a1bff096.x86_64.rpm
php-pecl-apcu-debuginfo-5.1.17-1.module+el8.1.0+3189+a1bff096.x86_64.rpm
php-pecl-apcu-debugsource-5.1.17-1.module+el8.1.0+3189+a1bff096.x86_64.rpm
php-pecl-apcu-devel-5.1.17-1.module+el8.1.0+3189+a1bff096.x86_64.rpm
php-pecl-rrd-2.0.1-1.module+el8.2.0+4968+1d5097db.x86_64.rpm
php-pecl-rrd-debuginfo-2.0.1-1.module+el8.2.0+4968+1d5097db.x86_64.rpm
php-pecl-rrd-debugsource-2.0.1-1.module+el8.2.0+4968+1d5097db.x86_64.rpm
php-pecl-xdebug-2.8.0-1.module+el8.2.0+4968+1d5097db.x86_64.rpm
php-pecl-xdebug-debuginfo-2.8.0-1.module+el8.2.0+4968+1d5097db.x86_64.rpm
php-pecl-xdebug-debugsource-2.8.0-1.module+el8.2.0+4968+1d5097db.x86_64.rpm
php-pecl-zip-1.15.4-1.module+el8.1.0+3189+a1bff096.x86_64.rpm
php-pecl-zip-debuginfo-1.15.4-1.module+el8.1.0+3189+a1bff096.x86_64.rpm
php-pecl-zip-debugsource-1.15.4-1.module+el8.1.0+3189+a1bff096.x86_64.rpm
php-pgsql-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-pgsql-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-process-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-process-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-recode-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-recode-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-snmp-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-snmp-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-soap-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-soap-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-xml-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-xml-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-xmlrpc-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-xmlrpc-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
Topic
An update for the php:7.3 module is now available for Red Hat EnterpriseLinux 8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Bugs Fixed
1724152 - CVE-2019-11039 php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers()
1724154 - CVE-2019-11040 php: Buffer over-read in exif_read_data()
1728965 - CVE-2019-13225 oniguruma: NULL pointer dereference in match_at() in regexec.c
1728970 - CVE-2019-13224 oniguruma: Use-after-free in onig_new_deluxe() in regext.c
1735494 - CVE-2019-20454 pcre: Out of bounds read in JIT mode when \X is used in non-UTF mode
1739459 - CVE-2019-11041 php: Heap buffer over-read in exif_scan_thumbnail()
1739465 - CVE-2019-11042 php: Heap buffer over-read in exif_process_user_comment()
1768997 - CVE-2019-16163 oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c
1777537 - CVE-2019-19246 oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c
1786570 - CVE-2019-11047 php: Information disclosure in exif_read_data()
1786572 - CVE-2019-11045 php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte
1788258 - CVE-2019-11050 php: Out of bounds read when parsing EXIF information
1797776 - CVE-2020-7059 php: Out of bounds read in php_strip_tags_ex
1797779 - CVE-2020-7060 php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function
1802061 - CVE-2019-19203 oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c
1802068 - CVE-2019-19204 oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c
1808532 - CVE-2020-7062 php: NULL pointer dereference in PHP session upload progress
1808536 - CVE-2020-7063 php: Files added to tar with Phar::buildFromIterator have all-access permissions
1820601 - CVE-2020-7064 php: Information disclosure in exif_read_data() function
1820604 - CVE-2020-7066 php: Information disclosure in function get_headers1820627 - CVE-2020-7065 php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution
1837842 - CVE-2019-11048 php: Integer wraparounds when receiving multipart forms