Alerts This Week
Warning Icon 1 537
Alerts This Week
Warning Icon 1 537

Red Hat 7 RHSA-2020:5275 Moderate: rh-php73-php Security Update

Calendar Dec 01, 2020 User Avatar LinuxSecurity Advisories
15 - 30 min read
Redhat Large Esm H500
Topics%20covered

Topics Covered

security advisory moderate security update Red Hat php bug fix moderate severity php update redhat software collections oniguruma
An update for rh-php73-php is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: rh-php73-php security, bug fix, and enhancement update
Advisory ID:       RHSA-2020:5275-01
Product:           Red Hat Software Collections
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:5275
Issue date:        2020-12-01
CVE Names:         CVE-2019-11045 CVE-2019-11047 CVE-2019-11048 
                   CVE-2019-11050 CVE-2019-19203 CVE-2019-19204 
                   CVE-2019-19246 CVE-2020-7059 CVE-2020-7060 
                   CVE-2020-7062 CVE-2020-7063 CVE-2020-7064 
                   CVE-2020-7065 CVE-2020-7066 
====================================================================
1. Summary:

An update for rh-php73-php is now available for Red Hat Software
Collections.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server. 

The following packages have been upgraded to a later upstream version:
rh-php73-php (7.3.20). (BZ#1853211)

Security Fix(es):

* php: DirectoryIterator class accepts filenames with embedded  byte and
treats them as terminating at that byte (CVE-2019-11045)

* php: Information disclosure in exif_read_data() (CVE-2019-11047)

* php: Integer wraparounds when receiving multipart forms (CVE-2019-11048)

* oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in
file gb18030.c (CVE-2019-19203)

* oniguruma: Heap-based buffer over-read in function
fetch_interval_quantifier in regparse.c (CVE-2019-19204)

* php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059)

* php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function
(CVE-2020-7060)

* php: NULL pointer dereference in PHP session upload progress
(CVE-2020-7062)

* php: Files added to tar with Phar::buildFromIterator have all-access
permissions (CVE-2020-7063)

* php: Information disclosure in exif_read_data() function (CVE-2020-7064)

* php: Using mb_strtolower() function with UTF-32LE encoding leads to
potential code execution (CVE-2020-7065)

* php: Out of bounds read when parsing EXIF information (CVE-2019-11050)

* oniguruma: Heap-based buffer overflow in str_lower_case_match in
regexec.c (CVE-2019-19246)

* php: Information disclosure in function get_headers (CVE-2020-7066)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Software Collections 3.6 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon must be restarted
for the update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1777537 - CVE-2019-19246 oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c
1786570 - CVE-2019-11047 php: Information disclosure in exif_read_data()
1786572 - CVE-2019-11045 php: DirectoryIterator class accepts filenames with embedded  byte and treats them as terminating at that byte
1788258 - CVE-2019-11050 php: Out of bounds read when parsing EXIF information
1797776 - CVE-2020-7059 php: Out of bounds read in php_strip_tags_ex
1797779 - CVE-2020-7060 php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function
1802061 - CVE-2019-19203 oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c
1802068 - CVE-2019-19204 oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c
1808532 - CVE-2020-7062 php: NULL pointer dereference in PHP session upload progress
1808536 - CVE-2020-7063 php: Files added to tar with Phar::buildFromIterator have all-access permissions
1820601 - CVE-2020-7064 php: Information disclosure in exif_read_data() function
1820604 - CVE-2020-7066 php: Information disclosure in function get_headers1820627 - CVE-2020-7065 php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution
1837842 - CVE-2019-11048 php: Integer wraparounds when receiving multipart forms

6. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:
rh-php73-php-7.3.20-1.el7.src.rpm

aarch64:
rh-php73-php-7.3.20-1.el7.aarch64.rpm
rh-php73-php-bcmath-7.3.20-1.el7.aarch64.rpm
rh-php73-php-cli-7.3.20-1.el7.aarch64.rpm
rh-php73-php-common-7.3.20-1.el7.aarch64.rpm
rh-php73-php-dba-7.3.20-1.el7.aarch64.rpm
rh-php73-php-dbg-7.3.20-1.el7.aarch64.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.aarch64.rpm
rh-php73-php-devel-7.3.20-1.el7.aarch64.rpm
rh-php73-php-embedded-7.3.20-1.el7.aarch64.rpm
rh-php73-php-enchant-7.3.20-1.el7.aarch64.rpm
rh-php73-php-fpm-7.3.20-1.el7.aarch64.rpm
rh-php73-php-gd-7.3.20-1.el7.aarch64.rpm
rh-php73-php-gmp-7.3.20-1.el7.aarch64.rpm
rh-php73-php-intl-7.3.20-1.el7.aarch64.rpm
rh-php73-php-json-7.3.20-1.el7.aarch64.rpm
rh-php73-php-ldap-7.3.20-1.el7.aarch64.rpm
rh-php73-php-mbstring-7.3.20-1.el7.aarch64.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.aarch64.rpm
rh-php73-php-odbc-7.3.20-1.el7.aarch64.rpm
rh-php73-php-opcache-7.3.20-1.el7.aarch64.rpm
rh-php73-php-pdo-7.3.20-1.el7.aarch64.rpm
rh-php73-php-pgsql-7.3.20-1.el7.aarch64.rpm
rh-php73-php-process-7.3.20-1.el7.aarch64.rpm
rh-php73-php-pspell-7.3.20-1.el7.aarch64.rpm
rh-php73-php-recode-7.3.20-1.el7.aarch64.rpm
rh-php73-php-snmp-7.3.20-1.el7.aarch64.rpm
rh-php73-php-soap-7.3.20-1.el7.aarch64.rpm
rh-php73-php-xml-7.3.20-1.el7.aarch64.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.aarch64.rpm
rh-php73-php-zip-7.3.20-1.el7.aarch64.rpm

ppc64le:
rh-php73-php-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-common-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-json-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-process-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm

s390x:
rh-php73-php-7.3.20-1.el7.s390x.rpm
rh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm
rh-php73-php-cli-7.3.20-1.el7.s390x.rpm
rh-php73-php-common-7.3.20-1.el7.s390x.rpm
rh-php73-php-dba-7.3.20-1.el7.s390x.rpm
rh-php73-php-dbg-7.3.20-1.el7.s390x.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm
rh-php73-php-devel-7.3.20-1.el7.s390x.rpm
rh-php73-php-embedded-7.3.20-1.el7.s390x.rpm
rh-php73-php-enchant-7.3.20-1.el7.s390x.rpm
rh-php73-php-fpm-7.3.20-1.el7.s390x.rpm
rh-php73-php-gd-7.3.20-1.el7.s390x.rpm
rh-php73-php-gmp-7.3.20-1.el7.s390x.rpm
rh-php73-php-intl-7.3.20-1.el7.s390x.rpm
rh-php73-php-json-7.3.20-1.el7.s390x.rpm
rh-php73-php-ldap-7.3.20-1.el7.s390x.rpm
rh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm
rh-php73-php-odbc-7.3.20-1.el7.s390x.rpm
rh-php73-php-opcache-7.3.20-1.el7.s390x.rpm
rh-php73-php-pdo-7.3.20-1.el7.s390x.rpm
rh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm
rh-php73-php-process-7.3.20-1.el7.s390x.rpm
rh-php73-php-pspell-7.3.20-1.el7.s390x.rpm
rh-php73-php-recode-7.3.20-1.el7.s390x.rpm
rh-php73-php-snmp-7.3.20-1.el7.s390x.rpm
rh-php73-php-soap-7.3.20-1.el7.s390x.rpm
rh-php73-php-xml-7.3.20-1.el7.s390x.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm
rh-php73-php-zip-7.3.20-1.el7.s390x.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:
rh-php73-php-7.3.20-1.el7.src.rpm

aarch64:
rh-php73-php-7.3.20-1.el7.aarch64.rpm
rh-php73-php-bcmath-7.3.20-1.el7.aarch64.rpm
rh-php73-php-cli-7.3.20-1.el7.aarch64.rpm
rh-php73-php-common-7.3.20-1.el7.aarch64.rpm
rh-php73-php-dba-7.3.20-1.el7.aarch64.rpm
rh-php73-php-dbg-7.3.20-1.el7.aarch64.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.aarch64.rpm
rh-php73-php-devel-7.3.20-1.el7.aarch64.rpm
rh-php73-php-embedded-7.3.20-1.el7.aarch64.rpm
rh-php73-php-enchant-7.3.20-1.el7.aarch64.rpm
rh-php73-php-fpm-7.3.20-1.el7.aarch64.rpm
rh-php73-php-gd-7.3.20-1.el7.aarch64.rpm
rh-php73-php-gmp-7.3.20-1.el7.aarch64.rpm
rh-php73-php-intl-7.3.20-1.el7.aarch64.rpm
rh-php73-php-json-7.3.20-1.el7.aarch64.rpm
rh-php73-php-ldap-7.3.20-1.el7.aarch64.rpm
rh-php73-php-mbstring-7.3.20-1.el7.aarch64.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.aarch64.rpm
rh-php73-php-odbc-7.3.20-1.el7.aarch64.rpm
rh-php73-php-opcache-7.3.20-1.el7.aarch64.rpm
rh-php73-php-pdo-7.3.20-1.el7.aarch64.rpm
rh-php73-php-pgsql-7.3.20-1.el7.aarch64.rpm
rh-php73-php-process-7.3.20-1.el7.aarch64.rpm
rh-php73-php-pspell-7.3.20-1.el7.aarch64.rpm
rh-php73-php-recode-7.3.20-1.el7.aarch64.rpm
rh-php73-php-snmp-7.3.20-1.el7.aarch64.rpm
rh-php73-php-soap-7.3.20-1.el7.aarch64.rpm
rh-php73-php-xml-7.3.20-1.el7.aarch64.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.aarch64.rpm
rh-php73-php-zip-7.3.20-1.el7.aarch64.rpm

ppc64le:
rh-php73-php-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-common-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-json-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-process-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm

s390x:
rh-php73-php-7.3.20-1.el7.s390x.rpm
rh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm
rh-php73-php-cli-7.3.20-1.el7.s390x.rpm
rh-php73-php-common-7.3.20-1.el7.s390x.rpm
rh-php73-php-dba-7.3.20-1.el7.s390x.rpm
rh-php73-php-dbg-7.3.20-1.el7.s390x.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm
rh-php73-php-devel-7.3.20-1.el7.s390x.rpm
rh-php73-php-embedded-7.3.20-1.el7.s390x.rpm
rh-php73-php-enchant-7.3.20-1.el7.s390x.rpm
rh-php73-php-fpm-7.3.20-1.el7.s390x.rpm
rh-php73-php-gd-7.3.20-1.el7.s390x.rpm
rh-php73-php-gmp-7.3.20-1.el7.s390x.rpm
rh-php73-php-intl-7.3.20-1.el7.s390x.rpm
rh-php73-php-json-7.3.20-1.el7.s390x.rpm
rh-php73-php-ldap-7.3.20-1.el7.s390x.rpm
rh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm
rh-php73-php-odbc-7.3.20-1.el7.s390x.rpm
rh-php73-php-opcache-7.3.20-1.el7.s390x.rpm
rh-php73-php-pdo-7.3.20-1.el7.s390x.rpm
rh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm
rh-php73-php-process-7.3.20-1.el7.s390x.rpm
rh-php73-php-pspell-7.3.20-1.el7.s390x.rpm
rh-php73-php-recode-7.3.20-1.el7.s390x.rpm
rh-php73-php-snmp-7.3.20-1.el7.s390x.rpm
rh-php73-php-soap-7.3.20-1.el7.s390x.rpm
rh-php73-php-xml-7.3.20-1.el7.s390x.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm
rh-php73-php-zip-7.3.20-1.el7.s390x.rpm

x86_64:
rh-php73-php-7.3.20-1.el7.x86_64.rpm
rh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm
rh-php73-php-cli-7.3.20-1.el7.x86_64.rpm
rh-php73-php-common-7.3.20-1.el7.x86_64.rpm
rh-php73-php-dba-7.3.20-1.el7.x86_64.rpm
rh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm
rh-php73-php-devel-7.3.20-1.el7.x86_64.rpm
rh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm
rh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm
rh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm
rh-php73-php-gd-7.3.20-1.el7.x86_64.rpm
rh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm
rh-php73-php-intl-7.3.20-1.el7.x86_64.rpm
rh-php73-php-json-7.3.20-1.el7.x86_64.rpm
rh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm
rh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm
rh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm
rh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm
rh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm
rh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm
rh-php73-php-process-7.3.20-1.el7.x86_64.rpm
rh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm
rh-php73-php-recode-7.3.20-1.el7.x86_64.rpm
rh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm
rh-php73-php-soap-7.3.20-1.el7.x86_64.rpm
rh-php73-php-xml-7.3.20-1.el7.x86_64.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm
rh-php73-php-zip-7.3.20-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):

Source:
rh-php73-php-7.3.20-1.el7.src.rpm

ppc64le:
rh-php73-php-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-common-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-json-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-process-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm

s390x:
rh-php73-php-7.3.20-1.el7.s390x.rpm
rh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm
rh-php73-php-cli-7.3.20-1.el7.s390x.rpm
rh-php73-php-common-7.3.20-1.el7.s390x.rpm
rh-php73-php-dba-7.3.20-1.el7.s390x.rpm
rh-php73-php-dbg-7.3.20-1.el7.s390x.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm
rh-php73-php-devel-7.3.20-1.el7.s390x.rpm
rh-php73-php-embedded-7.3.20-1.el7.s390x.rpm
rh-php73-php-enchant-7.3.20-1.el7.s390x.rpm
rh-php73-php-fpm-7.3.20-1.el7.s390x.rpm
rh-php73-php-gd-7.3.20-1.el7.s390x.rpm
rh-php73-php-gmp-7.3.20-1.el7.s390x.rpm
rh-php73-php-intl-7.3.20-1.el7.s390x.rpm
rh-php73-php-json-7.3.20-1.el7.s390x.rpm
rh-php73-php-ldap-7.3.20-1.el7.s390x.rpm
rh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm
rh-php73-php-odbc-7.3.20-1.el7.s390x.rpm
rh-php73-php-opcache-7.3.20-1.el7.s390x.rpm
rh-php73-php-pdo-7.3.20-1.el7.s390x.rpm
rh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm
rh-php73-php-process-7.3.20-1.el7.s390x.rpm
rh-php73-php-pspell-7.3.20-1.el7.s390x.rpm
rh-php73-php-recode-7.3.20-1.el7.s390x.rpm
rh-php73-php-snmp-7.3.20-1.el7.s390x.rpm
rh-php73-php-soap-7.3.20-1.el7.s390x.rpm
rh-php73-php-xml-7.3.20-1.el7.s390x.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm
rh-php73-php-zip-7.3.20-1.el7.s390x.rpm

x86_64:
rh-php73-php-7.3.20-1.el7.x86_64.rpm
rh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm
rh-php73-php-cli-7.3.20-1.el7.x86_64.rpm
rh-php73-php-common-7.3.20-1.el7.x86_64.rpm
rh-php73-php-dba-7.3.20-1.el7.x86_64.rpm
rh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm
rh-php73-php-devel-7.3.20-1.el7.x86_64.rpm
rh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm
rh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm
rh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm
rh-php73-php-gd-7.3.20-1.el7.x86_64.rpm
rh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm
rh-php73-php-intl-7.3.20-1.el7.x86_64.rpm
rh-php73-php-json-7.3.20-1.el7.x86_64.rpm
rh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm
rh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm
rh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm
rh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm
rh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm
rh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm
rh-php73-php-process-7.3.20-1.el7.x86_64.rpm
rh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm
rh-php73-php-recode-7.3.20-1.el7.x86_64.rpm
rh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm
rh-php73-php-soap-7.3.20-1.el7.x86_64.rpm
rh-php73-php-xml-7.3.20-1.el7.x86_64.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm
rh-php73-php-zip-7.3.20-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):

Source:
rh-php73-php-7.3.20-1.el7.src.rpm

ppc64le:
rh-php73-php-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-common-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-json-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-process-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm

s390x:
rh-php73-php-7.3.20-1.el7.s390x.rpm
rh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm
rh-php73-php-cli-7.3.20-1.el7.s390x.rpm
rh-php73-php-common-7.3.20-1.el7.s390x.rpm
rh-php73-php-dba-7.3.20-1.el7.s390x.rpm
rh-php73-php-dbg-7.3.20-1.el7.s390x.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm
rh-php73-php-devel-7.3.20-1.el7.s390x.rpm
rh-php73-php-embedded-7.3.20-1.el7.s390x.rpm
rh-php73-php-enchant-7.3.20-1.el7.s390x.rpm
rh-php73-php-fpm-7.3.20-1.el7.s390x.rpm
rh-php73-php-gd-7.3.20-1.el7.s390x.rpm
rh-php73-php-gmp-7.3.20-1.el7.s390x.rpm
rh-php73-php-intl-7.3.20-1.el7.s390x.rpm
rh-php73-php-json-7.3.20-1.el7.s390x.rpm
rh-php73-php-ldap-7.3.20-1.el7.s390x.rpm
rh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm
rh-php73-php-odbc-7.3.20-1.el7.s390x.rpm
rh-php73-php-opcache-7.3.20-1.el7.s390x.rpm
rh-php73-php-pdo-7.3.20-1.el7.s390x.rpm
rh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm
rh-php73-php-process-7.3.20-1.el7.s390x.rpm
rh-php73-php-pspell-7.3.20-1.el7.s390x.rpm
rh-php73-php-recode-7.3.20-1.el7.s390x.rpm
rh-php73-php-snmp-7.3.20-1.el7.s390x.rpm
rh-php73-php-soap-7.3.20-1.el7.s390x.rpm
rh-php73-php-xml-7.3.20-1.el7.s390x.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm
rh-php73-php-zip-7.3.20-1.el7.s390x.rpm

x86_64:
rh-php73-php-7.3.20-1.el7.x86_64.rpm
rh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm
rh-php73-php-cli-7.3.20-1.el7.x86_64.rpm
rh-php73-php-common-7.3.20-1.el7.x86_64.rpm
rh-php73-php-dba-7.3.20-1.el7.x86_64.rpm
rh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm
rh-php73-php-devel-7.3.20-1.el7.x86_64.rpm
rh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm
rh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm
rh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm
rh-php73-php-gd-7.3.20-1.el7.x86_64.rpm
rh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm
rh-php73-php-intl-7.3.20-1.el7.x86_64.rpm
rh-php73-php-json-7.3.20-1.el7.x86_64.rpm
rh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm
rh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm
rh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm
rh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm
rh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm
rh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm
rh-php73-php-process-7.3.20-1.el7.x86_64.rpm
rh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm
rh-php73-php-recode-7.3.20-1.el7.x86_64.rpm
rh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm
rh-php73-php-soap-7.3.20-1.el7.x86_64.rpm
rh-php73-php-xml-7.3.20-1.el7.x86_64.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm
rh-php73-php-zip-7.3.20-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source:
rh-php73-php-7.3.20-1.el7.src.rpm

x86_64:
rh-php73-php-7.3.20-1.el7.x86_64.rpm
rh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm
rh-php73-php-cli-7.3.20-1.el7.x86_64.rpm
rh-php73-php-common-7.3.20-1.el7.x86_64.rpm
rh-php73-php-dba-7.3.20-1.el7.x86_64.rpm
rh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm
rh-php73-php-devel-7.3.20-1.el7.x86_64.rpm
rh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm
rh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm
rh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm
rh-php73-php-gd-7.3.20-1.el7.x86_64.rpm
rh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm
rh-php73-php-intl-7.3.20-1.el7.x86_64.rpm
rh-php73-php-json-7.3.20-1.el7.x86_64.rpm
rh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm
rh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm
rh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm
rh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm
rh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm
rh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm
rh-php73-php-process-7.3.20-1.el7.x86_64.rpm
rh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm
rh-php73-php-recode-7.3.20-1.el7.x86_64.rpm
rh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm
rh-php73-php-soap-7.3.20-1.el7.x86_64.rpm
rh-php73-php-xml-7.3.20-1.el7.x86_64.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm
rh-php73-php-zip-7.3.20-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key

7. References:

https://access.redhat.com/security/cve/CVE-2019-11045
https://access.redhat.com/security/cve/CVE-2019-11047
https://access.redhat.com/security/cve/CVE-2019-11048
https://access.redhat.com/security/cve/CVE-2019-11050
https://access.redhat.com/security/cve/CVE-2019-19203
https://access.redhat.com/security/cve/CVE-2019-19204
https://access.redhat.com/security/cve/CVE-2019-19246
https://access.redhat.com/security/cve/CVE-2020-7059
https://access.redhat.com/security/cve/CVE-2020-7060
https://access.redhat.com/security/cve/CVE-2020-7062
https://access.redhat.com/security/cve/CVE-2020-7063
https://access.redhat.com/security/cve/CVE-2020-7064
https://access.redhat.com/security/cve/CVE-2020-7065
https://access.redhat.com/security/cve/CVE-2020-7066
https://access.redhat.com/security/updates/classification#moderate
https://docs.redhat.com/en/documentation/red_hat_software_collections/3/html/3.6_release_notes/index

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX8Y0i9zjgjWX9erEAQg0Fw/8DpkMHPAzp4Tb6ym275eMnlcICweGyFtw
becOAQt6d3zo6+1fQ7TvsDhciqoSppofF1z4i1HKRZlvsrkzmPkzXfBh0Z1M99YQ
KUsvTcbQ9fd5AzHzkVIQ1NL9Qvhl8We0DL/WEiz6ob3yczwgZAz7yVq+dl7IkfoI
6G/lbIT0g5C9OPpma+KPw2mB1fiaGnPp5+i3o1srMYOcqqd8oWDWOQZJVB1TlkEH
rcPfqKdlrwIl2gu9LlGw8leNS0392lsd8UOaVt8rjsW5wdPAZno8rCFp+TMXymJ0
D1FlsrWwsc89QPgeJd13cc487nJnIos8bRxTDsJL/pQdyhIYNLGA7dA20YdMElDh
viPblEXhfwRMHeSgTUUTU4dvNk6DiGQWigiNh2973EgYDTxA2AGvLo2ygfFXCVGi
EWcECya+Cz+G0/IaJPE1ohnVqdfdrDVncOFNmfdQ6QvDZaoZyqi37UubtA+JB1qC
5f1j9vtfWTMRpkCqmF/94WQ81h2401lqHz6yWlbn2DOALN/R8Cso5mLwwd/9cWLo
RwIpTvHOFY++tzoh8Mn9WDaMNkPkf39n30BDtKQA4XG53vo3/RZHmpkmwxy4UVgB
gGP537Uy95zumCJMFRsKvkqTg62O6AEOneydtZT/yYGiF9uhHBboTorij+aD7LN4
0afoNZ3Sfdc=AaB8
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
This email address is being protected from spambots. You need JavaScript enabled to view it.

Red Hat 7 RHSA-2020:5275 Moderate: rh-php73-php Security Update

red hat
Calendar Grey December 1, 2020
Dist Redhat Esm H88
The notification from Red Hat regarding rh-php73-php highlights an update of moderate severity, focusing on rectifying security vulnerabilities and correcting software bugs.
An update for rh-php73-php is now available for Red Hat Software Collections

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

Summary

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
The following packages have been upgraded to a later upstream version: rh-php73-php (7.3.20). (BZ#1853211)
Security Fix(es):
* php: DirectoryIterator class accepts filenames with embedded byte and treats them as terminating at that byte (CVE-2019-11045)
* php: Information disclosure in exif_read_data() (CVE-2019-11047)
* php: Integer wraparounds when receiving multipart forms (CVE-2019-11048)
* oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c (CVE-2019-19203)
* oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c (CVE-2019-19204)
* php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059)
* php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function (CVE-2020-7060)
* php: NULL pointer dereference in PHP session upload progress (CVE-2020-7062)
* php: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063)
* php: Information disclosure in exif_read_data() function (CVE-2020-7064)
* php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution (CVE-2020-7065)
* php: Out of bounds read when parsing EXIF information (CVE-2019-11050)
* oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c (CVE-2019-19246)
* php: Information disclosure in function get_headers (CVE-2020-7066)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Software Collections 3.6 Release Notes linked from the References section.

Topics%20covered

Topics Covered

security advisory moderate security update Red Hat php bug fix moderate severity php update redhat software collections oniguruma

References

https://access.redhat.com/security/cve/CVE-2019-11045 https://access.redhat.com/security/cve/CVE-2019-11047 https://access.redhat.com/security/cve/CVE-2019-11048 https://access.redhat.com/security/cve/CVE-2019-11050 https://access.redhat.com/security/cve/CVE-2019-19203 https://access.redhat.com/security/cve/CVE-2019-19204 https://access.redhat.com/security/cve/CVE-2019-19246 https://access.redhat.com/security/cve/CVE-2020-7059 https://access.redhat.com/security/cve/CVE-2020-7060 https://access.redhat.com/security/cve/CVE-2020-7062 https://access.redhat.com/security/cve/CVE-2020-7063 https://access.redhat.com/security/cve/CVE-2020-7064 https://access.redhat.com/security/cve/CVE-2020-7065 https://access.redhat.com/security/cve/CVE-2020-7066 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_software_collections/3/html/3.6_release_notes/index

Package List

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-php73-php-7.3.20-1.el7.src.rpm
aarch64: rh-php73-php-7.3.20-1.el7.aarch64.rpm rh-php73-php-bcmath-7.3.20-1.el7.aarch64.rpm rh-php73-php-cli-7.3.20-1.el7.aarch64.rpm rh-php73-php-common-7.3.20-1.el7.aarch64.rpm rh-php73-php-dba-7.3.20-1.el7.aarch64.rpm rh-php73-php-dbg-7.3.20-1.el7.aarch64.rpm rh-php73-php-debuginfo-7.3.20-1.el7.aarch64.rpm rh-php73-php-devel-7.3.20-1.el7.aarch64.rpm rh-php73-php-embedded-7.3.20-1.el7.aarch64.rpm rh-php73-php-enchant-7.3.20-1.el7.aarch64.rpm rh-php73-php-fpm-7.3.20-1.el7.aarch64.rpm rh-php73-php-gd-7.3.20-1.el7.aarch64.rpm rh-php73-php-gmp-7.3.20-1.el7.aarch64.rpm rh-php73-php-intl-7.3.20-1.el7.aarch64.rpm rh-php73-php-json-7.3.20-1.el7.aarch64.rpm rh-php73-php-ldap-7.3.20-1.el7.aarch64.rpm rh-php73-php-mbstring-7.3.20-1.el7.aarch64.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.aarch64.rpm rh-php73-php-odbc-7.3.20-1.el7.aarch64.rpm rh-php73-php-opcache-7.3.20-1.el7.aarch64.rpm rh-php73-php-pdo-7.3.20-1.el7.aarch64.rpm rh-php73-php-pgsql-7.3.20-1.el7.aarch64.rpm rh-php73-php-process-7.3.20-1.el7.aarch64.rpm rh-php73-php-pspell-7.3.20-1.el7.aarch64.rpm rh-php73-php-recode-7.3.20-1.el7.aarch64.rpm rh-php73-php-snmp-7.3.20-1.el7.aarch64.rpm

Read the Full Advisory


Advisory ID: RHSA-2020:5275-01
Product: Red Hat Software Collections
Advisory URL: https://access.redhat.com/errata/RHSA-2020:5275
Issue date: 2020-12-01

Topic

An update for rh-php73-php is now available for Red Hat SoftwareCollections.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory moderate security update Red Hat php bug fix moderate severity php update redhat software collections oniguruma

Relevant Releases Architectures

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

Bugs Fixed

1777537 - CVE-2019-19246 oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c

1786570 - CVE-2019-11047 php: Information disclosure in exif_read_data()

1786572 - CVE-2019-11045 php: DirectoryIterator class accepts filenames with embedded byte and treats them as terminating at that byte

1788258 - CVE-2019-11050 php: Out of bounds read when parsing EXIF information

1797776 - CVE-2020-7059 php: Out of bounds read in php_strip_tags_ex

1797779 - CVE-2020-7060 php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function

1802061 - CVE-2019-19203 oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c

1802068 - CVE-2019-19204 oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c

1808532 - CVE-2020-7062 php: NULL pointer dereference in PHP session upload progress

1808536 - CVE-2020-7063 php: Files added to tar with Phar::buildFromIterator have all-access permissions

1820601 - CVE-2020-7064 php: Information disclosure in exif_read_data() function

1820604 - CVE-2020-7066 php: Information disclosure in function get_headers1820627 - CVE-2020-7065 php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution

1837842 - CVE-2019-11048 php: Integer wraparounds when receiving multipart forms

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here