logo
DATABASE RESOURCES PRICING ABOUT US

Moderate: php:7.3 security, bug fix, and enhancement update

Description

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php (7.3.20). (BZ#1856655) Security Fix(es): * php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() (CVE-2019-11039) * php: Buffer over-read in exif_read_data() (CVE-2019-11040) * php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte (CVE-2019-11045) * php: Information disclosure in exif_read_data() (CVE-2019-11047) * php: Integer wraparounds when receiving multipart forms (CVE-2019-11048) * oniguruma: Use-after-free in onig_new_deluxe() in regext.c (CVE-2019-13224) * oniguruma: NULL pointer dereference in match_at() in regexec.c (CVE-2019-13225) * oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c (CVE-2019-16163) * oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c (CVE-2019-19203) * oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c (CVE-2019-19204) * pcre: Out of bounds read in JIT mode when \X is used in non-UTF mode (CVE-2019-20454) * php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059) * php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function (CVE-2020-7060) * php: NULL pointer dereference in PHP session upload progress (CVE-2020-7062) * php: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063) * php: Information disclosure in exif_read_data() function (CVE-2020-7064) * php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution (CVE-2020-7065) * php: Heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041) * php: Heap buffer over-read in exif_process_user_comment() (CVE-2019-11042) * php: Out of bounds read when parsing EXIF information (CVE-2019-11050) * oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c (CVE-2019-19246) * php: Information disclosure in function get_headers (CVE-2020-7066) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.


Affected Package


OS OS Version Package Name Package Version
almalinux 8 apcu-panel 5.1.17-1.module_el8.3.0+2009+b272fdef
almalinux 8 libzip 1.5.2-1.module_el8.3.0+2009+b272fdef
almalinux 8 libzip-devel 1.5.2-1.module_el8.3.0+2009+b272fdef
almalinux 8 libzip-tools 1.5.2-1.module_el8.3.0+2009+b272fdef
almalinux 8 php 7.3.20-1.module_el8.3.0+2009+b272fdef
almalinux 8 php-bcmath 7.3.20-1.module_el8.3.0+2009+b272fdef
almalinux 8 php-cli 7.3.20-1.module_el8.3.0+2009+b272fdef
almalinux 8 php-common 7.3.20-1.module_el8.3.0+2009+b272fdef
almalinux 8 php-dba 7.3.20-1.module_el8.3.0+2009+b272fdef
almalinux 8 php-dbg 7.3.20-1.module_el8.3.0+2009+b272fdef
almalinux 8 php-devel 7.3.20-1.module_el8.3.0+2009+b272fdef
almalinux 8 php-embedded 7.3.20-1.module_el8.3.0+2009+b272fdef
almalinux 8 php-enchant 7.3.20-1.module_el8.3.0+2009+b272fdef
almalinux 8 php-fpm 7.3.20-1.module_el8.3.0+2009+b272fdef
almalinux 8 php-gd 7.3.20-1.module_el8.3.0+2009+b272fdef
almalinux 8 php-gmp 7.3.20-1.module_el8.3.0+2009+b272fdef
almalinux 8 php-intl 7.3.20-1.module_el8.3.0+2009+b272fdef
almalinux 8 php-json 7.3.20-1.module_el8.3.0+2009+b272fdef
almalinux 8 php-ldap 7.3.20-1.module_el8.3.0+2009+b272fdef
almalinux 8 php-mbstring 7.3.20-1.module_el8.3.0+2009+b272fdef
almalinux 8 php-mysqlnd 7.3.20-1.module_el8.3.0+2009+b272fdef
almalinux 8 php-odbc 7.3.20-1.module_el8.3.0+2009+b272fdef
almalinux 8 php-opcache 7.3.20-1.module_el8.3.0+2009+b272fdef
almalinux 8 php-pdo 7.3.20-1.module_el8.3.0+2009+b272fdef
almalinux 8 php-pear 1.10.9-1.module_el8.3.0+2009+b272fdef
almalinux 8 php-pecl-apcu 5.1.17-1.module_el8.3.0+2009+b272fdef
almalinux 8 php-pecl-apcu-devel 5.1.17-1.module_el8.3.0+2009+b272fdef
almalinux 8 php-pecl-rrd 2.0.1-1.module_el8.3.0+2009+b272fdef
almalinux 8 php-pecl-xdebug 2.8.0-1.module_el8.3.0+2009+b272fdef
almalinux 8 php-pecl-zip 1.15.4-1.module_el8.3.0+2009+b272fdef
almalinux 8 php-pgsql 7.3.20-1.module_el8.3.0+2009+b272fdef
almalinux 8 php-process 7.3.20-1.module_el8.3.0+2009+b272fdef
almalinux 8 php-recode 7.3.20-1.module_el8.3.0+2009+b272fdef
almalinux 8 php-snmp 7.3.20-1.module_el8.3.0+2009+b272fdef
almalinux 8 php-soap 7.3.20-1.module_el8.3.0+2009+b272fdef
almalinux 8 php-xml 7.3.20-1.module_el8.3.0+2009+b272fdef
almalinux 8 php-xmlrpc 7.3.20-1.module_el8.3.0+2009+b272fdef
almalinux 8 apcu-panel 5.1.17-1.module_el8.4.0+2229+b272fdef
almalinux 8 libzip 1.5.2-1.module_el8.4.0+2229+b272fdef
almalinux 8 libzip-devel 1.5.2-1.module_el8.4.0+2229+b272fdef
almalinux 8 libzip-tools 1.5.2-1.module_el8.4.0+2229+b272fdef
almalinux 8 php 7.3.20-1.module_el8.4.0+2229+b272fdef
almalinux 8 php-bcmath 7.3.20-1.module_el8.4.0+2229+b272fdef
almalinux 8 php-cli 7.3.20-1.module_el8.4.0+2229+b272fdef
almalinux 8 php-common 7.3.20-1.module_el8.4.0+2229+b272fdef
almalinux 8 php-dba 7.3.20-1.module_el8.4.0+2229+b272fdef
almalinux 8 php-dbg 7.3.20-1.module_el8.4.0+2229+b272fdef
almalinux 8 php-devel 7.3.20-1.module_el8.4.0+2229+b272fdef
almalinux 8 php-embedded 7.3.20-1.module_el8.4.0+2229+b272fdef
almalinux 8 php-enchant 7.3.20-1.module_el8.4.0+2229+b272fdef
almalinux 8 php-fpm 7.3.20-1.module_el8.4.0+2229+b272fdef
almalinux 8 php-gd 7.3.20-1.module_el8.4.0+2229+b272fdef
almalinux 8 php-gmp 7.3.20-1.module_el8.4.0+2229+b272fdef
almalinux 8 php-intl 7.3.20-1.module_el8.4.0+2229+b272fdef
almalinux 8 php-json 7.3.20-1.module_el8.4.0+2229+b272fdef
almalinux 8 php-ldap 7.3.20-1.module_el8.4.0+2229+b272fdef
almalinux 8 php-mbstring 7.3.20-1.module_el8.4.0+2229+b272fdef
almalinux 8 php-mysqlnd 7.3.20-1.module_el8.4.0+2229+b272fdef
almalinux 8 php-odbc 7.3.20-1.module_el8.4.0+2229+b272fdef
almalinux 8 php-opcache 7.3.20-1.module_el8.4.0+2229+b272fdef
almalinux 8 php-pdo 7.3.20-1.module_el8.4.0+2229+b272fdef
almalinux 8 php-pear 1.10.9-1.module_el8.4.0+2229+b272fdef
almalinux 8 php-pecl-apcu 5.1.17-1.module_el8.4.0+2229+b272fdef
almalinux 8 php-pecl-apcu-devel 5.1.17-1.module_el8.4.0+2229+b272fdef
almalinux 8 php-pecl-rrd 2.0.1-1.module_el8.4.0+2229+b272fdef
almalinux 8 php-pecl-xdebug 2.8.0-1.module_el8.4.0+2229+b272fdef
almalinux 8 php-pecl-zip 1.15.4-1.module_el8.4.0+2229+b272fdef
almalinux 8 php-pgsql 7.3.20-1.module_el8.4.0+2229+b272fdef
almalinux 8 php-process 7.3.20-1.module_el8.4.0+2229+b272fdef
almalinux 8 php-recode 7.3.20-1.module_el8.4.0+2229+b272fdef
almalinux 8 php-snmp 7.3.20-1.module_el8.4.0+2229+b272fdef
almalinux 8 php-soap 7.3.20-1.module_el8.4.0+2229+b272fdef
almalinux 8 php-xml 7.3.20-1.module_el8.4.0+2229+b272fdef
almalinux 8 php-xmlrpc 7.3.20-1.module_el8.4.0+2229+b272fdef
almalinux 8 apcu-panel 5.1.17-1.module_el8.5.0+152+112d3b8c
almalinux 8 libzip 1.5.2-1.module_el8.5.0+152+112d3b8c
almalinux 8 libzip-devel 1.5.2-1.module_el8.5.0+152+112d3b8c
almalinux 8 libzip-tools 1.5.2-1.module_el8.5.0+152+112d3b8c
almalinux 8 php 7.3.20-1.module_el8.5.0+152+112d3b8c
almalinux 8 php-bcmath 7.3.20-1.module_el8.5.0+152+112d3b8c
almalinux 8 php-cli 7.3.20-1.module_el8.5.0+152+112d3b8c
almalinux 8 php-common 7.3.20-1.module_el8.5.0+152+112d3b8c
almalinux 8 php-dba 7.3.20-1.module_el8.5.0+152+112d3b8c
almalinux 8 php-dbg 7.3.20-1.module_el8.5.0+152+112d3b8c
almalinux 8 php-devel 7.3.20-1.module_el8.5.0+152+112d3b8c
almalinux 8 php-embedded 7.3.20-1.module_el8.5.0+152+112d3b8c
almalinux 8 php-enchant 7.3.20-1.module_el8.5.0+152+112d3b8c
almalinux 8 php-fpm 7.3.20-1.module_el8.5.0+152+112d3b8c
almalinux 8 php-gd 7.3.20-1.module_el8.5.0+152+112d3b8c
almalinux 8 php-gmp 7.3.20-1.module_el8.5.0+152+112d3b8c
almalinux 8 php-intl 7.3.20-1.module_el8.5.0+152+112d3b8c
almalinux 8 php-json 7.3.20-1.module_el8.5.0+152+112d3b8c
almalinux 8 php-ldap 7.3.20-1.module_el8.5.0+152+112d3b8c
almalinux 8 php-mbstring 7.3.20-1.module_el8.5.0+152+112d3b8c
almalinux 8 php-mysqlnd 7.3.20-1.module_el8.5.0+152+112d3b8c
almalinux 8 php-odbc 7.3.20-1.module_el8.5.0+152+112d3b8c
almalinux 8 php-opcache 7.3.20-1.module_el8.5.0+152+112d3b8c
almalinux 8 php-pdo 7.3.20-1.module_el8.5.0+152+112d3b8c
almalinux 8 php-pear 1.10.9-1.module_el8.5.0+152+112d3b8c
almalinux 8 php-pecl-apcu 5.1.17-1.module_el8.5.0+152+112d3b8c
almalinux 8 php-pecl-apcu-devel 5.1.17-1.module_el8.5.0+152+112d3b8c
almalinux 8 php-pecl-rrd 2.0.1-1.module_el8.6.0+2750+78feabcb
almalinux 8 php-pecl-xdebug 2.8.0-1.module_el8.5.0+152+112d3b8c
almalinux 8 php-pecl-zip 1.15.4-1.module_el8.5.0+152+112d3b8c
almalinux 8 php-pgsql 7.3.20-1.module_el8.5.0+152+112d3b8c
almalinux 8 php-process 7.3.20-1.module_el8.5.0+152+112d3b8c
almalinux 8 php-recode 7.3.20-1.module_el8.5.0+152+112d3b8c
almalinux 8 php-snmp 7.3.20-1.module_el8.5.0+152+112d3b8c
almalinux 8 php-soap 7.3.20-1.module_el8.5.0+152+112d3b8c
almalinux 8 php-xml 7.3.20-1.module_el8.5.0+152+112d3b8c
almalinux 8 php-xmlrpc 7.3.20-1.module_el8.5.0+152+112d3b8c

Related