9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
84.9%
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
The following packages have been upgraded to a later upstream version: rh-php73-php (7.3.20). (BZ#1853211)
Security Fix(es):
php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte (CVE-2019-11045)
php: Information disclosure in exif_read_data() (CVE-2019-11047)
php: Integer wraparounds when receiving multipart forms (CVE-2019-11048)
oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c (CVE-2019-19203)
oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c (CVE-2019-19204)
php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059)
php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function (CVE-2020-7060)
php: NULL pointer dereference in PHP session upload progress (CVE-2020-7062)
php: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063)
php: Information disclosure in exif_read_data() function (CVE-2020-7064)
php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution (CVE-2020-7065)
php: Out of bounds read when parsing EXIF information (CVE-2019-11050)
oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c (CVE-2019-19246)
php: Information disclosure in function get_headers (CVE-2020-7066)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Software Collections 3.6 Release Notes linked from the References section.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | x86_64 | rh-php73-php-fpm | < 7.3.20-1.el7 | rh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm |
RedHat | 7 | s390x | rh-php73-php-gd | < 7.3.20-1.el7 | rh-php73-php-gd-7.3.20-1.el7.s390x.rpm |
RedHat | 7 | s390x | rh-php73-php-odbc | < 7.3.20-1.el7 | rh-php73-php-odbc-7.3.20-1.el7.s390x.rpm |
RedHat | 7 | ppc64le | rh-php73-php-ldap | < 7.3.20-1.el7 | rh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm |
RedHat | 7 | s390x | rh-php73-php-ldap | < 7.3.20-1.el7 | rh-php73-php-ldap-7.3.20-1.el7.s390x.rpm |
RedHat | 7 | s390x | rh-php73-php-enchant | < 7.3.20-1.el7 | rh-php73-php-enchant-7.3.20-1.el7.s390x.rpm |
RedHat | 7 | s390x | rh-php73-php-common | < 7.3.20-1.el7 | rh-php73-php-common-7.3.20-1.el7.s390x.rpm |
RedHat | 7 | s390x | rh-php73-php-zip | < 7.3.20-1.el7 | rh-php73-php-zip-7.3.20-1.el7.s390x.rpm |
RedHat | 7 | ppc64le | rh-php73-php-debuginfo | < 7.3.20-1.el7 | rh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm |
RedHat | 7 | ppc64le | rh-php73-php-json | < 7.3.20-1.el7 | rh-php73-php-json-7.3.20-1.el7.ppc64le.rpm |
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
84.9%