RHSA-2019:2519 Red Hat Security Advisory: rh-php71-php security, bug fix, and enhancement update

Bulletin has no description...

RHSA-2019:3300 Red Hat Security Advisory: rh-php71-php security update

Bulletin has no description...

Amazon Linux AMI : php71-pecl-imagick (ALAS-2023-1814)

The version of php71-pecl-imagick installed on the remote host is prior to 3.4.4-2.8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1814 advisory. ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c...

Amazon Linux AMI : php71-pecl-memcached (ALAS-2023-1674)

The version of php71-pecl-memcached installed on the remote host is prior to 3.2.0-1.4. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1674 advisory. PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection...

Amazon Linux AMI : php71 / php72, php73, php56 (ALAS-2019-1315)

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code...

Low: php71, php73

Issue Overview: When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead...

Amazon Linux AMI : php71 / php72,php73 (ALAS-2019-1240)

Function iconvmimedecodeheaders in PHP may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.CVE-2019-11039 When using gdImageCreateFromXbm function of PHP gd extension, it is possible to supply data that will cause the...

Amazon Linux AMI : php54-pecl-imagick / php55-pecl-imagick,php56-pecl-imagick,php70-pecl-imagick,php71-pecl-imagick,php72-pecl-imagick (ALAS-2019-1237)

In PHP imagick extension, writing to an array of values in ImagickKernel::fromMatrix function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party. CVE-2019-11037 C...

Medium: php71, php72, php73

Issue Overview: Function iconvmimedecodeheaders in PHP may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.CVE-2019-11039 When using gdImageCreateFromXbm function of PHP gd extension, it is possible to supply data that...

Amazon Linux AMI : php56 / php70,php71 (ALAS-2018-1066)

exifprocessIFDinMAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, and 7.1.x before 7.1.20, allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted JPEG file.CVE-2018-14851 An issue was discovered in PHP before 5.6.37, 7.0.x...

Amazon Linux AMI : php71 (ALAS-2018-982)

Stack-based buffer under-read in ext/standard/httpfopenwrapper.c:phpstreamurlwraphttpex function when parsing HTTP response allows denial of service : In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing ...

Amazon Linux AMI : php56 / php70,php71 (ALAS-2017-924)

pcre: heap buffer overflow in handling of duplicate named groups 8.39/14 The pcrecompile2 function in pcrecompile.c mishandles a specific type of pattern with named subgroups, which allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other...

Important: php56, php70, php71

Issue Overview: pcre: heap buffer overflow in handling of duplicate named groups 8.39/14 The pcrecompile2 function in pcrecompile.c mishandles the /?:F?+?:^?Ra+\"99-?J?'R'?'R'?'RR'?'R'\\97?J?J?'R'?'R'\\99|:?|?'R'\\k'R'|?'R'H'R'RH'R/ pattern and related patterns with named subgroups, which...