RHSA-2020:5275 Red Hat Security Advisory: rh-php73-php security, bug fix, and enhancement update

Bulletin has no description...

RHEL 7 : rh-php73-php (RHSA-2020:5275)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5275 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later...

RHEL 7 : rh-php73-php (RHSA-2022:5491)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5491 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: password of excessive length...

Amazon Linux AMI : php73 (ALAS-2021-1532)

The version of php73 installed on the remote host is prior to 7.3.29-1.30. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1532 advisory. Several flaws has been found in php. The pdofirebase module does not check the length of the server version string in a...

RHEL 7 : rh-php73-php (RHSA-2021:2992)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2992 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later...

Amazon Linux AMI : php72, php73 (ALAS-2020-1425)

The version of php72 installed on the remote host is prior to 7.2.33-1.25. The version of php73 installed on the remote host is prior to 7.3.21-1.28. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1425 advisory. The flaw is in pharparsezipfile of ext/phar/zip.c. When...

Amazon Linux AMI : php72, php73 (ALAS-2020-1397)

The version of php72 installed on the remote host is prior to 7.2.31-1.23. The version of php73 installed on the remote host is prior to 7.3.19-1.26. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1397 advisory. In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18...

Amazon Linux AMI : php73 (ALAS-2020-1347)

The version of php73 installed on the remote host is prior to 7.3.14-1.23. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1347 advisory. When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and...

Amazon Linux AMI : php71 / php72, php73, php56 (ALAS-2019-1315)

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code...

Low: php71, php73

Issue Overview: When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead...

Amazon Linux AMI : php71 / php72,php73 (ALAS-2019-1240)

Function iconvmimedecodeheaders in PHP may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.CVE-2019-11039 When using gdImageCreateFromXbm function of PHP gd extension, it is possible to supply data that will cause the...

Medium: php71, php72, php73

Issue Overview: Function iconvmimedecodeheaders in PHP may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.CVE-2019-11039 When using gdImageCreateFromXbm function of PHP gd extension, it is possible to supply data that...