VARIoT IoT vulnerabilities database

A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V2.5 and < V20.8), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 and < V2.8), SIMATIC S7-1500 Software Controller (All versions >= V2.5 and < V20.8). Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a Denial-of-Service condition. The vulnerability can be triggered if specially crafted UDP packets are sent to the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the device availability. The SIEMENS SIMATIC S7-1500 CPU family is designed for discrete and continuous control in industrial environments such as manufacturing, the global food and beverage, and chemical industries

A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions < V8.2 Upd12), SIMATIC BATCH V9.0 (All versions < V9.0 SP1 Upd5), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions < V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions < V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition. Successful exploitation requires no system privileges and no user interaction. Multiple Siemens products contain input validation vulnerabilities.Service operation interruption (DoS) It may be put into a state. Both Siemens SIMATIC PCS 7 and SIMATIC WinCC are products of the German company Siemens. SIMATIC PCS 7 is a process control system. SIMATIC WinCC is a set of automated data acquisition and monitoring (SCADA) system. The vulnerability stems from the failure of the network system or product to properly validate the input data. The following products and versions are affected:

Improper Authentication in subsystem in Intel(R) CSME versions 12.0 through 12.0.48 (IOT only: 12.0.56), versions 13.0 through 13.0.20, versions 14.0 through 14.0.10 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access. Intel(R) CSME There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel CSME has a security vulnerability. Intel Converged Security and Management Engine (CSME) is a security management engine of Intel Corporation of the United States. An authorization issue vulnerability exists in Intel CSME due to incorrect authentication in the subsystem. The following products and versions are affected: Intel CSME version 12.0 to 12.0.48, versions prior to 12.0.56 (IOT), versions 13.0 to 13.0.20, and versions 14.0 to 14.0.10

Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Desktop, Desktop - All in One, and ThinkStation, that could cause PCRs to be cleared intermittently after resuming from sleep (S3) on systems with Intel TXT enabled. Lenovo Desktop , Desktop - All in One , ThinkStation There is an initialization vulnerability in.Service operation interruption (DoS) It may be put into a state

A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands. plural FortiAP The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. An operating system command injection vulnerability exists in Fortinet FortiAP. The following products and versions are affected: FortiAP-S/W2 versions prior to 6.2.2, versions prior to 6.0.6; FortiAP versions prior to 6.0.5; FortiAP-U versions prior to 6.0.0

Improper permissions in the installer for Intel(R) MPSS before version 3.8.6 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) MPSS Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. A security vulnerability exists in the installer of Intel Manycore Platform Software Stack versions prior to 3.8.6. A local attacker could exploit this vulnerability to elevate privileges

Improper permissions in the installer for the Intel(R) Renesas Electronics(R) USB 3.0 Driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Renesas Electronics(R) USB 3.0 Driver There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. A security vulnerability exists in the installer in the Intel Renesas Electronics USB 3.0 Driver. An attacker could exploit this vulnerability to elevate privileges

A CSRF vulnerability exists in the File Types component of Web File Manager in Rumpus FTP 8.2.9.1 that allows an attacker to add or delete the file types that are used on the server via RAPR/TriggerServerFunction.html. Rumpus FTP Contains a cross-site request forgery vulnerability.Information may be altered. The vulnerability stems from a web application's insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client

A CSRF vulnerability exists in the Folder Sets Settings of Web File Manager in Rumpus FTP 8.2.9.1. This allows an attacker to Create/Delete Folders after exploiting it at RAPR/FolderSetsSet.html. Rumpus FTP Exists in a cross-site request forgery vulnerability.Information may be tampered with. The vulnerability stems from a web application's insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client

A Cookie based reflected XSS exists in the Web File Manager of Rumpus FTP Server 8.2.9.1, related to RumpusLoginUserName and snp. Rumpus FTP Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code

A CSRF vulnerability exists in the Event Notices Settings of Web File Manager in Rumpus FTP 8.2.9.1. An attacker can create/update event notices via RAPR/EventNoticesSet.html. Rumpus FTP Exists in a cross-site request forgery vulnerability.Information may be tampered with. The vulnerability stems from a web application's insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client

A CSRF vulnerability exists in the Upload Center Forms Component of Web File Manager in Rumpus FTP 8.2.9.1. This could allow an attacker to delete, create, and update the upload forms via RAPR/TriggerServerFunction.html. Rumpus FTP Exists in a cross-site request forgery vulnerability.Information may be tampered with. The vulnerability stems from a web application's insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client

A CSRF vulnerability exists in the Web Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server Web settings at RAPR/WebSettingsGeneralSet.html. Rumpus FTP Exists in a cross-site request forgery vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. The vulnerability stems from a web application's insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client

A CSRF vulnerability exists in the FTP Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server FTP settings at RAPR/FTPSettingsSet.html. The vulnerability stems from a web application's insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client

A CSRF vulnerability exists in the Web File Manager's Create/Delete Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can Create and Delete accounts via RAPR/TriggerServerFunction.html. The vulnerability stems from a web application's insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client

A CSRF vulnerability exists in the Block Clients component of Web File Manager in Rumpus FTP 8.2.9.1 that could allow an attacker to whitelist or block any IP address via RAPR/BlockedClients.html. Rumpus FTP Exists in a cross-site request forgery vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. The vulnerability stems from a web application's insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client

When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash. PHP Exists in an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be put into a state. A buffer error vulnerability exists in PHP 7.2.x prior to 7.2.27, 7.3.x prior to 7.3.14, and 7.4.x prior to 7.4.2. (CVE-2015-9253). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: rh-php73-php security, bug fix, and enhancement update Advisory ID: RHSA-2020:5275-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2020:5275 Issue date: 2020-12-01 CVE Names: CVE-2019-11045 CVE-2019-11047 CVE-2019-11048 CVE-2019-11050 CVE-2019-19203 CVE-2019-19204 CVE-2019-19246 CVE-2020-7059 CVE-2020-7060 CVE-2020-7062 CVE-2020-7063 CVE-2020-7064 CVE-2020-7065 CVE-2020-7066 ==================================================================== 1. Summary: An update for rh-php73-php is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: rh-php73-php (7.3.20). (BZ#1853211) Security Fix(es): * php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte (CVE-2019-11045) * php: Information disclosure in exif_read_data() (CVE-2019-11047) * php: Integer wraparounds when receiving multipart forms (CVE-2019-11048) * oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c (CVE-2019-19203) * oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c (CVE-2019-19204) * php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059) * php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function (CVE-2020-7060) * php: NULL pointer dereference in PHP session upload progress (CVE-2020-7062) * php: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063) * php: Information disclosure in exif_read_data() function (CVE-2020-7064) * php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution (CVE-2020-7065) * php: Out of bounds read when parsing EXIF information (CVE-2019-11050) * oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c (CVE-2019-19246) * php: Information disclosure in function get_headers (CVE-2020-7066) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Software Collections 3.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1777537 - CVE-2019-19246 oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c 1786570 - CVE-2019-11047 php: Information disclosure in exif_read_data() 1786572 - CVE-2019-11045 php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte 1788258 - CVE-2019-11050 php: Out of bounds read when parsing EXIF information 1797776 - CVE-2020-7059 php: Out of bounds read in php_strip_tags_ex 1797779 - CVE-2020-7060 php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function 1802061 - CVE-2019-19203 oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c 1802068 - CVE-2019-19204 oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c 1808532 - CVE-2020-7062 php: NULL pointer dereference in PHP session upload progress 1808536 - CVE-2020-7063 php: Files added to tar with Phar::buildFromIterator have all-access permissions 1820601 - CVE-2020-7064 php: Information disclosure in exif_read_data() function 1820604 - CVE-2020-7066 php: Information disclosure in function get_headers 1820627 - CVE-2020-7065 php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution 1837842 - CVE-2019-11048 php: Integer wraparounds when receiving multipart forms 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-php73-php-7.3.20-1.el7.src.rpm aarch64: rh-php73-php-7.3.20-1.el7.aarch64.rpm rh-php73-php-bcmath-7.3.20-1.el7.aarch64.rpm rh-php73-php-cli-7.3.20-1.el7.aarch64.rpm rh-php73-php-common-7.3.20-1.el7.aarch64.rpm rh-php73-php-dba-7.3.20-1.el7.aarch64.rpm rh-php73-php-dbg-7.3.20-1.el7.aarch64.rpm rh-php73-php-debuginfo-7.3.20-1.el7.aarch64.rpm rh-php73-php-devel-7.3.20-1.el7.aarch64.rpm rh-php73-php-embedded-7.3.20-1.el7.aarch64.rpm rh-php73-php-enchant-7.3.20-1.el7.aarch64.rpm rh-php73-php-fpm-7.3.20-1.el7.aarch64.rpm rh-php73-php-gd-7.3.20-1.el7.aarch64.rpm rh-php73-php-gmp-7.3.20-1.el7.aarch64.rpm rh-php73-php-intl-7.3.20-1.el7.aarch64.rpm rh-php73-php-json-7.3.20-1.el7.aarch64.rpm rh-php73-php-ldap-7.3.20-1.el7.aarch64.rpm rh-php73-php-mbstring-7.3.20-1.el7.aarch64.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.aarch64.rpm rh-php73-php-odbc-7.3.20-1.el7.aarch64.rpm rh-php73-php-opcache-7.3.20-1.el7.aarch64.rpm rh-php73-php-pdo-7.3.20-1.el7.aarch64.rpm rh-php73-php-pgsql-7.3.20-1.el7.aarch64.rpm rh-php73-php-process-7.3.20-1.el7.aarch64.rpm rh-php73-php-pspell-7.3.20-1.el7.aarch64.rpm rh-php73-php-recode-7.3.20-1.el7.aarch64.rpm rh-php73-php-snmp-7.3.20-1.el7.aarch64.rpm rh-php73-php-soap-7.3.20-1.el7.aarch64.rpm rh-php73-php-xml-7.3.20-1.el7.aarch64.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.aarch64.rpm rh-php73-php-zip-7.3.20-1.el7.aarch64.rpm ppc64le: rh-php73-php-7.3.20-1.el7.ppc64le.rpm rh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm rh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm rh-php73-php-common-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm rh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm rh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm rh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm rh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm rh-php73-php-json-7.3.20-1.el7.ppc64le.rpm rh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm rh-php73-php-process-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm rh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm rh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm s390x: rh-php73-php-7.3.20-1.el7.s390x.rpm rh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm rh-php73-php-cli-7.3.20-1.el7.s390x.rpm rh-php73-php-common-7.3.20-1.el7.s390x.rpm rh-php73-php-dba-7.3.20-1.el7.s390x.rpm rh-php73-php-dbg-7.3.20-1.el7.s390x.rpm rh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm rh-php73-php-devel-7.3.20-1.el7.s390x.rpm rh-php73-php-embedded-7.3.20-1.el7.s390x.rpm rh-php73-php-enchant-7.3.20-1.el7.s390x.rpm rh-php73-php-fpm-7.3.20-1.el7.s390x.rpm rh-php73-php-gd-7.3.20-1.el7.s390x.rpm rh-php73-php-gmp-7.3.20-1.el7.s390x.rpm rh-php73-php-intl-7.3.20-1.el7.s390x.rpm rh-php73-php-json-7.3.20-1.el7.s390x.rpm rh-php73-php-ldap-7.3.20-1.el7.s390x.rpm rh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm rh-php73-php-odbc-7.3.20-1.el7.s390x.rpm rh-php73-php-opcache-7.3.20-1.el7.s390x.rpm rh-php73-php-pdo-7.3.20-1.el7.s390x.rpm rh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm rh-php73-php-process-7.3.20-1.el7.s390x.rpm rh-php73-php-pspell-7.3.20-1.el7.s390x.rpm rh-php73-php-recode-7.3.20-1.el7.s390x.rpm rh-php73-php-snmp-7.3.20-1.el7.s390x.rpm rh-php73-php-soap-7.3.20-1.el7.s390x.rpm rh-php73-php-xml-7.3.20-1.el7.s390x.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm rh-php73-php-zip-7.3.20-1.el7.s390x.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-php73-php-7.3.20-1.el7.src.rpm aarch64: rh-php73-php-7.3.20-1.el7.aarch64.rpm rh-php73-php-bcmath-7.3.20-1.el7.aarch64.rpm rh-php73-php-cli-7.3.20-1.el7.aarch64.rpm rh-php73-php-common-7.3.20-1.el7.aarch64.rpm rh-php73-php-dba-7.3.20-1.el7.aarch64.rpm rh-php73-php-dbg-7.3.20-1.el7.aarch64.rpm rh-php73-php-debuginfo-7.3.20-1.el7.aarch64.rpm rh-php73-php-devel-7.3.20-1.el7.aarch64.rpm rh-php73-php-embedded-7.3.20-1.el7.aarch64.rpm rh-php73-php-enchant-7.3.20-1.el7.aarch64.rpm rh-php73-php-fpm-7.3.20-1.el7.aarch64.rpm rh-php73-php-gd-7.3.20-1.el7.aarch64.rpm rh-php73-php-gmp-7.3.20-1.el7.aarch64.rpm rh-php73-php-intl-7.3.20-1.el7.aarch64.rpm rh-php73-php-json-7.3.20-1.el7.aarch64.rpm rh-php73-php-ldap-7.3.20-1.el7.aarch64.rpm rh-php73-php-mbstring-7.3.20-1.el7.aarch64.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.aarch64.rpm rh-php73-php-odbc-7.3.20-1.el7.aarch64.rpm rh-php73-php-opcache-7.3.20-1.el7.aarch64.rpm rh-php73-php-pdo-7.3.20-1.el7.aarch64.rpm rh-php73-php-pgsql-7.3.20-1.el7.aarch64.rpm rh-php73-php-process-7.3.20-1.el7.aarch64.rpm rh-php73-php-pspell-7.3.20-1.el7.aarch64.rpm rh-php73-php-recode-7.3.20-1.el7.aarch64.rpm rh-php73-php-snmp-7.3.20-1.el7.aarch64.rpm rh-php73-php-soap-7.3.20-1.el7.aarch64.rpm rh-php73-php-xml-7.3.20-1.el7.aarch64.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.aarch64.rpm rh-php73-php-zip-7.3.20-1.el7.aarch64.rpm ppc64le: rh-php73-php-7.3.20-1.el7.ppc64le.rpm rh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm rh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm rh-php73-php-common-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm rh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm rh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm rh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm rh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm rh-php73-php-json-7.3.20-1.el7.ppc64le.rpm rh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm rh-php73-php-process-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm rh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm rh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm s390x: rh-php73-php-7.3.20-1.el7.s390x.rpm rh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm rh-php73-php-cli-7.3.20-1.el7.s390x.rpm rh-php73-php-common-7.3.20-1.el7.s390x.rpm rh-php73-php-dba-7.3.20-1.el7.s390x.rpm rh-php73-php-dbg-7.3.20-1.el7.s390x.rpm rh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm rh-php73-php-devel-7.3.20-1.el7.s390x.rpm rh-php73-php-embedded-7.3.20-1.el7.s390x.rpm rh-php73-php-enchant-7.3.20-1.el7.s390x.rpm rh-php73-php-fpm-7.3.20-1.el7.s390x.rpm rh-php73-php-gd-7.3.20-1.el7.s390x.rpm rh-php73-php-gmp-7.3.20-1.el7.s390x.rpm rh-php73-php-intl-7.3.20-1.el7.s390x.rpm rh-php73-php-json-7.3.20-1.el7.s390x.rpm rh-php73-php-ldap-7.3.20-1.el7.s390x.rpm rh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm rh-php73-php-odbc-7.3.20-1.el7.s390x.rpm rh-php73-php-opcache-7.3.20-1.el7.s390x.rpm rh-php73-php-pdo-7.3.20-1.el7.s390x.rpm rh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm rh-php73-php-process-7.3.20-1.el7.s390x.rpm rh-php73-php-pspell-7.3.20-1.el7.s390x.rpm rh-php73-php-recode-7.3.20-1.el7.s390x.rpm rh-php73-php-snmp-7.3.20-1.el7.s390x.rpm rh-php73-php-soap-7.3.20-1.el7.s390x.rpm rh-php73-php-xml-7.3.20-1.el7.s390x.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm rh-php73-php-zip-7.3.20-1.el7.s390x.rpm x86_64: rh-php73-php-7.3.20-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm rh-php73-php-cli-7.3.20-1.el7.x86_64.rpm rh-php73-php-common-7.3.20-1.el7.x86_64.rpm rh-php73-php-dba-7.3.20-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm rh-php73-php-devel-7.3.20-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm rh-php73-php-gd-7.3.20-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-intl-7.3.20-1.el7.x86_64.rpm rh-php73-php-json-7.3.20-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm rh-php73-php-process-7.3.20-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm rh-php73-php-recode-7.3.20-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-soap-7.3.20-1.el7.x86_64.rpm rh-php73-php-xml-7.3.20-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm rh-php73-php-zip-7.3.20-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6): Source: rh-php73-php-7.3.20-1.el7.src.rpm ppc64le: rh-php73-php-7.3.20-1.el7.ppc64le.rpm rh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm rh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm rh-php73-php-common-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm rh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm rh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm rh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm rh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm rh-php73-php-json-7.3.20-1.el7.ppc64le.rpm rh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm rh-php73-php-process-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm rh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm rh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm s390x: rh-php73-php-7.3.20-1.el7.s390x.rpm rh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm rh-php73-php-cli-7.3.20-1.el7.s390x.rpm rh-php73-php-common-7.3.20-1.el7.s390x.rpm rh-php73-php-dba-7.3.20-1.el7.s390x.rpm rh-php73-php-dbg-7.3.20-1.el7.s390x.rpm rh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm rh-php73-php-devel-7.3.20-1.el7.s390x.rpm rh-php73-php-embedded-7.3.20-1.el7.s390x.rpm rh-php73-php-enchant-7.3.20-1.el7.s390x.rpm rh-php73-php-fpm-7.3.20-1.el7.s390x.rpm rh-php73-php-gd-7.3.20-1.el7.s390x.rpm rh-php73-php-gmp-7.3.20-1.el7.s390x.rpm rh-php73-php-intl-7.3.20-1.el7.s390x.rpm rh-php73-php-json-7.3.20-1.el7.s390x.rpm rh-php73-php-ldap-7.3.20-1.el7.s390x.rpm rh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm rh-php73-php-odbc-7.3.20-1.el7.s390x.rpm rh-php73-php-opcache-7.3.20-1.el7.s390x.rpm rh-php73-php-pdo-7.3.20-1.el7.s390x.rpm rh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm rh-php73-php-process-7.3.20-1.el7.s390x.rpm rh-php73-php-pspell-7.3.20-1.el7.s390x.rpm rh-php73-php-recode-7.3.20-1.el7.s390x.rpm rh-php73-php-snmp-7.3.20-1.el7.s390x.rpm rh-php73-php-soap-7.3.20-1.el7.s390x.rpm rh-php73-php-xml-7.3.20-1.el7.s390x.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm rh-php73-php-zip-7.3.20-1.el7.s390x.rpm x86_64: rh-php73-php-7.3.20-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm rh-php73-php-cli-7.3.20-1.el7.x86_64.rpm rh-php73-php-common-7.3.20-1.el7.x86_64.rpm rh-php73-php-dba-7.3.20-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm rh-php73-php-devel-7.3.20-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm rh-php73-php-gd-7.3.20-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-intl-7.3.20-1.el7.x86_64.rpm rh-php73-php-json-7.3.20-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm rh-php73-php-process-7.3.20-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm rh-php73-php-recode-7.3.20-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-soap-7.3.20-1.el7.x86_64.rpm rh-php73-php-xml-7.3.20-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm rh-php73-php-zip-7.3.20-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7): Source: rh-php73-php-7.3.20-1.el7.src.rpm ppc64le: rh-php73-php-7.3.20-1.el7.ppc64le.rpm rh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm rh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm rh-php73-php-common-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm rh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm rh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm rh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm rh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm rh-php73-php-json-7.3.20-1.el7.ppc64le.rpm rh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm rh-php73-php-process-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm rh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm rh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm s390x: rh-php73-php-7.3.20-1.el7.s390x.rpm rh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm rh-php73-php-cli-7.3.20-1.el7.s390x.rpm rh-php73-php-common-7.3.20-1.el7.s390x.rpm rh-php73-php-dba-7.3.20-1.el7.s390x.rpm rh-php73-php-dbg-7.3.20-1.el7.s390x.rpm rh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm rh-php73-php-devel-7.3.20-1.el7.s390x.rpm rh-php73-php-embedded-7.3.20-1.el7.s390x.rpm rh-php73-php-enchant-7.3.20-1.el7.s390x.rpm rh-php73-php-fpm-7.3.20-1.el7.s390x.rpm rh-php73-php-gd-7.3.20-1.el7.s390x.rpm rh-php73-php-gmp-7.3.20-1.el7.s390x.rpm rh-php73-php-intl-7.3.20-1.el7.s390x.rpm rh-php73-php-json-7.3.20-1.el7.s390x.rpm rh-php73-php-ldap-7.3.20-1.el7.s390x.rpm rh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm rh-php73-php-odbc-7.3.20-1.el7.s390x.rpm rh-php73-php-opcache-7.3.20-1.el7.s390x.rpm rh-php73-php-pdo-7.3.20-1.el7.s390x.rpm rh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm rh-php73-php-process-7.3.20-1.el7.s390x.rpm rh-php73-php-pspell-7.3.20-1.el7.s390x.rpm rh-php73-php-recode-7.3.20-1.el7.s390x.rpm rh-php73-php-snmp-7.3.20-1.el7.s390x.rpm rh-php73-php-soap-7.3.20-1.el7.s390x.rpm rh-php73-php-xml-7.3.20-1.el7.s390x.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm rh-php73-php-zip-7.3.20-1.el7.s390x.rpm x86_64: rh-php73-php-7.3.20-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm rh-php73-php-cli-7.3.20-1.el7.x86_64.rpm rh-php73-php-common-7.3.20-1.el7.x86_64.rpm rh-php73-php-dba-7.3.20-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm rh-php73-php-devel-7.3.20-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm rh-php73-php-gd-7.3.20-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-intl-7.3.20-1.el7.x86_64.rpm rh-php73-php-json-7.3.20-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm rh-php73-php-process-7.3.20-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm rh-php73-php-recode-7.3.20-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-soap-7.3.20-1.el7.x86_64.rpm rh-php73-php-xml-7.3.20-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm rh-php73-php-zip-7.3.20-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-php73-php-7.3.20-1.el7.src.rpm x86_64: rh-php73-php-7.3.20-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm rh-php73-php-cli-7.3.20-1.el7.x86_64.rpm rh-php73-php-common-7.3.20-1.el7.x86_64.rpm rh-php73-php-dba-7.3.20-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm rh-php73-php-devel-7.3.20-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm rh-php73-php-gd-7.3.20-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-intl-7.3.20-1.el7.x86_64.rpm rh-php73-php-json-7.3.20-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm rh-php73-php-process-7.3.20-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm rh-php73-php-recode-7.3.20-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-soap-7.3.20-1.el7.x86_64.rpm rh-php73-php-xml-7.3.20-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm rh-php73-php-zip-7.3.20-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-11045 https://access.redhat.com/security/cve/CVE-2019-11047 https://access.redhat.com/security/cve/CVE-2019-11048 https://access.redhat.com/security/cve/CVE-2019-11050 https://access.redhat.com/security/cve/CVE-2019-19203 https://access.redhat.com/security/cve/CVE-2019-19204 https://access.redhat.com/security/cve/CVE-2019-19246 https://access.redhat.com/security/cve/CVE-2020-7059 https://access.redhat.com/security/cve/CVE-2020-7060 https://access.redhat.com/security/cve/CVE-2020-7062 https://access.redhat.com/security/cve/CVE-2020-7063 https://access.redhat.com/security/cve/CVE-2020-7064 https://access.redhat.com/security/cve/CVE-2020-7065 https://access.redhat.com/security/cve/CVE-2020-7066 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.6_release_notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX8Y0i9zjgjWX9erEAQg0Fw/8DpkMHPAzp4Tb6ym275eMnlcICweGyFtw becOAQt6d3zo6+1fQ7TvsDhciqoSppofF1z4i1HKRZlvsrkzmPkzXfBh0Z1M99YQ KUsvTcbQ9fd5AzHzkVIQ1NL9Qvhl8We0DL/WEiz6ob3yczwgZAz7yVq+dl7IkfoI 6G/lbIT0g5C9OPpma+KPw2mB1fiaGnPp5+i3o1srMYOcqqd8oWDWOQZJVB1TlkEH rcPfqKdlrwIl2gu9LlGw8leNS0392lsd8UOaVt8rjsW5wdPAZno8rCFp+TMXymJ0 D1FlsrWwsc89QPgeJd13cc487nJnIos8bRxTDsJL/pQdyhIYNLGA7dA20YdMElDh viPblEXhfwRMHeSgTUUTU4dvNk6DiGQWigiNh2973EgYDTxA2AGvLo2ygfFXCVGi EWcECya+Cz+G0/IaJPE1ohnVqdfdrDVncOFNmfdQ6QvDZaoZyqi37UubtA+JB1qC 5f1j9vtfWTMRpkCqmF/94WQ81h2401lqHz6yWlbn2DOALN/R8Cso5mLwwd/9cWLo RwIpTvHOFY++tzoh8Mn9WDaMNkPkf39n30BDtKQA4XG53vo3/RZHmpkmwxy4UVgB gGP537Uy95zumCJMFRsKvkqTg62O6AEOneydtZT/yYGiF9uhHBboTorij+aD7LN4 0afoNZ3Sfdc\xaaB8 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. For the stable distribution (buster), these problems have been fixed in version 7.3.14-1~deb10u1. We recommend that you upgrade your php7.3 packages. For the detailed security status of php7.3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php7.3 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl5K+WQACgkQEMKTtsN8 TjZA/xAAkC1VQPZceCr4L9w2SuZ3tqxhxtQudPw8NcH7kSZtrvFnFOYvqKTj/wNV wtHcx4TMZRPYWu+Pzl2WN7B+H++4PtvNDyUmyrwOycOIBnPrRRp9bmtTrs6Dzmm4 M/y2G5PYVGHxeilQWLKiOKX/EL/7EFjjEZq19DyujBGlOZsj3jGDAxtpGn510Q2d 94c2fa1hCBp8u0HGMcCQ632+bK6JS79JixzkkuGlWiih+2H94Qdwm3saiNt3ey/N QT7tiFsdPWwWUOuT4G6GYrpL0vOw+idm9OClfOAufaZOosgIbL/oUPtMtq7Gb7la ILxU1KbaLMX0vOszycpIP04AEBPETCKxvDuHNLKTGNaE6GQjIjDkSTIH0hGDeaeX gCrRosPh0jmI5M158dJrUPkC5JZpsX/WJWGmNnJ5DvCBMlQtaloVBP4eLXlda8fB 743tDdFlaiD6mC0aGMfXp54yTD3/0J2ENmZ8Rx+YEuTr7/7P1Ia8o2HiIoGE4URf AU4uQ1YjI6bhXo8muN29449vo/5yciVhH3EikHvGtdMAd7c2wD6GxDjpKj2ZWOF8 flI6DcATW+8rq9+dICZOtA0vgxTZb4iPzj4CXoqzfDg+JH5U2AGKQWY/650UIwOX Q2kshwrrFxQUml8AfiL68OJww4MkBmUb9fbwmgBg0pNASigWJa4=EPNV -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-57 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: PHP: Multiple vulnerabilities Date: March 26, 2020 Bugs: #671872, #706168, #710304, #713484 ID: 202003-57 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in PHP, the worst of which could result in the execution of arbitrary shell commands. Background ========== PHP is an open source general-purpose scripting language that is especially suited for web development. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All PHP 7.2.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-7.2.29" All PHP 7.3.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-7.3.16" All PHP 7.4.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-7.4.4" References ========== [ 1 ] CVE-2018-19518 https://nvd.nist.gov/vuln/detail/CVE-2018-19518 [ 2 ] CVE-2020-7059 https://nvd.nist.gov/vuln/detail/CVE-2020-7059 [ 3 ] CVE-2020-7060 https://nvd.nist.gov/vuln/detail/CVE-2020-7060 [ 4 ] CVE-2020-7061 https://nvd.nist.gov/vuln/detail/CVE-2020-7061 [ 5 ] CVE-2020-7062 https://nvd.nist.gov/vuln/detail/CVE-2020-7062 [ 6 ] CVE-2020-7063 https://nvd.nist.gov/vuln/detail/CVE-2020-7063 [ 7 ] CVE-2020-7064 https://nvd.nist.gov/vuln/detail/CVE-2020-7064 [ 8 ] CVE-2020-7065 https://nvd.nist.gov/vuln/detail/CVE-2020-7065 [ 9 ] CVE-2020-7066 https://nvd.nist.gov/vuln/detail/CVE-2020-7066 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202003-57 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-4279-2 February 19, 2020 php7.0 regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: USN-4279-1 introduced a regression in PHP. The updated packages caused a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2015-9253) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-7059) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2020-7060) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libapache2-mod-php7.0 7.0.33-0ubuntu0.16.04.12 php7.0-cgi 7.0.33-0ubuntu0.16.04.12 php7.0-cli 7.0.33-0ubuntu0.16.04.12 php7.0-fpm 7.0.33-0ubuntu0.16.04.12 In general, a standard system update will make all the necessary changes

When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash. PHP Exists in an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be put into a state. A buffer error vulnerability exists in PHP 7.2.x prior to 7.2.27, 7.3.x prior to 7.3.14, and 7.4.x prior to 7.4.2. (CVE-2015-9253). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: rh-php73-php security, bug fix, and enhancement update Advisory ID: RHSA-2020:5275-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2020:5275 Issue date: 2020-12-01 CVE Names: CVE-2019-11045 CVE-2019-11047 CVE-2019-11048 CVE-2019-11050 CVE-2019-19203 CVE-2019-19204 CVE-2019-19246 CVE-2020-7059 CVE-2020-7060 CVE-2020-7062 CVE-2020-7063 CVE-2020-7064 CVE-2020-7065 CVE-2020-7066 ==================================================================== 1. Summary: An update for rh-php73-php is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: rh-php73-php (7.3.20). (BZ#1853211) Security Fix(es): * php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte (CVE-2019-11045) * php: Information disclosure in exif_read_data() (CVE-2019-11047) * php: Integer wraparounds when receiving multipart forms (CVE-2019-11048) * oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c (CVE-2019-19203) * oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c (CVE-2019-19204) * php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059) * php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function (CVE-2020-7060) * php: NULL pointer dereference in PHP session upload progress (CVE-2020-7062) * php: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063) * php: Information disclosure in exif_read_data() function (CVE-2020-7064) * php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution (CVE-2020-7065) * php: Out of bounds read when parsing EXIF information (CVE-2019-11050) * oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c (CVE-2019-19246) * php: Information disclosure in function get_headers (CVE-2020-7066) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Software Collections 3.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1777537 - CVE-2019-19246 oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c 1786570 - CVE-2019-11047 php: Information disclosure in exif_read_data() 1786572 - CVE-2019-11045 php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte 1788258 - CVE-2019-11050 php: Out of bounds read when parsing EXIF information 1797776 - CVE-2020-7059 php: Out of bounds read in php_strip_tags_ex 1797779 - CVE-2020-7060 php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function 1802061 - CVE-2019-19203 oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c 1802068 - CVE-2019-19204 oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c 1808532 - CVE-2020-7062 php: NULL pointer dereference in PHP session upload progress 1808536 - CVE-2020-7063 php: Files added to tar with Phar::buildFromIterator have all-access permissions 1820601 - CVE-2020-7064 php: Information disclosure in exif_read_data() function 1820604 - CVE-2020-7066 php: Information disclosure in function get_headers 1820627 - CVE-2020-7065 php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution 1837842 - CVE-2019-11048 php: Integer wraparounds when receiving multipart forms 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-php73-php-7.3.20-1.el7.src.rpm aarch64: rh-php73-php-7.3.20-1.el7.aarch64.rpm rh-php73-php-bcmath-7.3.20-1.el7.aarch64.rpm rh-php73-php-cli-7.3.20-1.el7.aarch64.rpm rh-php73-php-common-7.3.20-1.el7.aarch64.rpm rh-php73-php-dba-7.3.20-1.el7.aarch64.rpm rh-php73-php-dbg-7.3.20-1.el7.aarch64.rpm rh-php73-php-debuginfo-7.3.20-1.el7.aarch64.rpm rh-php73-php-devel-7.3.20-1.el7.aarch64.rpm rh-php73-php-embedded-7.3.20-1.el7.aarch64.rpm rh-php73-php-enchant-7.3.20-1.el7.aarch64.rpm rh-php73-php-fpm-7.3.20-1.el7.aarch64.rpm rh-php73-php-gd-7.3.20-1.el7.aarch64.rpm rh-php73-php-gmp-7.3.20-1.el7.aarch64.rpm rh-php73-php-intl-7.3.20-1.el7.aarch64.rpm rh-php73-php-json-7.3.20-1.el7.aarch64.rpm rh-php73-php-ldap-7.3.20-1.el7.aarch64.rpm rh-php73-php-mbstring-7.3.20-1.el7.aarch64.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.aarch64.rpm rh-php73-php-odbc-7.3.20-1.el7.aarch64.rpm rh-php73-php-opcache-7.3.20-1.el7.aarch64.rpm rh-php73-php-pdo-7.3.20-1.el7.aarch64.rpm rh-php73-php-pgsql-7.3.20-1.el7.aarch64.rpm rh-php73-php-process-7.3.20-1.el7.aarch64.rpm rh-php73-php-pspell-7.3.20-1.el7.aarch64.rpm rh-php73-php-recode-7.3.20-1.el7.aarch64.rpm rh-php73-php-snmp-7.3.20-1.el7.aarch64.rpm rh-php73-php-soap-7.3.20-1.el7.aarch64.rpm rh-php73-php-xml-7.3.20-1.el7.aarch64.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.aarch64.rpm rh-php73-php-zip-7.3.20-1.el7.aarch64.rpm ppc64le: rh-php73-php-7.3.20-1.el7.ppc64le.rpm rh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm rh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm rh-php73-php-common-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm rh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm rh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm rh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm rh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm rh-php73-php-json-7.3.20-1.el7.ppc64le.rpm rh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm rh-php73-php-process-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm rh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm rh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm s390x: rh-php73-php-7.3.20-1.el7.s390x.rpm rh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm rh-php73-php-cli-7.3.20-1.el7.s390x.rpm rh-php73-php-common-7.3.20-1.el7.s390x.rpm rh-php73-php-dba-7.3.20-1.el7.s390x.rpm rh-php73-php-dbg-7.3.20-1.el7.s390x.rpm rh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm rh-php73-php-devel-7.3.20-1.el7.s390x.rpm rh-php73-php-embedded-7.3.20-1.el7.s390x.rpm rh-php73-php-enchant-7.3.20-1.el7.s390x.rpm rh-php73-php-fpm-7.3.20-1.el7.s390x.rpm rh-php73-php-gd-7.3.20-1.el7.s390x.rpm rh-php73-php-gmp-7.3.20-1.el7.s390x.rpm rh-php73-php-intl-7.3.20-1.el7.s390x.rpm rh-php73-php-json-7.3.20-1.el7.s390x.rpm rh-php73-php-ldap-7.3.20-1.el7.s390x.rpm rh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm rh-php73-php-odbc-7.3.20-1.el7.s390x.rpm rh-php73-php-opcache-7.3.20-1.el7.s390x.rpm rh-php73-php-pdo-7.3.20-1.el7.s390x.rpm rh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm rh-php73-php-process-7.3.20-1.el7.s390x.rpm rh-php73-php-pspell-7.3.20-1.el7.s390x.rpm rh-php73-php-recode-7.3.20-1.el7.s390x.rpm rh-php73-php-snmp-7.3.20-1.el7.s390x.rpm rh-php73-php-soap-7.3.20-1.el7.s390x.rpm rh-php73-php-xml-7.3.20-1.el7.s390x.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm rh-php73-php-zip-7.3.20-1.el7.s390x.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-php73-php-7.3.20-1.el7.src.rpm aarch64: rh-php73-php-7.3.20-1.el7.aarch64.rpm rh-php73-php-bcmath-7.3.20-1.el7.aarch64.rpm rh-php73-php-cli-7.3.20-1.el7.aarch64.rpm rh-php73-php-common-7.3.20-1.el7.aarch64.rpm rh-php73-php-dba-7.3.20-1.el7.aarch64.rpm rh-php73-php-dbg-7.3.20-1.el7.aarch64.rpm rh-php73-php-debuginfo-7.3.20-1.el7.aarch64.rpm rh-php73-php-devel-7.3.20-1.el7.aarch64.rpm rh-php73-php-embedded-7.3.20-1.el7.aarch64.rpm rh-php73-php-enchant-7.3.20-1.el7.aarch64.rpm rh-php73-php-fpm-7.3.20-1.el7.aarch64.rpm rh-php73-php-gd-7.3.20-1.el7.aarch64.rpm rh-php73-php-gmp-7.3.20-1.el7.aarch64.rpm rh-php73-php-intl-7.3.20-1.el7.aarch64.rpm rh-php73-php-json-7.3.20-1.el7.aarch64.rpm rh-php73-php-ldap-7.3.20-1.el7.aarch64.rpm rh-php73-php-mbstring-7.3.20-1.el7.aarch64.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.aarch64.rpm rh-php73-php-odbc-7.3.20-1.el7.aarch64.rpm rh-php73-php-opcache-7.3.20-1.el7.aarch64.rpm rh-php73-php-pdo-7.3.20-1.el7.aarch64.rpm rh-php73-php-pgsql-7.3.20-1.el7.aarch64.rpm rh-php73-php-process-7.3.20-1.el7.aarch64.rpm rh-php73-php-pspell-7.3.20-1.el7.aarch64.rpm rh-php73-php-recode-7.3.20-1.el7.aarch64.rpm rh-php73-php-snmp-7.3.20-1.el7.aarch64.rpm rh-php73-php-soap-7.3.20-1.el7.aarch64.rpm rh-php73-php-xml-7.3.20-1.el7.aarch64.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.aarch64.rpm rh-php73-php-zip-7.3.20-1.el7.aarch64.rpm ppc64le: rh-php73-php-7.3.20-1.el7.ppc64le.rpm rh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm rh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm rh-php73-php-common-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm rh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm rh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm rh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm rh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm rh-php73-php-json-7.3.20-1.el7.ppc64le.rpm rh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm rh-php73-php-process-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm rh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm rh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm s390x: rh-php73-php-7.3.20-1.el7.s390x.rpm rh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm rh-php73-php-cli-7.3.20-1.el7.s390x.rpm rh-php73-php-common-7.3.20-1.el7.s390x.rpm rh-php73-php-dba-7.3.20-1.el7.s390x.rpm rh-php73-php-dbg-7.3.20-1.el7.s390x.rpm rh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm rh-php73-php-devel-7.3.20-1.el7.s390x.rpm rh-php73-php-embedded-7.3.20-1.el7.s390x.rpm rh-php73-php-enchant-7.3.20-1.el7.s390x.rpm rh-php73-php-fpm-7.3.20-1.el7.s390x.rpm rh-php73-php-gd-7.3.20-1.el7.s390x.rpm rh-php73-php-gmp-7.3.20-1.el7.s390x.rpm rh-php73-php-intl-7.3.20-1.el7.s390x.rpm rh-php73-php-json-7.3.20-1.el7.s390x.rpm rh-php73-php-ldap-7.3.20-1.el7.s390x.rpm rh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm rh-php73-php-odbc-7.3.20-1.el7.s390x.rpm rh-php73-php-opcache-7.3.20-1.el7.s390x.rpm rh-php73-php-pdo-7.3.20-1.el7.s390x.rpm rh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm rh-php73-php-process-7.3.20-1.el7.s390x.rpm rh-php73-php-pspell-7.3.20-1.el7.s390x.rpm rh-php73-php-recode-7.3.20-1.el7.s390x.rpm rh-php73-php-snmp-7.3.20-1.el7.s390x.rpm rh-php73-php-soap-7.3.20-1.el7.s390x.rpm rh-php73-php-xml-7.3.20-1.el7.s390x.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm rh-php73-php-zip-7.3.20-1.el7.s390x.rpm x86_64: rh-php73-php-7.3.20-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm rh-php73-php-cli-7.3.20-1.el7.x86_64.rpm rh-php73-php-common-7.3.20-1.el7.x86_64.rpm rh-php73-php-dba-7.3.20-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm rh-php73-php-devel-7.3.20-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm rh-php73-php-gd-7.3.20-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-intl-7.3.20-1.el7.x86_64.rpm rh-php73-php-json-7.3.20-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm rh-php73-php-process-7.3.20-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm rh-php73-php-recode-7.3.20-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-soap-7.3.20-1.el7.x86_64.rpm rh-php73-php-xml-7.3.20-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm rh-php73-php-zip-7.3.20-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6): Source: rh-php73-php-7.3.20-1.el7.src.rpm ppc64le: rh-php73-php-7.3.20-1.el7.ppc64le.rpm rh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm rh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm rh-php73-php-common-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm rh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm rh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm rh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm rh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm rh-php73-php-json-7.3.20-1.el7.ppc64le.rpm rh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm rh-php73-php-process-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm rh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm rh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm s390x: rh-php73-php-7.3.20-1.el7.s390x.rpm rh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm rh-php73-php-cli-7.3.20-1.el7.s390x.rpm rh-php73-php-common-7.3.20-1.el7.s390x.rpm rh-php73-php-dba-7.3.20-1.el7.s390x.rpm rh-php73-php-dbg-7.3.20-1.el7.s390x.rpm rh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm rh-php73-php-devel-7.3.20-1.el7.s390x.rpm rh-php73-php-embedded-7.3.20-1.el7.s390x.rpm rh-php73-php-enchant-7.3.20-1.el7.s390x.rpm rh-php73-php-fpm-7.3.20-1.el7.s390x.rpm rh-php73-php-gd-7.3.20-1.el7.s390x.rpm rh-php73-php-gmp-7.3.20-1.el7.s390x.rpm rh-php73-php-intl-7.3.20-1.el7.s390x.rpm rh-php73-php-json-7.3.20-1.el7.s390x.rpm rh-php73-php-ldap-7.3.20-1.el7.s390x.rpm rh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm rh-php73-php-odbc-7.3.20-1.el7.s390x.rpm rh-php73-php-opcache-7.3.20-1.el7.s390x.rpm rh-php73-php-pdo-7.3.20-1.el7.s390x.rpm rh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm rh-php73-php-process-7.3.20-1.el7.s390x.rpm rh-php73-php-pspell-7.3.20-1.el7.s390x.rpm rh-php73-php-recode-7.3.20-1.el7.s390x.rpm rh-php73-php-snmp-7.3.20-1.el7.s390x.rpm rh-php73-php-soap-7.3.20-1.el7.s390x.rpm rh-php73-php-xml-7.3.20-1.el7.s390x.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm rh-php73-php-zip-7.3.20-1.el7.s390x.rpm x86_64: rh-php73-php-7.3.20-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm rh-php73-php-cli-7.3.20-1.el7.x86_64.rpm rh-php73-php-common-7.3.20-1.el7.x86_64.rpm rh-php73-php-dba-7.3.20-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm rh-php73-php-devel-7.3.20-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm rh-php73-php-gd-7.3.20-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-intl-7.3.20-1.el7.x86_64.rpm rh-php73-php-json-7.3.20-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm rh-php73-php-process-7.3.20-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm rh-php73-php-recode-7.3.20-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-soap-7.3.20-1.el7.x86_64.rpm rh-php73-php-xml-7.3.20-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm rh-php73-php-zip-7.3.20-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7): Source: rh-php73-php-7.3.20-1.el7.src.rpm ppc64le: rh-php73-php-7.3.20-1.el7.ppc64le.rpm rh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm rh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm rh-php73-php-common-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm rh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm rh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm rh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm rh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm rh-php73-php-json-7.3.20-1.el7.ppc64le.rpm rh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm rh-php73-php-process-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm rh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm rh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm s390x: rh-php73-php-7.3.20-1.el7.s390x.rpm rh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm rh-php73-php-cli-7.3.20-1.el7.s390x.rpm rh-php73-php-common-7.3.20-1.el7.s390x.rpm rh-php73-php-dba-7.3.20-1.el7.s390x.rpm rh-php73-php-dbg-7.3.20-1.el7.s390x.rpm rh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm rh-php73-php-devel-7.3.20-1.el7.s390x.rpm rh-php73-php-embedded-7.3.20-1.el7.s390x.rpm rh-php73-php-enchant-7.3.20-1.el7.s390x.rpm rh-php73-php-fpm-7.3.20-1.el7.s390x.rpm rh-php73-php-gd-7.3.20-1.el7.s390x.rpm rh-php73-php-gmp-7.3.20-1.el7.s390x.rpm rh-php73-php-intl-7.3.20-1.el7.s390x.rpm rh-php73-php-json-7.3.20-1.el7.s390x.rpm rh-php73-php-ldap-7.3.20-1.el7.s390x.rpm rh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm rh-php73-php-odbc-7.3.20-1.el7.s390x.rpm rh-php73-php-opcache-7.3.20-1.el7.s390x.rpm rh-php73-php-pdo-7.3.20-1.el7.s390x.rpm rh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm rh-php73-php-process-7.3.20-1.el7.s390x.rpm rh-php73-php-pspell-7.3.20-1.el7.s390x.rpm rh-php73-php-recode-7.3.20-1.el7.s390x.rpm rh-php73-php-snmp-7.3.20-1.el7.s390x.rpm rh-php73-php-soap-7.3.20-1.el7.s390x.rpm rh-php73-php-xml-7.3.20-1.el7.s390x.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm rh-php73-php-zip-7.3.20-1.el7.s390x.rpm x86_64: rh-php73-php-7.3.20-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm rh-php73-php-cli-7.3.20-1.el7.x86_64.rpm rh-php73-php-common-7.3.20-1.el7.x86_64.rpm rh-php73-php-dba-7.3.20-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm rh-php73-php-devel-7.3.20-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm rh-php73-php-gd-7.3.20-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-intl-7.3.20-1.el7.x86_64.rpm rh-php73-php-json-7.3.20-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm rh-php73-php-process-7.3.20-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm rh-php73-php-recode-7.3.20-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-soap-7.3.20-1.el7.x86_64.rpm rh-php73-php-xml-7.3.20-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm rh-php73-php-zip-7.3.20-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-php73-php-7.3.20-1.el7.src.rpm x86_64: rh-php73-php-7.3.20-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm rh-php73-php-cli-7.3.20-1.el7.x86_64.rpm rh-php73-php-common-7.3.20-1.el7.x86_64.rpm rh-php73-php-dba-7.3.20-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm rh-php73-php-devel-7.3.20-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm rh-php73-php-gd-7.3.20-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-intl-7.3.20-1.el7.x86_64.rpm rh-php73-php-json-7.3.20-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm rh-php73-php-process-7.3.20-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm rh-php73-php-recode-7.3.20-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-soap-7.3.20-1.el7.x86_64.rpm rh-php73-php-xml-7.3.20-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm rh-php73-php-zip-7.3.20-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-11045 https://access.redhat.com/security/cve/CVE-2019-11047 https://access.redhat.com/security/cve/CVE-2019-11048 https://access.redhat.com/security/cve/CVE-2019-11050 https://access.redhat.com/security/cve/CVE-2019-19203 https://access.redhat.com/security/cve/CVE-2019-19204 https://access.redhat.com/security/cve/CVE-2019-19246 https://access.redhat.com/security/cve/CVE-2020-7059 https://access.redhat.com/security/cve/CVE-2020-7060 https://access.redhat.com/security/cve/CVE-2020-7062 https://access.redhat.com/security/cve/CVE-2020-7063 https://access.redhat.com/security/cve/CVE-2020-7064 https://access.redhat.com/security/cve/CVE-2020-7065 https://access.redhat.com/security/cve/CVE-2020-7066 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.6_release_notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX8Y0i9zjgjWX9erEAQg0Fw/8DpkMHPAzp4Tb6ym275eMnlcICweGyFtw becOAQt6d3zo6+1fQ7TvsDhciqoSppofF1z4i1HKRZlvsrkzmPkzXfBh0Z1M99YQ KUsvTcbQ9fd5AzHzkVIQ1NL9Qvhl8We0DL/WEiz6ob3yczwgZAz7yVq+dl7IkfoI 6G/lbIT0g5C9OPpma+KPw2mB1fiaGnPp5+i3o1srMYOcqqd8oWDWOQZJVB1TlkEH rcPfqKdlrwIl2gu9LlGw8leNS0392lsd8UOaVt8rjsW5wdPAZno8rCFp+TMXymJ0 D1FlsrWwsc89QPgeJd13cc487nJnIos8bRxTDsJL/pQdyhIYNLGA7dA20YdMElDh viPblEXhfwRMHeSgTUUTU4dvNk6DiGQWigiNh2973EgYDTxA2AGvLo2ygfFXCVGi EWcECya+Cz+G0/IaJPE1ohnVqdfdrDVncOFNmfdQ6QvDZaoZyqi37UubtA+JB1qC 5f1j9vtfWTMRpkCqmF/94WQ81h2401lqHz6yWlbn2DOALN/R8Cso5mLwwd/9cWLo RwIpTvHOFY++tzoh8Mn9WDaMNkPkf39n30BDtKQA4XG53vo3/RZHmpkmwxy4UVgB gGP537Uy95zumCJMFRsKvkqTg62O6AEOneydtZT/yYGiF9uhHBboTorij+aD7LN4 0afoNZ3Sfdc\xaaB8 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. For the stable distribution (buster), these problems have been fixed in version 7.3.14-1~deb10u1. We recommend that you upgrade your php7.3 packages. For the detailed security status of php7.3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php7.3 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl5K+WQACgkQEMKTtsN8 TjZA/xAAkC1VQPZceCr4L9w2SuZ3tqxhxtQudPw8NcH7kSZtrvFnFOYvqKTj/wNV wtHcx4TMZRPYWu+Pzl2WN7B+H++4PtvNDyUmyrwOycOIBnPrRRp9bmtTrs6Dzmm4 M/y2G5PYVGHxeilQWLKiOKX/EL/7EFjjEZq19DyujBGlOZsj3jGDAxtpGn510Q2d 94c2fa1hCBp8u0HGMcCQ632+bK6JS79JixzkkuGlWiih+2H94Qdwm3saiNt3ey/N QT7tiFsdPWwWUOuT4G6GYrpL0vOw+idm9OClfOAufaZOosgIbL/oUPtMtq7Gb7la ILxU1KbaLMX0vOszycpIP04AEBPETCKxvDuHNLKTGNaE6GQjIjDkSTIH0hGDeaeX gCrRosPh0jmI5M158dJrUPkC5JZpsX/WJWGmNnJ5DvCBMlQtaloVBP4eLXlda8fB 743tDdFlaiD6mC0aGMfXp54yTD3/0J2ENmZ8Rx+YEuTr7/7P1Ia8o2HiIoGE4URf AU4uQ1YjI6bhXo8muN29449vo/5yciVhH3EikHvGtdMAd7c2wD6GxDjpKj2ZWOF8 flI6DcATW+8rq9+dICZOtA0vgxTZb4iPzj4CXoqzfDg+JH5U2AGKQWY/650UIwOX Q2kshwrrFxQUml8AfiL68OJww4MkBmUb9fbwmgBg0pNASigWJa4=EPNV -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-57 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: PHP: Multiple vulnerabilities Date: March 26, 2020 Bugs: #671872, #706168, #710304, #713484 ID: 202003-57 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in PHP, the worst of which could result in the execution of arbitrary shell commands. Background ========== PHP is an open source general-purpose scripting language that is especially suited for web development. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All PHP 7.2.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-7.2.29" All PHP 7.3.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-7.3.16" All PHP 7.4.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-7.4.4" References ========== [ 1 ] CVE-2018-19518 https://nvd.nist.gov/vuln/detail/CVE-2018-19518 [ 2 ] CVE-2020-7059 https://nvd.nist.gov/vuln/detail/CVE-2020-7059 [ 3 ] CVE-2020-7060 https://nvd.nist.gov/vuln/detail/CVE-2020-7060 [ 4 ] CVE-2020-7061 https://nvd.nist.gov/vuln/detail/CVE-2020-7061 [ 5 ] CVE-2020-7062 https://nvd.nist.gov/vuln/detail/CVE-2020-7062 [ 6 ] CVE-2020-7063 https://nvd.nist.gov/vuln/detail/CVE-2020-7063 [ 7 ] CVE-2020-7064 https://nvd.nist.gov/vuln/detail/CVE-2020-7064 [ 8 ] CVE-2020-7065 https://nvd.nist.gov/vuln/detail/CVE-2020-7065 [ 9 ] CVE-2020-7066 https://nvd.nist.gov/vuln/detail/CVE-2020-7066 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202003-57 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-4279-2 February 19, 2020 php7.0 regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: USN-4279-1 introduced a regression in PHP. The updated packages caused a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2015-9253) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-7059) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2020-7060) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libapache2-mod-php7.0 7.0.33-0ubuntu0.16.04.12 php7.0-cgi 7.0.33-0ubuntu0.16.04.12 php7.0-cli 7.0.33-0ubuntu0.16.04.12 php7.0-fpm 7.0.33-0ubuntu0.16.04.12 In general, a standard system update will make all the necessary changes

Syska Smart Bulb devices through 2017-08-06 receive RGB parameters over cleartext Bluetooth Low Energy (BLE), leading to sniffing, reverse engineering, and replay attacks. Syska Smart Bulb The device contains a vulnerability related to information leakage.Information may be obtained

The Bluetooth Low Energy implementation on Dialog Semiconductor SDK through 1.0.14.1081 for DA1468x devices responds to link layer packets with a payload length larger than expected, allowing attackers in radio range to cause a buffer overflow via a crafted packet. This affects, for example, August Smart Lock. DA1468x For devices Dialog Semiconductor SDK Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be put into a state