VARIoT IoT vulnerabilities database
| VAR-202002-0469 | CVE-2019-19663 | Rumpus FTP Cross-site request forgery vulnerability in |
CVSS V2: 5.8 CVSS V3: 6.5 Severity: MEDIUM |
A CSRF vulnerability exists in the Folder Sets Settings of Web File Manager in Rumpus FTP 8.2.9.1. This allows an attacker to Create/Delete Folders after exploiting it at RAPR/FolderSetsSet.html. Rumpus FTP Exists in a cross-site request forgery vulnerability.Information may be tampered with. The vulnerability stems from a web application's insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client
| VAR-202002-0467 | CVE-2019-19661 | Rumpus FTP Server Web File Manager Cross-Site Scripting Vulnerability |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
A Cookie based reflected XSS exists in the Web File Manager of Rumpus FTP Server 8.2.9.1, related to RumpusLoginUserName and snp. Rumpus FTP Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code
| VAR-202002-0472 | CVE-2019-19666 | Rumpus FTP Cross-site request forgery vulnerability in |
CVSS V2: 4.3 CVSS V3: 4.3 Severity: MEDIUM |
A CSRF vulnerability exists in the Event Notices Settings of Web File Manager in Rumpus FTP 8.2.9.1. An attacker can create/update event notices via RAPR/EventNoticesSet.html. Rumpus FTP Exists in a cross-site request forgery vulnerability.Information may be tampered with. The vulnerability stems from a web application's insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client
| VAR-202002-0475 | CVE-2019-19669 | Rumpus FTP Web File Manager Upload Center Forms Component Cross-Site Request Forgery Vulnerability |
CVSS V2: 5.8 CVSS V3: 6.5 Severity: MEDIUM |
A CSRF vulnerability exists in the Upload Center Forms Component of Web File Manager in Rumpus FTP 8.2.9.1. This could allow an attacker to delete, create, and update the upload forms via RAPR/TriggerServerFunction.html. Rumpus FTP Exists in a cross-site request forgery vulnerability.Information may be tampered with. The vulnerability stems from a web application's insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client
| VAR-202002-0470 | CVE-2019-19664 | Rumpus FTP Cross-site request forgery vulnerability in |
CVSS V2: 5.8 CVSS V3: 7.1 Severity: HIGH |
A CSRF vulnerability exists in the Web Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server Web settings at RAPR/WebSettingsGeneralSet.html. Rumpus FTP Exists in a cross-site request forgery vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. The vulnerability stems from a web application's insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client
| VAR-202002-0471 | CVE-2019-19665 | Rumpus FTP Cross-site request forgery vulnerability in |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
A CSRF vulnerability exists in the FTP Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server FTP settings at RAPR/FTPSettingsSet.html. The vulnerability stems from a web application's insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client
| VAR-202002-0468 | CVE-2019-19662 | Rumpus FTP Server Web File Manager Cross-Site Request Forgery Vulnerability |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
A CSRF vulnerability exists in the Web File Manager's Create/Delete Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can Create and Delete accounts via RAPR/TriggerServerFunction.html. The vulnerability stems from a web application's insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client
| VAR-202002-0473 | CVE-2019-19667 | Rumpus FTP Web File Manager Block Clients Component Cross-Site Request Forgery Vulnerability |
CVSS V2: 5.8 CVSS V3: 5.4 Severity: MEDIUM |
A CSRF vulnerability exists in the Block Clients component of Web File Manager in Rumpus FTP 8.2.9.1 that could allow an attacker to whitelist or block any IP address via RAPR/BlockedClients.html. Rumpus FTP Exists in a cross-site request forgery vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. The vulnerability stems from a web application's insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client
| VAR-202002-1306 | CVE-2020-7060 | PHP Out-of-bounds read vulnerability in |
CVSS V2: 6.4 CVSS V3: 9.1 Severity: CRITICAL |
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash. PHP Exists in an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be put into a state. A buffer error vulnerability exists in PHP 7.2.x prior to 7.2.27, 7.3.x prior to 7.3.14, and 7.4.x prior to 7.4.2.
(CVE-2015-9253). -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: rh-php73-php security, bug fix, and enhancement update
Advisory ID: RHSA-2020:5275-01
Product: Red Hat Software Collections
Advisory URL: https://access.redhat.com/errata/RHSA-2020:5275
Issue date: 2020-12-01
CVE Names: CVE-2019-11045 CVE-2019-11047 CVE-2019-11048
CVE-2019-11050 CVE-2019-19203 CVE-2019-19204
CVE-2019-19246 CVE-2020-7059 CVE-2020-7060
CVE-2020-7062 CVE-2020-7063 CVE-2020-7064
CVE-2020-7065 CVE-2020-7066
====================================================================
1. Summary:
An update for rh-php73-php is now available for Red Hat Software
Collections.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
3. Description:
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.
The following packages have been upgraded to a later upstream version:
rh-php73-php (7.3.20). (BZ#1853211)
Security Fix(es):
* php: DirectoryIterator class accepts filenames with embedded \0 byte and
treats them as terminating at that byte (CVE-2019-11045)
* php: Information disclosure in exif_read_data() (CVE-2019-11047)
* php: Integer wraparounds when receiving multipart forms (CVE-2019-11048)
* oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in
file gb18030.c (CVE-2019-19203)
* oniguruma: Heap-based buffer over-read in function
fetch_interval_quantifier in regparse.c (CVE-2019-19204)
* php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059)
* php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function
(CVE-2020-7060)
* php: NULL pointer dereference in PHP session upload progress
(CVE-2020-7062)
* php: Files added to tar with Phar::buildFromIterator have all-access
permissions (CVE-2020-7063)
* php: Information disclosure in exif_read_data() function (CVE-2020-7064)
* php: Using mb_strtolower() function with UTF-32LE encoding leads to
potential code execution (CVE-2020-7065)
* php: Out of bounds read when parsing EXIF information (CVE-2019-11050)
* oniguruma: Heap-based buffer overflow in str_lower_case_match in
regexec.c (CVE-2019-19246)
* php: Information disclosure in function get_headers (CVE-2020-7066)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Software Collections 3.6 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon must be restarted
for the update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1777537 - CVE-2019-19246 oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c
1786570 - CVE-2019-11047 php: Information disclosure in exif_read_data()
1786572 - CVE-2019-11045 php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte
1788258 - CVE-2019-11050 php: Out of bounds read when parsing EXIF information
1797776 - CVE-2020-7059 php: Out of bounds read in php_strip_tags_ex
1797779 - CVE-2020-7060 php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function
1802061 - CVE-2019-19203 oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c
1802068 - CVE-2019-19204 oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c
1808532 - CVE-2020-7062 php: NULL pointer dereference in PHP session upload progress
1808536 - CVE-2020-7063 php: Files added to tar with Phar::buildFromIterator have all-access permissions
1820601 - CVE-2020-7064 php: Information disclosure in exif_read_data() function
1820604 - CVE-2020-7066 php: Information disclosure in function get_headers
1820627 - CVE-2020-7065 php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution
1837842 - CVE-2019-11048 php: Integer wraparounds when receiving multipart forms
6. Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source:
rh-php73-php-7.3.20-1.el7.src.rpm
aarch64:
rh-php73-php-7.3.20-1.el7.aarch64.rpm
rh-php73-php-bcmath-7.3.20-1.el7.aarch64.rpm
rh-php73-php-cli-7.3.20-1.el7.aarch64.rpm
rh-php73-php-common-7.3.20-1.el7.aarch64.rpm
rh-php73-php-dba-7.3.20-1.el7.aarch64.rpm
rh-php73-php-dbg-7.3.20-1.el7.aarch64.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.aarch64.rpm
rh-php73-php-devel-7.3.20-1.el7.aarch64.rpm
rh-php73-php-embedded-7.3.20-1.el7.aarch64.rpm
rh-php73-php-enchant-7.3.20-1.el7.aarch64.rpm
rh-php73-php-fpm-7.3.20-1.el7.aarch64.rpm
rh-php73-php-gd-7.3.20-1.el7.aarch64.rpm
rh-php73-php-gmp-7.3.20-1.el7.aarch64.rpm
rh-php73-php-intl-7.3.20-1.el7.aarch64.rpm
rh-php73-php-json-7.3.20-1.el7.aarch64.rpm
rh-php73-php-ldap-7.3.20-1.el7.aarch64.rpm
rh-php73-php-mbstring-7.3.20-1.el7.aarch64.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.aarch64.rpm
rh-php73-php-odbc-7.3.20-1.el7.aarch64.rpm
rh-php73-php-opcache-7.3.20-1.el7.aarch64.rpm
rh-php73-php-pdo-7.3.20-1.el7.aarch64.rpm
rh-php73-php-pgsql-7.3.20-1.el7.aarch64.rpm
rh-php73-php-process-7.3.20-1.el7.aarch64.rpm
rh-php73-php-pspell-7.3.20-1.el7.aarch64.rpm
rh-php73-php-recode-7.3.20-1.el7.aarch64.rpm
rh-php73-php-snmp-7.3.20-1.el7.aarch64.rpm
rh-php73-php-soap-7.3.20-1.el7.aarch64.rpm
rh-php73-php-xml-7.3.20-1.el7.aarch64.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.aarch64.rpm
rh-php73-php-zip-7.3.20-1.el7.aarch64.rpm
ppc64le:
rh-php73-php-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-common-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-json-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-process-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm
s390x:
rh-php73-php-7.3.20-1.el7.s390x.rpm
rh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm
rh-php73-php-cli-7.3.20-1.el7.s390x.rpm
rh-php73-php-common-7.3.20-1.el7.s390x.rpm
rh-php73-php-dba-7.3.20-1.el7.s390x.rpm
rh-php73-php-dbg-7.3.20-1.el7.s390x.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm
rh-php73-php-devel-7.3.20-1.el7.s390x.rpm
rh-php73-php-embedded-7.3.20-1.el7.s390x.rpm
rh-php73-php-enchant-7.3.20-1.el7.s390x.rpm
rh-php73-php-fpm-7.3.20-1.el7.s390x.rpm
rh-php73-php-gd-7.3.20-1.el7.s390x.rpm
rh-php73-php-gmp-7.3.20-1.el7.s390x.rpm
rh-php73-php-intl-7.3.20-1.el7.s390x.rpm
rh-php73-php-json-7.3.20-1.el7.s390x.rpm
rh-php73-php-ldap-7.3.20-1.el7.s390x.rpm
rh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm
rh-php73-php-odbc-7.3.20-1.el7.s390x.rpm
rh-php73-php-opcache-7.3.20-1.el7.s390x.rpm
rh-php73-php-pdo-7.3.20-1.el7.s390x.rpm
rh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm
rh-php73-php-process-7.3.20-1.el7.s390x.rpm
rh-php73-php-pspell-7.3.20-1.el7.s390x.rpm
rh-php73-php-recode-7.3.20-1.el7.s390x.rpm
rh-php73-php-snmp-7.3.20-1.el7.s390x.rpm
rh-php73-php-soap-7.3.20-1.el7.s390x.rpm
rh-php73-php-xml-7.3.20-1.el7.s390x.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm
rh-php73-php-zip-7.3.20-1.el7.s390x.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source:
rh-php73-php-7.3.20-1.el7.src.rpm
aarch64:
rh-php73-php-7.3.20-1.el7.aarch64.rpm
rh-php73-php-bcmath-7.3.20-1.el7.aarch64.rpm
rh-php73-php-cli-7.3.20-1.el7.aarch64.rpm
rh-php73-php-common-7.3.20-1.el7.aarch64.rpm
rh-php73-php-dba-7.3.20-1.el7.aarch64.rpm
rh-php73-php-dbg-7.3.20-1.el7.aarch64.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.aarch64.rpm
rh-php73-php-devel-7.3.20-1.el7.aarch64.rpm
rh-php73-php-embedded-7.3.20-1.el7.aarch64.rpm
rh-php73-php-enchant-7.3.20-1.el7.aarch64.rpm
rh-php73-php-fpm-7.3.20-1.el7.aarch64.rpm
rh-php73-php-gd-7.3.20-1.el7.aarch64.rpm
rh-php73-php-gmp-7.3.20-1.el7.aarch64.rpm
rh-php73-php-intl-7.3.20-1.el7.aarch64.rpm
rh-php73-php-json-7.3.20-1.el7.aarch64.rpm
rh-php73-php-ldap-7.3.20-1.el7.aarch64.rpm
rh-php73-php-mbstring-7.3.20-1.el7.aarch64.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.aarch64.rpm
rh-php73-php-odbc-7.3.20-1.el7.aarch64.rpm
rh-php73-php-opcache-7.3.20-1.el7.aarch64.rpm
rh-php73-php-pdo-7.3.20-1.el7.aarch64.rpm
rh-php73-php-pgsql-7.3.20-1.el7.aarch64.rpm
rh-php73-php-process-7.3.20-1.el7.aarch64.rpm
rh-php73-php-pspell-7.3.20-1.el7.aarch64.rpm
rh-php73-php-recode-7.3.20-1.el7.aarch64.rpm
rh-php73-php-snmp-7.3.20-1.el7.aarch64.rpm
rh-php73-php-soap-7.3.20-1.el7.aarch64.rpm
rh-php73-php-xml-7.3.20-1.el7.aarch64.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.aarch64.rpm
rh-php73-php-zip-7.3.20-1.el7.aarch64.rpm
ppc64le:
rh-php73-php-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-common-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-json-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-process-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm
s390x:
rh-php73-php-7.3.20-1.el7.s390x.rpm
rh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm
rh-php73-php-cli-7.3.20-1.el7.s390x.rpm
rh-php73-php-common-7.3.20-1.el7.s390x.rpm
rh-php73-php-dba-7.3.20-1.el7.s390x.rpm
rh-php73-php-dbg-7.3.20-1.el7.s390x.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm
rh-php73-php-devel-7.3.20-1.el7.s390x.rpm
rh-php73-php-embedded-7.3.20-1.el7.s390x.rpm
rh-php73-php-enchant-7.3.20-1.el7.s390x.rpm
rh-php73-php-fpm-7.3.20-1.el7.s390x.rpm
rh-php73-php-gd-7.3.20-1.el7.s390x.rpm
rh-php73-php-gmp-7.3.20-1.el7.s390x.rpm
rh-php73-php-intl-7.3.20-1.el7.s390x.rpm
rh-php73-php-json-7.3.20-1.el7.s390x.rpm
rh-php73-php-ldap-7.3.20-1.el7.s390x.rpm
rh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm
rh-php73-php-odbc-7.3.20-1.el7.s390x.rpm
rh-php73-php-opcache-7.3.20-1.el7.s390x.rpm
rh-php73-php-pdo-7.3.20-1.el7.s390x.rpm
rh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm
rh-php73-php-process-7.3.20-1.el7.s390x.rpm
rh-php73-php-pspell-7.3.20-1.el7.s390x.rpm
rh-php73-php-recode-7.3.20-1.el7.s390x.rpm
rh-php73-php-snmp-7.3.20-1.el7.s390x.rpm
rh-php73-php-soap-7.3.20-1.el7.s390x.rpm
rh-php73-php-xml-7.3.20-1.el7.s390x.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm
rh-php73-php-zip-7.3.20-1.el7.s390x.rpm
x86_64:
rh-php73-php-7.3.20-1.el7.x86_64.rpm
rh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm
rh-php73-php-cli-7.3.20-1.el7.x86_64.rpm
rh-php73-php-common-7.3.20-1.el7.x86_64.rpm
rh-php73-php-dba-7.3.20-1.el7.x86_64.rpm
rh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm
rh-php73-php-devel-7.3.20-1.el7.x86_64.rpm
rh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm
rh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm
rh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm
rh-php73-php-gd-7.3.20-1.el7.x86_64.rpm
rh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm
rh-php73-php-intl-7.3.20-1.el7.x86_64.rpm
rh-php73-php-json-7.3.20-1.el7.x86_64.rpm
rh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm
rh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm
rh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm
rh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm
rh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm
rh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm
rh-php73-php-process-7.3.20-1.el7.x86_64.rpm
rh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm
rh-php73-php-recode-7.3.20-1.el7.x86_64.rpm
rh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm
rh-php73-php-soap-7.3.20-1.el7.x86_64.rpm
rh-php73-php-xml-7.3.20-1.el7.x86_64.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm
rh-php73-php-zip-7.3.20-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source:
rh-php73-php-7.3.20-1.el7.src.rpm
ppc64le:
rh-php73-php-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-common-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-json-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-process-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm
s390x:
rh-php73-php-7.3.20-1.el7.s390x.rpm
rh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm
rh-php73-php-cli-7.3.20-1.el7.s390x.rpm
rh-php73-php-common-7.3.20-1.el7.s390x.rpm
rh-php73-php-dba-7.3.20-1.el7.s390x.rpm
rh-php73-php-dbg-7.3.20-1.el7.s390x.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm
rh-php73-php-devel-7.3.20-1.el7.s390x.rpm
rh-php73-php-embedded-7.3.20-1.el7.s390x.rpm
rh-php73-php-enchant-7.3.20-1.el7.s390x.rpm
rh-php73-php-fpm-7.3.20-1.el7.s390x.rpm
rh-php73-php-gd-7.3.20-1.el7.s390x.rpm
rh-php73-php-gmp-7.3.20-1.el7.s390x.rpm
rh-php73-php-intl-7.3.20-1.el7.s390x.rpm
rh-php73-php-json-7.3.20-1.el7.s390x.rpm
rh-php73-php-ldap-7.3.20-1.el7.s390x.rpm
rh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm
rh-php73-php-odbc-7.3.20-1.el7.s390x.rpm
rh-php73-php-opcache-7.3.20-1.el7.s390x.rpm
rh-php73-php-pdo-7.3.20-1.el7.s390x.rpm
rh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm
rh-php73-php-process-7.3.20-1.el7.s390x.rpm
rh-php73-php-pspell-7.3.20-1.el7.s390x.rpm
rh-php73-php-recode-7.3.20-1.el7.s390x.rpm
rh-php73-php-snmp-7.3.20-1.el7.s390x.rpm
rh-php73-php-soap-7.3.20-1.el7.s390x.rpm
rh-php73-php-xml-7.3.20-1.el7.s390x.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm
rh-php73-php-zip-7.3.20-1.el7.s390x.rpm
x86_64:
rh-php73-php-7.3.20-1.el7.x86_64.rpm
rh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm
rh-php73-php-cli-7.3.20-1.el7.x86_64.rpm
rh-php73-php-common-7.3.20-1.el7.x86_64.rpm
rh-php73-php-dba-7.3.20-1.el7.x86_64.rpm
rh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm
rh-php73-php-devel-7.3.20-1.el7.x86_64.rpm
rh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm
rh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm
rh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm
rh-php73-php-gd-7.3.20-1.el7.x86_64.rpm
rh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm
rh-php73-php-intl-7.3.20-1.el7.x86_64.rpm
rh-php73-php-json-7.3.20-1.el7.x86_64.rpm
rh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm
rh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm
rh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm
rh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm
rh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm
rh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm
rh-php73-php-process-7.3.20-1.el7.x86_64.rpm
rh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm
rh-php73-php-recode-7.3.20-1.el7.x86_64.rpm
rh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm
rh-php73-php-soap-7.3.20-1.el7.x86_64.rpm
rh-php73-php-xml-7.3.20-1.el7.x86_64.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm
rh-php73-php-zip-7.3.20-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source:
rh-php73-php-7.3.20-1.el7.src.rpm
ppc64le:
rh-php73-php-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-common-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-json-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-process-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm
s390x:
rh-php73-php-7.3.20-1.el7.s390x.rpm
rh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm
rh-php73-php-cli-7.3.20-1.el7.s390x.rpm
rh-php73-php-common-7.3.20-1.el7.s390x.rpm
rh-php73-php-dba-7.3.20-1.el7.s390x.rpm
rh-php73-php-dbg-7.3.20-1.el7.s390x.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm
rh-php73-php-devel-7.3.20-1.el7.s390x.rpm
rh-php73-php-embedded-7.3.20-1.el7.s390x.rpm
rh-php73-php-enchant-7.3.20-1.el7.s390x.rpm
rh-php73-php-fpm-7.3.20-1.el7.s390x.rpm
rh-php73-php-gd-7.3.20-1.el7.s390x.rpm
rh-php73-php-gmp-7.3.20-1.el7.s390x.rpm
rh-php73-php-intl-7.3.20-1.el7.s390x.rpm
rh-php73-php-json-7.3.20-1.el7.s390x.rpm
rh-php73-php-ldap-7.3.20-1.el7.s390x.rpm
rh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm
rh-php73-php-odbc-7.3.20-1.el7.s390x.rpm
rh-php73-php-opcache-7.3.20-1.el7.s390x.rpm
rh-php73-php-pdo-7.3.20-1.el7.s390x.rpm
rh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm
rh-php73-php-process-7.3.20-1.el7.s390x.rpm
rh-php73-php-pspell-7.3.20-1.el7.s390x.rpm
rh-php73-php-recode-7.3.20-1.el7.s390x.rpm
rh-php73-php-snmp-7.3.20-1.el7.s390x.rpm
rh-php73-php-soap-7.3.20-1.el7.s390x.rpm
rh-php73-php-xml-7.3.20-1.el7.s390x.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm
rh-php73-php-zip-7.3.20-1.el7.s390x.rpm
x86_64:
rh-php73-php-7.3.20-1.el7.x86_64.rpm
rh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm
rh-php73-php-cli-7.3.20-1.el7.x86_64.rpm
rh-php73-php-common-7.3.20-1.el7.x86_64.rpm
rh-php73-php-dba-7.3.20-1.el7.x86_64.rpm
rh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm
rh-php73-php-devel-7.3.20-1.el7.x86_64.rpm
rh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm
rh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm
rh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm
rh-php73-php-gd-7.3.20-1.el7.x86_64.rpm
rh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm
rh-php73-php-intl-7.3.20-1.el7.x86_64.rpm
rh-php73-php-json-7.3.20-1.el7.x86_64.rpm
rh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm
rh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm
rh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm
rh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm
rh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm
rh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm
rh-php73-php-process-7.3.20-1.el7.x86_64.rpm
rh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm
rh-php73-php-recode-7.3.20-1.el7.x86_64.rpm
rh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm
rh-php73-php-soap-7.3.20-1.el7.x86_64.rpm
rh-php73-php-xml-7.3.20-1.el7.x86_64.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm
rh-php73-php-zip-7.3.20-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source:
rh-php73-php-7.3.20-1.el7.src.rpm
x86_64:
rh-php73-php-7.3.20-1.el7.x86_64.rpm
rh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm
rh-php73-php-cli-7.3.20-1.el7.x86_64.rpm
rh-php73-php-common-7.3.20-1.el7.x86_64.rpm
rh-php73-php-dba-7.3.20-1.el7.x86_64.rpm
rh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm
rh-php73-php-devel-7.3.20-1.el7.x86_64.rpm
rh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm
rh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm
rh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm
rh-php73-php-gd-7.3.20-1.el7.x86_64.rpm
rh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm
rh-php73-php-intl-7.3.20-1.el7.x86_64.rpm
rh-php73-php-json-7.3.20-1.el7.x86_64.rpm
rh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm
rh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm
rh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm
rh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm
rh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm
rh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm
rh-php73-php-process-7.3.20-1.el7.x86_64.rpm
rh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm
rh-php73-php-recode-7.3.20-1.el7.x86_64.rpm
rh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm
rh-php73-php-soap-7.3.20-1.el7.x86_64.rpm
rh-php73-php-xml-7.3.20-1.el7.x86_64.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm
rh-php73-php-zip-7.3.20-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-11045
https://access.redhat.com/security/cve/CVE-2019-11047
https://access.redhat.com/security/cve/CVE-2019-11048
https://access.redhat.com/security/cve/CVE-2019-11050
https://access.redhat.com/security/cve/CVE-2019-19203
https://access.redhat.com/security/cve/CVE-2019-19204
https://access.redhat.com/security/cve/CVE-2019-19246
https://access.redhat.com/security/cve/CVE-2020-7059
https://access.redhat.com/security/cve/CVE-2020-7060
https://access.redhat.com/security/cve/CVE-2020-7062
https://access.redhat.com/security/cve/CVE-2020-7063
https://access.redhat.com/security/cve/CVE-2020-7064
https://access.redhat.com/security/cve/CVE-2020-7065
https://access.redhat.com/security/cve/CVE-2020-7066
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.6_release_notes/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBX8Y0i9zjgjWX9erEAQg0Fw/8DpkMHPAzp4Tb6ym275eMnlcICweGyFtw
becOAQt6d3zo6+1fQ7TvsDhciqoSppofF1z4i1HKRZlvsrkzmPkzXfBh0Z1M99YQ
KUsvTcbQ9fd5AzHzkVIQ1NL9Qvhl8We0DL/WEiz6ob3yczwgZAz7yVq+dl7IkfoI
6G/lbIT0g5C9OPpma+KPw2mB1fiaGnPp5+i3o1srMYOcqqd8oWDWOQZJVB1TlkEH
rcPfqKdlrwIl2gu9LlGw8leNS0392lsd8UOaVt8rjsW5wdPAZno8rCFp+TMXymJ0
D1FlsrWwsc89QPgeJd13cc487nJnIos8bRxTDsJL/pQdyhIYNLGA7dA20YdMElDh
viPblEXhfwRMHeSgTUUTU4dvNk6DiGQWigiNh2973EgYDTxA2AGvLo2ygfFXCVGi
EWcECya+Cz+G0/IaJPE1ohnVqdfdrDVncOFNmfdQ6QvDZaoZyqi37UubtA+JB1qC
5f1j9vtfWTMRpkCqmF/94WQ81h2401lqHz6yWlbn2DOALN/R8Cso5mLwwd/9cWLo
RwIpTvHOFY++tzoh8Mn9WDaMNkPkf39n30BDtKQA4XG53vo3/RZHmpkmwxy4UVgB
gGP537Uy95zumCJMFRsKvkqTg62O6AEOneydtZT/yYGiF9uhHBboTorij+aD7LN4
0afoNZ3Sfdc\xaaB8
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. 8) - aarch64, noarch, ppc64le, s390x, x86_64
3.
For the stable distribution (buster), these problems have been fixed in
version 7.3.14-1~deb10u1.
We recommend that you upgrade your php7.3 packages.
For the detailed security status of php7.3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php7.3
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl5K+WQACgkQEMKTtsN8
TjZA/xAAkC1VQPZceCr4L9w2SuZ3tqxhxtQudPw8NcH7kSZtrvFnFOYvqKTj/wNV
wtHcx4TMZRPYWu+Pzl2WN7B+H++4PtvNDyUmyrwOycOIBnPrRRp9bmtTrs6Dzmm4
M/y2G5PYVGHxeilQWLKiOKX/EL/7EFjjEZq19DyujBGlOZsj3jGDAxtpGn510Q2d
94c2fa1hCBp8u0HGMcCQ632+bK6JS79JixzkkuGlWiih+2H94Qdwm3saiNt3ey/N
QT7tiFsdPWwWUOuT4G6GYrpL0vOw+idm9OClfOAufaZOosgIbL/oUPtMtq7Gb7la
ILxU1KbaLMX0vOszycpIP04AEBPETCKxvDuHNLKTGNaE6GQjIjDkSTIH0hGDeaeX
gCrRosPh0jmI5M158dJrUPkC5JZpsX/WJWGmNnJ5DvCBMlQtaloVBP4eLXlda8fB
743tDdFlaiD6mC0aGMfXp54yTD3/0J2ENmZ8Rx+YEuTr7/7P1Ia8o2HiIoGE4URf
AU4uQ1YjI6bhXo8muN29449vo/5yciVhH3EikHvGtdMAd7c2wD6GxDjpKj2ZWOF8
flI6DcATW+8rq9+dICZOtA0vgxTZb4iPzj4CXoqzfDg+JH5U2AGKQWY/650UIwOX
Q2kshwrrFxQUml8AfiL68OJww4MkBmUb9fbwmgBg0pNASigWJa4=EPNV
-----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202003-57
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: PHP: Multiple vulnerabilities
Date: March 26, 2020
Bugs: #671872, #706168, #710304, #713484
ID: 202003-57
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in PHP, the worst of which
could result in the execution of arbitrary shell commands.
Background
==========
PHP is an open source general-purpose scripting language that is
especially suited for web development. Please review the
CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All PHP 7.2.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-7.2.29"
All PHP 7.3.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-7.3.16"
All PHP 7.4.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-7.4.4"
References
==========
[ 1 ] CVE-2018-19518
https://nvd.nist.gov/vuln/detail/CVE-2018-19518
[ 2 ] CVE-2020-7059
https://nvd.nist.gov/vuln/detail/CVE-2020-7059
[ 3 ] CVE-2020-7060
https://nvd.nist.gov/vuln/detail/CVE-2020-7060
[ 4 ] CVE-2020-7061
https://nvd.nist.gov/vuln/detail/CVE-2020-7061
[ 5 ] CVE-2020-7062
https://nvd.nist.gov/vuln/detail/CVE-2020-7062
[ 6 ] CVE-2020-7063
https://nvd.nist.gov/vuln/detail/CVE-2020-7063
[ 7 ] CVE-2020-7064
https://nvd.nist.gov/vuln/detail/CVE-2020-7064
[ 8 ] CVE-2020-7065
https://nvd.nist.gov/vuln/detail/CVE-2020-7065
[ 9 ] CVE-2020-7066
https://nvd.nist.gov/vuln/detail/CVE-2020-7066
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202003-57
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2020 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. ==========================================================================
Ubuntu Security Notice USN-4279-2
February 19, 2020
php7.0 regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
USN-4279-1 introduced a regression in PHP. The updated packages caused a regression.
This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that PHP incorrectly handled certain scripts.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS.
(CVE-2015-9253)
It was discovered that PHP incorrectly handled certain inputs. An attacker
could possibly use this issue to expose sensitive information.
(CVE-2020-7059)
It was discovered that PHP incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS
and Ubuntu 19.10. (CVE-2020-7060)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
libapache2-mod-php7.0 7.0.33-0ubuntu0.16.04.12
php7.0-cgi 7.0.33-0ubuntu0.16.04.12
php7.0-cli 7.0.33-0ubuntu0.16.04.12
php7.0-fpm 7.0.33-0ubuntu0.16.04.12
In general, a standard system update will make all the necessary changes
| VAR-202002-1305 | CVE-2020-7059 | PHP Out-of-bounds read vulnerability in |
CVSS V2: 6.4 CVSS V3: 9.1 Severity: CRITICAL |
When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash. PHP Exists in an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be put into a state. A buffer error vulnerability exists in PHP 7.2.x prior to 7.2.27, 7.3.x prior to 7.3.14, and 7.4.x prior to 7.4.2.
(CVE-2015-9253). -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: rh-php73-php security, bug fix, and enhancement update
Advisory ID: RHSA-2020:5275-01
Product: Red Hat Software Collections
Advisory URL: https://access.redhat.com/errata/RHSA-2020:5275
Issue date: 2020-12-01
CVE Names: CVE-2019-11045 CVE-2019-11047 CVE-2019-11048
CVE-2019-11050 CVE-2019-19203 CVE-2019-19204
CVE-2019-19246 CVE-2020-7059 CVE-2020-7060
CVE-2020-7062 CVE-2020-7063 CVE-2020-7064
CVE-2020-7065 CVE-2020-7066
====================================================================
1. Summary:
An update for rh-php73-php is now available for Red Hat Software
Collections.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
3. Description:
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.
The following packages have been upgraded to a later upstream version:
rh-php73-php (7.3.20). (BZ#1853211)
Security Fix(es):
* php: DirectoryIterator class accepts filenames with embedded \0 byte and
treats them as terminating at that byte (CVE-2019-11045)
* php: Information disclosure in exif_read_data() (CVE-2019-11047)
* php: Integer wraparounds when receiving multipart forms (CVE-2019-11048)
* oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in
file gb18030.c (CVE-2019-19203)
* oniguruma: Heap-based buffer over-read in function
fetch_interval_quantifier in regparse.c (CVE-2019-19204)
* php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059)
* php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function
(CVE-2020-7060)
* php: NULL pointer dereference in PHP session upload progress
(CVE-2020-7062)
* php: Files added to tar with Phar::buildFromIterator have all-access
permissions (CVE-2020-7063)
* php: Information disclosure in exif_read_data() function (CVE-2020-7064)
* php: Using mb_strtolower() function with UTF-32LE encoding leads to
potential code execution (CVE-2020-7065)
* php: Out of bounds read when parsing EXIF information (CVE-2019-11050)
* oniguruma: Heap-based buffer overflow in str_lower_case_match in
regexec.c (CVE-2019-19246)
* php: Information disclosure in function get_headers (CVE-2020-7066)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Software Collections 3.6 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon must be restarted
for the update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1777537 - CVE-2019-19246 oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c
1786570 - CVE-2019-11047 php: Information disclosure in exif_read_data()
1786572 - CVE-2019-11045 php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte
1788258 - CVE-2019-11050 php: Out of bounds read when parsing EXIF information
1797776 - CVE-2020-7059 php: Out of bounds read in php_strip_tags_ex
1797779 - CVE-2020-7060 php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function
1802061 - CVE-2019-19203 oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c
1802068 - CVE-2019-19204 oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c
1808532 - CVE-2020-7062 php: NULL pointer dereference in PHP session upload progress
1808536 - CVE-2020-7063 php: Files added to tar with Phar::buildFromIterator have all-access permissions
1820601 - CVE-2020-7064 php: Information disclosure in exif_read_data() function
1820604 - CVE-2020-7066 php: Information disclosure in function get_headers
1820627 - CVE-2020-7065 php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution
1837842 - CVE-2019-11048 php: Integer wraparounds when receiving multipart forms
6. Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source:
rh-php73-php-7.3.20-1.el7.src.rpm
aarch64:
rh-php73-php-7.3.20-1.el7.aarch64.rpm
rh-php73-php-bcmath-7.3.20-1.el7.aarch64.rpm
rh-php73-php-cli-7.3.20-1.el7.aarch64.rpm
rh-php73-php-common-7.3.20-1.el7.aarch64.rpm
rh-php73-php-dba-7.3.20-1.el7.aarch64.rpm
rh-php73-php-dbg-7.3.20-1.el7.aarch64.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.aarch64.rpm
rh-php73-php-devel-7.3.20-1.el7.aarch64.rpm
rh-php73-php-embedded-7.3.20-1.el7.aarch64.rpm
rh-php73-php-enchant-7.3.20-1.el7.aarch64.rpm
rh-php73-php-fpm-7.3.20-1.el7.aarch64.rpm
rh-php73-php-gd-7.3.20-1.el7.aarch64.rpm
rh-php73-php-gmp-7.3.20-1.el7.aarch64.rpm
rh-php73-php-intl-7.3.20-1.el7.aarch64.rpm
rh-php73-php-json-7.3.20-1.el7.aarch64.rpm
rh-php73-php-ldap-7.3.20-1.el7.aarch64.rpm
rh-php73-php-mbstring-7.3.20-1.el7.aarch64.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.aarch64.rpm
rh-php73-php-odbc-7.3.20-1.el7.aarch64.rpm
rh-php73-php-opcache-7.3.20-1.el7.aarch64.rpm
rh-php73-php-pdo-7.3.20-1.el7.aarch64.rpm
rh-php73-php-pgsql-7.3.20-1.el7.aarch64.rpm
rh-php73-php-process-7.3.20-1.el7.aarch64.rpm
rh-php73-php-pspell-7.3.20-1.el7.aarch64.rpm
rh-php73-php-recode-7.3.20-1.el7.aarch64.rpm
rh-php73-php-snmp-7.3.20-1.el7.aarch64.rpm
rh-php73-php-soap-7.3.20-1.el7.aarch64.rpm
rh-php73-php-xml-7.3.20-1.el7.aarch64.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.aarch64.rpm
rh-php73-php-zip-7.3.20-1.el7.aarch64.rpm
ppc64le:
rh-php73-php-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-common-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-json-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-process-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm
s390x:
rh-php73-php-7.3.20-1.el7.s390x.rpm
rh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm
rh-php73-php-cli-7.3.20-1.el7.s390x.rpm
rh-php73-php-common-7.3.20-1.el7.s390x.rpm
rh-php73-php-dba-7.3.20-1.el7.s390x.rpm
rh-php73-php-dbg-7.3.20-1.el7.s390x.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm
rh-php73-php-devel-7.3.20-1.el7.s390x.rpm
rh-php73-php-embedded-7.3.20-1.el7.s390x.rpm
rh-php73-php-enchant-7.3.20-1.el7.s390x.rpm
rh-php73-php-fpm-7.3.20-1.el7.s390x.rpm
rh-php73-php-gd-7.3.20-1.el7.s390x.rpm
rh-php73-php-gmp-7.3.20-1.el7.s390x.rpm
rh-php73-php-intl-7.3.20-1.el7.s390x.rpm
rh-php73-php-json-7.3.20-1.el7.s390x.rpm
rh-php73-php-ldap-7.3.20-1.el7.s390x.rpm
rh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm
rh-php73-php-odbc-7.3.20-1.el7.s390x.rpm
rh-php73-php-opcache-7.3.20-1.el7.s390x.rpm
rh-php73-php-pdo-7.3.20-1.el7.s390x.rpm
rh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm
rh-php73-php-process-7.3.20-1.el7.s390x.rpm
rh-php73-php-pspell-7.3.20-1.el7.s390x.rpm
rh-php73-php-recode-7.3.20-1.el7.s390x.rpm
rh-php73-php-snmp-7.3.20-1.el7.s390x.rpm
rh-php73-php-soap-7.3.20-1.el7.s390x.rpm
rh-php73-php-xml-7.3.20-1.el7.s390x.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm
rh-php73-php-zip-7.3.20-1.el7.s390x.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source:
rh-php73-php-7.3.20-1.el7.src.rpm
aarch64:
rh-php73-php-7.3.20-1.el7.aarch64.rpm
rh-php73-php-bcmath-7.3.20-1.el7.aarch64.rpm
rh-php73-php-cli-7.3.20-1.el7.aarch64.rpm
rh-php73-php-common-7.3.20-1.el7.aarch64.rpm
rh-php73-php-dba-7.3.20-1.el7.aarch64.rpm
rh-php73-php-dbg-7.3.20-1.el7.aarch64.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.aarch64.rpm
rh-php73-php-devel-7.3.20-1.el7.aarch64.rpm
rh-php73-php-embedded-7.3.20-1.el7.aarch64.rpm
rh-php73-php-enchant-7.3.20-1.el7.aarch64.rpm
rh-php73-php-fpm-7.3.20-1.el7.aarch64.rpm
rh-php73-php-gd-7.3.20-1.el7.aarch64.rpm
rh-php73-php-gmp-7.3.20-1.el7.aarch64.rpm
rh-php73-php-intl-7.3.20-1.el7.aarch64.rpm
rh-php73-php-json-7.3.20-1.el7.aarch64.rpm
rh-php73-php-ldap-7.3.20-1.el7.aarch64.rpm
rh-php73-php-mbstring-7.3.20-1.el7.aarch64.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.aarch64.rpm
rh-php73-php-odbc-7.3.20-1.el7.aarch64.rpm
rh-php73-php-opcache-7.3.20-1.el7.aarch64.rpm
rh-php73-php-pdo-7.3.20-1.el7.aarch64.rpm
rh-php73-php-pgsql-7.3.20-1.el7.aarch64.rpm
rh-php73-php-process-7.3.20-1.el7.aarch64.rpm
rh-php73-php-pspell-7.3.20-1.el7.aarch64.rpm
rh-php73-php-recode-7.3.20-1.el7.aarch64.rpm
rh-php73-php-snmp-7.3.20-1.el7.aarch64.rpm
rh-php73-php-soap-7.3.20-1.el7.aarch64.rpm
rh-php73-php-xml-7.3.20-1.el7.aarch64.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.aarch64.rpm
rh-php73-php-zip-7.3.20-1.el7.aarch64.rpm
ppc64le:
rh-php73-php-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-common-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-json-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-process-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm
s390x:
rh-php73-php-7.3.20-1.el7.s390x.rpm
rh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm
rh-php73-php-cli-7.3.20-1.el7.s390x.rpm
rh-php73-php-common-7.3.20-1.el7.s390x.rpm
rh-php73-php-dba-7.3.20-1.el7.s390x.rpm
rh-php73-php-dbg-7.3.20-1.el7.s390x.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm
rh-php73-php-devel-7.3.20-1.el7.s390x.rpm
rh-php73-php-embedded-7.3.20-1.el7.s390x.rpm
rh-php73-php-enchant-7.3.20-1.el7.s390x.rpm
rh-php73-php-fpm-7.3.20-1.el7.s390x.rpm
rh-php73-php-gd-7.3.20-1.el7.s390x.rpm
rh-php73-php-gmp-7.3.20-1.el7.s390x.rpm
rh-php73-php-intl-7.3.20-1.el7.s390x.rpm
rh-php73-php-json-7.3.20-1.el7.s390x.rpm
rh-php73-php-ldap-7.3.20-1.el7.s390x.rpm
rh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm
rh-php73-php-odbc-7.3.20-1.el7.s390x.rpm
rh-php73-php-opcache-7.3.20-1.el7.s390x.rpm
rh-php73-php-pdo-7.3.20-1.el7.s390x.rpm
rh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm
rh-php73-php-process-7.3.20-1.el7.s390x.rpm
rh-php73-php-pspell-7.3.20-1.el7.s390x.rpm
rh-php73-php-recode-7.3.20-1.el7.s390x.rpm
rh-php73-php-snmp-7.3.20-1.el7.s390x.rpm
rh-php73-php-soap-7.3.20-1.el7.s390x.rpm
rh-php73-php-xml-7.3.20-1.el7.s390x.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm
rh-php73-php-zip-7.3.20-1.el7.s390x.rpm
x86_64:
rh-php73-php-7.3.20-1.el7.x86_64.rpm
rh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm
rh-php73-php-cli-7.3.20-1.el7.x86_64.rpm
rh-php73-php-common-7.3.20-1.el7.x86_64.rpm
rh-php73-php-dba-7.3.20-1.el7.x86_64.rpm
rh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm
rh-php73-php-devel-7.3.20-1.el7.x86_64.rpm
rh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm
rh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm
rh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm
rh-php73-php-gd-7.3.20-1.el7.x86_64.rpm
rh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm
rh-php73-php-intl-7.3.20-1.el7.x86_64.rpm
rh-php73-php-json-7.3.20-1.el7.x86_64.rpm
rh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm
rh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm
rh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm
rh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm
rh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm
rh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm
rh-php73-php-process-7.3.20-1.el7.x86_64.rpm
rh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm
rh-php73-php-recode-7.3.20-1.el7.x86_64.rpm
rh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm
rh-php73-php-soap-7.3.20-1.el7.x86_64.rpm
rh-php73-php-xml-7.3.20-1.el7.x86_64.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm
rh-php73-php-zip-7.3.20-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source:
rh-php73-php-7.3.20-1.el7.src.rpm
ppc64le:
rh-php73-php-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-common-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-json-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-process-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm
s390x:
rh-php73-php-7.3.20-1.el7.s390x.rpm
rh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm
rh-php73-php-cli-7.3.20-1.el7.s390x.rpm
rh-php73-php-common-7.3.20-1.el7.s390x.rpm
rh-php73-php-dba-7.3.20-1.el7.s390x.rpm
rh-php73-php-dbg-7.3.20-1.el7.s390x.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm
rh-php73-php-devel-7.3.20-1.el7.s390x.rpm
rh-php73-php-embedded-7.3.20-1.el7.s390x.rpm
rh-php73-php-enchant-7.3.20-1.el7.s390x.rpm
rh-php73-php-fpm-7.3.20-1.el7.s390x.rpm
rh-php73-php-gd-7.3.20-1.el7.s390x.rpm
rh-php73-php-gmp-7.3.20-1.el7.s390x.rpm
rh-php73-php-intl-7.3.20-1.el7.s390x.rpm
rh-php73-php-json-7.3.20-1.el7.s390x.rpm
rh-php73-php-ldap-7.3.20-1.el7.s390x.rpm
rh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm
rh-php73-php-odbc-7.3.20-1.el7.s390x.rpm
rh-php73-php-opcache-7.3.20-1.el7.s390x.rpm
rh-php73-php-pdo-7.3.20-1.el7.s390x.rpm
rh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm
rh-php73-php-process-7.3.20-1.el7.s390x.rpm
rh-php73-php-pspell-7.3.20-1.el7.s390x.rpm
rh-php73-php-recode-7.3.20-1.el7.s390x.rpm
rh-php73-php-snmp-7.3.20-1.el7.s390x.rpm
rh-php73-php-soap-7.3.20-1.el7.s390x.rpm
rh-php73-php-xml-7.3.20-1.el7.s390x.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm
rh-php73-php-zip-7.3.20-1.el7.s390x.rpm
x86_64:
rh-php73-php-7.3.20-1.el7.x86_64.rpm
rh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm
rh-php73-php-cli-7.3.20-1.el7.x86_64.rpm
rh-php73-php-common-7.3.20-1.el7.x86_64.rpm
rh-php73-php-dba-7.3.20-1.el7.x86_64.rpm
rh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm
rh-php73-php-devel-7.3.20-1.el7.x86_64.rpm
rh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm
rh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm
rh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm
rh-php73-php-gd-7.3.20-1.el7.x86_64.rpm
rh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm
rh-php73-php-intl-7.3.20-1.el7.x86_64.rpm
rh-php73-php-json-7.3.20-1.el7.x86_64.rpm
rh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm
rh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm
rh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm
rh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm
rh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm
rh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm
rh-php73-php-process-7.3.20-1.el7.x86_64.rpm
rh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm
rh-php73-php-recode-7.3.20-1.el7.x86_64.rpm
rh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm
rh-php73-php-soap-7.3.20-1.el7.x86_64.rpm
rh-php73-php-xml-7.3.20-1.el7.x86_64.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm
rh-php73-php-zip-7.3.20-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source:
rh-php73-php-7.3.20-1.el7.src.rpm
ppc64le:
rh-php73-php-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-common-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-json-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-process-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm
rh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm
s390x:
rh-php73-php-7.3.20-1.el7.s390x.rpm
rh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm
rh-php73-php-cli-7.3.20-1.el7.s390x.rpm
rh-php73-php-common-7.3.20-1.el7.s390x.rpm
rh-php73-php-dba-7.3.20-1.el7.s390x.rpm
rh-php73-php-dbg-7.3.20-1.el7.s390x.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm
rh-php73-php-devel-7.3.20-1.el7.s390x.rpm
rh-php73-php-embedded-7.3.20-1.el7.s390x.rpm
rh-php73-php-enchant-7.3.20-1.el7.s390x.rpm
rh-php73-php-fpm-7.3.20-1.el7.s390x.rpm
rh-php73-php-gd-7.3.20-1.el7.s390x.rpm
rh-php73-php-gmp-7.3.20-1.el7.s390x.rpm
rh-php73-php-intl-7.3.20-1.el7.s390x.rpm
rh-php73-php-json-7.3.20-1.el7.s390x.rpm
rh-php73-php-ldap-7.3.20-1.el7.s390x.rpm
rh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm
rh-php73-php-odbc-7.3.20-1.el7.s390x.rpm
rh-php73-php-opcache-7.3.20-1.el7.s390x.rpm
rh-php73-php-pdo-7.3.20-1.el7.s390x.rpm
rh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm
rh-php73-php-process-7.3.20-1.el7.s390x.rpm
rh-php73-php-pspell-7.3.20-1.el7.s390x.rpm
rh-php73-php-recode-7.3.20-1.el7.s390x.rpm
rh-php73-php-snmp-7.3.20-1.el7.s390x.rpm
rh-php73-php-soap-7.3.20-1.el7.s390x.rpm
rh-php73-php-xml-7.3.20-1.el7.s390x.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm
rh-php73-php-zip-7.3.20-1.el7.s390x.rpm
x86_64:
rh-php73-php-7.3.20-1.el7.x86_64.rpm
rh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm
rh-php73-php-cli-7.3.20-1.el7.x86_64.rpm
rh-php73-php-common-7.3.20-1.el7.x86_64.rpm
rh-php73-php-dba-7.3.20-1.el7.x86_64.rpm
rh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm
rh-php73-php-devel-7.3.20-1.el7.x86_64.rpm
rh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm
rh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm
rh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm
rh-php73-php-gd-7.3.20-1.el7.x86_64.rpm
rh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm
rh-php73-php-intl-7.3.20-1.el7.x86_64.rpm
rh-php73-php-json-7.3.20-1.el7.x86_64.rpm
rh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm
rh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm
rh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm
rh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm
rh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm
rh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm
rh-php73-php-process-7.3.20-1.el7.x86_64.rpm
rh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm
rh-php73-php-recode-7.3.20-1.el7.x86_64.rpm
rh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm
rh-php73-php-soap-7.3.20-1.el7.x86_64.rpm
rh-php73-php-xml-7.3.20-1.el7.x86_64.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm
rh-php73-php-zip-7.3.20-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source:
rh-php73-php-7.3.20-1.el7.src.rpm
x86_64:
rh-php73-php-7.3.20-1.el7.x86_64.rpm
rh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm
rh-php73-php-cli-7.3.20-1.el7.x86_64.rpm
rh-php73-php-common-7.3.20-1.el7.x86_64.rpm
rh-php73-php-dba-7.3.20-1.el7.x86_64.rpm
rh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm
rh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm
rh-php73-php-devel-7.3.20-1.el7.x86_64.rpm
rh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm
rh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm
rh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm
rh-php73-php-gd-7.3.20-1.el7.x86_64.rpm
rh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm
rh-php73-php-intl-7.3.20-1.el7.x86_64.rpm
rh-php73-php-json-7.3.20-1.el7.x86_64.rpm
rh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm
rh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm
rh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm
rh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm
rh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm
rh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm
rh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm
rh-php73-php-process-7.3.20-1.el7.x86_64.rpm
rh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm
rh-php73-php-recode-7.3.20-1.el7.x86_64.rpm
rh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm
rh-php73-php-soap-7.3.20-1.el7.x86_64.rpm
rh-php73-php-xml-7.3.20-1.el7.x86_64.rpm
rh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm
rh-php73-php-zip-7.3.20-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-11045
https://access.redhat.com/security/cve/CVE-2019-11047
https://access.redhat.com/security/cve/CVE-2019-11048
https://access.redhat.com/security/cve/CVE-2019-11050
https://access.redhat.com/security/cve/CVE-2019-19203
https://access.redhat.com/security/cve/CVE-2019-19204
https://access.redhat.com/security/cve/CVE-2019-19246
https://access.redhat.com/security/cve/CVE-2020-7059
https://access.redhat.com/security/cve/CVE-2020-7060
https://access.redhat.com/security/cve/CVE-2020-7062
https://access.redhat.com/security/cve/CVE-2020-7063
https://access.redhat.com/security/cve/CVE-2020-7064
https://access.redhat.com/security/cve/CVE-2020-7065
https://access.redhat.com/security/cve/CVE-2020-7066
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.6_release_notes/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBX8Y0i9zjgjWX9erEAQg0Fw/8DpkMHPAzp4Tb6ym275eMnlcICweGyFtw
becOAQt6d3zo6+1fQ7TvsDhciqoSppofF1z4i1HKRZlvsrkzmPkzXfBh0Z1M99YQ
KUsvTcbQ9fd5AzHzkVIQ1NL9Qvhl8We0DL/WEiz6ob3yczwgZAz7yVq+dl7IkfoI
6G/lbIT0g5C9OPpma+KPw2mB1fiaGnPp5+i3o1srMYOcqqd8oWDWOQZJVB1TlkEH
rcPfqKdlrwIl2gu9LlGw8leNS0392lsd8UOaVt8rjsW5wdPAZno8rCFp+TMXymJ0
D1FlsrWwsc89QPgeJd13cc487nJnIos8bRxTDsJL/pQdyhIYNLGA7dA20YdMElDh
viPblEXhfwRMHeSgTUUTU4dvNk6DiGQWigiNh2973EgYDTxA2AGvLo2ygfFXCVGi
EWcECya+Cz+G0/IaJPE1ohnVqdfdrDVncOFNmfdQ6QvDZaoZyqi37UubtA+JB1qC
5f1j9vtfWTMRpkCqmF/94WQ81h2401lqHz6yWlbn2DOALN/R8Cso5mLwwd/9cWLo
RwIpTvHOFY++tzoh8Mn9WDaMNkPkf39n30BDtKQA4XG53vo3/RZHmpkmwxy4UVgB
gGP537Uy95zumCJMFRsKvkqTg62O6AEOneydtZT/yYGiF9uhHBboTorij+aD7LN4
0afoNZ3Sfdc\xaaB8
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. 8) - aarch64, noarch, ppc64le, s390x, x86_64
3.
For the stable distribution (buster), these problems have been fixed in
version 7.3.14-1~deb10u1.
We recommend that you upgrade your php7.3 packages.
For the detailed security status of php7.3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php7.3
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl5K+WQACgkQEMKTtsN8
TjZA/xAAkC1VQPZceCr4L9w2SuZ3tqxhxtQudPw8NcH7kSZtrvFnFOYvqKTj/wNV
wtHcx4TMZRPYWu+Pzl2WN7B+H++4PtvNDyUmyrwOycOIBnPrRRp9bmtTrs6Dzmm4
M/y2G5PYVGHxeilQWLKiOKX/EL/7EFjjEZq19DyujBGlOZsj3jGDAxtpGn510Q2d
94c2fa1hCBp8u0HGMcCQ632+bK6JS79JixzkkuGlWiih+2H94Qdwm3saiNt3ey/N
QT7tiFsdPWwWUOuT4G6GYrpL0vOw+idm9OClfOAufaZOosgIbL/oUPtMtq7Gb7la
ILxU1KbaLMX0vOszycpIP04AEBPETCKxvDuHNLKTGNaE6GQjIjDkSTIH0hGDeaeX
gCrRosPh0jmI5M158dJrUPkC5JZpsX/WJWGmNnJ5DvCBMlQtaloVBP4eLXlda8fB
743tDdFlaiD6mC0aGMfXp54yTD3/0J2ENmZ8Rx+YEuTr7/7P1Ia8o2HiIoGE4URf
AU4uQ1YjI6bhXo8muN29449vo/5yciVhH3EikHvGtdMAd7c2wD6GxDjpKj2ZWOF8
flI6DcATW+8rq9+dICZOtA0vgxTZb4iPzj4CXoqzfDg+JH5U2AGKQWY/650UIwOX
Q2kshwrrFxQUml8AfiL68OJww4MkBmUb9fbwmgBg0pNASigWJa4=EPNV
-----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202003-57
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: PHP: Multiple vulnerabilities
Date: March 26, 2020
Bugs: #671872, #706168, #710304, #713484
ID: 202003-57
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in PHP, the worst of which
could result in the execution of arbitrary shell commands.
Background
==========
PHP is an open source general-purpose scripting language that is
especially suited for web development. Please review the
CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All PHP 7.2.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-7.2.29"
All PHP 7.3.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-7.3.16"
All PHP 7.4.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-7.4.4"
References
==========
[ 1 ] CVE-2018-19518
https://nvd.nist.gov/vuln/detail/CVE-2018-19518
[ 2 ] CVE-2020-7059
https://nvd.nist.gov/vuln/detail/CVE-2020-7059
[ 3 ] CVE-2020-7060
https://nvd.nist.gov/vuln/detail/CVE-2020-7060
[ 4 ] CVE-2020-7061
https://nvd.nist.gov/vuln/detail/CVE-2020-7061
[ 5 ] CVE-2020-7062
https://nvd.nist.gov/vuln/detail/CVE-2020-7062
[ 6 ] CVE-2020-7063
https://nvd.nist.gov/vuln/detail/CVE-2020-7063
[ 7 ] CVE-2020-7064
https://nvd.nist.gov/vuln/detail/CVE-2020-7064
[ 8 ] CVE-2020-7065
https://nvd.nist.gov/vuln/detail/CVE-2020-7065
[ 9 ] CVE-2020-7066
https://nvd.nist.gov/vuln/detail/CVE-2020-7066
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202003-57
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2020 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. ==========================================================================
Ubuntu Security Notice USN-4279-2
February 19, 2020
php7.0 regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
USN-4279-1 introduced a regression in PHP. The updated packages caused a regression.
This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that PHP incorrectly handled certain scripts.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS.
(CVE-2015-9253)
It was discovered that PHP incorrectly handled certain inputs. An attacker
could possibly use this issue to expose sensitive information.
(CVE-2020-7059)
It was discovered that PHP incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS
and Ubuntu 19.10. (CVE-2020-7060)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
libapache2-mod-php7.0 7.0.33-0ubuntu0.16.04.12
php7.0-cgi 7.0.33-0ubuntu0.16.04.12
php7.0-cli 7.0.33-0ubuntu0.16.04.12
php7.0-fpm 7.0.33-0ubuntu0.16.04.12
In general, a standard system update will make all the necessary changes
| VAR-202002-0875 | CVE-2017-18642 | Syska Smart Bulb Information leakage vulnerabilities in devices |
CVSS V2: 3.3 CVSS V3: 6.5 Severity: MEDIUM |
Syska Smart Bulb devices through 2017-08-06 receive RGB parameters over cleartext Bluetooth Low Energy (BLE), leading to sniffing, reverse engineering, and replay attacks. Syska Smart Bulb The device contains a vulnerability related to information leakage.Information may be obtained
| VAR-202002-0393 | CVE-2019-17518 | DA1468x For devices Dialog Semiconductor SDK Classic buffer overflow vulnerability in |
CVSS V2: 6.1 CVSS V3: 6.5 Severity: MEDIUM |
The Bluetooth Low Energy implementation on Dialog Semiconductor SDK through 1.0.14.1081 for DA1468x devices responds to link layer packets with a payload length larger than expected, allowing attackers in radio range to cause a buffer overflow via a crafted packet. This affects, for example, August Smart Lock. DA1468x For devices Dialog Semiconductor SDK Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be put into a state
| VAR-202002-0392 | CVE-2019-17517 | Dialog Semiconductor SDK Classic buffer overflow vulnerability in |
CVSS V2: 6.1 CVSS V3: 5.7 Severity: MEDIUM |
The Bluetooth Low Energy implementation on Dialog Semiconductor SDK through 5.0.4 for DA14580/1/2/3 devices does not properly restrict the L2CAP payload length, allowing attackers in radio range to cause a buffer overflow via a crafted Link Layer packet. Dialog Semiconductor SDK Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be put into a state
| VAR-202002-0391 | CVE-2019-17520 | CC2640R2 For devices Texas Instruments SDK Classic buffer overflow vulnerability in |
CVSS V2: 6.1 CVSS V3: 6.5 Severity: MEDIUM |
The Bluetooth Low Energy implementation on Texas Instruments SDK through 3.30.00.20 for CC2640R2 devices does not properly restrict the SM Public Key packet on reception, allowing attackers in radio range to cause a denial of service (crash) via crafted packets. CC2640R2 For devices Texas Instruments SDK Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be put into a state
| VAR-202002-0295 | CVE-2019-17061 | Cypress PSoC 4 Classic buffer overflow vulnerability in device |
CVSS V2: 6.1 CVSS V3: 6.5 Severity: MEDIUM |
The Bluetooth Low Energy (BLE) stack implementation on Cypress PSoC 4 through 3.62 devices does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID (LLID) equal to zero. This allows attackers within radio range to cause deadlocks, cause anomalous behavior in the BLE state machine, or trigger a buffer overflow via a crafted BLE Link Layer frame. Cypress PSoC 4 A classic buffer overflow vulnerability exists on the device.Service operation interruption (DoS) It may be put into a state
| VAR-202002-0294 | CVE-2019-17060 | MCUXpresso SDK Classic buffer overflow vulnerability in |
CVSS V2: 6.1 CVSS V3: 6.5 Severity: MEDIUM |
The Bluetooth Low Energy (BLE) stack implementation on the NXP KW41Z (based on the MCUXpresso SDK with Bluetooth Low Energy Driver 2.2.1 and earlier) does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID (LLID) equal to zero. This allows attackers within radio range to cause deadlocks, cause anomalous behavior in the BLE state machine, or trigger a buffer overflow via a crafted BLE Link Layer frame. MCUXpresso SDK Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be put into a state
| VAR-202002-1690 | No CVE | Pulian wireless network camera has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Pulian Technology Co., Ltd. (hereinafter referred to as "TP-LINK") is a supplier of network communication equipment.
The Pulian wireless network camera has an unauthorized access vulnerability. An attacker can connect to the camera's wifi and turn on GPS to bypass account login and obtain sensitive information.
| VAR-202011-0788 | CVE-2020-27554 | BASETech GE-131 BT-1837836 Vulnerability in plaintext transmission of important information in firmware |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Cleartext Transmission of Sensitive Information vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 exists which could leak sensitive information transmitted between the mobile app and the camera device. BASETech GE-131 BT-1837836 is a Wi-Fi IP CCTV camera
| VAR-202002-0273 | CVE-2019-14088 | plural Snapdragon Product free memory usage vulnerability |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Possible use after free issue while CRM is accessing the link pointer from device private data due to lack of resource protection in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, MDM9206, MDM9207C, MDM9607, QCS605, SDM429W, SDX24, SM8150, SXR1130. plural Snapdragon The product contains a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows local attackers to escalate privileges on affected installations of Google Android. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the cam_actuator_driver_cmd function in the V4l2 driver. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Qualcomm MDM9206 and so on are the products of American Qualcomm. MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. SDX24 is a modem.
The Camera in several Qualcomm products has a resource management error vulnerability. The vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. No detailed vulnerability details are provided at this time
| VAR-202002-1209 | CVE-2020-6769 | plural Bosch Vulnerability regarding lack of authentication for critical features in the product |
CVSS V2: 6.4 CVSS V3: 9.1 Severity: CRITICAL |
Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. A successful attack can impact the confidentiality and availability of live and recorded video data of all cameras configured to be controlled by the VSG as well as the recording storage associated with the VSG. This affects Bosch Video Streaming Gateway versions 6.45 <= 6.45.08, 6.44 <= 6.44.022, 6.43 <= 6.43.0023 and 6.42.10 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable VSG version is installed with BVMS. This affects Bosch DIVAR IP 2000 <= 3.62.0019 and DIVAR IP 5000 <= 3.80.0039 if the corresponding port 8023 has been opened in the device's firewall. plural Bosch The product contains vulnerabilities related to lack of authentication for critical features.Information is obtained and service operation is interrupted (DoS) It may be put into a state. Bosch DIVAR IP 2000 is a 2000 series video recorder. Bosch DIVAR IP 3000 is a 3000 series video recorder