First published: Tue Dec 01 2020(Updated: )
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. <br>The following packages have been upgraded to a later upstream version: rh-php73-php (7.3.20). (BZ#1853211)<br>Security Fix(es):<br><li> php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte (CVE-2019-11045)</li> <li> php: Information disclosure in exif_read_data() (CVE-2019-11047)</li> <li> php: Integer wraparounds when receiving multipart forms (CVE-2019-11048)</li> <li> oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c (CVE-2019-19203)</li> <li> oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c (CVE-2019-19204)</li> <li> php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059)</li> <li> php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function (CVE-2020-7060)</li> <li> php: NULL pointer dereference in PHP session upload progress (CVE-2020-7062)</li> <li> php: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063)</li> <li> php: Information disclosure in exif_read_data() function (CVE-2020-7064)</li> <li> php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution (CVE-2020-7065)</li> <li> php: Out of bounds read when parsing EXIF information (CVE-2019-11050)</li> <li> oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c (CVE-2019-19246)</li> <li> php: Information disclosure in function get_headers (CVE-2020-7066)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Additional Changes:<br>For detailed information on changes in this release, see the Red Hat Software Collections 3.6 Release Notes linked from the References section.
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/rh-php73-php | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-bcmath | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-cli | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-common | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-dba | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-dbg | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-debuginfo | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-devel | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-embedded | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-enchant | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-fpm | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-gd | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-gmp | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-intl | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-json | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-ldap | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-mbstring | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-mysqlnd | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-odbc | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-opcache | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-pdo | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-pgsql | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-process | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-pspell | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-recode | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-snmp | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-soap | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-xmlrpc | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-zip | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-bcmath | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-cli | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-common | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-dba | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-dbg | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-debuginfo | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-devel | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-embedded | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-enchant | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-fpm | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-gd | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-gmp | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-intl | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-json | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-ldap | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-mbstring | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-mysqlnd | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-odbc | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-opcache | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-pdo | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-pgsql | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-process | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-pspell | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-recode | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-snmp | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-soap | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-xmlrpc | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-zip | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-bcmath | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-cli | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-common | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-dba | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-dbg | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-debuginfo | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-devel | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-embedded | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-enchant | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-fpm | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-gd | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-gmp | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-intl | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-json | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-ldap | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-mbstring | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-mysqlnd | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-odbc | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-opcache | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-pdo | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-pgsql | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-process | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-pspell | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-recode | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-snmp | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-soap | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-xmlrpc | <7.3.20-1.el7 | 7.3.20-1.el7 |
redhat/rh-php73-php-zip | <7.3.20-1.el7 | 7.3.20-1.el7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.