Synopsis
Moderate: php:7.3 security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Topic
An update for the php:7.3 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
The following packages have been upgraded to a later upstream version: php (7.3.20). (BZ#1856655)
Security Fix(es):
- php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() (CVE-2019-11039)
- php: Buffer over-read in exif_read_data() (CVE-2019-11040)
- php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte (CVE-2019-11045)
- php: Information disclosure in exif_read_data() (CVE-2019-11047)
- php: Integer wraparounds when receiving multipart forms (CVE-2019-11048)
- oniguruma: Use-after-free in onig_new_deluxe() in regext.c (CVE-2019-13224)
- oniguruma: NULL pointer dereference in match_at() in regexec.c (CVE-2019-13225)
- oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c (CVE-2019-16163)
- oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c (CVE-2019-19203)
- oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c (CVE-2019-19204)
- pcre: Out of bounds read in JIT mode when \X is used in non-UTF mode (CVE-2019-20454)
- php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059)
- php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function (CVE-2020-7060)
- php: NULL pointer dereference in PHP session upload progress (CVE-2020-7062)
- php: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063)
- php: Information disclosure in exif_read_data() function (CVE-2020-7064)
- php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution (CVE-2020-7065)
- php: Heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041)
- php: Heap buffer over-read in exif_process_user_comment() (CVE-2019-11042)
- php: Out of bounds read when parsing EXIF information (CVE-2019-11050)
- oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c (CVE-2019-19246)
- php: Information disclosure in function get_headers (CVE-2020-7066)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
Affected Products
-
Red Hat Enterprise Linux for x86_64 8 x86_64
-
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
-
Red Hat Enterprise Linux Server - AUS 8.2 x86_64
-
Red Hat Enterprise Linux for IBM z Systems 8 s390x
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
-
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
-
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
-
Red Hat Enterprise Linux Server - TUS 8.2 x86_64
-
Red Hat Enterprise Linux for ARM 64 8 aarch64
-
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
-
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le
-
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64
Fixes
- BZ - 1724152 - CVE-2019-11039 php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers()
- BZ - 1724154 - CVE-2019-11040 php: Buffer over-read in exif_read_data()
- BZ - 1728965 - CVE-2019-13225 oniguruma: NULL pointer dereference in match_at() in regexec.c
- BZ - 1728970 - CVE-2019-13224 oniguruma: Use-after-free in onig_new_deluxe() in regext.c
- BZ - 1735494 - CVE-2019-20454 pcre: Out of bounds read in JIT mode when \X is used in non-UTF mode
- BZ - 1739459 - CVE-2019-11041 php: Heap buffer over-read in exif_scan_thumbnail()
- BZ - 1739465 - CVE-2019-11042 php: Heap buffer over-read in exif_process_user_comment()
- BZ - 1768997 - CVE-2019-16163 oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c
- BZ - 1777537 - CVE-2019-19246 oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c
- BZ - 1786570 - CVE-2019-11047 php: Information disclosure in exif_read_data()
- BZ - 1786572 - CVE-2019-11045 php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte
- BZ - 1788258 - CVE-2019-11050 php: Out of bounds read when parsing EXIF information
- BZ - 1797776 - CVE-2020-7059 php: Out of bounds read in php_strip_tags_ex
- BZ - 1797779 - CVE-2020-7060 php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function
- BZ - 1802061 - CVE-2019-19203 oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c
- BZ - 1802068 - CVE-2019-19204 oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c
- BZ - 1808532 - CVE-2020-7062 php: NULL pointer dereference in PHP session upload progress
- BZ - 1808536 - CVE-2020-7063 php: Files added to tar with Phar::buildFromIterator have all-access permissions
- BZ - 1820601 - CVE-2020-7064 php: Information disclosure in exif_read_data() function
- BZ - 1820604 - CVE-2020-7066 php: Information disclosure in function get_headers
- BZ - 1820627 - CVE-2020-7065 php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution
- BZ - 1837842 - CVE-2019-11048 php: Integer wraparounds when receiving multipart forms
CVEs
References
Vulmon