{"schema_version": "1.3.1", "id": "RLSA-2020:3662", "modified": "2023-02-02T13:07:45.364217Z", "published": "2020-09-08T08:38:31Z", "related": ["CVE-2019-11039", "CVE-2019-11040", "CVE-2019-11041", "CVE-2019-11042", "CVE-2019-11045", "CVE-2019-11047", "CVE-2019-11048", "CVE-2019-11050", "CVE-2019-13224", "CVE-2019-13225", "CVE-2019-16163", "CVE-2019-19203", "CVE-2019-19204", "CVE-2019-19246", "CVE-2019-20454", "CVE-2020-7059", "CVE-2020-7060", "CVE-2020-7062", "CVE-2020-7063", "CVE-2020-7064", "CVE-2020-7065", "CVE-2020-7066"], "summary": "Moderate: php:7.3 security, bug fix, and enhancement update", "details": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nThe following packages have been upgraded to a later upstream version: php (7.3.20). (BZ#1856655)\n\nSecurity Fix(es):\n\n* php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() (CVE-2019-11039)\n\n* php: Buffer over-read in exif_read_data() (CVE-2019-11040)\n\n* php: DirectoryIterator class accepts filenames with embedded \\0 byte and treats them as terminating at that byte (CVE-2019-11045)\n\n* php: Information disclosure in exif_read_data() (CVE-2019-11047)\n\n* php: Integer wraparounds when receiving multipart forms (CVE-2019-11048)\n\n* oniguruma: Use-after-free in onig_new_deluxe() in regext.c (CVE-2019-13224)\n\n* oniguruma: NULL pointer dereference in match_at() in regexec.c (CVE-2019-13225)\n\n* oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c (CVE-2019-16163)\n\n* oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c (CVE-2019-19203)\n\n* oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c (CVE-2019-19204)\n\n* pcre: Out of bounds read in JIT mode when \\X is used in non-UTF mode (CVE-2019-20454)\n\n* php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059)\n\n* php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function (CVE-2020-7060)\n\n* php: NULL pointer dereference in PHP session upload progress (CVE-2020-7062)\n\n* php: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063)\n\n* php: Information disclosure in exif_read_data() function (CVE-2020-7064)\n\n* php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution (CVE-2020-7065)\n\n* php: Heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041)\n\n* php: Heap buffer over-read in exif_process_user_comment() (CVE-2019-11042)\n\n* php: Out of bounds read when parsing EXIF information (CVE-2019-11050)\n\n* oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c (CVE-2019-19246)\n\n* php: Information disclosure in function get_headers (CVE-2020-7066)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "severity": [{"type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}], "affected": [{"package": {"ecosystem": "Rocky Linux:8", "name": "libzip", "purl": "pkg:rpm/rocky-linux/libzip?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:1.5.2-1.module+el8.4.0+414+2e7afcdd"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "php", "purl": "pkg:rpm/rocky-linux/php?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:7.3.20-1.module+el8.4.0+414+2e7afcdd"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "php-pear", "purl": "pkg:rpm/rocky-linux/php-pear?distro=rocky-linux-8&epoch=1"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "1:1.10.9-1.module+el8.4.0+414+2e7afcdd"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "php-pecl-apcu", "purl": "pkg:rpm/rocky-linux/php-pecl-apcu?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:5.1.17-1.module+el8.4.0+414+2e7afcdd"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "php-pecl-rrd", "purl": "pkg:rpm/rocky-linux/php-pecl-rrd?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:2.0.1-1.module+el8.4.0+414+2e7afcdd"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "php-pecl-xdebug", "purl": "pkg:rpm/rocky-linux/php-pecl-xdebug?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:2.8.0-1.module+el8.4.0+414+2e7afcdd"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "php-pecl-zip", "purl": "pkg:rpm/rocky-linux/php-pecl-zip?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:1.15.4-1.module+el8.4.0+414+2e7afcdd"}], "database_specific": {"yum_repository": "AppStream"}}]}], "references": [{"type": "ADVISORY", "url": "https://errata.rockylinux.org/RLSA-2020:3662"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724152"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724154"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728965"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728970"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735494"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1739459"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1739465"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1768997"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1777537"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1786570"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1786572"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788258"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1797776"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1797779"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802061"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802068"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1808532"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1808536"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820601"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820604"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820627"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837842"}], "credits": [{"name": "Rocky Enterprise Software Foundation"}, {"name": "Red Hat"}]}