php:7.3 security, bug fix, and enhancement update

エラータID: AXSA:2020-779:01

Release date: 
Friday, October 23, 2020 - 13:46
Subject: 
php:7.3 security, bug fix, and enhancement update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

The following packages have been upgraded to a later upstream version: php
(7.3.20).

Security Fix(es):

* php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers()
(CVE-2019-11039)
* php: Buffer over-read in exif_read_data() (CVE-2019-11040)
* php: DirectoryIterator class accepts filenames with embedded \0 byte and
treats them as terminating at that byte (CVE-2019-11045)
* php: Information disclosure in exif_read_data() (CVE-2019-11047)
* php: Integer wraparounds when receiving multipart forms (CVE-2019-11048)
* oniguruma: Use-after-free in onig_new_deluxe() in regext.c (CVE-2019-13224)
* oniguruma: NULL pointer dereference in match_at() in regexec.c
(CVE-2019-13225)
* oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c
(CVE-2019-16163)
* oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file
gb18030.c (CVE-2019-19203)
* oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier
in regparse.c (CVE-2019-19204)
* pcre: Out of bounds read in JIT mode when \X is used in non-UTF mode
(CVE-2019-20454)
* php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059)
* php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function
(CVE-2020-7060)
* php: NULL pointer dereference in PHP session upload progress (CVE-2020-7062)
* php: Files added to tar with Phar::buildFromIterator have all-access
permissions (CVE-2020-7063)
* php: Information disclosure in exif_read_data() function (CVE-2020-7064)
* php: Using mb_strtolower() function with UTF-32LE encoding leads to potential
code execution (CVE-2020-7065)
* php: Heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041)
* php: Heap buffer over-read in exif_process_user_comment() (CVE-2019-11042)
* php: Out of bounds read when parsing EXIF information (CVE-2019-11050)
* oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c
(CVE-2019-19246)
* php: Information disclosure in function get_headers (CVE-2020-7066)

Modularity name: php
Stream name: 7.3

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. libzip-1.5.2-1.module+el8+129+cadff2bc.src.rpm
    MD5: 09a406fc0a472f4370db642b756a749f
    SHA-256: 44ecaf5264512d6084bb00aa8371af093031723d60230c280efa8a88e6a6ac18
    Size: 725.30 kB
  2. php-pear-1.10.9-1.module+el8+129+cadff2bc.src.rpm
    MD5: 777a15c1d20846fce03b56aaecc67d19
    SHA-256: e0345b7dd59effa05d8b7d3768ab1c2791e04c17ea5340fc48f1337e86c3c501
    Size: 377.10 kB
  3. php-pecl-apcu-5.1.17-1.module+el8+129+cadff2bc.src.rpm
    MD5: e8c2b39473821bea47e8881b3d7b4511
    SHA-256: 1ff4c5bd8b45bf7f34703025b4d97f1659983b184b3add226b6bfdba6d090ca3
    Size: 107.60 kB
  4. php-pecl-rrd-2.0.1-1.module+el8+129+cadff2bc.src.rpm
    MD5: f823e36de09b0e4db83801e128766a59
    SHA-256: c3b0e25bc93ec91390501b954667fc2406568eb992b0e803b3848b0675d832a1
    Size: 33.13 kB
  5. php-pecl-xdebug-2.8.0-1.module+el8+129+cadff2bc.src.rpm
    MD5: 9f73904d6c6fce4c078c265fcb3f3d04
    SHA-256: 4473e7357256713186d178a0558f6301be9f0c7d83e0ddbd1b5215b8e493bc9a
    Size: 448.44 kB
  6. php-pecl-zip-1.15.4-1.module+el8+129+cadff2bc.src.rpm
    MD5: 1797da2c0b18d04568cc1b91f73b81be
    SHA-256: 479b831be69a1e9d45534cfd7584302f87a27d70638ab5a6e3e898c046ca252e
    Size: 275.40 kB
  7. php-7.3.20-1.module+el8+129+cadff2bc.src.rpm
    MD5: 9db58ab6923955e2799af47fed40d4b7
    SHA-256: f33d7046115046101012668a389cc0c2ae9716d58794f7cd4312fd7eeb6de56d
    Size: 11.68 MB

Asianux Server 8 for x86_64
  1. libzip-1.5.2-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: 2319761873a6cd83d9e3bdfc60b07611
    SHA-256: 72e8dcbc7f55486736ec42368c779f716c309b6b169be432ec4a4615018deba7
    Size: 61.33 kB
  2. libzip-debugsource-1.5.2-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: f37553dbde9f629b77112a636d0a6cf3
    SHA-256: 0b7bb91cac10f8f396883233d9fcf02ad97e3c9aa31426d468a3e09b3cbe9d3d
    Size: 97.24 kB
  3. libzip-devel-1.5.2-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: 1167583e62537e2342e2d2da09dc2743
    SHA-256: 0274409038684b5da446e0ab34321043bbaa5a38192e5a5c0802ce857103c9e1
    Size: 178.72 kB
  4. libzip-tools-1.5.2-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: 7042a1ee6863aa44d9f4c37486d6a547
    SHA-256: a2550c540c8bea628b93f75f4a8239d80b48ce378911e1b6ed044aac61a57f1e
    Size: 42.65 kB
  5. php-pear-1.10.9-1.module+el8+129+cadff2bc.noarch.rpm
    MD5: 16be6d6612105a053c7c41be02a1016a
    SHA-256: 307eb6fa66ee0a4a7db46e56a9a6efd27d04c5e4889e6ee76f5827c4713cd5be
    Size: 357.85 kB
  6. apcu-panel-5.1.17-1.module+el8+129+cadff2bc.noarch.rpm
    MD5: 49acfb874f5356d92371ec682daeeaf3
    SHA-256: e5ed8b4b7ceb2028cbd9bd4dc20e4abcfbdd3eb8daf43c5ca2a377fd49cd7540
    Size: 22.21 kB
  7. php-pecl-apcu-5.1.17-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: da64453a09b918a2d90ac5dff570c99d
    SHA-256: 17848958251537abdcce470c3c8c83cdbdcd6a323f76e3a9c974ae26571a8a29
    Size: 63.01 kB
  8. php-pecl-apcu-debugsource-5.1.17-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: e845747bc5dbece789d63f845a777c76
    SHA-256: 32f62024f416001adfecba190f79d7da305110a4073e9aee4982de426c782d84
    Size: 49.90 kB
  9. php-pecl-apcu-devel-5.1.17-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: 6100b4a6b33ddce2babf6184231319ca
    SHA-256: 3bee6c7befc6e0da1433d82cfa59b6695a979c869c2c8d34a41c320876c33192
    Size: 46.08 kB
  10. php-pecl-rrd-2.0.1-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: f66c7457301b9edf9a28186a51370a59
    SHA-256: 3cd009cc1c674b643a92608a6def9a45a06f70696c5985a13b444eac435bfd26
    Size: 30.43 kB
  11. php-pecl-rrd-debugsource-2.0.1-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: af88689628efc3a8555ce9e06bf145c6
    SHA-256: 53bb226485989b36bb2692bb1d5cbe87dd772abfe53242e3a0a8c0ef2b618986
    Size: 22.38 kB
  12. php-pecl-xdebug-2.8.0-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: 7c1ff4882e72ee9ff7fccc1a6a5af05e
    SHA-256: 4de54453c1fced44597c7316ffb5bb17f7ffa62823f8080ddad819c798a59b68
    Size: 172.99 kB
  13. php-pecl-xdebug-debugsource-2.8.0-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: 0f3ff2a52a03c8585f3340830b37f536
    SHA-256: 389b3a4c19365e0c830a606eca9420b7c2916c65baab22a94888e1413edc6048
    Size: 128.75 kB
  14. php-pecl-zip-1.15.4-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: bd4c21e1837531f3b006c583d972feb1
    SHA-256: 95febc64211af73530689405d08f2db293bd78efc64bc2c4236a87e7a72d1115
    Size: 49.22 kB
  15. php-pecl-zip-debugsource-1.15.4-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: 67dbbbb1a03c769755a6e58a4e3a5181
    SHA-256: 98a7faa88a4a4be308d6f7fe4e895cece63af1d68d74c3b069e21e5c5bc91e48
    Size: 29.29 kB
  16. php-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: d2e16b333204f7684eb37ab23e918243
    SHA-256: d97e6b18174efdcac9f54299d2fdc1e2d4aaccba85f86ca0b16cdfde3f4aef3b
    Size: 1.50 MB
  17. php-bcmath-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: 88e6e8af2dae77f40346d5713b001549
    SHA-256: 847c3ae65091c45c7fcafe0f0539f5f0ec0724f613c246dc202762d59d22a83c
    Size: 77.84 kB
  18. php-cli-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: ff5f179aa3cc5bd6f3f45bdb71bbfd38
    SHA-256: 49c6ff4312ec7309cd0bc43b151fb18651cb8c8e35d602a286a5a9a8561bfdc2
    Size: 3.04 MB
  19. php-common-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: 9192f3c4be504511b4d51b3f623ee5ed
    SHA-256: 1c201ee7b48c5510e0b16bbf923f72bd29e5ceb62ab61ca02610700c8250413f
    Size: 667.79 kB
  20. php-dba-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: d78816e2dfc479619f3534b3916aa8bb
    SHA-256: 26f06562aa6c41441564b44176ddcddf8f36ec2e869d59c6c6ae26d611923b90
    Size: 76.64 kB
  21. php-dbg-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: 88bc616342c0a3bcedcba24fc0131d7b
    SHA-256: 89caaf0908801e3cb339932c98f7aa6fd4272043a5fbb2c56839c7c82d30848f
    Size: 1.61 MB
  22. php-debugsource-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: b367d80a131498cf59ad0a113df8d4e6
    SHA-256: 293755bd4772d660353a0fb2f095a8ac86a8b48437617f415e4de3bea497f871
    Size: 4.26 MB
  23. php-devel-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: 36cfc5a2b4523b32dd119f979b4df080
    SHA-256: 8238f46b418c7ecc43f149b2864197d8868209aa02111585b4b23f250baab99b
    Size: 734.18 kB
  24. php-embedded-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: d7039d1d8b129ba6d2c53fee27320c03
    SHA-256: 009977785f68bae185bd897b403aa53398c98b9134f5cdbb04ce2aec5b84e1a4
    Size: 1.49 MB
  25. php-enchant-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: 43774594c3e552caec08d2df8a71a8ea
    SHA-256: 1cf8b5b0a8e04fb15e198619d4fba5ac90cebecafc16a6dd07ea8342dd9e1bc9
    Size: 62.49 kB
  26. php-fpm-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: 2a7ff09c8de3ed74c52671de628dc60d
    SHA-256: f3cc31b5a6b7e517a08dcfca6afa2503d84f3ea190c76f023cdc6e86466eac80
    Size: 1.58 MB
  27. php-gd-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: 4830a7f8aa50fb18910f388722e801d5
    SHA-256: 78b4e13e3a09234c9388247b05aab1b369d3bd52b854192a7eb717efc2d46b2b
    Size: 82.40 kB
  28. php-gmp-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: c74e9afd24823135ce3f3134574f1c89
    SHA-256: 63c08459181f9c870f4244b4f7056eed855e46765a5031d5e96a84f4ee8740d0
    Size: 74.99 kB
  29. php-intl-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: 63e852004cbb852d47c48f69fe946ea6
    SHA-256: a55e88cbc9d702b178683abd145d061098329e1bd7282cdeb7473dc32d4982b7
    Size: 190.64 kB
  30. php-json-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: c9e1caf30474d3e8d350640a07a97170
    SHA-256: ce8b30e29c2bd9020f58af711741861609a24a9997e0ab3653d8b8dcd6623a94
    Size: 72.00 kB
  31. php-ldap-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: b2a04f8f6e98425c9e945e22c055a407
    SHA-256: b61614b180a7b7afba015f2b6d8e3de86ebc282b809ff0de5b01768877fa8cb7
    Size: 83.16 kB
  32. php-mbstring-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: 986a3625124f084cbbd1ed19d598c0e2
    SHA-256: 391ff8725d1095df46749563044d76746da5f96e64585945b705685375881e81
    Size: 616.45 kB
  33. php-mysqlnd-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: 6f9a7fe750fdae6034240714f225f2f6
    SHA-256: 7c1c294bd0eafa5fd58174fc597f9d3ba02f59fd7e10e1e5e0a99571914fa400
    Size: 187.63 kB
  34. php-odbc-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: 401cd5a1b52e77a3b86a20dda4f251d0
    SHA-256: 8ac8fa3629eaea22c2ef7f6420ce9cac2d111c42f6a7643a187e89a8ad4fdfec
    Size: 87.13 kB
  35. php-opcache-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: 16a946a117f8e15c73107e0789804473
    SHA-256: d4468d5495e20dece528e930f31b3334811076071c98b8bf37e656ad32b5bbf4
    Size: 248.83 kB
  36. php-pdo-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: 2075307eefbe412fd774ce61589fcb00
    SHA-256: 26d4d9e2d5c3fb8fae180e0fdda38ff41387c8ecbf9f28b7541c5247d536959a
    Size: 120.79 kB
  37. php-pgsql-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: 34a2d0552ffdd106ffb32be587b725e2
    SHA-256: cc43dc30d1e0276bd15352f42749de387e6a7274aa890f35a865c6be246bbd37
    Size: 116.58 kB
  38. php-process-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: 8797e80f1e86a264d03a085802957a0b
    SHA-256: 280472b1fa1cd8daa2e5214801e578082358dbfa6f41617623374b474bc492da
    Size: 82.95 kB
  39. php-recode-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: f3d63586d6f07c70f445dff3947fdd2d
    SHA-256: 02cc821ee950842effa22d75f22b33d87fb16cf0073651c346b1a898e04927d9
    Size: 58.27 kB
  40. php-snmp-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: 75a31560f71cc3f3a8ac46659f3c645c
    SHA-256: df8751c3acd4d2d6e8b35e8137fa12b223c59e0ef71def93318056c41f921e09
    Size: 72.67 kB
  41. php-soap-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: 950c342303e0835c4e3aa232a2b2dda8
    SHA-256: e68979deb81a5d2f298054ba66ff60df7b0ce166d38dd4242bb3749f9b171f83
    Size: 174.00 kB
  42. php-xml-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: 9149651111f28e9f0010870538903765
    SHA-256: 68600841968f070be0ca576bd1f87e8dc13b6d1e81cafad8bcd073ae91fc110d
    Size: 185.63 kB
  43. php-xmlrpc-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
    MD5: a56b513940fe328ae27c65bfd6d82715
    SHA-256: de4dbaf57fcbc1161babb6761d5a3fbea27e9d256c92fdef83a0eeee2da67de1
    Size: 87.81 kB