php:7.3 security, bug fix, and enhancement update
エラータID: AXSA:2020-779:01
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
The following packages have been upgraded to a later upstream version: php
(7.3.20).
Security Fix(es):
* php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers()
(CVE-2019-11039)
* php: Buffer over-read in exif_read_data() (CVE-2019-11040)
* php: DirectoryIterator class accepts filenames with embedded \0 byte and
treats them as terminating at that byte (CVE-2019-11045)
* php: Information disclosure in exif_read_data() (CVE-2019-11047)
* php: Integer wraparounds when receiving multipart forms (CVE-2019-11048)
* oniguruma: Use-after-free in onig_new_deluxe() in regext.c (CVE-2019-13224)
* oniguruma: NULL pointer dereference in match_at() in regexec.c
(CVE-2019-13225)
* oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c
(CVE-2019-16163)
* oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file
gb18030.c (CVE-2019-19203)
* oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier
in regparse.c (CVE-2019-19204)
* pcre: Out of bounds read in JIT mode when \X is used in non-UTF mode
(CVE-2019-20454)
* php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059)
* php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function
(CVE-2020-7060)
* php: NULL pointer dereference in PHP session upload progress (CVE-2020-7062)
* php: Files added to tar with Phar::buildFromIterator have all-access
permissions (CVE-2020-7063)
* php: Information disclosure in exif_read_data() function (CVE-2020-7064)
* php: Using mb_strtolower() function with UTF-32LE encoding leads to potential
code execution (CVE-2020-7065)
* php: Heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041)
* php: Heap buffer over-read in exif_process_user_comment() (CVE-2019-11042)
* php: Out of bounds read when parsing EXIF information (CVE-2019-11050)
* oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c
(CVE-2019-19246)
* php: Information disclosure in function get_headers (CVE-2020-7066)
Modularity name: php
Stream name: 7.3
Update packages.
Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server.
A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.
A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.
Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.
An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.
When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.
In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server.
N/A
SRPMS
- libzip-1.5.2-1.module+el8+129+cadff2bc.src.rpm
MD5: 09a406fc0a472f4370db642b756a749f
SHA-256: 44ecaf5264512d6084bb00aa8371af093031723d60230c280efa8a88e6a6ac18
Size: 725.30 kB - php-pear-1.10.9-1.module+el8+129+cadff2bc.src.rpm
MD5: 777a15c1d20846fce03b56aaecc67d19
SHA-256: e0345b7dd59effa05d8b7d3768ab1c2791e04c17ea5340fc48f1337e86c3c501
Size: 377.10 kB - php-pecl-apcu-5.1.17-1.module+el8+129+cadff2bc.src.rpm
MD5: e8c2b39473821bea47e8881b3d7b4511
SHA-256: 1ff4c5bd8b45bf7f34703025b4d97f1659983b184b3add226b6bfdba6d090ca3
Size: 107.60 kB - php-pecl-rrd-2.0.1-1.module+el8+129+cadff2bc.src.rpm
MD5: f823e36de09b0e4db83801e128766a59
SHA-256: c3b0e25bc93ec91390501b954667fc2406568eb992b0e803b3848b0675d832a1
Size: 33.13 kB - php-pecl-xdebug-2.8.0-1.module+el8+129+cadff2bc.src.rpm
MD5: 9f73904d6c6fce4c078c265fcb3f3d04
SHA-256: 4473e7357256713186d178a0558f6301be9f0c7d83e0ddbd1b5215b8e493bc9a
Size: 448.44 kB - php-pecl-zip-1.15.4-1.module+el8+129+cadff2bc.src.rpm
MD5: 1797da2c0b18d04568cc1b91f73b81be
SHA-256: 479b831be69a1e9d45534cfd7584302f87a27d70638ab5a6e3e898c046ca252e
Size: 275.40 kB - php-7.3.20-1.module+el8+129+cadff2bc.src.rpm
MD5: 9db58ab6923955e2799af47fed40d4b7
SHA-256: f33d7046115046101012668a389cc0c2ae9716d58794f7cd4312fd7eeb6de56d
Size: 11.68 MB
Asianux Server 8 for x86_64
- libzip-1.5.2-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: 2319761873a6cd83d9e3bdfc60b07611
SHA-256: 72e8dcbc7f55486736ec42368c779f716c309b6b169be432ec4a4615018deba7
Size: 61.33 kB - libzip-debugsource-1.5.2-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: f37553dbde9f629b77112a636d0a6cf3
SHA-256: 0b7bb91cac10f8f396883233d9fcf02ad97e3c9aa31426d468a3e09b3cbe9d3d
Size: 97.24 kB - libzip-devel-1.5.2-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: 1167583e62537e2342e2d2da09dc2743
SHA-256: 0274409038684b5da446e0ab34321043bbaa5a38192e5a5c0802ce857103c9e1
Size: 178.72 kB - libzip-tools-1.5.2-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: 7042a1ee6863aa44d9f4c37486d6a547
SHA-256: a2550c540c8bea628b93f75f4a8239d80b48ce378911e1b6ed044aac61a57f1e
Size: 42.65 kB - php-pear-1.10.9-1.module+el8+129+cadff2bc.noarch.rpm
MD5: 16be6d6612105a053c7c41be02a1016a
SHA-256: 307eb6fa66ee0a4a7db46e56a9a6efd27d04c5e4889e6ee76f5827c4713cd5be
Size: 357.85 kB - apcu-panel-5.1.17-1.module+el8+129+cadff2bc.noarch.rpm
MD5: 49acfb874f5356d92371ec682daeeaf3
SHA-256: e5ed8b4b7ceb2028cbd9bd4dc20e4abcfbdd3eb8daf43c5ca2a377fd49cd7540
Size: 22.21 kB - php-pecl-apcu-5.1.17-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: da64453a09b918a2d90ac5dff570c99d
SHA-256: 17848958251537abdcce470c3c8c83cdbdcd6a323f76e3a9c974ae26571a8a29
Size: 63.01 kB - php-pecl-apcu-debugsource-5.1.17-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: e845747bc5dbece789d63f845a777c76
SHA-256: 32f62024f416001adfecba190f79d7da305110a4073e9aee4982de426c782d84
Size: 49.90 kB - php-pecl-apcu-devel-5.1.17-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: 6100b4a6b33ddce2babf6184231319ca
SHA-256: 3bee6c7befc6e0da1433d82cfa59b6695a979c869c2c8d34a41c320876c33192
Size: 46.08 kB - php-pecl-rrd-2.0.1-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: f66c7457301b9edf9a28186a51370a59
SHA-256: 3cd009cc1c674b643a92608a6def9a45a06f70696c5985a13b444eac435bfd26
Size: 30.43 kB - php-pecl-rrd-debugsource-2.0.1-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: af88689628efc3a8555ce9e06bf145c6
SHA-256: 53bb226485989b36bb2692bb1d5cbe87dd772abfe53242e3a0a8c0ef2b618986
Size: 22.38 kB - php-pecl-xdebug-2.8.0-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: 7c1ff4882e72ee9ff7fccc1a6a5af05e
SHA-256: 4de54453c1fced44597c7316ffb5bb17f7ffa62823f8080ddad819c798a59b68
Size: 172.99 kB - php-pecl-xdebug-debugsource-2.8.0-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: 0f3ff2a52a03c8585f3340830b37f536
SHA-256: 389b3a4c19365e0c830a606eca9420b7c2916c65baab22a94888e1413edc6048
Size: 128.75 kB - php-pecl-zip-1.15.4-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: bd4c21e1837531f3b006c583d972feb1
SHA-256: 95febc64211af73530689405d08f2db293bd78efc64bc2c4236a87e7a72d1115
Size: 49.22 kB - php-pecl-zip-debugsource-1.15.4-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: 67dbbbb1a03c769755a6e58a4e3a5181
SHA-256: 98a7faa88a4a4be308d6f7fe4e895cece63af1d68d74c3b069e21e5c5bc91e48
Size: 29.29 kB - php-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: d2e16b333204f7684eb37ab23e918243
SHA-256: d97e6b18174efdcac9f54299d2fdc1e2d4aaccba85f86ca0b16cdfde3f4aef3b
Size: 1.50 MB - php-bcmath-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: 88e6e8af2dae77f40346d5713b001549
SHA-256: 847c3ae65091c45c7fcafe0f0539f5f0ec0724f613c246dc202762d59d22a83c
Size: 77.84 kB - php-cli-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: ff5f179aa3cc5bd6f3f45bdb71bbfd38
SHA-256: 49c6ff4312ec7309cd0bc43b151fb18651cb8c8e35d602a286a5a9a8561bfdc2
Size: 3.04 MB - php-common-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: 9192f3c4be504511b4d51b3f623ee5ed
SHA-256: 1c201ee7b48c5510e0b16bbf923f72bd29e5ceb62ab61ca02610700c8250413f
Size: 667.79 kB - php-dba-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: d78816e2dfc479619f3534b3916aa8bb
SHA-256: 26f06562aa6c41441564b44176ddcddf8f36ec2e869d59c6c6ae26d611923b90
Size: 76.64 kB - php-dbg-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: 88bc616342c0a3bcedcba24fc0131d7b
SHA-256: 89caaf0908801e3cb339932c98f7aa6fd4272043a5fbb2c56839c7c82d30848f
Size: 1.61 MB - php-debugsource-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: b367d80a131498cf59ad0a113df8d4e6
SHA-256: 293755bd4772d660353a0fb2f095a8ac86a8b48437617f415e4de3bea497f871
Size: 4.26 MB - php-devel-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: 36cfc5a2b4523b32dd119f979b4df080
SHA-256: 8238f46b418c7ecc43f149b2864197d8868209aa02111585b4b23f250baab99b
Size: 734.18 kB - php-embedded-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: d7039d1d8b129ba6d2c53fee27320c03
SHA-256: 009977785f68bae185bd897b403aa53398c98b9134f5cdbb04ce2aec5b84e1a4
Size: 1.49 MB - php-enchant-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: 43774594c3e552caec08d2df8a71a8ea
SHA-256: 1cf8b5b0a8e04fb15e198619d4fba5ac90cebecafc16a6dd07ea8342dd9e1bc9
Size: 62.49 kB - php-fpm-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: 2a7ff09c8de3ed74c52671de628dc60d
SHA-256: f3cc31b5a6b7e517a08dcfca6afa2503d84f3ea190c76f023cdc6e86466eac80
Size: 1.58 MB - php-gd-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: 4830a7f8aa50fb18910f388722e801d5
SHA-256: 78b4e13e3a09234c9388247b05aab1b369d3bd52b854192a7eb717efc2d46b2b
Size: 82.40 kB - php-gmp-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: c74e9afd24823135ce3f3134574f1c89
SHA-256: 63c08459181f9c870f4244b4f7056eed855e46765a5031d5e96a84f4ee8740d0
Size: 74.99 kB - php-intl-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: 63e852004cbb852d47c48f69fe946ea6
SHA-256: a55e88cbc9d702b178683abd145d061098329e1bd7282cdeb7473dc32d4982b7
Size: 190.64 kB - php-json-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: c9e1caf30474d3e8d350640a07a97170
SHA-256: ce8b30e29c2bd9020f58af711741861609a24a9997e0ab3653d8b8dcd6623a94
Size: 72.00 kB - php-ldap-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: b2a04f8f6e98425c9e945e22c055a407
SHA-256: b61614b180a7b7afba015f2b6d8e3de86ebc282b809ff0de5b01768877fa8cb7
Size: 83.16 kB - php-mbstring-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: 986a3625124f084cbbd1ed19d598c0e2
SHA-256: 391ff8725d1095df46749563044d76746da5f96e64585945b705685375881e81
Size: 616.45 kB - php-mysqlnd-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: 6f9a7fe750fdae6034240714f225f2f6
SHA-256: 7c1c294bd0eafa5fd58174fc597f9d3ba02f59fd7e10e1e5e0a99571914fa400
Size: 187.63 kB - php-odbc-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: 401cd5a1b52e77a3b86a20dda4f251d0
SHA-256: 8ac8fa3629eaea22c2ef7f6420ce9cac2d111c42f6a7643a187e89a8ad4fdfec
Size: 87.13 kB - php-opcache-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: 16a946a117f8e15c73107e0789804473
SHA-256: d4468d5495e20dece528e930f31b3334811076071c98b8bf37e656ad32b5bbf4
Size: 248.83 kB - php-pdo-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: 2075307eefbe412fd774ce61589fcb00
SHA-256: 26d4d9e2d5c3fb8fae180e0fdda38ff41387c8ecbf9f28b7541c5247d536959a
Size: 120.79 kB - php-pgsql-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: 34a2d0552ffdd106ffb32be587b725e2
SHA-256: cc43dc30d1e0276bd15352f42749de387e6a7274aa890f35a865c6be246bbd37
Size: 116.58 kB - php-process-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: 8797e80f1e86a264d03a085802957a0b
SHA-256: 280472b1fa1cd8daa2e5214801e578082358dbfa6f41617623374b474bc492da
Size: 82.95 kB - php-recode-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: f3d63586d6f07c70f445dff3947fdd2d
SHA-256: 02cc821ee950842effa22d75f22b33d87fb16cf0073651c346b1a898e04927d9
Size: 58.27 kB - php-snmp-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: 75a31560f71cc3f3a8ac46659f3c645c
SHA-256: df8751c3acd4d2d6e8b35e8137fa12b223c59e0ef71def93318056c41f921e09
Size: 72.67 kB - php-soap-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: 950c342303e0835c4e3aa232a2b2dda8
SHA-256: e68979deb81a5d2f298054ba66ff60df7b0ce166d38dd4242bb3749f9b171f83
Size: 174.00 kB - php-xml-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: 9149651111f28e9f0010870538903765
SHA-256: 68600841968f070be0ca576bd1f87e8dc13b6d1e81cafad8bcd073ae91fc110d
Size: 185.63 kB - php-xmlrpc-7.3.20-1.module+el8+129+cadff2bc.x86_64.rpm
MD5: a56b513940fe328ae27c65bfd6d82715
SHA-256: de4dbaf57fcbc1161babb6761d5a3fbea27e9d256c92fdef83a0eeee2da67de1
Size: 87.81 kB