rh-php73-php-7.3.20-1.el7
エラータID: AXSA:2020-958:01
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
The following packages have been upgraded to a later upstream version: rh-php73-php (7.3.20).
Security Fix(es):
* php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte (CVE-2019-11045)
* php: Information disclosure in exif_read_data() (CVE-2019-11047)
* php: Integer wraparounds when receiving multipart forms (CVE-2019-11048)
* oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c (CVE-2019-19203)
* oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c (CVE-2019-19204)
* php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059)
* php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function (CVE-2020-7060)
* php: NULL pointer dereference in PHP session upload progress (CVE-2020-7062)
* php: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063)
* php: Information disclosure in exif_read_data() function (CVE-2020-7064)
* php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution (CVE-2020-7065)
* php: Out of bounds read when parsing EXIF information (CVE-2019-11050)
* oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c (CVE-2019-19246)
* php: Information disclosure in function get_headers (CVE-2020-7066)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Asianux Software Collections 3.6 Release Notes linked from the References section.
CVE-2019-11045
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
CVE-2019-11047
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
CVE-2019-11048
In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server.
CVE-2019-11050
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
CVE-2019-19203
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.
CVE-2019-19204
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.
CVE-2019-19246
Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.
CVE-2020-7059
When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.
CVE-2020-7060
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.
CVE-2020-7062
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.
CVE-2020-7063
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.
CVE-2020-7064
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.
CVE-2020-7065
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.
CVE-2020-7066
In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server.
Update packages.
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server.
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.
Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.
When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.
In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server.
N/A
SRPMS
- rh-php73-php-7.3.20-1.el7.src.rpm
MD5: f2a403fd220e3b0c24118e9a6c197399
SHA-256: e7073b029c3dd81921a217780631b993ace07748510d2071802d944283960640
Size: 11.66 MB
Asianux Server 7 for x86_64
- rh-php73-php-7.3.20-1.el7.x86_64.rpm
MD5: bf2e29e3460b6499ed9e65688c0a4744
SHA-256: 7e858f2b81709640817bab28d80d6c672a21249da44ca9d38d6217545bd56ca3
Size: 1.41 MB - rh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm
MD5: 16b291608a86b8989ffb38b26299d42c
SHA-256: 880e9951580716a2aefee03d5d1243b1a189af4799d03cfe3fc8bf311e4cf7f8
Size: 59.75 kB - rh-php73-php-cli-7.3.20-1.el7.x86_64.rpm
MD5: ecdc99d54f67e81b7c1ede644a1cc9dc
SHA-256: cbb75a9731f82a408bef429b6fd2c77f5e45a98c63d8269df3a5a2db0bfc9601
Size: 2.86 MB - rh-php73-php-common-7.3.20-1.el7.x86_64.rpm
MD5: 7362837628aed34832f60921e5fb521a
SHA-256: 1ed78cde903fba31b7f704f12d1d2f3bdbc52d75203d713499687bb906a93834
Size: 685.61 kB - rh-php73-php-dba-7.3.20-1.el7.x86_64.rpm
MD5: f23c10a527e62c147c68cb4ba6d5705e
SHA-256: 393a60e905c89b240e8f3a310b8ff5fde9b592e213a923921dbbef2a897c6426
Size: 58.01 kB - rh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm
MD5: a2daa870e2206c55b62ecc633933be34
SHA-256: c2484423cf24331446b9e1d66be37d483283070bd32d55ef1caffe58a3755e4a
Size: 1.51 MB - rh-php73-php-devel-7.3.20-1.el7.x86_64.rpm
MD5: 3fdd05f11cf87a556ed2d31871bda4d4
SHA-256: aa7ea9942e8dfb231d55e4c6e74333d2497dfb8a90368d6757ac519fd7071bc6
Size: 731.25 kB - rh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm
MD5: 3c2043087324d5913e61bd43815e3a9d
SHA-256: 0d86d5c2dcc2ae36b01389b8e7f57f30b3d6b8abccee4ef7a9783601abf3cfb3
Size: 1.40 MB - rh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm
MD5: dea54c1451dc838352888232c516f455
SHA-256: a3d3d3d3847f874eec429adcf6bfb4fcbfc8eef075edeb2df81988ad144a0f6c
Size: 44.32 kB - rh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm
MD5: 72742703652ed3f15050bddf3d0980df
SHA-256: 16aa6b63bf349dc28547428858e010bd7ad5dcf9f7ae8c5aa277612b5e945f02
Size: 1.49 MB - rh-php73-php-gd-7.3.20-1.el7.x86_64.rpm
MD5: f05f61c272813be08541dbc71b384198
SHA-256: 640c682574e9f1eae2f905d3c08e78d902962e11deff568999875a8428f6b7e0
Size: 149.95 kB - rh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm
MD5: 65b7ce3a51890081eb0354a6db82a860
SHA-256: af8b63234002de51ce9c769dabfda3d604603157b4260aaa99b8433e615fa528
Size: 56.47 kB - rh-php73-php-intl-7.3.20-1.el7.x86_64.rpm
MD5: de5482e394cca458577921dcfa16efd0
SHA-256: c9a10e46d2203145bf95c87512b5be7b6639a701ebb0b00b4dbe42bab62a64c1
Size: 163.25 kB - rh-php73-php-json-7.3.20-1.el7.x86_64.rpm
MD5: 04c150d76e06d57546213b81f8c19046
SHA-256: 0155d05cde74199ef351ad59d8f507c56285ee085f3b41159eb186d8d75c4197
Size: 53.66 kB - rh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm
MD5: b76d03fe978df38aa287fb5bf8167f6d
SHA-256: 95f0e5055694727965196e052f628cf2f5b64303d44c936955d5c3c248fa1e15
Size: 64.27 kB - rh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm
MD5: 5d0ac005b4575eaa3c6755a38c233dde
SHA-256: f99ac9545d40ac7e8a733fa0938cef78a1b92a1afbcc3b89abfeb075c35de9c8
Size: 591.87 kB - rh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm
MD5: b5bf1f3d78bffb6ca9a8b62704d692fb
SHA-256: f678313d485410b17f24f7e75bbbb2125172aeeb4e16f46b28401e4ec311a1aa
Size: 164.61 kB - rh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm
MD5: e13ed3fa515b9222c2125d71f2e65df6
SHA-256: a70989ff708c9c968a00ea54daebcf5c5b6fd5fe0499db6e56d48f8b9569e20c
Size: 67.83 kB - rh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm
MD5: ed2936fa5af55813fb57a955faf1a780
SHA-256: 0b4c7808191d14b5c68825365ab5b4817beb489117a43971a2fa53b3b6d3fd7d
Size: 225.17 kB - rh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm
MD5: 8ee7c1ea609bdaf413c9870fcb9de912
SHA-256: 8f3e0c9fb80bb39402ccee86117f581ce19957282210c8df3686c5d0acee40a0
Size: 99.92 kB - rh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm
MD5: 3e26c4508b2dbda21aa2edf78c79393f
SHA-256: 50fe5fdc62c6dc4d0c298aba0017fcec7c2fa1a94a2bcbcf2b278c5620d22a49
Size: 95.09 kB - rh-php73-php-process-7.3.20-1.el7.x86_64.rpm
MD5: 2de04d0a495a4a0bc2db62d278f6707d
SHA-256: f38ae29ff4dcfe566b59ddd59001c60d8a725f7937925611212b427d2b61d598
Size: 62.04 kB - rh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm
MD5: f53a635642f91bf6eeaf8502dc44e1ad
SHA-256: 4c5bd74056dda96772469e101fe41ecc101f1ab8cec890cc7203c522ee2f995e
Size: 43.64 kB - rh-php73-php-recode-7.3.20-1.el7.x86_64.rpm
MD5: c067832e3f5a1f766b8eaa53bc06e9e5
SHA-256: fa351f0b3a318c87b17b1ad17ff3b36acf2c977e3fba5a422fdfdda410883b34
Size: 40.46 kB - rh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm
MD5: a6ee0c418428b8600178bcf7f4d7742b
SHA-256: 54d5dc2f1542ad4d9a63d6367041577c101bed29d674520648d092de60127f7b
Size: 53.80 kB - rh-php73-php-soap-7.3.20-1.el7.x86_64.rpm
MD5: ccb0dc20ea269b6d53cf4503fbd45a53
SHA-256: 1f899fbd08a87050a094457e612fc035acc6422ae83fe520e73330ab2645096f
Size: 152.73 kB - rh-php73-php-xml-7.3.20-1.el7.x86_64.rpm
MD5: 8a51f6b57afc52901133a77705fd149a
SHA-256: e18e11f1ecc566427ac688d84582f3a2eb6dbb5a9e6b9ded74fa340995f0d028
Size: 158.03 kB - rh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm
MD5: d2335a55f48993b401fc37756dc4750e
SHA-256: 21114b5fb551c4db5f3ec94d4703b3d34162302c9f02e7e3344495a9f110ac3d
Size: 69.07 kB - rh-php73-php-zip-7.3.20-1.el7.x86_64.rpm
MD5: e91eacb859f38b28c82fe00ac6b9b21d
SHA-256: 94bc1175b696f142baf61ecb6fb7a9dc91cd31ea1ea597b1349de577351f3249
Size: 89.67 kB