[Forgot Password]
Login  Register Subscribe

26309

 
 

132812

 
 

150489

 
 

909

 
 

119739

 
 

158

Paid content will be excluded from the download.


Download | Alert*
OVAL

RHSA-2020:3662-01 -- Redhat libzip, php, php-pear, php-pecl-apcu, php-pecl-rrd, php-pecl-xdebug, php-pecl-zip

ID: oval:org.secpod.oval:def:504284Date: (C)2020-09-16   (M)2020-09-17
Class: PATCHFamily: unix




PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php . Security Fix: * php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers * php: Buffer over-read in exif_read_data * php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte * php: Information disclosure in exif_read_data * php: Integer wraparounds when receiving multipart forms * oniguruma: Use-after-free in onig_new_deluxe in regext.c * oniguruma: NULL pointer dereference in match_at in regexec.c * oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c * oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c * oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c * pcre: Out of bounds read in JIT mode when \X is used in non-UTF mode * php: Out of bounds read in php_strip_tags_ex * php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function * php: NULL pointer dereference in PHP session upload progress * php: Files added to tar with Phar::buildFromIterator have all-access permissions * php: Information disclosure in exif_read_data function * php: Using mb_strtolower function with UTF-32LE encoding leads to potential code execution * php: Heap buffer over-read in exif_scan_thumbnail * php: Heap buffer over-read in exif_process_user_comment * php: Out of bounds read when parsing EXIF information * oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c * php: Information disclosure in function get_headers For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.

Platform:
Red Hat Enterprise Linux 8
Product:
libzip
php
php-pear
php-pecl-apcu
php-pecl-rrd
php-pecl-xdebug
php-pecl-zip
Reference:
RHSA-2020:3662-01
CVE-2019-11039
CVE-2019-11040
CVE-2019-11041
CVE-2019-11042
CVE-2019-11045
CVE-2019-11047
CVE-2019-11048
CVE-2019-11050
CVE-2019-13224
CVE-2019-13225
CVE-2019-16163
CVE-2019-19203
CVE-2019-19204
CVE-2019-19246
CVE-2019-20454
CVE-2020-7059
CVE-2020-7060
CVE-2020-7062
CVE-2020-7063
CVE-2020-7064
CVE-2020-7065
CVE-2020-7066
CVE    22
CVE-2019-11042
CVE-2020-7066
CVE-2020-7065
CVE-2019-11040
...

© SecPod Technologies