RHSA-2020:3662-01 -- Redhat libzip, php, php-pear, php-pecl-apcu, php-pecl-rrd, php-pecl-xdebug, php-pecl-zip
|ID: oval:org.secpod.oval:def:504284||Date: (C)2020-09-16 (M)2020-09-17|
|Class: PATCH||Family: unix|
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php . Security Fix: * php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers * php: Buffer over-read in exif_read_data * php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte * php: Information disclosure in exif_read_data * php: Integer wraparounds when receiving multipart forms * oniguruma: Use-after-free in onig_new_deluxe in regext.c * oniguruma: NULL pointer dereference in match_at in regexec.c * oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c * oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c * oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c * pcre: Out of bounds read in JIT mode when \X is used in non-UTF mode * php: Out of bounds read in php_strip_tags_ex * php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function * php: NULL pointer dereference in PHP session upload progress * php: Files added to tar with Phar::buildFromIterator have all-access permissions * php: Information disclosure in exif_read_data function * php: Using mb_strtolower function with UTF-32LE encoding leads to potential code execution * php: Heap buffer over-read in exif_scan_thumbnail * php: Heap buffer over-read in exif_process_user_comment * php: Out of bounds read when parsing EXIF information * oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c * php: Information disclosure in function get_headers For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
|Red Hat Enterprise Linux 8|