Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.3072
php:7.3 security, bug fix, and enhancement update
9 September 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: php
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux Server 8
Red Hat Enterprise Linux WS/Desktop 8
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2020-7066 CVE-2020-7065 CVE-2020-7064
CVE-2020-7063 CVE-2020-7062 CVE-2020-7060
CVE-2020-7059 CVE-2019-20454 CVE-2019-19246
CVE-2019-19204 CVE-2019-19203 CVE-2019-16163
CVE-2019-13225 CVE-2019-13224 CVE-2019-11050
CVE-2019-11048 CVE-2019-11047 CVE-2019-11045
CVE-2019-11042 CVE-2019-11041 CVE-2019-11040
CVE-2019-11039
Reference: ESB-2020.2307
Original Bulletin:
https://access.redhat.com/errata/RHSA-2020:3662
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: php:7.3 security, bug fix, and enhancement update
Advisory ID: RHSA-2020:3662-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3662
Issue date: 2020-09-08
CVE Names: CVE-2019-11039 CVE-2019-11040 CVE-2019-11041
CVE-2019-11042 CVE-2019-11045 CVE-2019-11047
CVE-2019-11048 CVE-2019-11050 CVE-2019-13224
CVE-2019-13225 CVE-2019-16163 CVE-2019-19203
CVE-2019-19204 CVE-2019-19246 CVE-2019-20454
CVE-2020-7059 CVE-2020-7060 CVE-2020-7062
CVE-2020-7063 CVE-2020-7064 CVE-2020-7065
CVE-2020-7066
=====================================================================
1. Summary:
An update for the php:7.3 module is now available for Red Hat Enterprise
Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
3. Description:
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.
The following packages have been upgraded to a later upstream version: php
(7.3.20). (BZ#1856655)
Security Fix(es):
* php: Out-of-bounds read due to integer overflow in
iconv_mime_decode_headers() (CVE-2019-11039)
* php: Buffer over-read in exif_read_data() (CVE-2019-11040)
* php: DirectoryIterator class accepts filenames with embedded \0 byte and
treats them as terminating at that byte (CVE-2019-11045)
* php: Information disclosure in exif_read_data() (CVE-2019-11047)
* php: Integer wraparounds when receiving multipart forms (CVE-2019-11048)
* oniguruma: Use-after-free in onig_new_deluxe() in regext.c
(CVE-2019-13224)
* oniguruma: NULL pointer dereference in match_at() in regexec.c
(CVE-2019-13225)
* oniguruma: Stack exhaustion in regcomp.c because of recursion in
regparse.c (CVE-2019-16163)
* oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in
file gb18030.c (CVE-2019-19203)
* oniguruma: Heap-based buffer over-read in function
fetch_interval_quantifier in regparse.c (CVE-2019-19204)
* pcre: Out of bounds read in JIT mode when \X is used in non-UTF mode
(CVE-2019-20454)
* php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059)
* php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function
(CVE-2020-7060)
* php: NULL pointer dereference in PHP session upload progress
(CVE-2020-7062)
* php: Files added to tar with Phar::buildFromIterator have all-access
permissions (CVE-2020-7063)
* php: Information disclosure in exif_read_data() function (CVE-2020-7064)
* php: Using mb_strtolower() function with UTF-32LE encoding leads to
potential code execution (CVE-2020-7065)
* php: Heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041)
* php: Heap buffer over-read in exif_process_user_comment()
(CVE-2019-11042)
* php: Out of bounds read when parsing EXIF information (CVE-2019-11050)
* oniguruma: Heap-based buffer overflow in str_lower_case_match in
regexec.c (CVE-2019-19246)
* php: Information disclosure in function get_headers (CVE-2020-7066)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon must be restarted
for the update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1724152 - CVE-2019-11039 php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers()
1724154 - CVE-2019-11040 php: Buffer over-read in exif_read_data()
1728965 - CVE-2019-13225 oniguruma: NULL pointer dereference in match_at() in regexec.c
1728970 - CVE-2019-13224 oniguruma: Use-after-free in onig_new_deluxe() in regext.c
1735494 - CVE-2019-20454 pcre: Out of bounds read in JIT mode when \X is used in non-UTF mode
1739459 - CVE-2019-11041 php: Heap buffer over-read in exif_scan_thumbnail()
1739465 - CVE-2019-11042 php: Heap buffer over-read in exif_process_user_comment()
1768997 - CVE-2019-16163 oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c
1777537 - CVE-2019-19246 oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c
1786570 - CVE-2019-11047 php: Information disclosure in exif_read_data()
1786572 - CVE-2019-11045 php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte
1788258 - CVE-2019-11050 php: Out of bounds read when parsing EXIF information
1797776 - CVE-2020-7059 php: Out of bounds read in php_strip_tags_ex
1797779 - CVE-2020-7060 php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function
1802061 - CVE-2019-19203 oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c
1802068 - CVE-2019-19204 oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c
1808532 - CVE-2020-7062 php: NULL pointer dereference in PHP session upload progress
1808536 - CVE-2020-7063 php: Files added to tar with Phar::buildFromIterator have all-access permissions
1820601 - CVE-2020-7064 php: Information disclosure in exif_read_data() function
1820604 - CVE-2020-7066 php: Information disclosure in function get_headers
1820627 - CVE-2020-7065 php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution
1837842 - CVE-2019-11048 php: Integer wraparounds when receiving multipart forms
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
libzip-1.5.2-1.module+el8.1.0+3189+a1bff096.src.rpm
php-7.3.20-1.module+el8.2.0+7373+b272fdef.src.rpm
php-pear-1.10.9-1.module+el8.1.0+3189+a1bff096.src.rpm
php-pecl-apcu-5.1.17-1.module+el8.1.0+3189+a1bff096.src.rpm
php-pecl-rrd-2.0.1-1.module+el8.2.0+4968+1d5097db.src.rpm
php-pecl-xdebug-2.8.0-1.module+el8.2.0+4968+1d5097db.src.rpm
php-pecl-zip-1.15.4-1.module+el8.1.0+3189+a1bff096.src.rpm
aarch64:
libzip-1.5.2-1.module+el8.1.0+3189+a1bff096.aarch64.rpm
libzip-debuginfo-1.5.2-1.module+el8.1.0+3189+a1bff096.aarch64.rpm
libzip-debugsource-1.5.2-1.module+el8.1.0+3189+a1bff096.aarch64.rpm
libzip-devel-1.5.2-1.module+el8.1.0+3189+a1bff096.aarch64.rpm
libzip-tools-1.5.2-1.module+el8.1.0+3189+a1bff096.aarch64.rpm
libzip-tools-debuginfo-1.5.2-1.module+el8.1.0+3189+a1bff096.aarch64.rpm
php-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-bcmath-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-bcmath-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-cli-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-cli-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-common-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-common-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-dba-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-dba-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-dbg-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-dbg-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-debugsource-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-devel-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-embedded-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-embedded-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-enchant-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-enchant-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-fpm-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-fpm-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-gd-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-gd-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-gmp-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-gmp-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-intl-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-intl-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-json-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-json-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-ldap-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-ldap-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-mbstring-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-mbstring-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-mysqlnd-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-mysqlnd-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-odbc-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-odbc-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-opcache-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-opcache-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-pdo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-pdo-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-pecl-apcu-5.1.17-1.module+el8.1.0+3189+a1bff096.aarch64.rpm
php-pecl-apcu-debuginfo-5.1.17-1.module+el8.1.0+3189+a1bff096.aarch64.rpm
php-pecl-apcu-debugsource-5.1.17-1.module+el8.1.0+3189+a1bff096.aarch64.rpm
php-pecl-apcu-devel-5.1.17-1.module+el8.1.0+3189+a1bff096.aarch64.rpm
php-pecl-rrd-2.0.1-1.module+el8.2.0+4968+1d5097db.aarch64.rpm
php-pecl-rrd-debuginfo-2.0.1-1.module+el8.2.0+4968+1d5097db.aarch64.rpm
php-pecl-rrd-debugsource-2.0.1-1.module+el8.2.0+4968+1d5097db.aarch64.rpm
php-pecl-xdebug-2.8.0-1.module+el8.2.0+4968+1d5097db.aarch64.rpm
php-pecl-xdebug-debuginfo-2.8.0-1.module+el8.2.0+4968+1d5097db.aarch64.rpm
php-pecl-xdebug-debugsource-2.8.0-1.module+el8.2.0+4968+1d5097db.aarch64.rpm
php-pecl-zip-1.15.4-1.module+el8.1.0+3189+a1bff096.aarch64.rpm
php-pecl-zip-debuginfo-1.15.4-1.module+el8.1.0+3189+a1bff096.aarch64.rpm
php-pecl-zip-debugsource-1.15.4-1.module+el8.1.0+3189+a1bff096.aarch64.rpm
php-pgsql-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-pgsql-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-process-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-process-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-recode-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-recode-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-snmp-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-snmp-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-soap-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-soap-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-xml-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-xml-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-xmlrpc-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
php-xmlrpc-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm
noarch:
apcu-panel-5.1.17-1.module+el8.1.0+3189+a1bff096.noarch.rpm
php-pear-1.10.9-1.module+el8.1.0+3189+a1bff096.noarch.rpm
ppc64le:
libzip-1.5.2-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm
libzip-debuginfo-1.5.2-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm
libzip-debugsource-1.5.2-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm
libzip-devel-1.5.2-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm
libzip-tools-1.5.2-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm
libzip-tools-debuginfo-1.5.2-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm
php-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-bcmath-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-bcmath-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-cli-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-cli-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-common-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-common-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-dba-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-dba-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-dbg-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-dbg-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-debugsource-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-devel-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-embedded-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-embedded-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-enchant-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-enchant-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-fpm-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-fpm-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-gd-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-gd-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-gmp-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-gmp-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-intl-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-intl-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-json-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-json-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-ldap-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-ldap-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-mbstring-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-mbstring-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-mysqlnd-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-mysqlnd-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-odbc-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-odbc-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-opcache-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-opcache-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-pdo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-pdo-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-pecl-apcu-5.1.17-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm
php-pecl-apcu-debuginfo-5.1.17-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm
php-pecl-apcu-debugsource-5.1.17-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm
php-pecl-apcu-devel-5.1.17-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm
php-pecl-rrd-2.0.1-1.module+el8.2.0+4968+1d5097db.ppc64le.rpm
php-pecl-rrd-debuginfo-2.0.1-1.module+el8.2.0+4968+1d5097db.ppc64le.rpm
php-pecl-rrd-debugsource-2.0.1-1.module+el8.2.0+4968+1d5097db.ppc64le.rpm
php-pecl-xdebug-2.8.0-1.module+el8.2.0+4968+1d5097db.ppc64le.rpm
php-pecl-xdebug-debuginfo-2.8.0-1.module+el8.2.0+4968+1d5097db.ppc64le.rpm
php-pecl-xdebug-debugsource-2.8.0-1.module+el8.2.0+4968+1d5097db.ppc64le.rpm
php-pecl-zip-1.15.4-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm
php-pecl-zip-debuginfo-1.15.4-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm
php-pecl-zip-debugsource-1.15.4-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm
php-pgsql-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-pgsql-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-process-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-process-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-recode-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-recode-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-snmp-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-snmp-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-soap-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-soap-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-xml-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-xml-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-xmlrpc-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
php-xmlrpc-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm
s390x:
libzip-1.5.2-1.module+el8.1.0+3189+a1bff096.s390x.rpm
libzip-debuginfo-1.5.2-1.module+el8.1.0+3189+a1bff096.s390x.rpm
libzip-debugsource-1.5.2-1.module+el8.1.0+3189+a1bff096.s390x.rpm
libzip-devel-1.5.2-1.module+el8.1.0+3189+a1bff096.s390x.rpm
libzip-tools-1.5.2-1.module+el8.1.0+3189+a1bff096.s390x.rpm
libzip-tools-debuginfo-1.5.2-1.module+el8.1.0+3189+a1bff096.s390x.rpm
php-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-bcmath-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-bcmath-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-cli-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-cli-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-common-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-common-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-dba-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-dba-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-dbg-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-dbg-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-debugsource-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-devel-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-embedded-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-embedded-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-enchant-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-enchant-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-fpm-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-fpm-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-gd-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-gd-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-gmp-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-gmp-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-intl-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-intl-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-json-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-json-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-ldap-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-ldap-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-mbstring-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-mbstring-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-mysqlnd-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-mysqlnd-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-odbc-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-odbc-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-opcache-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-opcache-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-pdo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-pdo-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-pecl-apcu-5.1.17-1.module+el8.1.0+3189+a1bff096.s390x.rpm
php-pecl-apcu-debuginfo-5.1.17-1.module+el8.1.0+3189+a1bff096.s390x.rpm
php-pecl-apcu-debugsource-5.1.17-1.module+el8.1.0+3189+a1bff096.s390x.rpm
php-pecl-apcu-devel-5.1.17-1.module+el8.1.0+3189+a1bff096.s390x.rpm
php-pecl-rrd-2.0.1-1.module+el8.2.0+4968+1d5097db.s390x.rpm
php-pecl-rrd-debuginfo-2.0.1-1.module+el8.2.0+4968+1d5097db.s390x.rpm
php-pecl-rrd-debugsource-2.0.1-1.module+el8.2.0+4968+1d5097db.s390x.rpm
php-pecl-xdebug-2.8.0-1.module+el8.2.0+4968+1d5097db.s390x.rpm
php-pecl-xdebug-debuginfo-2.8.0-1.module+el8.2.0+4968+1d5097db.s390x.rpm
php-pecl-xdebug-debugsource-2.8.0-1.module+el8.2.0+4968+1d5097db.s390x.rpm
php-pecl-zip-1.15.4-1.module+el8.1.0+3189+a1bff096.s390x.rpm
php-pecl-zip-debuginfo-1.15.4-1.module+el8.1.0+3189+a1bff096.s390x.rpm
php-pecl-zip-debugsource-1.15.4-1.module+el8.1.0+3189+a1bff096.s390x.rpm
php-pgsql-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-pgsql-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-process-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-process-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-recode-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-recode-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-snmp-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-snmp-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-soap-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-soap-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-xml-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-xml-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-xmlrpc-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
php-xmlrpc-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm
x86_64:
libzip-1.5.2-1.module+el8.1.0+3189+a1bff096.x86_64.rpm
libzip-debuginfo-1.5.2-1.module+el8.1.0+3189+a1bff096.x86_64.rpm
libzip-debugsource-1.5.2-1.module+el8.1.0+3189+a1bff096.x86_64.rpm
libzip-devel-1.5.2-1.module+el8.1.0+3189+a1bff096.x86_64.rpm
libzip-tools-1.5.2-1.module+el8.1.0+3189+a1bff096.x86_64.rpm
libzip-tools-debuginfo-1.5.2-1.module+el8.1.0+3189+a1bff096.x86_64.rpm
php-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-bcmath-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-bcmath-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-cli-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-cli-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-common-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-common-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-dba-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-dba-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-dbg-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-dbg-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-debugsource-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-devel-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-embedded-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-embedded-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-enchant-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-enchant-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-fpm-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-fpm-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-gd-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-gd-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-gmp-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-gmp-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-intl-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-intl-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-json-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-json-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-ldap-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-ldap-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-mbstring-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-mbstring-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-mysqlnd-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-mysqlnd-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-odbc-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-odbc-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-opcache-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-opcache-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-pdo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-pdo-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-pecl-apcu-5.1.17-1.module+el8.1.0+3189+a1bff096.x86_64.rpm
php-pecl-apcu-debuginfo-5.1.17-1.module+el8.1.0+3189+a1bff096.x86_64.rpm
php-pecl-apcu-debugsource-5.1.17-1.module+el8.1.0+3189+a1bff096.x86_64.rpm
php-pecl-apcu-devel-5.1.17-1.module+el8.1.0+3189+a1bff096.x86_64.rpm
php-pecl-rrd-2.0.1-1.module+el8.2.0+4968+1d5097db.x86_64.rpm
php-pecl-rrd-debuginfo-2.0.1-1.module+el8.2.0+4968+1d5097db.x86_64.rpm
php-pecl-rrd-debugsource-2.0.1-1.module+el8.2.0+4968+1d5097db.x86_64.rpm
php-pecl-xdebug-2.8.0-1.module+el8.2.0+4968+1d5097db.x86_64.rpm
php-pecl-xdebug-debuginfo-2.8.0-1.module+el8.2.0+4968+1d5097db.x86_64.rpm
php-pecl-xdebug-debugsource-2.8.0-1.module+el8.2.0+4968+1d5097db.x86_64.rpm
php-pecl-zip-1.15.4-1.module+el8.1.0+3189+a1bff096.x86_64.rpm
php-pecl-zip-debuginfo-1.15.4-1.module+el8.1.0+3189+a1bff096.x86_64.rpm
php-pecl-zip-debugsource-1.15.4-1.module+el8.1.0+3189+a1bff096.x86_64.rpm
php-pgsql-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-pgsql-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-process-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-process-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-recode-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-recode-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-snmp-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-snmp-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-soap-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-soap-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-xml-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-xml-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-xmlrpc-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
php-xmlrpc-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-11039
https://access.redhat.com/security/cve/CVE-2019-11040
https://access.redhat.com/security/cve/CVE-2019-11041
https://access.redhat.com/security/cve/CVE-2019-11042
https://access.redhat.com/security/cve/CVE-2019-11045
https://access.redhat.com/security/cve/CVE-2019-11047
https://access.redhat.com/security/cve/CVE-2019-11048
https://access.redhat.com/security/cve/CVE-2019-11050
https://access.redhat.com/security/cve/CVE-2019-13224
https://access.redhat.com/security/cve/CVE-2019-13225
https://access.redhat.com/security/cve/CVE-2019-16163
https://access.redhat.com/security/cve/CVE-2019-19203
https://access.redhat.com/security/cve/CVE-2019-19204
https://access.redhat.com/security/cve/CVE-2019-19246
https://access.redhat.com/security/cve/CVE-2019-20454
https://access.redhat.com/security/cve/CVE-2020-7059
https://access.redhat.com/security/cve/CVE-2020-7060
https://access.redhat.com/security/cve/CVE-2020-7062
https://access.redhat.com/security/cve/CVE-2020-7063
https://access.redhat.com/security/cve/CVE-2020-7064
https://access.redhat.com/security/cve/CVE-2020-7065
https://access.redhat.com/security/cve/CVE-2020-7066
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBX1dT9tzjgjWX9erEAQiHGA/+JkPdkXiarbgKx/h37ZwTFxgQZDJeAILs
9MWSNkje7D1I0GIu0TvEYJUAGj7eQuUWVZByhXIOwQBYMl1WqnhQCiX4DLfvoQLk
WsaWbilGglqT3VnjxfkJX55fokFAhUvKQfE2P8un8GTD0q/EcXl8xT+6DtCSNXL9
094F8hAK1OoQTA75IlZ/wq+wQP67HkJY5VqJd+diKcN45Hb2AZweQeomfmRi669x
OVYNj2BuxDvyDrahOoYl/yJHdxtpzPDXMD+u3b1+yNOMZa9css9jCSAac2kh2BTK
zUjHVIPxRLN8L0eba8oHdj0OLvwZBvNVvChZWZzauD1t4ZiySxVYzR7AamxvXwd/
CfyBlHgHRPwxRP8Xbt0br/D0rFCySIYUlcsFnVEAQ37b7BYz0LCFb3vOFlq5fsZe
OTIqsFKGVDnHjrXv6xD0nNgxHhsLkQL3bwV51bIJU4IMit+5VidmPVPQsWXxwFub
AvTEnFyivimbz5rLnJXberH5r1+ro6TcJ5WBUIJ3TBO7QCggQIWKArSoQI4wCMU8
41VKhdOf6/B6uxvIT4kJv/FEyLnggtu35a0zl61NyIV/R0OPF5573JI0uLQ7DpkA
N4kzWoyD1q3bKQFou2el/1KZXJZeYAbkyQMS2omuKFprqydNg1h0dasYJYPiGFEn
Llamch0FcjM=
=tR72
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBX1g3eeNLKJtyKPYoAQheDw//T5ZVyEBL/69nrSNd2auvJbmJYpJVQUpA
p4dVNOa9EMPHuk2blMMYskyOOoXqd6dsjXjjYTqi2obLYt80e06FdF6U77UOa3f8
s9VExq3/G/354ct0yYEHPSCU0Ax/Y+9znDWZrvHZwB2jC6OTENG3NjL0A6bERPiJ
TZ2DP4U5LfW9zTuETehtjrFpQsqwHOdkM1JblOXhA88UN5OJULFJAZMEy558a+2p
VPJas1hJuPEcH1yILD++OL4DMOo4Nby41GWYMqQbrZizVQkfqWwbOzg+rf+/BHsn
rGX0iWoK2qiw2iAJ+wFlCfMuV9QsEAU+7PXQvl5gWkaLODIEiRfYyMdQA9B1bV5v
TdNR8/czJswcoYVbiz2sgk2d6NWnSy82pTXU0BG542c9h8Jycf01UAgIgM5h09Pl
wRX1/ApRT/UDMLVmPpDxK1HQe364CQEfWVYIsIZoTpxXsx4Dqjhsol4nHrFXQPPs
zFc+3C2cTrIE1jSkiU1nKiYYfgVmxNWKbwiylxmTO3m1HM4DaRdmrGZA/NcwD4qN
byrRMmuQgPpMBKAuns357LPCD7PVWtDjLP34AGmTEHo1/G2Lv40pzqPa/F5/7rR6
zFgETjQWtCMMbysb2XboHyNWhftR/7SDTiUlPUw14hW/P/Qsb4kf5LDnXDYQyyG6
tB4LV1O6qFI=
=z5Ay
-----END PGP SIGNATURE-----