Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.3072 php:7.3 security, bug fix, and enhancement update 9 September 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: php Publisher: Red Hat Operating System: Red Hat Enterprise Linux Server 8 Red Hat Enterprise Linux WS/Desktop 8 Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2020-7066 CVE-2020-7065 CVE-2020-7064 CVE-2020-7063 CVE-2020-7062 CVE-2020-7060 CVE-2020-7059 CVE-2019-20454 CVE-2019-19246 CVE-2019-19204 CVE-2019-19203 CVE-2019-16163 CVE-2019-13225 CVE-2019-13224 CVE-2019-11050 CVE-2019-11048 CVE-2019-11047 CVE-2019-11045 CVE-2019-11042 CVE-2019-11041 CVE-2019-11040 CVE-2019-11039 Reference: ESB-2020.2307 Original Bulletin: https://access.redhat.com/errata/RHSA-2020:3662 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: php:7.3 security, bug fix, and enhancement update Advisory ID: RHSA-2020:3662-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3662 Issue date: 2020-09-08 CVE Names: CVE-2019-11039 CVE-2019-11040 CVE-2019-11041 CVE-2019-11042 CVE-2019-11045 CVE-2019-11047 CVE-2019-11048 CVE-2019-11050 CVE-2019-13224 CVE-2019-13225 CVE-2019-16163 CVE-2019-19203 CVE-2019-19204 CVE-2019-19246 CVE-2019-20454 CVE-2020-7059 CVE-2020-7060 CVE-2020-7062 CVE-2020-7063 CVE-2020-7064 CVE-2020-7065 CVE-2020-7066 ===================================================================== 1. Summary: An update for the php:7.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php (7.3.20). (BZ#1856655) Security Fix(es): * php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() (CVE-2019-11039) * php: Buffer over-read in exif_read_data() (CVE-2019-11040) * php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte (CVE-2019-11045) * php: Information disclosure in exif_read_data() (CVE-2019-11047) * php: Integer wraparounds when receiving multipart forms (CVE-2019-11048) * oniguruma: Use-after-free in onig_new_deluxe() in regext.c (CVE-2019-13224) * oniguruma: NULL pointer dereference in match_at() in regexec.c (CVE-2019-13225) * oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c (CVE-2019-16163) * oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c (CVE-2019-19203) * oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c (CVE-2019-19204) * pcre: Out of bounds read in JIT mode when \X is used in non-UTF mode (CVE-2019-20454) * php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059) * php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function (CVE-2020-7060) * php: NULL pointer dereference in PHP session upload progress (CVE-2020-7062) * php: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063) * php: Information disclosure in exif_read_data() function (CVE-2020-7064) * php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution (CVE-2020-7065) * php: Heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041) * php: Heap buffer over-read in exif_process_user_comment() (CVE-2019-11042) * php: Out of bounds read when parsing EXIF information (CVE-2019-11050) * oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c (CVE-2019-19246) * php: Information disclosure in function get_headers (CVE-2020-7066) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1724152 - CVE-2019-11039 php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() 1724154 - CVE-2019-11040 php: Buffer over-read in exif_read_data() 1728965 - CVE-2019-13225 oniguruma: NULL pointer dereference in match_at() in regexec.c 1728970 - CVE-2019-13224 oniguruma: Use-after-free in onig_new_deluxe() in regext.c 1735494 - CVE-2019-20454 pcre: Out of bounds read in JIT mode when \X is used in non-UTF mode 1739459 - CVE-2019-11041 php: Heap buffer over-read in exif_scan_thumbnail() 1739465 - CVE-2019-11042 php: Heap buffer over-read in exif_process_user_comment() 1768997 - CVE-2019-16163 oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c 1777537 - CVE-2019-19246 oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c 1786570 - CVE-2019-11047 php: Information disclosure in exif_read_data() 1786572 - CVE-2019-11045 php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte 1788258 - CVE-2019-11050 php: Out of bounds read when parsing EXIF information 1797776 - CVE-2020-7059 php: Out of bounds read in php_strip_tags_ex 1797779 - CVE-2020-7060 php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function 1802061 - CVE-2019-19203 oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c 1802068 - CVE-2019-19204 oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c 1808532 - CVE-2020-7062 php: NULL pointer dereference in PHP session upload progress 1808536 - CVE-2020-7063 php: Files added to tar with Phar::buildFromIterator have all-access permissions 1820601 - CVE-2020-7064 php: Information disclosure in exif_read_data() function 1820604 - CVE-2020-7066 php: Information disclosure in function get_headers 1820627 - CVE-2020-7065 php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution 1837842 - CVE-2019-11048 php: Integer wraparounds when receiving multipart forms 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: libzip-1.5.2-1.module+el8.1.0+3189+a1bff096.src.rpm php-7.3.20-1.module+el8.2.0+7373+b272fdef.src.rpm php-pear-1.10.9-1.module+el8.1.0+3189+a1bff096.src.rpm php-pecl-apcu-5.1.17-1.module+el8.1.0+3189+a1bff096.src.rpm php-pecl-rrd-2.0.1-1.module+el8.2.0+4968+1d5097db.src.rpm php-pecl-xdebug-2.8.0-1.module+el8.2.0+4968+1d5097db.src.rpm php-pecl-zip-1.15.4-1.module+el8.1.0+3189+a1bff096.src.rpm aarch64: libzip-1.5.2-1.module+el8.1.0+3189+a1bff096.aarch64.rpm libzip-debuginfo-1.5.2-1.module+el8.1.0+3189+a1bff096.aarch64.rpm libzip-debugsource-1.5.2-1.module+el8.1.0+3189+a1bff096.aarch64.rpm libzip-devel-1.5.2-1.module+el8.1.0+3189+a1bff096.aarch64.rpm libzip-tools-1.5.2-1.module+el8.1.0+3189+a1bff096.aarch64.rpm libzip-tools-debuginfo-1.5.2-1.module+el8.1.0+3189+a1bff096.aarch64.rpm php-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-bcmath-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-bcmath-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-cli-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-cli-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-common-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-common-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-dba-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-dba-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-dbg-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-dbg-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-debugsource-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-devel-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-embedded-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-embedded-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-enchant-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-enchant-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-fpm-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-fpm-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-gd-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-gd-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-gmp-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-gmp-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-intl-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-intl-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-json-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-json-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-ldap-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-ldap-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-mbstring-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-mbstring-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-mysqlnd-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-mysqlnd-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-odbc-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-odbc-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-opcache-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-opcache-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-pdo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-pdo-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-pecl-apcu-5.1.17-1.module+el8.1.0+3189+a1bff096.aarch64.rpm php-pecl-apcu-debuginfo-5.1.17-1.module+el8.1.0+3189+a1bff096.aarch64.rpm php-pecl-apcu-debugsource-5.1.17-1.module+el8.1.0+3189+a1bff096.aarch64.rpm php-pecl-apcu-devel-5.1.17-1.module+el8.1.0+3189+a1bff096.aarch64.rpm php-pecl-rrd-2.0.1-1.module+el8.2.0+4968+1d5097db.aarch64.rpm php-pecl-rrd-debuginfo-2.0.1-1.module+el8.2.0+4968+1d5097db.aarch64.rpm php-pecl-rrd-debugsource-2.0.1-1.module+el8.2.0+4968+1d5097db.aarch64.rpm php-pecl-xdebug-2.8.0-1.module+el8.2.0+4968+1d5097db.aarch64.rpm php-pecl-xdebug-debuginfo-2.8.0-1.module+el8.2.0+4968+1d5097db.aarch64.rpm php-pecl-xdebug-debugsource-2.8.0-1.module+el8.2.0+4968+1d5097db.aarch64.rpm php-pecl-zip-1.15.4-1.module+el8.1.0+3189+a1bff096.aarch64.rpm php-pecl-zip-debuginfo-1.15.4-1.module+el8.1.0+3189+a1bff096.aarch64.rpm php-pecl-zip-debugsource-1.15.4-1.module+el8.1.0+3189+a1bff096.aarch64.rpm php-pgsql-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-pgsql-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-process-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-process-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-recode-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-recode-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-snmp-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-snmp-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-soap-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-soap-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-xml-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-xml-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-xmlrpc-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm php-xmlrpc-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.aarch64.rpm noarch: apcu-panel-5.1.17-1.module+el8.1.0+3189+a1bff096.noarch.rpm php-pear-1.10.9-1.module+el8.1.0+3189+a1bff096.noarch.rpm ppc64le: libzip-1.5.2-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm libzip-debuginfo-1.5.2-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm libzip-debugsource-1.5.2-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm libzip-devel-1.5.2-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm libzip-tools-1.5.2-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm libzip-tools-debuginfo-1.5.2-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm php-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-bcmath-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-bcmath-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-cli-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-cli-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-common-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-common-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-dba-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-dba-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-dbg-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-dbg-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-debugsource-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-devel-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-embedded-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-embedded-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-enchant-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-enchant-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-fpm-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-fpm-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-gd-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-gd-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-gmp-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-gmp-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-intl-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-intl-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-json-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-json-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-ldap-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-ldap-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-mbstring-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-mbstring-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-mysqlnd-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-mysqlnd-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-odbc-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-odbc-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-opcache-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-opcache-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-pdo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-pdo-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-pecl-apcu-5.1.17-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm php-pecl-apcu-debuginfo-5.1.17-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm php-pecl-apcu-debugsource-5.1.17-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm php-pecl-apcu-devel-5.1.17-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm php-pecl-rrd-2.0.1-1.module+el8.2.0+4968+1d5097db.ppc64le.rpm php-pecl-rrd-debuginfo-2.0.1-1.module+el8.2.0+4968+1d5097db.ppc64le.rpm php-pecl-rrd-debugsource-2.0.1-1.module+el8.2.0+4968+1d5097db.ppc64le.rpm php-pecl-xdebug-2.8.0-1.module+el8.2.0+4968+1d5097db.ppc64le.rpm php-pecl-xdebug-debuginfo-2.8.0-1.module+el8.2.0+4968+1d5097db.ppc64le.rpm php-pecl-xdebug-debugsource-2.8.0-1.module+el8.2.0+4968+1d5097db.ppc64le.rpm php-pecl-zip-1.15.4-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm php-pecl-zip-debuginfo-1.15.4-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm php-pecl-zip-debugsource-1.15.4-1.module+el8.1.0+3189+a1bff096.ppc64le.rpm php-pgsql-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-pgsql-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-process-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-process-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-recode-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-recode-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-snmp-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-snmp-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-soap-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-soap-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-xml-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-xml-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-xmlrpc-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm php-xmlrpc-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.ppc64le.rpm s390x: libzip-1.5.2-1.module+el8.1.0+3189+a1bff096.s390x.rpm libzip-debuginfo-1.5.2-1.module+el8.1.0+3189+a1bff096.s390x.rpm libzip-debugsource-1.5.2-1.module+el8.1.0+3189+a1bff096.s390x.rpm libzip-devel-1.5.2-1.module+el8.1.0+3189+a1bff096.s390x.rpm libzip-tools-1.5.2-1.module+el8.1.0+3189+a1bff096.s390x.rpm libzip-tools-debuginfo-1.5.2-1.module+el8.1.0+3189+a1bff096.s390x.rpm php-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-bcmath-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-bcmath-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-cli-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-cli-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-common-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-common-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-dba-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-dba-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-dbg-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-dbg-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-debugsource-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-devel-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-embedded-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-embedded-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-enchant-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-enchant-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-fpm-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-fpm-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-gd-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-gd-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-gmp-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-gmp-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-intl-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-intl-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-json-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-json-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-ldap-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-ldap-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-mbstring-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-mbstring-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-mysqlnd-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-mysqlnd-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-odbc-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-odbc-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-opcache-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-opcache-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-pdo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-pdo-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-pecl-apcu-5.1.17-1.module+el8.1.0+3189+a1bff096.s390x.rpm php-pecl-apcu-debuginfo-5.1.17-1.module+el8.1.0+3189+a1bff096.s390x.rpm php-pecl-apcu-debugsource-5.1.17-1.module+el8.1.0+3189+a1bff096.s390x.rpm php-pecl-apcu-devel-5.1.17-1.module+el8.1.0+3189+a1bff096.s390x.rpm php-pecl-rrd-2.0.1-1.module+el8.2.0+4968+1d5097db.s390x.rpm php-pecl-rrd-debuginfo-2.0.1-1.module+el8.2.0+4968+1d5097db.s390x.rpm php-pecl-rrd-debugsource-2.0.1-1.module+el8.2.0+4968+1d5097db.s390x.rpm php-pecl-xdebug-2.8.0-1.module+el8.2.0+4968+1d5097db.s390x.rpm php-pecl-xdebug-debuginfo-2.8.0-1.module+el8.2.0+4968+1d5097db.s390x.rpm php-pecl-xdebug-debugsource-2.8.0-1.module+el8.2.0+4968+1d5097db.s390x.rpm php-pecl-zip-1.15.4-1.module+el8.1.0+3189+a1bff096.s390x.rpm php-pecl-zip-debuginfo-1.15.4-1.module+el8.1.0+3189+a1bff096.s390x.rpm php-pecl-zip-debugsource-1.15.4-1.module+el8.1.0+3189+a1bff096.s390x.rpm php-pgsql-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-pgsql-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-process-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-process-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-recode-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-recode-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-snmp-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-snmp-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-soap-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-soap-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-xml-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-xml-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-xmlrpc-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm php-xmlrpc-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.s390x.rpm x86_64: libzip-1.5.2-1.module+el8.1.0+3189+a1bff096.x86_64.rpm libzip-debuginfo-1.5.2-1.module+el8.1.0+3189+a1bff096.x86_64.rpm libzip-debugsource-1.5.2-1.module+el8.1.0+3189+a1bff096.x86_64.rpm libzip-devel-1.5.2-1.module+el8.1.0+3189+a1bff096.x86_64.rpm libzip-tools-1.5.2-1.module+el8.1.0+3189+a1bff096.x86_64.rpm libzip-tools-debuginfo-1.5.2-1.module+el8.1.0+3189+a1bff096.x86_64.rpm php-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-bcmath-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-bcmath-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-cli-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-cli-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-common-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-common-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-dba-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-dba-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-dbg-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-dbg-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-debugsource-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-devel-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-embedded-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-embedded-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-enchant-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-enchant-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-fpm-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-fpm-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-gd-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-gd-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-gmp-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-gmp-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-intl-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-intl-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-json-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-json-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-ldap-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-ldap-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-mbstring-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-mbstring-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-mysqlnd-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-mysqlnd-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-odbc-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-odbc-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-opcache-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-opcache-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-pdo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-pdo-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-pecl-apcu-5.1.17-1.module+el8.1.0+3189+a1bff096.x86_64.rpm php-pecl-apcu-debuginfo-5.1.17-1.module+el8.1.0+3189+a1bff096.x86_64.rpm php-pecl-apcu-debugsource-5.1.17-1.module+el8.1.0+3189+a1bff096.x86_64.rpm php-pecl-apcu-devel-5.1.17-1.module+el8.1.0+3189+a1bff096.x86_64.rpm php-pecl-rrd-2.0.1-1.module+el8.2.0+4968+1d5097db.x86_64.rpm php-pecl-rrd-debuginfo-2.0.1-1.module+el8.2.0+4968+1d5097db.x86_64.rpm php-pecl-rrd-debugsource-2.0.1-1.module+el8.2.0+4968+1d5097db.x86_64.rpm php-pecl-xdebug-2.8.0-1.module+el8.2.0+4968+1d5097db.x86_64.rpm php-pecl-xdebug-debuginfo-2.8.0-1.module+el8.2.0+4968+1d5097db.x86_64.rpm php-pecl-xdebug-debugsource-2.8.0-1.module+el8.2.0+4968+1d5097db.x86_64.rpm php-pecl-zip-1.15.4-1.module+el8.1.0+3189+a1bff096.x86_64.rpm php-pecl-zip-debuginfo-1.15.4-1.module+el8.1.0+3189+a1bff096.x86_64.rpm php-pecl-zip-debugsource-1.15.4-1.module+el8.1.0+3189+a1bff096.x86_64.rpm php-pgsql-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-pgsql-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-process-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-process-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-recode-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-recode-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-snmp-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-snmp-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-soap-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-soap-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-xml-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-xml-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-xmlrpc-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm php-xmlrpc-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-11039 https://access.redhat.com/security/cve/CVE-2019-11040 https://access.redhat.com/security/cve/CVE-2019-11041 https://access.redhat.com/security/cve/CVE-2019-11042 https://access.redhat.com/security/cve/CVE-2019-11045 https://access.redhat.com/security/cve/CVE-2019-11047 https://access.redhat.com/security/cve/CVE-2019-11048 https://access.redhat.com/security/cve/CVE-2019-11050 https://access.redhat.com/security/cve/CVE-2019-13224 https://access.redhat.com/security/cve/CVE-2019-13225 https://access.redhat.com/security/cve/CVE-2019-16163 https://access.redhat.com/security/cve/CVE-2019-19203 https://access.redhat.com/security/cve/CVE-2019-19204 https://access.redhat.com/security/cve/CVE-2019-19246 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2020-7059 https://access.redhat.com/security/cve/CVE-2020-7060 https://access.redhat.com/security/cve/CVE-2020-7062 https://access.redhat.com/security/cve/CVE-2020-7063 https://access.redhat.com/security/cve/CVE-2020-7064 https://access.redhat.com/security/cve/CVE-2020-7065 https://access.redhat.com/security/cve/CVE-2020-7066 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX1dT9tzjgjWX9erEAQiHGA/+JkPdkXiarbgKx/h37ZwTFxgQZDJeAILs 9MWSNkje7D1I0GIu0TvEYJUAGj7eQuUWVZByhXIOwQBYMl1WqnhQCiX4DLfvoQLk WsaWbilGglqT3VnjxfkJX55fokFAhUvKQfE2P8un8GTD0q/EcXl8xT+6DtCSNXL9 094F8hAK1OoQTA75IlZ/wq+wQP67HkJY5VqJd+diKcN45Hb2AZweQeomfmRi669x OVYNj2BuxDvyDrahOoYl/yJHdxtpzPDXMD+u3b1+yNOMZa9css9jCSAac2kh2BTK zUjHVIPxRLN8L0eba8oHdj0OLvwZBvNVvChZWZzauD1t4ZiySxVYzR7AamxvXwd/ CfyBlHgHRPwxRP8Xbt0br/D0rFCySIYUlcsFnVEAQ37b7BYz0LCFb3vOFlq5fsZe OTIqsFKGVDnHjrXv6xD0nNgxHhsLkQL3bwV51bIJU4IMit+5VidmPVPQsWXxwFub AvTEnFyivimbz5rLnJXberH5r1+ro6TcJ5WBUIJ3TBO7QCggQIWKArSoQI4wCMU8 41VKhdOf6/B6uxvIT4kJv/FEyLnggtu35a0zl61NyIV/R0OPF5573JI0uLQ7DpkA N4kzWoyD1q3bKQFou2el/1KZXJZeYAbkyQMS2omuKFprqydNg1h0dasYJYPiGFEn Llamch0FcjM= =tR72 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBX1g3eeNLKJtyKPYoAQheDw//T5ZVyEBL/69nrSNd2auvJbmJYpJVQUpA p4dVNOa9EMPHuk2blMMYskyOOoXqd6dsjXjjYTqi2obLYt80e06FdF6U77UOa3f8 s9VExq3/G/354ct0yYEHPSCU0Ax/Y+9znDWZrvHZwB2jC6OTENG3NjL0A6bERPiJ TZ2DP4U5LfW9zTuETehtjrFpQsqwHOdkM1JblOXhA88UN5OJULFJAZMEy558a+2p VPJas1hJuPEcH1yILD++OL4DMOo4Nby41GWYMqQbrZizVQkfqWwbOzg+rf+/BHsn rGX0iWoK2qiw2iAJ+wFlCfMuV9QsEAU+7PXQvl5gWkaLODIEiRfYyMdQA9B1bV5v TdNR8/czJswcoYVbiz2sgk2d6NWnSy82pTXU0BG542c9h8Jycf01UAgIgM5h09Pl wRX1/ApRT/UDMLVmPpDxK1HQe364CQEfWVYIsIZoTpxXsx4Dqjhsol4nHrFXQPPs zFc+3C2cTrIE1jSkiU1nKiYYfgVmxNWKbwiylxmTO3m1HM4DaRdmrGZA/NcwD4qN byrRMmuQgPpMBKAuns357LPCD7PVWtDjLP34AGmTEHo1/G2Lv40pzqPa/F5/7rR6 zFgETjQWtCMMbysb2XboHyNWhftR/7SDTiUlPUw14hW/P/Qsb4kf5LDnXDYQyyG6 tB4LV1O6qFI= =z5Ay -----END PGP SIGNATURE-----