Operating System:

[RedHat]

Published:

10 November 2021

Protect yourself against future threats.

//Service

Sensitive Information Alert

Alert notification provided via email for sensitive material found online by our analyst team which specifically targets your organisation.

Read more
Resources > Security Bulletins > ESB-2021.3787 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.3787
             php:7.4 security, bug fix, and enhancement update
                             10 November 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           php:7.4
Publisher:         Red Hat
Operating System:  Red Hat
Impact/Access:     Denial of Service        -- Remote/Unauthenticated
                   Reduced Security         -- Remote/Unauthenticated
                   Access Confidential Data -- Existing Account      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-21702 CVE-2020-7071 CVE-2020-7070
                   CVE-2020-7069 CVE-2020-7068 

Reference:         ESB-2021.2608
                   ESB-2021.2515
                   ESB-2021.2410
                   ESB-2021.2366
                   ESB-2021.2328

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2021:4213

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: php:7.4 security, bug fix, and enhancement update
Advisory ID:       RHSA-2021:4213-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:4213
Issue date:        2021-11-09
CVE Names:         CVE-2020-7068 CVE-2020-7069 CVE-2020-7070 
                   CVE-2020-7071 CVE-2021-21702 
=====================================================================

1. Summary:

An update for the php:7.4 module is now available for Red Hat Enterprise
Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.

The following packages have been upgraded to a later upstream version: php
(7.4.19). (BZ#1944110)

Security Fix(es):

* php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV
(CVE-2020-7069)

* php: FILTER_VALIDATE_URL accepts URLs with invalid userinfo
(CVE-2020-7071)

* php: Use of freed hash key in the phar_parse_zipfile function
(CVE-2020-7068)

* php: URL decoding of cookie names can lead to different interpretation of
cookies between browser and server (CVE-2020-7070)

* php: NULL pointer dereference in SoapClient (CVE-2021-21702)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.5 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon must be restarted
for the update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1868109 - CVE-2020-7068 php: Use of freed hash key in the phar_parse_zipfile function
1885735 - CVE-2020-7069 php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV
1885738 - CVE-2020-7070 php: URL decoding of cookie names can lead to different interpretation of cookies between browser and server
1913846 - CVE-2020-7071 php: FILTER_VALIDATE_URL accepts URLs with invalid userinfo
1925272 - CVE-2021-21702 php: NULL pointer dereference in SoapClient

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
libzip-1.6.1-1.module+el8.3.0+6678+b09f589e.src.rpm
php-7.4.19-1.module+el8.5.0+11143+cc873159.src.rpm
php-pear-1.10.12-1.module+el8.3.0+6678+b09f589e.src.rpm
php-pecl-apcu-5.1.18-1.module+el8.3.0+6678+b09f589e.src.rpm
php-pecl-rrd-2.0.1-1.module+el8.3.0+6678+b09f589e.src.rpm
php-pecl-xdebug-2.9.5-1.module+el8.3.0+6678+b09f589e.src.rpm
php-pecl-zip-1.18.2-1.module+el8.3.0+6678+b09f589e.src.rpm

aarch64:
libzip-1.6.1-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
libzip-debuginfo-1.6.1-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
libzip-debugsource-1.6.1-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
libzip-devel-1.6.1-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
libzip-tools-1.6.1-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
libzip-tools-debuginfo-1.6.1-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
php-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-bcmath-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-bcmath-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-cli-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-cli-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-common-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-common-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-dba-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-dba-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-dbg-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-dbg-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-debugsource-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-devel-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-embedded-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-embedded-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-enchant-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-enchant-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-ffi-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-ffi-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-fpm-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-fpm-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-gd-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-gd-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-gmp-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-gmp-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-intl-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-intl-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-json-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-json-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-ldap-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-ldap-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-mbstring-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-mbstring-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-mysqlnd-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-mysqlnd-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-odbc-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-odbc-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-opcache-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-opcache-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-pdo-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-pdo-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-pecl-apcu-5.1.18-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
php-pecl-apcu-debuginfo-5.1.18-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
php-pecl-apcu-debugsource-5.1.18-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
php-pecl-apcu-devel-5.1.18-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
php-pecl-rrd-2.0.1-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
php-pecl-rrd-debuginfo-2.0.1-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
php-pecl-rrd-debugsource-2.0.1-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
php-pecl-xdebug-2.9.5-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
php-pecl-xdebug-debuginfo-2.9.5-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
php-pecl-xdebug-debugsource-2.9.5-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
php-pecl-zip-1.18.2-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
php-pecl-zip-debuginfo-1.18.2-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
php-pecl-zip-debugsource-1.18.2-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
php-pgsql-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-pgsql-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-process-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-process-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-snmp-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-snmp-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-soap-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-soap-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-xml-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-xml-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-xmlrpc-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm
php-xmlrpc-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.aarch64.rpm

noarch:
apcu-panel-5.1.18-1.module+el8.3.0+6678+b09f589e.noarch.rpm
php-pear-1.10.12-1.module+el8.3.0+6678+b09f589e.noarch.rpm

ppc64le:
libzip-1.6.1-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
libzip-debuginfo-1.6.1-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
libzip-debugsource-1.6.1-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
libzip-devel-1.6.1-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
libzip-tools-1.6.1-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
libzip-tools-debuginfo-1.6.1-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
php-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-bcmath-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-bcmath-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-cli-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-cli-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-common-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-common-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-dba-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-dba-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-dbg-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-dbg-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-debugsource-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-devel-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-embedded-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-embedded-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-enchant-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-enchant-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-ffi-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-ffi-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-fpm-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-fpm-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-gd-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-gd-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-gmp-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-gmp-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-intl-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-intl-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-json-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-json-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-ldap-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-ldap-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-mbstring-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-mbstring-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-mysqlnd-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-mysqlnd-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-odbc-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-odbc-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-opcache-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-opcache-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-pdo-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-pdo-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-pecl-apcu-5.1.18-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
php-pecl-apcu-debuginfo-5.1.18-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
php-pecl-apcu-debugsource-5.1.18-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
php-pecl-apcu-devel-5.1.18-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
php-pecl-rrd-2.0.1-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
php-pecl-rrd-debuginfo-2.0.1-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
php-pecl-rrd-debugsource-2.0.1-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
php-pecl-xdebug-2.9.5-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
php-pecl-xdebug-debuginfo-2.9.5-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
php-pecl-xdebug-debugsource-2.9.5-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
php-pecl-zip-1.18.2-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
php-pecl-zip-debuginfo-1.18.2-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
php-pecl-zip-debugsource-1.18.2-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
php-pgsql-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-pgsql-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-process-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-process-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-snmp-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-snmp-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-soap-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-soap-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-xml-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-xml-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-xmlrpc-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm
php-xmlrpc-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.ppc64le.rpm

s390x:
libzip-1.6.1-1.module+el8.3.0+6678+b09f589e.s390x.rpm
libzip-debuginfo-1.6.1-1.module+el8.3.0+6678+b09f589e.s390x.rpm
libzip-debugsource-1.6.1-1.module+el8.3.0+6678+b09f589e.s390x.rpm
libzip-devel-1.6.1-1.module+el8.3.0+6678+b09f589e.s390x.rpm
libzip-tools-1.6.1-1.module+el8.3.0+6678+b09f589e.s390x.rpm
libzip-tools-debuginfo-1.6.1-1.module+el8.3.0+6678+b09f589e.s390x.rpm
php-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-bcmath-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-bcmath-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-cli-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-cli-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-common-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-common-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-dba-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-dba-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-dbg-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-dbg-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-debugsource-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-devel-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-embedded-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-embedded-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-enchant-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-enchant-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-ffi-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-ffi-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-fpm-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-fpm-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-gd-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-gd-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-gmp-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-gmp-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-intl-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-intl-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-json-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-json-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-ldap-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-ldap-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-mbstring-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-mbstring-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-mysqlnd-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-mysqlnd-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-odbc-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-odbc-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-opcache-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-opcache-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-pdo-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-pdo-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-pecl-apcu-5.1.18-1.module+el8.3.0+6678+b09f589e.s390x.rpm
php-pecl-apcu-debuginfo-5.1.18-1.module+el8.3.0+6678+b09f589e.s390x.rpm
php-pecl-apcu-debugsource-5.1.18-1.module+el8.3.0+6678+b09f589e.s390x.rpm
php-pecl-apcu-devel-5.1.18-1.module+el8.3.0+6678+b09f589e.s390x.rpm
php-pecl-rrd-2.0.1-1.module+el8.3.0+6678+b09f589e.s390x.rpm
php-pecl-rrd-debuginfo-2.0.1-1.module+el8.3.0+6678+b09f589e.s390x.rpm
php-pecl-rrd-debugsource-2.0.1-1.module+el8.3.0+6678+b09f589e.s390x.rpm
php-pecl-xdebug-2.9.5-1.module+el8.3.0+6678+b09f589e.s390x.rpm
php-pecl-xdebug-debuginfo-2.9.5-1.module+el8.3.0+6678+b09f589e.s390x.rpm
php-pecl-xdebug-debugsource-2.9.5-1.module+el8.3.0+6678+b09f589e.s390x.rpm
php-pecl-zip-1.18.2-1.module+el8.3.0+6678+b09f589e.s390x.rpm
php-pecl-zip-debuginfo-1.18.2-1.module+el8.3.0+6678+b09f589e.s390x.rpm
php-pecl-zip-debugsource-1.18.2-1.module+el8.3.0+6678+b09f589e.s390x.rpm
php-pgsql-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-pgsql-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-process-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-process-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-snmp-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-snmp-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-soap-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-soap-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-xml-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-xml-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-xmlrpc-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm
php-xmlrpc-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.s390x.rpm

x86_64:
libzip-1.6.1-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
libzip-debuginfo-1.6.1-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
libzip-debugsource-1.6.1-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
libzip-devel-1.6.1-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
libzip-tools-1.6.1-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
libzip-tools-debuginfo-1.6.1-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
php-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-bcmath-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-bcmath-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-cli-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-cli-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-common-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-common-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-dba-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-dba-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-dbg-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-dbg-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-debugsource-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-devel-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-embedded-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-embedded-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-enchant-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-enchant-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-ffi-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-ffi-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-fpm-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-fpm-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-gd-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-gd-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-gmp-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-gmp-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-intl-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-intl-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-json-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-json-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-ldap-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-ldap-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-mbstring-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-mbstring-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-mysqlnd-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-mysqlnd-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-odbc-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-odbc-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-opcache-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-opcache-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-pdo-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-pdo-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-pecl-apcu-5.1.18-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
php-pecl-apcu-debuginfo-5.1.18-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
php-pecl-apcu-debugsource-5.1.18-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
php-pecl-apcu-devel-5.1.18-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
php-pecl-rrd-2.0.1-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
php-pecl-rrd-debuginfo-2.0.1-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
php-pecl-rrd-debugsource-2.0.1-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
php-pecl-xdebug-2.9.5-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
php-pecl-xdebug-debuginfo-2.9.5-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
php-pecl-xdebug-debugsource-2.9.5-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
php-pecl-zip-1.18.2-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
php-pecl-zip-debuginfo-1.18.2-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
php-pecl-zip-debugsource-1.18.2-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
php-pgsql-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-pgsql-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-process-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-process-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-snmp-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-snmp-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-soap-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-soap-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-xml-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-xml-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-xmlrpc-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm
php-xmlrpc-debuginfo-7.4.19-1.module+el8.5.0+11143+cc873159.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-7068
https://access.redhat.com/security/cve/CVE-2020-7069
https://access.redhat.com/security/cve/CVE-2020-7070
https://access.redhat.com/security/cve/CVE-2020-7071
https://access.redhat.com/security/cve/CVE-2021-21702
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYYrdStzjgjWX9erEAQi89A//Z8OpFgwnpDoR0JAqQdZhSv2lMKYzB6eA
cLUfppJQn0FSQBmlqapCdfepYrOaLU/K2kEpTZQID9onqkwC3/7ANwy2vSJyt6c0
ffhBLM9uy82RipqX5ry6ODtq7VbtQ4ZzFTe1moJAQPQodP/94s5fD8wWRT4W8LWq
yQzgOc2CpTbm38+lH3DNQINeYoNYuIOvEHiWBGhIssdkGQeAFMq/1+tnGw0/1veq
ByhmsSetdS+fSMVjOzSC1++bhAgjh7y+reEzhxVa4qafh9YAoKPOlBGEfso6OHLf
6n4iDfK3lB16SKN1YZb7nCAYEX4qH5KniM9Cm0LABiuH4tpYR5FxLrU7PvPkui5j
8U+aWm56xVLtuwYkALhhA3d/IS5ydu/8salogCV/QzRFA2R186MJ/Ihz6ZNao4Nr
aLb6rI56iAq2TN4b5kS4E19fxJ3cVUc/f02KWcEH9qvkf7hXgr9SO4UmsheuMo86
B/z1uNV4TDsubk8I2iepr3R5rQry4cie6INAp+PME7umJa6ut//NTw0DHh3yTEmO
m5XI+Iyv9plILTsI6J+U4jqRTjM9U62yXFGhJgAw+Mv/l8IrNVzcuqvWvlqVxoj4
klwyWVceduCJbfwRqSQms/blcFcs0I14Ub2E4r7QRShvazS5jpPiBU72K47cngQM
aRjHDbL+M6o=
=i1ya
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYYtPcONLKJtyKPYoAQhU9Q//bZDDT95QqGjmKX8eVNmKkJUa59bv6+lE
gjqMZryqX3vCNZg+hqtlNjnMm5CI6AKhsudxskUl45YKSJHkusmS9IVzrwjym8zi
6MJNDkOsSlTBn1jUwpDeoro3Js5DZBr7Z0jS0MuS1SBU46tRRAgABPBiDENCj1aM
ZHyuWr9UQw2cfwOOdAPuznGSS0Dq6BpokklABxoMaY/1eJ3ygzOM3/HmW0igm1zP
0HGUMH8DX6hVmvAq3MXMQmj7M3O4pfxmU0hlxIQjtEUMHP1kwlhuRFMbS3TlZfmF
Tk6bKIJgJVqFiOgdU8X6WiiH/sTMES7soEfVPtsyYgz8UrqHusTbXEB8ATJZSDxT
fmVlVhj1HG7Fxj7n1jOhy/QsoLnRR3Xom8a3ogbbxkxTxWwVehOzei3fAADPjq7X
Jcmv7CvbyYoQNI4ToMNUStNY7l8UQN5FUKS9b68HyH9e+fJwvDdWFMAxvQNRBX9Y
XOgOEUeyW0lqqWesoEfZ73rXGU4J2Q4ERAsCLJ3NV1KaTq71lzLnJa54xHKDlLrV
ephyJjHIaJmK4ddtuyAQhUOZe25GwcbkxjNDC5G3JWP1zAXyCCTIbG+A8MwwWwqU
iuFcQkX3HN60vVRDfVYGJzdr/oesjjNnV2dlsnDCs+aOu7c8fK1f+VrxlexTH/bN
U8O186DPuxM=
=E5t7
-----END PGP SIGNATURE-----