[ALSA-2020:1624] Moderate: php:7.2 security, bug fix, and enhancement update
Type:
security
Severity:
moderate
Release date:
2020-04-28
Description:
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php (7.2.24). (BZ#1726981) Security Fix(es): * php: Invalid memory access in function xmlrpc_decode() (CVE-2019-9020) * php: File rename across filesystems may allow unwanted access during processing (CVE-2019-9637) * php: Uninitialized read in exif_process_IFD_in_MAKERNOTE (CVE-2019-9638) * php: Uninitialized read in exif_process_IFD_in_MAKERNOTE (CVE-2019-9639) * php: Invalid read in exif_process_SOFn() (CVE-2019-9640) * php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() (CVE-2019-11039) * php: Buffer over-read in exif_read_data() (CVE-2019-11040) * php: Buffer over-read in PHAR reading functions (CVE-2018-20783) * php: Heap-based buffer over-read in PHAR reading functions (CVE-2019-9021) * php: memcpy with negative length via crafted DNS response (CVE-2019-9022) * php: Heap-based buffer over-read in mbstring regular expression functions (CVE-2019-9023) * php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c (CVE-2019-9024) * php: Heap buffer overflow in function exif_process_IFD_TAG() (CVE-2019-11034) * php: Heap buffer overflow in function exif_iif_add_value() (CVE-2019-11035) * php: Buffer over-read in exif_process_IFD_TAG() leading to information disclosure (CVE-2019-11036) * php: Heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041) * php: Heap buffer over-read in exif_process_user_comment() (CVE-2019-11042) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages:
  • apcu-panel-5.1.12-2.module_el8.3.0+2010+7c76a223.noarch.rpm
  • libzip-1.5.1-2.module_el8.3.0+2010+7c76a223.x86_64.rpm
  • libzip-devel-1.5.1-2.module_el8.3.0+2010+7c76a223.x86_64.rpm
  • libzip-tools-1.5.1-2.module_el8.3.0+2010+7c76a223.x86_64.rpm
  • php-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm
  • php-bcmath-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm
  • php-cli-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm
  • php-common-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm
  • php-dba-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm
  • php-dbg-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm
  • php-devel-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm
  • php-embedded-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm
  • php-enchant-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm
  • php-fpm-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm
  • php-gd-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm
  • php-gmp-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm
  • php-intl-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm
  • php-json-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm
  • php-ldap-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm
  • php-mbstring-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm
  • php-mysqlnd-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm
  • php-odbc-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm
  • php-opcache-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm
  • php-pdo-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm
  • php-pear-1.10.5-9.module_el8.3.0+2010+7c76a223.noarch.rpm
  • php-pecl-apcu-5.1.12-2.module_el8.3.0+2010+7c76a223.x86_64.rpm
  • php-pecl-apcu-devel-5.1.12-2.module_el8.3.0+2010+7c76a223.x86_64.rpm
  • php-pecl-zip-1.15.3-1.module_el8.3.0+2010+7c76a223.x86_64.rpm
  • php-pgsql-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm
  • php-process-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm
  • php-recode-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm
  • php-snmp-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm
  • php-soap-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm
  • php-xml-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm
  • php-xmlrpc-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.