ALSA-2020:1624

[ALSA-2020:1624] Moderate: php:7.2 security, bug fix, and enhancement update

Type:

security

Severity:

moderate

Release date:

2020-04-28

Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

The following packages have been upgraded to a later upstream version: php (7.2.24). (BZ#1726981)

Security Fix(es):

* php: Invalid memory access in function xmlrpc_decode() (CVE-2019-9020)

* php: File rename across filesystems may allow unwanted access during processing (CVE-2019-9637)

* php: Uninitialized read in exif_process_IFD_in_MAKERNOTE (CVE-2019-9638)

* php: Uninitialized read in exif_process_IFD_in_MAKERNOTE (CVE-2019-9639)

* php: Invalid read in exif_process_SOFn() (CVE-2019-9640)

* php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() (CVE-2019-11039)

* php: Buffer over-read in exif_read_data() (CVE-2019-11040)

* php: Buffer over-read in PHAR reading functions (CVE-2018-20783)

* php: Heap-based buffer over-read in PHAR reading functions (CVE-2019-9021)

* php: memcpy with negative length via crafted DNS response (CVE-2019-9022)

* php: Heap-based buffer over-read in mbstring regular expression functions (CVE-2019-9023)

* php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c (CVE-2019-9024)

* php: Heap buffer overflow in function exif_process_IFD_TAG() (CVE-2019-11034)

* php: Heap buffer overflow in function exif_iif_add_value() (CVE-2019-11035)

* php: Buffer over-read in exif_process_IFD_TAG() leading to information disclosure (CVE-2019-11036)

* php: Heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041)

* php: Heap buffer over-read in exif_process_user_comment() (CVE-2019-11042)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	php-mbstring-7.2.24-1.module_el8.4.0+2228+7c76a223.aarch64.rpm	06e44a88b67c3c7a3077e52346864e7333193b5c179122bb45ce737c88af45e0
aarch64	php-gmp-7.2.24-1.module_el8.4.0+2228+7c76a223.aarch64.rpm	0a184119ba8018c90b34cb202ddcefc377733da4a6504d37245844e00af4c318
aarch64	php-dba-7.2.24-1.module_el8.4.0+2228+7c76a223.aarch64.rpm	12c3d05e85786deeff339e3a8a2aeb0684052df12f4a46d2e965039fbae9ef28
aarch64	php-xml-7.2.24-1.module_el8.4.0+2228+7c76a223.aarch64.rpm	14a63b92ad46c8d495668b28244936cf68d92ca101cae985a64bd2fd94a19a6f
aarch64	php-common-7.2.24-1.module_el8.4.0+2228+7c76a223.aarch64.rpm	22ef7a2599fd2c8a5618d8c85ec022823ce48293af88aef542396d14ada9d7c8
aarch64	php-embedded-7.2.24-1.module_el8.4.0+2228+7c76a223.aarch64.rpm	24aeb57ddaa6be3fb85e8554b5601d56d39f363f6ee9607dc8adb62b5d187297
aarch64	php-pdo-7.2.24-1.module_el8.4.0+2228+7c76a223.aarch64.rpm	27af584d9f3f970a9d07fc80de84ae5eee22ed09856667f767c6153f85d0bcc7
aarch64	libzip-devel-1.5.1-2.module_el8.4.0+2228+7c76a223.aarch64.rpm	30e1eb53154934def2303456e3ff6f98e8be58426e1c3834508f18c5154b5cf0
aarch64	php-enchant-7.2.24-1.module_el8.4.0+2228+7c76a223.aarch64.rpm	31bf48600e897b85b6cd5ccaa151ec7b950970630f2386ef858569c0af53e68b
aarch64	libzip-tools-1.5.1-2.module_el8.4.0+2228+7c76a223.aarch64.rpm	3590f60911fcbc12b3636fa2371d9d527f2f4b26a176684f178ae525b30a84f5
aarch64	php-dbg-7.2.24-1.module_el8.4.0+2228+7c76a223.aarch64.rpm	39b258b9fdebb035a85c7e2aba9698dbe944699dc24e45e97228236a0aa2f2e2
aarch64	php-gd-7.2.24-1.module_el8.4.0+2228+7c76a223.aarch64.rpm	5914d04d4766eb89897b7bae7b4e63fd98bbde08977963c6451192b548faff81
aarch64	php-pecl-zip-1.15.3-1.module_el8.4.0+2228+7c76a223.aarch64.rpm	651e03228c81c03113cd3044bfdf9946b9c389344707bf13dd77e89647ed6195
aarch64	php-json-7.2.24-1.module_el8.4.0+2228+7c76a223.aarch64.rpm	672d7bbaf76dcad951779e64f9223df04416efbf9cf6e92d91ff00252bd1fc11
aarch64	php-fpm-7.2.24-1.module_el8.4.0+2228+7c76a223.aarch64.rpm	695977f826a9ae5ec05ad5bbce421300e41e653b715cba84dde2c45e6a711ade
aarch64	php-soap-7.2.24-1.module_el8.4.0+2228+7c76a223.aarch64.rpm	77f8634963f51ec9de0c752c8100c92c92d3bb0d4b89ee28724fc8e55df5e84b
aarch64	php-pecl-apcu-5.1.12-2.module_el8.4.0+2228+7c76a223.aarch64.rpm	87678c8fc296edbb0ad16891b3f19a0573ab388922b246e356894ebbb940bd05
aarch64	php-bcmath-7.2.24-1.module_el8.4.0+2228+7c76a223.aarch64.rpm	878b4f8bd6d4b5eb65f8d90768409a334223012aa06504deeb4f8345246ef485
aarch64	php-opcache-7.2.24-1.module_el8.4.0+2228+7c76a223.aarch64.rpm	8fbac87e0a6dbb009a34fd85e85ada180a400bb0ce543b164e1c04f107875a6e
aarch64	php-pgsql-7.2.24-1.module_el8.4.0+2228+7c76a223.aarch64.rpm	9c32a397f868ffde1ec7efc585f952148d32b35bbb2aa0801c96ce58ea80ed48
aarch64	libzip-1.5.1-2.module_el8.4.0+2228+7c76a223.aarch64.rpm	9f09d96fb6676ee1b29ef6a41cf71cde13126d1da701b3203dd871de1b0ff5f6
aarch64	php-devel-7.2.24-1.module_el8.4.0+2228+7c76a223.aarch64.rpm	ac4fb8445ff11044f0c8f1644d8f6559051ea191a3ddb7e6f837bb51ba4a38d7
aarch64	php-ldap-7.2.24-1.module_el8.4.0+2228+7c76a223.aarch64.rpm	ae15031f352965d17087c9d14ca0fef42d1f2aad3f0bebe5b837ad9e466125c1
aarch64	php-pecl-apcu-devel-5.1.12-2.module_el8.4.0+2228+7c76a223.aarch64.rpm	baa334289981799ca0543114b5f22076c85366333c5e0df9e5beef9efc6a2995
aarch64	php-mysqlnd-7.2.24-1.module_el8.4.0+2228+7c76a223.aarch64.rpm	c7c0e6a61179935a5465168485fd08f5b8873a4dcc5d966e41721100cb428088
aarch64	php-7.2.24-1.module_el8.4.0+2228+7c76a223.aarch64.rpm	d75d65c059a3c5e6f042fcb67ccbbd051b8e1540a0b11fa8097d584b1c98c73e
aarch64	php-xmlrpc-7.2.24-1.module_el8.4.0+2228+7c76a223.aarch64.rpm	d93270cfa04f6d8eb8a4dff935ecee98e5702b09cca6e82bfdbdb2e83ae03c68
aarch64	php-cli-7.2.24-1.module_el8.4.0+2228+7c76a223.aarch64.rpm	ed0dc100374c6a110362a6f3190c558da0c7c8a2f7877ffb83dd2b5b369b75db
aarch64	php-snmp-7.2.24-1.module_el8.4.0+2228+7c76a223.aarch64.rpm	ee0fcf5032c7b02a2d383ffdf98c16ef7f0d1c7ccec51ab2af95aa52205842fb
aarch64	php-process-7.2.24-1.module_el8.4.0+2228+7c76a223.aarch64.rpm	ee9801fb3a2d18216c1ae0893571dae01d0730b9a185173602b3d828f6861804
aarch64	php-intl-7.2.24-1.module_el8.4.0+2228+7c76a223.aarch64.rpm	f7e71e6887489240e9b82662523f41ac382082d31deb6e836c9f4744afbdc786
aarch64	php-recode-7.2.24-1.module_el8.4.0+2228+7c76a223.aarch64.rpm	f9e65042e3eda10a10915bdee619ca1988e7527675597a882e2fab4da90ceca9
aarch64	php-odbc-7.2.24-1.module_el8.4.0+2228+7c76a223.aarch64.rpm	fc03e1911418757af787a51608f82614dfcbb47e8a873bc68865ccf1752037fa
noarch	apcu-panel-5.1.12-2.module_el8.3.0+2010+7c76a223.noarch.rpm	a8150cc85924eac6c55d84d57cf416b40b5a97a341a5d5ae298bd77a7274da5a
noarch	php-pear-1.10.5-9.module_el8.3.0+2010+7c76a223.noarch.rpm	d395dd7c89f997659fde7691c83af4d57154ca41e0f6d661e7dde08bf1fc95f9
ppc64le	php-gd-7.2.24-1.module_el8.5.0+53+9945c2af.ppc64le.rpm	0578c1bd23f6cc6401afb9377ea50c3266a8b665eb09de7b906a980674c67a25
ppc64le	php-process-7.2.24-1.module_el8.5.0+53+9945c2af.ppc64le.rpm	07458769788d753d3c209d1fc0b335f65fc64a117d4ab88105e67c574305564b
ppc64le	php-pecl-apcu-devel-5.1.12-2.module_el8.5.0+53+9945c2af.ppc64le.rpm	12ced60dd6cc11f4c97178f7fd9625d7b631899a8597978c10902f2f37785ee3
ppc64le	php-recode-7.2.24-1.module_el8.5.0+53+9945c2af.ppc64le.rpm	166a1db08dc8e9eab3e99e14cadae73f852403b3c082f23c19dda8822569962a
ppc64le	php-dba-7.2.24-1.module_el8.5.0+53+9945c2af.ppc64le.rpm	1d189b5fed5e57159295adf452332b34a7771b7e62db2670f11f34f6105b6089
ppc64le	php-opcache-7.2.24-1.module_el8.5.0+53+9945c2af.ppc64le.rpm	20eb406fc9f70bf73add2c031db038e460ba2fd9a86e1e14eb6fc1ca479ad801
ppc64le	php-bcmath-7.2.24-1.module_el8.5.0+53+9945c2af.ppc64le.rpm	3dc6e473fc021c25f8bd2cbe71f2d09b5450fc6a2bba4df9471c339416aa0da6
ppc64le	php-fpm-7.2.24-1.module_el8.5.0+53+9945c2af.ppc64le.rpm	4594d63aa6a07a6e0166ebbc73e41845c42e3c53bf788dfaae9841e632d77d2e
ppc64le	php-dbg-7.2.24-1.module_el8.5.0+53+9945c2af.ppc64le.rpm	4b6c576d02aac1ce1cbdd81a24cd61f4ba6b51161ac28c8a2fd1b49cfbefba73
ppc64le	php-embedded-7.2.24-1.module_el8.5.0+53+9945c2af.ppc64le.rpm	4dfb7dd62cef80b62f81d2559abdf1c3d8c02cfb0a46a88f2eba3c117cc19c95
ppc64le	php-devel-7.2.24-1.module_el8.5.0+53+9945c2af.ppc64le.rpm	57ba92f88a95710af32ef94d4d36c2c4992145a2b6079e0a926f424116b8d380
ppc64le	php-pecl-zip-1.15.3-1.module_el8.5.0+53+9945c2af.ppc64le.rpm	58a0964fd732b3dd3289fddebdac6b44eaf1128485b8f53eac16bf4f1cbc4cbf
ppc64le	php-pecl-apcu-5.1.12-2.module_el8.5.0+53+9945c2af.ppc64le.rpm	5c9e6894dd88460f839b8405823d706edcf37bdc331c31a2c70254548f86e7c7
ppc64le	php-gmp-7.2.24-1.module_el8.5.0+53+9945c2af.ppc64le.rpm	663c085c00164be98624b8a1802cff9ce8e50a4bc9d4511d52ec091960367fca
ppc64le	php-mysqlnd-7.2.24-1.module_el8.5.0+53+9945c2af.ppc64le.rpm	66f7dc4b0c9bb847ecbc4bfa0103964d2c780b879ff931eb87942d5a73b6c7d8
ppc64le	php-common-7.2.24-1.module_el8.5.0+53+9945c2af.ppc64le.rpm	6916fdc379078cd3d7e069d9bfcdbc16a4e0b48c6a67e3b84e6e9090431337a3
ppc64le	php-intl-7.2.24-1.module_el8.5.0+53+9945c2af.ppc64le.rpm	6cc393222b0d8c85868447a8639a2d5d787c46f70266a1169ae6544d25af00b8
ppc64le	php-json-7.2.24-1.module_el8.5.0+53+9945c2af.ppc64le.rpm	6e3eb1dd9f6ba3082a7ed61ab87540ed0fffd83d2df389713d36788df3442c0d
ppc64le	php-xmlrpc-7.2.24-1.module_el8.5.0+53+9945c2af.ppc64le.rpm	6fa61f1aaecb616394348d1fffdbb0aae4730993700d161fc3cd6605170f0429
ppc64le	php-enchant-7.2.24-1.module_el8.5.0+53+9945c2af.ppc64le.rpm	8d39baa0d151c2799bcd755d623c76b8c62a182fbf26157d3ab68c51f531cdc9
ppc64le	php-mbstring-7.2.24-1.module_el8.5.0+53+9945c2af.ppc64le.rpm	8d9d67e5342cd30628e4866901812d5f201206bbc38cf9d2e659fa41b79943fc
ppc64le	php-odbc-7.2.24-1.module_el8.5.0+53+9945c2af.ppc64le.rpm	9144cf40414ac0be0e4a8d5013bfbd2237a63793b5105e991abc8fc0de58c54a
ppc64le	php-pdo-7.2.24-1.module_el8.5.0+53+9945c2af.ppc64le.rpm	918a181451ea745025d05dd8ade0bb3f96c7cad85bbcc27635290ece1ca221bb
ppc64le	libzip-devel-1.5.1-2.module_el8.5.0+53+9945c2af.ppc64le.rpm	990119a66f05a49bdc10b6737eff0c3f1b8b0fac76231fc31ebdcaaef7701803
ppc64le	php-snmp-7.2.24-1.module_el8.5.0+53+9945c2af.ppc64le.rpm	9c4ac118ea599069c3fbf21ae4d0382f315a76f6a309d024065f78d130fba99d
ppc64le	libzip-1.5.1-2.module_el8.5.0+53+9945c2af.ppc64le.rpm	a28578327b37904da03606632cf8d7f0f28773e2a4ea30101b9d2e01ebea020b
ppc64le	php-pgsql-7.2.24-1.module_el8.5.0+53+9945c2af.ppc64le.rpm	a59e03790c1023d09a2e58ae0a4bddc7d8b1f7810a9730441a7254948a2634da
ppc64le	libzip-tools-1.5.1-2.module_el8.5.0+53+9945c2af.ppc64le.rpm	ab61b23a5c38de84b64871d74ed144dcad54625231b35a2749de4561efc1575c
ppc64le	php-ldap-7.2.24-1.module_el8.5.0+53+9945c2af.ppc64le.rpm	b0b7372e1f2ea34debaf5d7f3e3258e00d6d88d4ef1c160ffa737c4867de768f
ppc64le	php-xml-7.2.24-1.module_el8.5.0+53+9945c2af.ppc64le.rpm	c16795c3a27d4ece701354ab7b7142ae1ea6c59c7456a8b6c716c2437239b60f
ppc64le	php-soap-7.2.24-1.module_el8.5.0+53+9945c2af.ppc64le.rpm	c430ae5875e724e2de0d9b1794f05794c53d42aed74805fd11749382de0f5a38
ppc64le	php-7.2.24-1.module_el8.5.0+53+9945c2af.ppc64le.rpm	d7f3494ea93f32d719b2f0eebb229232e71f22b2a06602616805f319c8cff726
ppc64le	php-cli-7.2.24-1.module_el8.5.0+53+9945c2af.ppc64le.rpm	f10a037832b76983d92fd06547b12a8d07d811c8d6bbfafbf17dec37444be4f3
x86_64	php-bcmath-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm	113dc73020efc3bfc73de6f8f455df51f0dd6d3e9cbb5835700d91bae447d9b7
x86_64	php-dbg-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm	1d985716190e66973a1c4487d325ee8e76e91cfbfcb94acdcae3d8dccebe0d19
x86_64	php-gd-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm	2122172e426f40c2878ad785db4e74db5c171ecdfd74d3ca394f5ffff3a6cd2e
x86_64	php-snmp-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm	22878d36e1e368d88a532d2d5830fa6dd590f1d118ba4729c67a31b1084df672
x86_64	php-devel-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm	2dedb08f531526616c5ce6a7f7310f045af97c0492294763f86ddc0a77851d5e
x86_64	php-fpm-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm	34ae214faa9062ac848c2de3db90944b1c5fcc70a39847c22f27f2c8ce9f1af3
x86_64	php-pdo-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm	34d80d2e0d98531677506e78d581b440e229a3b9b64695a9edbb992eaa910e22
x86_64	php-mysqlnd-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm	3ef7698f2c78085388fcb93f9e9d79022ce271b80fc72303377084c36b2ecb09
x86_64	libzip-devel-1.5.1-2.module_el8.3.0+2010+7c76a223.x86_64.rpm	437005e26b646de6f6e48c072ba5bd4ceac744b40060bf963dfb1f7d8361dd57
x86_64	php-common-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm	47966c59976d1a48df2f82c32fb5fa291ff86eeac0065687e881142bdbebf118
x86_64	php-ldap-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm	4a25fabc5375bc3571bb0644dd1711add1b8f030d053ed1ebcd4f40dab94f58c
x86_64	php-xml-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm	544d7825874da3adf7ea63cc3bfc0dd1051f39ffeb5d23af57eb1ac1828bfd6f
x86_64	php-dba-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm	5650a26d5e8187197cb9ce35f91ed310ce879a68b1ae015684372ec35805291f
x86_64	libzip-1.5.1-2.module_el8.3.0+2010+7c76a223.x86_64.rpm	6b451d0ae8231903a160e7786cfa74ea523d797cf8d941477d84d2d8f45a62e2
x86_64	php-pecl-apcu-devel-5.1.12-2.module_el8.3.0+2010+7c76a223.x86_64.rpm	71c6cb656ada194f35365e55348574442616dbbc4847ee8c78045785c62ed5fc
x86_64	php-mbstring-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm	7687ff58606c2a926a2a5aeb70ace1e89d2fe63f49adb55a38dd0f9a3f7049b0
x86_64	libzip-tools-1.5.1-2.module_el8.3.0+2010+7c76a223.x86_64.rpm	7a46d39e59bd3847a9f8b0762b5936075a823f1a9bf8a5108b33bb23663ed529
x86_64	php-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm	846ed65fc62bb8e80cc9765b5e0abd2e59f31f2eb91f16a213bc5ab9a046b682
x86_64	php-enchant-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm	85bda80f4ad4463a57f47771a802e06123c24b17e9591af17530249d8ebd29aa
x86_64	php-opcache-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm	98a68fb630e9ae86e60180c986c51a2bbde5e00b51a3efdeebc6f25e0495edcf
x86_64	php-embedded-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm	9c80e86648669a9013c135956ffa778db36a2fc78a92430923dbf858accce9fe
x86_64	php-gmp-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm	a466cb07766686001732a85b8e1441f58f55b25951d2577ecc370e58a5e89f8d
x86_64	php-pgsql-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm	a50ee949b4dfb280eb38643149aaa9791dcaa046a213e8b9cdd87cf873b12bdf
x86_64	php-odbc-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm	aa17333bffb0e503cbe0fdd58e2194d609738d81d6ce5b8cb5b8cd39c7b8181c
x86_64	php-json-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm	aaf15edb09341891fcc250b3f159bce10e3b2fa385b089a1c68be3d74889dd54
x86_64	php-pecl-zip-1.15.3-1.module_el8.3.0+2010+7c76a223.x86_64.rpm	acd6695d6318e64647a5cc4414fc018e8be25214be3534385b3db3ba03baeef4
x86_64	php-xmlrpc-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm	c36aad9fc0d956e4696d0b2db7c888ae73c9a4b8f69172515501f4c3f6bd8d64
x86_64	php-intl-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm	ccdc549f6209ecfe6d145960f077a544d3b6c53b0c6f35542bf9739d7b9d453f
x86_64	php-recode-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm	d911cdc312b32a7419828af3850598faeb9fbe5cc6c505ddcc2107a940d73e86
x86_64	php-pecl-apcu-5.1.12-2.module_el8.3.0+2010+7c76a223.x86_64.rpm	e924ff6d12d6e0138cef4d68b8090ed97893236646b9faf52d7f9b6d7938088c
x86_64	php-cli-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm	eec67e59c7923c293febb0a606b35f352ab29d972099932100b1493775e17dbd
x86_64	php-process-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm	f9cc25634d0eec91effb669a36dbf6bd0ec014db37954c247d3550ee9543df86
x86_64	php-soap-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpm	fba8da9a450e9794478b5eed39056ffa10c6e325223268291c31323e488d70b0

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.