Download
| Alert*
oval:org.secpod.oval:def:76670
In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in ext/phar ... oval:org.secpod.oval:def:603587 Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: The EXIF module was susceptible to denial of service/information disclosure when parsing malformed images, the Apache module allowed cross-site-scripting via the body of a Transfer-Encoding: chu ... oval:org.secpod.oval:def:1505314 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:504902 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: rh-php72-php . Security Fix: * php: underflow in env_path_info in fpm_main.c * gd: Unsigned integer underflow _gdContributionsAlloc * gd: He ... oval:org.secpod.oval:def:66778 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php . Security Fix: * php: Invalid memory access in function xmlrpc_decode * php: File rename across filesystems may allow unwanted access du ... oval:org.secpod.oval:def:2500164 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. oval:org.secpod.oval:def:505023 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: rh-php71-php . Security Fix: * gd: Unsigned integer underflow _gdContributionsAlloc * php: Out of bounds access in php_pcre.c:php_pcre_replac ... oval:org.secpod.oval:def:69493 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php . Security Fix: * php: Invalid memory access in function xmlrpc_decode * php: File rename across filesystems may allow unwanted access du ... oval:org.secpod.oval:def:89003306 This update for php53 fixes the following issues: Security issues fixed: - CVE-2019-9637: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension . - CVE-2019-9675: Fixed improper implementation of rename function and multiple invalid memory access in EX ... oval:org.secpod.oval:def:3300866 SUSE Security Update: Security update for php7 oval:org.secpod.oval:def:89047906 This update for php7 fixes the following issues: - Version update to 7.2.34 [jsc#SLE-23639] - CVE-2022-37454: Fixed SHA-3 buffer overflow . - Fix integer overflow in PHP_SHA3##bits . |