RHSA-2020:5275-01 -- Redhat rh-php73-phpID: oval:org.secpod.oval:def:505213 | Date: (C)2020-12-02 (M)2024-04-17 |
Class: PATCH | Family: unix |
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: rh-php73-php . Security Fix: * php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte * php: Information disclosure in exif_read_data * php: Integer wraparounds when receiving multipart forms * oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c * oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c * php: Out of bounds read in php_strip_tags_ex * php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function * php: NULL pointer dereference in PHP session upload progress * php: Files added to tar with Phar::buildFromIterator have all-access permissions * php: Information disclosure in exif_read_data function * php: Using mb_strtolower function with UTF-32LE encoding leads to potential code execution * php: Out of bounds read when parsing EXIF information * oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c * php: Information disclosure in function get_headers For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Software Collections 3.6 Release Notes linked from the References section.
Platform: |
Red Hat Enterprise Linux 7 |