RHSA-2020:3662-01 -- Redhat libzip, php, php-pear, php-pecl-apcu, php-pecl-rrd, php-pecl-xdebug, php-pecl-zipID: oval:org.secpod.oval:def:66572 | Date: (C)2020-10-30 (M)2024-04-17 |
Class: PATCH | Family: unix |
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php . Security Fix: * php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers * php: Buffer over-read in exif_read_data * php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte * php: Information disclosure in exif_read_data * php: Integer wraparounds when receiving multipart forms * oniguruma: Use-after-free in onig_new_deluxe in regext.c * oniguruma: NULL pointer dereference in match_at in regexec.c * oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c * oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c * oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c * pcre: Out of bounds read in JIT mode when \X is used in non-UTF mode * php: Out of bounds read in php_strip_tags_ex * php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function * php: NULL pointer dereference in PHP session upload progress * php: Files added to tar with Phar::buildFromIterator have all-access permissions * php: Information disclosure in exif_read_data function * php: Using mb_strtolower function with UTF-32LE encoding leads to potential code execution * php: Heap buffer over-read in exif_scan_thumbnail * php: Heap buffer over-read in exif_process_user_comment * php: Out of bounds read when parsing EXIF information * oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c * php: Information disclosure in function get_headers For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Product: |
libzip |
php |
php-pear |
php-pecl-apcu |
php-pecl-rrd |
php-pecl-xdebug |
php-pecl-zip |