PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php . Security Fix: * php: Invalid memory access in function xmlrpc_decode * php: File rename across filesystems may allow unwanted access during processing * php: Uninitialized read in exif_process_IFD_in_MAKERNOTE * php: Uninitialized read in exif_process_IFD_in_MAKERNOTE * php: Invalid read in exif_process_SOFn * php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers * php: Buffer over-read in exif_read_data * php: Buffer over-read in PHAR reading functions * php: Heap-based buffer over-read in PHAR reading functions * php: memcpy with negative length via crafted DNS response * php: Heap-based buffer over-read in mbstring regular expression functions * php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c * php: Heap buffer overflow in function exif_process_IFD_TAG * php: Heap buffer overflow in function exif_iif_add_value * php: Buffer over-read in exif_process_IFD_TAG leading to information disclosure * php: Heap buffer over-read in exif_scan_thumbnail * php: Heap buffer over-read in exif_process_user_comment For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the CentOS 8.2 Release Notes linked from the References section.