Oval Definition:oval:com.redhat.rhsa:def:20201112
Revision Date:2020-03-31Version:638
Title:RHSA-2020:1112: php security update (Moderate)
Description:PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

Security Fix(es):

  • php: Reflected XSS on PHAR 404 page (CVE-2018-5712)

  • php: Stack-based buffer under-read in php_stream_url_wrap_http_ex() in http_fopen_wrapper.c when parsing HTTP response (CVE-2018-7584)

  • php: Reflected XSS vulnerability on PHAR 403 and 404 error pages (CVE-2018-10547)

  • php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c (CVE-2019-9024)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2018-10547
    CVE-2018-5712
    CVE-2018-7584
    CVE-2019-9024
    RHSA-2020:1112
    Platform(s):Red Hat Enterprise Linux 7
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • php is earlier than 0:5.4.16-48.el7
  • AND php is signed with Red Hat redhatrelease2 key
  • php-bcmath is earlier than 0:5.4.16-48.el7
  • AND php-bcmath is signed with Red Hat redhatrelease2 key
  • php-cli is earlier than 0:5.4.16-48.el7
  • AND php-cli is signed with Red Hat redhatrelease2 key
  • php-common is earlier than 0:5.4.16-48.el7
  • AND php-common is signed with Red Hat redhatrelease2 key
  • php-dba is earlier than 0:5.4.16-48.el7
  • AND php-dba is signed with Red Hat redhatrelease2 key
  • php-devel is earlier than 0:5.4.16-48.el7
  • AND php-devel is signed with Red Hat redhatrelease2 key
  • php-embedded is earlier than 0:5.4.16-48.el7
  • AND php-embedded is signed with Red Hat redhatrelease2 key
  • php-enchant is earlier than 0:5.4.16-48.el7
  • AND php-enchant is signed with Red Hat redhatrelease2 key
  • php-fpm is earlier than 0:5.4.16-48.el7
  • AND php-fpm is signed with Red Hat redhatrelease2 key
  • php-gd is earlier than 0:5.4.16-48.el7
  • AND php-gd is signed with Red Hat redhatrelease2 key
  • php-intl is earlier than 0:5.4.16-48.el7
  • AND php-intl is signed with Red Hat redhatrelease2 key
  • php-ldap is earlier than 0:5.4.16-48.el7
  • AND php-ldap is signed with Red Hat redhatrelease2 key
  • php-mbstring is earlier than 0:5.4.16-48.el7
  • AND php-mbstring is signed with Red Hat redhatrelease2 key
  • php-mysql is earlier than 0:5.4.16-48.el7
  • AND php-mysql is signed with Red Hat redhatrelease2 key
  • php-mysqlnd is earlier than 0:5.4.16-48.el7
  • AND php-mysqlnd is signed with Red Hat redhatrelease2 key
  • php-odbc is earlier than 0:5.4.16-48.el7
  • AND php-odbc is signed with Red Hat redhatrelease2 key
  • php-pdo is earlier than 0:5.4.16-48.el7
  • AND php-pdo is signed with Red Hat redhatrelease2 key
  • php-pgsql is earlier than 0:5.4.16-48.el7
  • AND php-pgsql is signed with Red Hat redhatrelease2 key
  • php-process is earlier than 0:5.4.16-48.el7
  • AND php-process is signed with Red Hat redhatrelease2 key
  • php-pspell is earlier than 0:5.4.16-48.el7
  • AND php-pspell is signed with Red Hat redhatrelease2 key
  • php-recode is earlier than 0:5.4.16-48.el7
  • AND php-recode is signed with Red Hat redhatrelease2 key
  • php-snmp is earlier than 0:5.4.16-48.el7
  • AND php-snmp is signed with Red Hat redhatrelease2 key
  • php-soap is earlier than 0:5.4.16-48.el7
  • AND php-soap is signed with Red Hat redhatrelease2 key
  • php-xml is earlier than 0:5.4.16-48.el7
  • AND php-xml is signed with Red Hat redhatrelease2 key
  • php-xmlrpc is earlier than 0:5.4.16-48.el7
  • AND php-xmlrpc is signed with Red Hat redhatrelease2 key
    • BACK