var-201908-1841
Vulnerability from variot
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. PHP EXIF Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by PHPGroup and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc.
Successfully exploiting this issue allow malicious users to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions.
PHP versions before 7.3.8 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2019-10-29-10 Additional information for APPLE-SA-2019-10-07-1 macOS Catalina 10.15
macOS Catalina 10.15 addresses the following:
AMD Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8748: Lilang Wu and Moony Li of TrendMicro Mobile Security Research Team
apache_mod_php Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Multiple issues in PHP Description: Multiple issues were addressed by updating to PHP version 7.3.8. CVE-2019-11041 CVE-2019-11042
Audio Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-8706: Yu Zhou of Ant-financial Light-Year Security Lab Entry added October 29, 2019
Books Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Parsing a maliciously crafted iBooks file may lead to a persistent denial-of-service Description: A resource exhaustion issue was addressed with improved input validation. CVE-2019-8774: Gertjan Franken imec-DistriNet of KU Leuven Entry added October 29, 2019
CFNetwork Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: This issue was addressed with improved checks. CVE-2019-8753: Łukasz Pilorz of Standard Chartered GBS Poland Entry added October 29, 2019
CoreAudio Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing a maliciously crafted movie may result in the disclosure of process memory Description: A memory corruption issue was addressed with improved validation. CVE-2019-8705: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative
CoreCrypto Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing a large input may lead to a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2019-8741: Nicky Mouha of NIST Entry added October 29, 2019
CoreMedia Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-8825: Found by GWP-ASan in Google Chrome Entry added October 29, 2019
Crash Reporter Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: The "Share Mac Analytics" setting may not be disabled when a user deselects the switch to share analytics Description: A race condition existed when reading and writing user preferences. This was addressed with improved state handling. CVE-2019-8757: William Cerniuk of Core Development, LLC
CUPS Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An input validation issue was addressed with improved input validation. CVE-2019-8736: Pawel Gocyla of ING Tech Poland (ingtechpoland.com) Entry added October 29, 2019
CUPS Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing a maliciously crafted string may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2019-8767: Stephen Zeisberg Entry added October 29, 2019
CUPS Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2019-8737: Pawel Gocyla of ING Tech Poland (ingtechpoland.com) Entry added October 29, 2019
File Quarantine Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A malicious application may be able to elevate privileges Description: This issue was addressed by removing the vulnerable code. CVE-2019-8509: CodeColorist of Ant-Financial LightYear Labs Entry added October 29, 2019
Foundation Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8746: Natalie Silvanovich and Samuel Groß of Google Project Zero Entry added October 29, 2019
Graphics Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing a malicious shader may result in unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2018-12152: Piotr Bania of Cisco Talos CVE-2018-12153: Piotr Bania of Cisco Talos CVE-2018-12154: Piotr Bania of Cisco Talos Entry added October 29, 2019
Intel Graphics Driver Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8758: Lilang Wu and Moony Li of Trend Micro
IOGraphics Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A malicious application may be able to determine kernel memory layout Description: A logic issue was addressed with improved restrictions. CVE-2019-8755: Lilang Wu and Moony Li of Trend Micro
IOGraphics Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8759: another of 360 Nirvan Team Entry added October 29, 2019
Kernel Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A local app may be able to read a persistent account identifier Description: A validation issue was addressed with improved logic. CVE-2019-8809: Apple Entry added October 29, 2019
Kernel Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2019-8709: derrek (@derrekr6) [confirmed]derrek (@derrekr6) CVE-2019-8781: Linus Henze (pinauten.de) Entry added October 29, 2019
Kernel Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8717: Jann Horn of Google Project Zero
Kernel Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A malicious application may be able to determine kernel memory layout Description: A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with improved memory management. CVE-2019-8744: Zhuo Liang of Qihoo 360 Vulcan Team Entry added October 29, 2019
libxml2 Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Multiple issues in libxml2 Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2019-8749: found by OSS-Fuzz CVE-2019-8756: found by OSS-Fuzz Entry added October 29, 2019
libxslt Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Multiple issues in libxslt Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2019-8750: found by OSS-Fuzz Entry added October 29, 2019
mDNSResponder Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An attacker in physical proximity may be able to passively observe device names in AWDL communications Description: This issue was resolved by replacing device names with a random identifier. CVE-2019-8799: David Kreitschmann and Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt Entry added October 29, 2019
Menus Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-8826: Found by GWP-ASan in Google Chrome Entry added October 29, 2019
Notes Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A local user may be able to view a user's locked notes Description: The contents of locked notes sometimes appeared in search results. This issue was addressed with improved data cleanup. CVE-2019-8730: Jamie Blumberg (@jamie_blumberg) of Virginia Polytechnic Institute and State University
PDFKit Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An attacker may be able to exfiltrate the contents of an encrypted PDF Description: An issue existed in the handling of links in encrypted PDFs. This issue was addressed by adding a confirmation prompt. CVE-2019-8772: Jens Müller of Ruhr University Bochum, Fabian Ising of FH Münster University of Applied Sciences, Vladislav Mladenov of Ruhr University Bochum, Christian Mainka of Ruhr University Bochum, Sebastian Schinzel of FH Münster University of Applied Sciences, and Jörg Schwenk of Ruhr University Bochum
PluginKit Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A local user may be able to check for the existence of arbitrary files Description: A logic issue was addressed with improved restrictions. CVE-2019-8708: an anonymous researcher Entry added October 29, 2019
PluginKit Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8715: an anonymous researcher Entry added October 29, 2019
SharedFileList Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A malicious application may be able to access recent documents Description: The issue was addressed with improved permissions logic. CVE-2019-8770: Stanislav Zinukhov of Parallels International GmbH
sips Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8701: Simon Huang(@HuangShaomang), Rong Fan(@fanrong1992) and pjf of IceSword Lab of Qihoo 360
UIFoundation Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Parsing a maliciously crafted text file may lead to disclosure of user information Description: This issue was addressed with improved checks. CVE-2019-8761: Renee Trisberg of SpectX Entry added October 29, 2019
UIFoundation Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8745: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative
WebKit Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A user may be unable to delete browsing history items Description: "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. CVE-2019-8768: Hugo S. Diaz (coldpointblue)
WebKit Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Visiting a maliciously crafted website may reveal browsing history Description: An issue existed in the drawing of web page elements. The issue was addressed with improved logic. CVE-2019-8769: Piérre Reimertz (@reimertz)
Additional recognition
AppleRTC We would like to acknowledge Vitaly Cheptsov for their assistance.
Audio We would like to acknowledge riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative for their assistance.
boringssl We would like to acknowledge Nimrod Aviram of Tel Aviv University, Robert Merget of Ruhr University Bochum, Juraj Somorovsky of Ruhr University Bochum and Thijs Alkemade (@xnyhps) of Computest for their assistance.
Finder We would like to acknowledge Csaba Fitzl (@theevilbit) for their assistance.
Gatekeeper We would like to acknowledge Csaba Fitzl (@theevilbit) for their assistance.
Identity Service We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance.
Kernel We would like to acknowledge Brandon Azad of Google Project Zero for their assistance.
mDNSResponder We would like to acknowledge Gregor Lang of e.solutions GmbH for their assistance.
python We would like to acknowledge an anonymous researcher for their assistance.
Safari Data Importing We would like to acknowledge Kent Zoya for their assistance.
Simple certificate enrollment protocol (SCEP) We would like to acknowledge an anonymous researcher for their assistance.
Telephony We would like to acknowledge Phil Stokes from SentinelOne for their assistance.
VPN We would like to acknowledge Royce Gawron of Second Son Consulting, Inc. for their assistance.
Installation note:
macOS Catalina 10.15 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl24s4QACgkQBz4uGe3y 0M0s3w//QZG0JsE1BjWJ3mwKoSn/I1V0SLryV9UxJeibPfhyF6VJEYk63jZxZ5ki 48vM7iKE3nAHamNFOMtUvyzEdO6VGNZ1uiuSu9nkyziEERapHJSLcEh83p2JhWV/ SEsBB3bsT4l3V9ZYxk/9DX6ynCTzKLZTynw6Yo2PMYiMpavD5sfZ6v8U53qdZ+LX SNuw+vRTsvu3YlFkUStTdQ64sT72yGII0c8iFpSb2AWv7IgbypB5lW4/MRQjrzoc 9yMhvMgXcgAlzoH5GpGE2EflbekcQxudxDh1t0o7f8OASRPTljNjL4oiKXBMhiAM iUgDn7duE9LqupfSWK5WOUkF+XRV0qTaLCTDWaCzVa5YsApvSVPhbmoFqKXSQG8T U6SxQviqzJ06sD1jqm2sZ/LnD5xMEXhQvNx89oJrTRsCU/o0fy4tRhHp52aJoF7E Wvr1kTlo6SGm6NjkmZVoKj6962/0XUYSOt8gR+L/sF7N6URUG+1Ko2jx8zhYHMEO ju+Hw0TFHd+8mP29oOEIsIpuRpCp9jjgEJDdu7mGqJ1Py2Gs0uGeHEZd6DJhKggA IvdJu4Q9usjWaxQ9H3m2I/xEqw78sMEEFgCYfLTC0gf2ChaiGZuhKipcF04c81kM bOGmjuyJrajD/2rY9EHrqtCm5b2079YAIxUAmTOkT0uP2WmlZoM= =bhin -----END PGP SIGNATURE-----
.
For the stable distribution (buster), these problems have been fixed in version 7.3.9-1~deb10u1.
We recommend that you upgrade your php7.3 packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Critical: rh-php72-php security update Advisory ID: RHSA-2019:3299-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:3299 Issue date: 2019-11-01 CVE Names: CVE-2016-10166 CVE-2018-20783 CVE-2019-6977 CVE-2019-9020 CVE-2019-9021 CVE-2019-9022 CVE-2019-9023 CVE-2019-9024 CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 CVE-2019-11038 CVE-2019-11039 CVE-2019-11040 CVE-2019-11041 CVE-2019-11042 CVE-2019-11043 =====================================================================
- Summary:
An update for rh-php72-php is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
The following packages have been upgraded to a later upstream version: rh-php72-php (7.2.24). (BZ#1766603)
Security Fix(es):
-
php: underflow in env_path_info in fpm_main.c (CVE-2019-11043)
-
gd: Unsigned integer underflow _gdContributionsAlloc() (CVE-2016-10166)
-
gd: Heap based buffer overflow in gdImageColorMatch() in gd_color_match.c (CVE-2019-6977)
-
php: Invalid memory access in function xmlrpc_decode() (CVE-2019-9020)
-
php: File rename across filesystems may allow unwanted access during processing (CVE-2019-9637)
-
php: Uninitialized read in exif_process_IFD_in_MAKERNOTE (CVE-2019-9638)
-
php: Uninitialized read in exif_process_IFD_in_MAKERNOTE (CVE-2019-9639)
-
php: Invalid read in exif_process_SOFn() (CVE-2019-9640)
-
php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() (CVE-2019-11039)
-
php: Buffer over-read in exif_read_data() (CVE-2019-11040)
-
php: Buffer over-read in PHAR reading functions (CVE-2018-20783)
-
php: Heap-based buffer over-read in PHAR reading functions (CVE-2019-9021)
-
php: memcpy with negative length via crafted DNS response (CVE-2019-9022)
-
php: Heap-based buffer over-read in mbstring regular expression functions (CVE-2019-9023)
-
php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c (CVE-2019-9024)
-
php: Heap buffer overflow in function exif_process_IFD_TAG() (CVE-2019-11034)
-
php: Heap buffer overflow in function exif_iif_add_value() (CVE-2019-11035)
-
php: Buffer over-read in exif_process_IFD_TAG() leading to information disclosure (CVE-2019-11036)
-
gd: Information disclosure in gdImageCreateFromXbm() (CVE-2019-11038)
-
php: heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041)
-
php: heap buffer over-read in exif_process_user_comment() (CVE-2019-11042)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1418983 - CVE-2016-10166 gd: Unsigned integer underflow _gdContributionsAlloc() 1672207 - CVE-2019-6977 gd: Heap based buffer overflow in gdImageColorMatch() in gd_color_match.c 1680545 - CVE-2018-20783 php: Buffer over-read in PHAR reading functions 1685123 - CVE-2019-9020 php: Invalid memory access in function xmlrpc_decode() 1685132 - CVE-2019-9021 php: Heap-based buffer over-read in PHAR reading functions 1685398 - CVE-2019-9023 php: Heap-based buffer over-read in mbstring regular expression functions 1685404 - CVE-2019-9024 php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c 1685412 - CVE-2019-9022 php: memcpy with negative length via crafted DNS response 1688897 - CVE-2019-9637 php: File rename across filesystems may allow unwanted access during processing 1688922 - CVE-2019-9638 php: Uninitialized read in exif_process_IFD_in_MAKERNOTE 1688934 - CVE-2019-9639 php: Uninitialized read in exif_process_IFD_in_MAKERNOTE 1688939 - CVE-2019-9640 php: Invalid read in exif_process_SOFn() 1702246 - CVE-2019-11035 php: Heap buffer overflow in function exif_iif_add_value() 1702256 - CVE-2019-11034 php: Heap buffer overflow in function exif_process_IFD_TAG() 1707299 - CVE-2019-11036 php: Buffer over-read in exif_process_IFD_TAG() leading to information disclosure 1724149 - CVE-2019-11038 gd: Information disclosure in gdImageCreateFromXbm() 1724152 - CVE-2019-11039 php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() 1724154 - CVE-2019-11040 php: Buffer over-read in exif_read_data() 1739459 - CVE-2019-11041 php: heap buffer over-read in exif_scan_thumbnail() 1739465 - CVE-2019-11042 php: heap buffer over-read in exif_process_user_comment() 1766378 - CVE-2019-11043 php: underflow in env_path_info in fpm_main.c
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-php72-php-7.2.24-1.el7.src.rpm
aarch64: rh-php72-php-7.2.24-1.el7.aarch64.rpm rh-php72-php-bcmath-7.2.24-1.el7.aarch64.rpm rh-php72-php-cli-7.2.24-1.el7.aarch64.rpm rh-php72-php-common-7.2.24-1.el7.aarch64.rpm rh-php72-php-dba-7.2.24-1.el7.aarch64.rpm rh-php72-php-dbg-7.2.24-1.el7.aarch64.rpm rh-php72-php-debuginfo-7.2.24-1.el7.aarch64.rpm rh-php72-php-devel-7.2.24-1.el7.aarch64.rpm rh-php72-php-embedded-7.2.24-1.el7.aarch64.rpm rh-php72-php-enchant-7.2.24-1.el7.aarch64.rpm rh-php72-php-fpm-7.2.24-1.el7.aarch64.rpm rh-php72-php-gd-7.2.24-1.el7.aarch64.rpm rh-php72-php-gmp-7.2.24-1.el7.aarch64.rpm rh-php72-php-intl-7.2.24-1.el7.aarch64.rpm rh-php72-php-json-7.2.24-1.el7.aarch64.rpm rh-php72-php-ldap-7.2.24-1.el7.aarch64.rpm rh-php72-php-mbstring-7.2.24-1.el7.aarch64.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.aarch64.rpm rh-php72-php-odbc-7.2.24-1.el7.aarch64.rpm rh-php72-php-opcache-7.2.24-1.el7.aarch64.rpm rh-php72-php-pdo-7.2.24-1.el7.aarch64.rpm rh-php72-php-pgsql-7.2.24-1.el7.aarch64.rpm rh-php72-php-process-7.2.24-1.el7.aarch64.rpm rh-php72-php-pspell-7.2.24-1.el7.aarch64.rpm rh-php72-php-recode-7.2.24-1.el7.aarch64.rpm rh-php72-php-snmp-7.2.24-1.el7.aarch64.rpm rh-php72-php-soap-7.2.24-1.el7.aarch64.rpm rh-php72-php-xml-7.2.24-1.el7.aarch64.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.aarch64.rpm rh-php72-php-zip-7.2.24-1.el7.aarch64.rpm
ppc64le: rh-php72-php-7.2.24-1.el7.ppc64le.rpm rh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm rh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm rh-php72-php-common-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm rh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm rh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm rh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm rh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm rh-php72-php-json-7.2.24-1.el7.ppc64le.rpm rh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm rh-php72-php-process-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm rh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm rh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm
s390x: rh-php72-php-7.2.24-1.el7.s390x.rpm rh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm rh-php72-php-cli-7.2.24-1.el7.s390x.rpm rh-php72-php-common-7.2.24-1.el7.s390x.rpm rh-php72-php-dba-7.2.24-1.el7.s390x.rpm rh-php72-php-dbg-7.2.24-1.el7.s390x.rpm rh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm rh-php72-php-devel-7.2.24-1.el7.s390x.rpm rh-php72-php-embedded-7.2.24-1.el7.s390x.rpm rh-php72-php-enchant-7.2.24-1.el7.s390x.rpm rh-php72-php-fpm-7.2.24-1.el7.s390x.rpm rh-php72-php-gd-7.2.24-1.el7.s390x.rpm rh-php72-php-gmp-7.2.24-1.el7.s390x.rpm rh-php72-php-intl-7.2.24-1.el7.s390x.rpm rh-php72-php-json-7.2.24-1.el7.s390x.rpm rh-php72-php-ldap-7.2.24-1.el7.s390x.rpm rh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm rh-php72-php-odbc-7.2.24-1.el7.s390x.rpm rh-php72-php-opcache-7.2.24-1.el7.s390x.rpm rh-php72-php-pdo-7.2.24-1.el7.s390x.rpm rh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm rh-php72-php-process-7.2.24-1.el7.s390x.rpm rh-php72-php-pspell-7.2.24-1.el7.s390x.rpm rh-php72-php-recode-7.2.24-1.el7.s390x.rpm rh-php72-php-snmp-7.2.24-1.el7.s390x.rpm rh-php72-php-soap-7.2.24-1.el7.s390x.rpm rh-php72-php-xml-7.2.24-1.el7.s390x.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm rh-php72-php-zip-7.2.24-1.el7.s390x.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-php72-php-7.2.24-1.el7.src.rpm
aarch64: rh-php72-php-7.2.24-1.el7.aarch64.rpm rh-php72-php-bcmath-7.2.24-1.el7.aarch64.rpm rh-php72-php-cli-7.2.24-1.el7.aarch64.rpm rh-php72-php-common-7.2.24-1.el7.aarch64.rpm rh-php72-php-dba-7.2.24-1.el7.aarch64.rpm rh-php72-php-dbg-7.2.24-1.el7.aarch64.rpm rh-php72-php-debuginfo-7.2.24-1.el7.aarch64.rpm rh-php72-php-devel-7.2.24-1.el7.aarch64.rpm rh-php72-php-embedded-7.2.24-1.el7.aarch64.rpm rh-php72-php-enchant-7.2.24-1.el7.aarch64.rpm rh-php72-php-fpm-7.2.24-1.el7.aarch64.rpm rh-php72-php-gd-7.2.24-1.el7.aarch64.rpm rh-php72-php-gmp-7.2.24-1.el7.aarch64.rpm rh-php72-php-intl-7.2.24-1.el7.aarch64.rpm rh-php72-php-json-7.2.24-1.el7.aarch64.rpm rh-php72-php-ldap-7.2.24-1.el7.aarch64.rpm rh-php72-php-mbstring-7.2.24-1.el7.aarch64.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.aarch64.rpm rh-php72-php-odbc-7.2.24-1.el7.aarch64.rpm rh-php72-php-opcache-7.2.24-1.el7.aarch64.rpm rh-php72-php-pdo-7.2.24-1.el7.aarch64.rpm rh-php72-php-pgsql-7.2.24-1.el7.aarch64.rpm rh-php72-php-process-7.2.24-1.el7.aarch64.rpm rh-php72-php-pspell-7.2.24-1.el7.aarch64.rpm rh-php72-php-recode-7.2.24-1.el7.aarch64.rpm rh-php72-php-snmp-7.2.24-1.el7.aarch64.rpm rh-php72-php-soap-7.2.24-1.el7.aarch64.rpm rh-php72-php-xml-7.2.24-1.el7.aarch64.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.aarch64.rpm rh-php72-php-zip-7.2.24-1.el7.aarch64.rpm
ppc64le: rh-php72-php-7.2.24-1.el7.ppc64le.rpm rh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm rh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm rh-php72-php-common-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm rh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm rh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm rh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm rh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm rh-php72-php-json-7.2.24-1.el7.ppc64le.rpm rh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm rh-php72-php-process-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm rh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm rh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm
s390x: rh-php72-php-7.2.24-1.el7.s390x.rpm rh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm rh-php72-php-cli-7.2.24-1.el7.s390x.rpm rh-php72-php-common-7.2.24-1.el7.s390x.rpm rh-php72-php-dba-7.2.24-1.el7.s390x.rpm rh-php72-php-dbg-7.2.24-1.el7.s390x.rpm rh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm rh-php72-php-devel-7.2.24-1.el7.s390x.rpm rh-php72-php-embedded-7.2.24-1.el7.s390x.rpm rh-php72-php-enchant-7.2.24-1.el7.s390x.rpm rh-php72-php-fpm-7.2.24-1.el7.s390x.rpm rh-php72-php-gd-7.2.24-1.el7.s390x.rpm rh-php72-php-gmp-7.2.24-1.el7.s390x.rpm rh-php72-php-intl-7.2.24-1.el7.s390x.rpm rh-php72-php-json-7.2.24-1.el7.s390x.rpm rh-php72-php-ldap-7.2.24-1.el7.s390x.rpm rh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm rh-php72-php-odbc-7.2.24-1.el7.s390x.rpm rh-php72-php-opcache-7.2.24-1.el7.s390x.rpm rh-php72-php-pdo-7.2.24-1.el7.s390x.rpm rh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm rh-php72-php-process-7.2.24-1.el7.s390x.rpm rh-php72-php-pspell-7.2.24-1.el7.s390x.rpm rh-php72-php-recode-7.2.24-1.el7.s390x.rpm rh-php72-php-snmp-7.2.24-1.el7.s390x.rpm rh-php72-php-soap-7.2.24-1.el7.s390x.rpm rh-php72-php-xml-7.2.24-1.el7.s390x.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm rh-php72-php-zip-7.2.24-1.el7.s390x.rpm
x86_64: rh-php72-php-7.2.24-1.el7.x86_64.rpm rh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm rh-php72-php-cli-7.2.24-1.el7.x86_64.rpm rh-php72-php-common-7.2.24-1.el7.x86_64.rpm rh-php72-php-dba-7.2.24-1.el7.x86_64.rpm rh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm rh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm rh-php72-php-devel-7.2.24-1.el7.x86_64.rpm rh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm rh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm rh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm rh-php72-php-gd-7.2.24-1.el7.x86_64.rpm rh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-intl-7.2.24-1.el7.x86_64.rpm rh-php72-php-json-7.2.24-1.el7.x86_64.rpm rh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm rh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm rh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm rh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm rh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm rh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm rh-php72-php-process-7.2.24-1.el7.x86_64.rpm rh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm rh-php72-php-recode-7.2.24-1.el7.x86_64.rpm rh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-soap-7.2.24-1.el7.x86_64.rpm rh-php72-php-xml-7.2.24-1.el7.x86_64.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm rh-php72-php-zip-7.2.24-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: rh-php72-php-7.2.24-1.el7.src.rpm
ppc64le: rh-php72-php-7.2.24-1.el7.ppc64le.rpm rh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm rh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm rh-php72-php-common-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm rh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm rh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm rh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm rh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm rh-php72-php-json-7.2.24-1.el7.ppc64le.rpm rh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm rh-php72-php-process-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm rh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm rh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm
s390x: rh-php72-php-7.2.24-1.el7.s390x.rpm rh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm rh-php72-php-cli-7.2.24-1.el7.s390x.rpm rh-php72-php-common-7.2.24-1.el7.s390x.rpm rh-php72-php-dba-7.2.24-1.el7.s390x.rpm rh-php72-php-dbg-7.2.24-1.el7.s390x.rpm rh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm rh-php72-php-devel-7.2.24-1.el7.s390x.rpm rh-php72-php-embedded-7.2.24-1.el7.s390x.rpm rh-php72-php-enchant-7.2.24-1.el7.s390x.rpm rh-php72-php-fpm-7.2.24-1.el7.s390x.rpm rh-php72-php-gd-7.2.24-1.el7.s390x.rpm rh-php72-php-gmp-7.2.24-1.el7.s390x.rpm rh-php72-php-intl-7.2.24-1.el7.s390x.rpm rh-php72-php-json-7.2.24-1.el7.s390x.rpm rh-php72-php-ldap-7.2.24-1.el7.s390x.rpm rh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm rh-php72-php-odbc-7.2.24-1.el7.s390x.rpm rh-php72-php-opcache-7.2.24-1.el7.s390x.rpm rh-php72-php-pdo-7.2.24-1.el7.s390x.rpm rh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm rh-php72-php-process-7.2.24-1.el7.s390x.rpm rh-php72-php-pspell-7.2.24-1.el7.s390x.rpm rh-php72-php-recode-7.2.24-1.el7.s390x.rpm rh-php72-php-snmp-7.2.24-1.el7.s390x.rpm rh-php72-php-soap-7.2.24-1.el7.s390x.rpm rh-php72-php-xml-7.2.24-1.el7.s390x.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm rh-php72-php-zip-7.2.24-1.el7.s390x.rpm
x86_64: rh-php72-php-7.2.24-1.el7.x86_64.rpm rh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm rh-php72-php-cli-7.2.24-1.el7.x86_64.rpm rh-php72-php-common-7.2.24-1.el7.x86_64.rpm rh-php72-php-dba-7.2.24-1.el7.x86_64.rpm rh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm rh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm rh-php72-php-devel-7.2.24-1.el7.x86_64.rpm rh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm rh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm rh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm rh-php72-php-gd-7.2.24-1.el7.x86_64.rpm rh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-intl-7.2.24-1.el7.x86_64.rpm rh-php72-php-json-7.2.24-1.el7.x86_64.rpm rh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm rh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm rh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm rh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm rh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm rh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm rh-php72-php-process-7.2.24-1.el7.x86_64.rpm rh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm rh-php72-php-recode-7.2.24-1.el7.x86_64.rpm rh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-soap-7.2.24-1.el7.x86_64.rpm rh-php72-php-xml-7.2.24-1.el7.x86_64.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm rh-php72-php-zip-7.2.24-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-php72-php-7.2.24-1.el7.src.rpm
ppc64le: rh-php72-php-7.2.24-1.el7.ppc64le.rpm rh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm rh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm rh-php72-php-common-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm rh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm rh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm rh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm rh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm rh-php72-php-json-7.2.24-1.el7.ppc64le.rpm rh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm rh-php72-php-process-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm rh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm rh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm
s390x: rh-php72-php-7.2.24-1.el7.s390x.rpm rh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm rh-php72-php-cli-7.2.24-1.el7.s390x.rpm rh-php72-php-common-7.2.24-1.el7.s390x.rpm rh-php72-php-dba-7.2.24-1.el7.s390x.rpm rh-php72-php-dbg-7.2.24-1.el7.s390x.rpm rh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm rh-php72-php-devel-7.2.24-1.el7.s390x.rpm rh-php72-php-embedded-7.2.24-1.el7.s390x.rpm rh-php72-php-enchant-7.2.24-1.el7.s390x.rpm rh-php72-php-fpm-7.2.24-1.el7.s390x.rpm rh-php72-php-gd-7.2.24-1.el7.s390x.rpm rh-php72-php-gmp-7.2.24-1.el7.s390x.rpm rh-php72-php-intl-7.2.24-1.el7.s390x.rpm rh-php72-php-json-7.2.24-1.el7.s390x.rpm rh-php72-php-ldap-7.2.24-1.el7.s390x.rpm rh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm rh-php72-php-odbc-7.2.24-1.el7.s390x.rpm rh-php72-php-opcache-7.2.24-1.el7.s390x.rpm rh-php72-php-pdo-7.2.24-1.el7.s390x.rpm rh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm rh-php72-php-process-7.2.24-1.el7.s390x.rpm rh-php72-php-pspell-7.2.24-1.el7.s390x.rpm rh-php72-php-recode-7.2.24-1.el7.s390x.rpm rh-php72-php-snmp-7.2.24-1.el7.s390x.rpm rh-php72-php-soap-7.2.24-1.el7.s390x.rpm rh-php72-php-xml-7.2.24-1.el7.s390x.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm rh-php72-php-zip-7.2.24-1.el7.s390x.rpm
x86_64: rh-php72-php-7.2.24-1.el7.x86_64.rpm rh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm rh-php72-php-cli-7.2.24-1.el7.x86_64.rpm rh-php72-php-common-7.2.24-1.el7.x86_64.rpm rh-php72-php-dba-7.2.24-1.el7.x86_64.rpm rh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm rh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm rh-php72-php-devel-7.2.24-1.el7.x86_64.rpm rh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm rh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm rh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm rh-php72-php-gd-7.2.24-1.el7.x86_64.rpm rh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-intl-7.2.24-1.el7.x86_64.rpm rh-php72-php-json-7.2.24-1.el7.x86_64.rpm rh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm rh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm rh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm rh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm rh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm rh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm rh-php72-php-process-7.2.24-1.el7.x86_64.rpm rh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm rh-php72-php-recode-7.2.24-1.el7.x86_64.rpm rh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-soap-7.2.24-1.el7.x86_64.rpm rh-php72-php-xml-7.2.24-1.el7.x86_64.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm rh-php72-php-zip-7.2.24-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source: rh-php72-php-7.2.24-1.el7.src.rpm
ppc64le: rh-php72-php-7.2.24-1.el7.ppc64le.rpm rh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm rh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm rh-php72-php-common-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm rh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm rh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm rh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm rh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm rh-php72-php-json-7.2.24-1.el7.ppc64le.rpm rh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm rh-php72-php-process-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm rh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm rh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm
s390x: rh-php72-php-7.2.24-1.el7.s390x.rpm rh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm rh-php72-php-cli-7.2.24-1.el7.s390x.rpm rh-php72-php-common-7.2.24-1.el7.s390x.rpm rh-php72-php-dba-7.2.24-1.el7.s390x.rpm rh-php72-php-dbg-7.2.24-1.el7.s390x.rpm rh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm rh-php72-php-devel-7.2.24-1.el7.s390x.rpm rh-php72-php-embedded-7.2.24-1.el7.s390x.rpm rh-php72-php-enchant-7.2.24-1.el7.s390x.rpm rh-php72-php-fpm-7.2.24-1.el7.s390x.rpm rh-php72-php-gd-7.2.24-1.el7.s390x.rpm rh-php72-php-gmp-7.2.24-1.el7.s390x.rpm rh-php72-php-intl-7.2.24-1.el7.s390x.rpm rh-php72-php-json-7.2.24-1.el7.s390x.rpm rh-php72-php-ldap-7.2.24-1.el7.s390x.rpm rh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm rh-php72-php-odbc-7.2.24-1.el7.s390x.rpm rh-php72-php-opcache-7.2.24-1.el7.s390x.rpm rh-php72-php-pdo-7.2.24-1.el7.s390x.rpm rh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm rh-php72-php-process-7.2.24-1.el7.s390x.rpm rh-php72-php-pspell-7.2.24-1.el7.s390x.rpm rh-php72-php-recode-7.2.24-1.el7.s390x.rpm rh-php72-php-snmp-7.2.24-1.el7.s390x.rpm rh-php72-php-soap-7.2.24-1.el7.s390x.rpm rh-php72-php-xml-7.2.24-1.el7.s390x.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm rh-php72-php-zip-7.2.24-1.el7.s390x.rpm
x86_64: rh-php72-php-7.2.24-1.el7.x86_64.rpm rh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm rh-php72-php-cli-7.2.24-1.el7.x86_64.rpm rh-php72-php-common-7.2.24-1.el7.x86_64.rpm rh-php72-php-dba-7.2.24-1.el7.x86_64.rpm rh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm rh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm rh-php72-php-devel-7.2.24-1.el7.x86_64.rpm rh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm rh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm rh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm rh-php72-php-gd-7.2.24-1.el7.x86_64.rpm rh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-intl-7.2.24-1.el7.x86_64.rpm rh-php72-php-json-7.2.24-1.el7.x86_64.rpm rh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm rh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm rh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm rh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm rh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm rh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm rh-php72-php-process-7.2.24-1.el7.x86_64.rpm rh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm rh-php72-php-recode-7.2.24-1.el7.x86_64.rpm rh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-soap-7.2.24-1.el7.x86_64.rpm rh-php72-php-xml-7.2.24-1.el7.x86_64.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm rh-php72-php-zip-7.2.24-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-php72-php-7.2.24-1.el7.src.rpm
x86_64: rh-php72-php-7.2.24-1.el7.x86_64.rpm rh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm rh-php72-php-cli-7.2.24-1.el7.x86_64.rpm rh-php72-php-common-7.2.24-1.el7.x86_64.rpm rh-php72-php-dba-7.2.24-1.el7.x86_64.rpm rh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm rh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm rh-php72-php-devel-7.2.24-1.el7.x86_64.rpm rh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm rh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm rh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm rh-php72-php-gd-7.2.24-1.el7.x86_64.rpm rh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-intl-7.2.24-1.el7.x86_64.rpm rh-php72-php-json-7.2.24-1.el7.x86_64.rpm rh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm rh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm rh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm rh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm rh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm rh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm rh-php72-php-process-7.2.24-1.el7.x86_64.rpm rh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm rh-php72-php-recode-7.2.24-1.el7.x86_64.rpm rh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-soap-7.2.24-1.el7.x86_64.rpm rh-php72-php-xml-7.2.24-1.el7.x86_64.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm rh-php72-php-zip-7.2.24-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-10166 https://access.redhat.com/security/cve/CVE-2018-20783 https://access.redhat.com/security/cve/CVE-2019-6977 https://access.redhat.com/security/cve/CVE-2019-9020 https://access.redhat.com/security/cve/CVE-2019-9021 https://access.redhat.com/security/cve/CVE-2019-9022 https://access.redhat.com/security/cve/CVE-2019-9023 https://access.redhat.com/security/cve/CVE-2019-9024 https://access.redhat.com/security/cve/CVE-2019-9637 https://access.redhat.com/security/cve/CVE-2019-9638 https://access.redhat.com/security/cve/CVE-2019-9639 https://access.redhat.com/security/cve/CVE-2019-9640 https://access.redhat.com/security/cve/CVE-2019-11034 https://access.redhat.com/security/cve/CVE-2019-11035 https://access.redhat.com/security/cve/CVE-2019-11036 https://access.redhat.com/security/cve/CVE-2019-11038 https://access.redhat.com/security/cve/CVE-2019-11039 https://access.redhat.com/security/cve/CVE-2019-11040 https://access.redhat.com/security/cve/CVE-2019-11041 https://access.redhat.com/security/cve/CVE-2019-11042 https://access.redhat.com/security/cve/CVE-2019-11043 https://access.redhat.com/security/updates/classification/#critical
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXbwslNzjgjWX9erEAQgZrA//YpBwARJTytrbpWQquZ4hnjbScNEZK1d4 sOOT+oiQSrzvghsNKNCKwEO1CLbNA9XOT7bCchtpD/HguTc4XeGNk7dAf/qA6UVB tJCxmqNBVBKqoe9UafmxLUFcVSkv/PHRVD2h+/TvmqdB8Uf2Z8hIIaBt7UsW34sb yBMLJVhyG98c/7VzwqFXW6Vm+Ly6+/ViYtloe5/Ex4D8FvB72Cc9uRvCTWdLLOXu PlwQKdaEt5CtUrTmLFEX+9t6tybwhNBf/dZ96nazCaSRtQVnhZI9s+wjoE6vEOOB +bOldvJ9tu7LclzMIz7SbSqjhPBSLtEMGZKcO1havVGDwcfPAEc12TW9DtVFDlqA Xq+dFW5vviRCoMlSmNBmSqQZSWMF64LdzjvWfW2G/nBnNLOdhu/Wufs1sJUOc+cp V9PgQH0iWut0N89DaOzTH+4PQvvvTw12HuKHk+P+/O8bBBdcI9gpd5klce/5jquc QXqhy49koz6BturNpVnXfSWjdLPwQ1pwhGJOkv7vLsdx6HVeuY6BsSE+C28cHFl+ z/AOZL4eCa9xKlePdGKCbqzTjMmCiJQbeShoBOKt1DtSgVVgtE0Kc5EZQcqop0aw RG304k1HSbrgsSRFxx6s1RophOQaC3ASvWkw5OY/8ylNrO9AAMxLRjZNCve6V7Rq 86WRMpuQxpE= =winR -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201908-1841", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ubuntu linux", "scope": "eq", "trust": 1.1, "vendor": "canonical", "version": "12.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.1, "vendor": "canonical", "version": "14.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.1, "vendor": "canonical", "version": "16.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.1, "vendor": "canonical", "version": "18.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.1, "vendor": "canonical", "version": "19.04" }, { "model": "linux", "scope": "eq", "trust": 1.1, "vendor": "debian", "version": "8.0" }, { "model": "linux", "scope": "eq", "trust": 1.1, "vendor": "debian", "version": "9.0" }, { "model": "linux", "scope": "eq", "trust": 1.1, "vendor": "debian", "version": "10.0" }, { "model": "leap", "scope": "eq", "trust": 1.1, "vendor": "opensuse", "version": "15.0" }, { "model": "mac os x", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "10.15.1" }, { "model": "php", "scope": "lt", "trust": 1.0, "vendor": "php", "version": "7.3.8" }, { "model": "php", "scope": "gte", "trust": 1.0, "vendor": "php", "version": "7.2.0" }, { "model": "php", "scope": "lt", "trust": 1.0, "vendor": "php", "version": "7.2.21" }, { "model": "php", "scope": "gte", "trust": 1.0, "vendor": "php", "version": "7.1.0" }, { "model": "software collections", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "1.0" }, { "model": "php", "scope": "gte", "trust": 1.0, "vendor": "php", "version": "7.3.0" }, { "model": "php", "scope": "lt", "trust": 1.0, "vendor": "php", "version": "7.1.31" }, { "model": "tenable.sc", "scope": "lt", "trust": 1.0, "vendor": "tenable", "version": "5.19.0" }, { "model": "ubuntu", "scope": null, "trust": 0.8, "vendor": "canonical", "version": null }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "php", "scope": "eq", "trust": 0.8, "vendor": "the php group", "version": "7.1.31 for up to 7.1.x" }, { "model": "php", "scope": "eq", "trust": 0.8, "vendor": "the php group", "version": "7.2.21 for up to 7.2.x" }, { "model": "php", "scope": "eq", "trust": 0.8, "vendor": "the php group", "version": "7.3.8 for up to 7.3.x" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.1.0" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.1.1" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.1.2" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.1.3" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.1.4" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.1.5" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.1.6" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.1.7" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.1.8" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.1.9" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.1.10" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.1.11" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.1.12" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.1.13" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.1.14" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.1.15" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.1.16" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.1.17" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.1.18" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.1.19" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.1.20" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.1.21" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.1.22" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.1.23" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.1.24" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.1.25" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.1.26" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.1.27" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.1.28" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.1.29" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.1.30" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.2.0" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.2.1" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.2.2" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.2.3" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.2.4" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.2.5" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.2.6" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.2.7" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.2.8" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.2.9" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.2.10" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.2.11" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.2.12" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.2.13" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.2.14" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.2.15" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.2.16" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.2.17" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.2.18" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.2.19" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.2.20" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.3.0" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.3.1" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.3.2" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.3.3" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.3.4" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.3.5" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.3.6" }, { "model": "php", "scope": "eq", "trust": 0.1, "vendor": "php", "version": "7.3.7" }, { "model": "mac os x", "scope": "eq", "trust": 0.1, "vendor": "apple", "version": "10.15" } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-11042" }, { "db": "JVNDB", "id": "JVNDB-2019-007695" }, { "db": "NVD", "id": "CVE-2019-11042" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.1.31", "versionStartIncluding": "7.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.2.21", "versionStartIncluding": "7.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.3.8", "versionStartIncluding": "7.3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.15.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.19.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-11042" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "159094" }, { "db": "PACKETSTORM", "id": "155070" }, { "db": "PACKETSTORM", "id": "157463" }, { "db": "CNNVD", "id": "CNNVD-201908-142" } ], "trust": 0.9 }, "cve": "CVE-2019-11042", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 4.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2019-11042", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-142649", "impactScore": 4.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2019-11042", "impactScore": 4.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "impactScore": 4.2, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "security@php.net", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.2, "impactScore": 2.5, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-11042", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-11042", "trust": 1.8, "value": "HIGH" }, { "author": "security@php.net", "id": "CVE-2019-11042", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201908-142", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-142649", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2019-11042", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-142649" }, { "db": "VULMON", "id": "CVE-2019-11042" }, { "db": "JVNDB", "id": "JVNDB-2019-007695" }, { "db": "NVD", "id": "CVE-2019-11042" }, { "db": "NVD", "id": "CVE-2019-11042" }, { "db": "CNNVD", "id": "CNNVD-201908-142" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. PHP EXIF Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by PHPGroup and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. \n \nSuccessfully exploiting this issue allow malicious users to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. \n\nPHP versions before 7.3.8 are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-10-29-10 Additional information\nfor APPLE-SA-2019-10-07-1 macOS Catalina 10.15\n\nmacOS Catalina 10.15 addresses the following:\n\nAMD\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8748: Lilang Wu and Moony Li of TrendMicro Mobile Security\nResearch Team\n\napache_mod_php\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Multiple issues in PHP\nDescription: Multiple issues were addressed by updating to PHP\nversion 7.3.8. \nCVE-2019-11041\nCVE-2019-11042\n\nAudio\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2019-8706: Yu Zhou of Ant-financial Light-Year Security Lab\nEntry added October 29, 2019\n\nBooks\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Parsing a maliciously crafted iBooks file may lead to a\npersistent denial-of-service\nDescription: A resource exhaustion issue was addressed with improved\ninput validation. \nCVE-2019-8774: Gertjan Franken imec-DistriNet of KU Leuven\nEntry added October 29, 2019\n\nCFNetwork\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing maliciously crafted web content may lead to a\ncross site scripting attack\nDescription: This issue was addressed with improved checks. \nCVE-2019-8753: \u0141ukasz Pilorz of Standard Chartered GBS Poland\nEntry added October 29, 2019\n\nCoreAudio\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing a maliciously crafted movie may result in the\ndisclosure of process memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2019-8705: riusksk of VulWar Corp working with Trend Micro\u0027s Zero\nDay Initiative\n\nCoreCrypto\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing a large input may lead to a denial of service\nDescription: A denial of service issue was addressed with improved\ninput validation. \nCVE-2019-8741: Nicky Mouha of NIST\nEntry added October 29, 2019\n\nCoreMedia\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2019-8825: Found by GWP-ASan in Google Chrome\nEntry added October 29, 2019\n\nCrash Reporter\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: The \"Share Mac Analytics\" setting may not be disabled when a\nuser deselects the switch to share analytics\nDescription: A race condition existed when reading and writing user\npreferences. This was addressed with improved state handling. \nCVE-2019-8757: William Cerniuk of Core Development, LLC\n\nCUPS\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2019-8736: Pawel Gocyla of ING Tech Poland (ingtechpoland.com)\nEntry added October 29, 2019\n\nCUPS\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing a maliciously crafted string may lead to heap\ncorruption\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2019-8767: Stephen Zeisberg\nEntry added October 29, 2019\n\nCUPS\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A denial of service issue was addressed with improved\nvalidation. \nCVE-2019-8737: Pawel Gocyla of ING Tech Poland (ingtechpoland.com)\nEntry added October 29, 2019\n\nFile Quarantine\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A malicious application may be able to elevate privileges\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2019-8509: CodeColorist of Ant-Financial LightYear Labs\nEntry added October 29, 2019\n\nFoundation\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2019-8746: Natalie Silvanovich and Samuel Gro\u00df of Google Project\nZero\nEntry added October 29, 2019\n\nGraphics\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing a malicious shader may result in unexpected\napplication termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved input validation. \nCVE-2018-12152: Piotr Bania of Cisco Talos\nCVE-2018-12153: Piotr Bania of Cisco Talos\nCVE-2018-12154: Piotr Bania of Cisco Talos\nEntry added October 29, 2019\n\nIntel Graphics Driver\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8758: Lilang Wu and Moony Li of Trend Micro\n\nIOGraphics\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2019-8755: Lilang Wu and Moony Li of Trend Micro\n\nIOGraphics\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-8759: another of 360 Nirvan Team\nEntry added October 29, 2019\n\nKernel\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A local app may be able to read a persistent account\nidentifier\nDescription: A validation issue was addressed with improved logic. \nCVE-2019-8809: Apple\nEntry added October 29, 2019\n\nKernel\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2019-8709: derrek (@derrekr6)\n[confirmed]derrek (@derrekr6)\nCVE-2019-8781: Linus Henze (pinauten.de)\nEntry added October 29, 2019\n\nKernel\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8717: Jann Horn of Google Project Zero\n\nKernel\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: A memory corruption issue existed in the handling of\nIPv6 packets. This issue was addressed with improved memory\nmanagement. \nCVE-2019-8744: Zhuo Liang of Qihoo 360 Vulcan Team\nEntry added October 29, 2019\n\nlibxml2\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Multiple issues in libxml2\nDescription: Multiple memory corruption issues were addressed with\nimproved input validation. \nCVE-2019-8749: found by OSS-Fuzz\nCVE-2019-8756: found by OSS-Fuzz\nEntry added October 29, 2019\n\nlibxslt\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Multiple issues in libxslt\nDescription: Multiple memory corruption issues were addressed with\nimproved input validation. \nCVE-2019-8750: found by OSS-Fuzz\nEntry added October 29, 2019\n\nmDNSResponder\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An attacker in physical proximity may be able to passively\nobserve device names in AWDL communications\nDescription: This issue was resolved by replacing device names with a\nrandom identifier. \nCVE-2019-8799: David Kreitschmann and Milan Stute of Secure Mobile\nNetworking Lab at Technische Universit\u00e4t Darmstadt\nEntry added October 29, 2019\n\nMenus\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2019-8826: Found by GWP-ASan in Google Chrome\nEntry added October 29, 2019\n\nNotes\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A local user may be able to view a user\u0027s locked notes\nDescription: The contents of locked notes sometimes appeared in\nsearch results. This issue was addressed with improved data cleanup. \nCVE-2019-8730: Jamie Blumberg (@jamie_blumberg) of Virginia\nPolytechnic Institute and State University\n\nPDFKit\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An attacker may be able to exfiltrate the contents of an\nencrypted PDF\nDescription: An issue existed in the handling of links in encrypted\nPDFs. This issue was addressed by adding a confirmation prompt. \nCVE-2019-8772: Jens M\u00fcller of Ruhr University Bochum, Fabian Ising\nof FH M\u00fcnster University of Applied Sciences, Vladislav Mladenov\nof Ruhr University Bochum, Christian Mainka of Ruhr University\nBochum, Sebastian Schinzel of FH M\u00fcnster University of Applied\nSciences, and J\u00f6rg Schwenk of Ruhr University Bochum\n\nPluginKit\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A local user may be able to check for the existence of\narbitrary files\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2019-8708: an anonymous researcher\nEntry added October 29, 2019\n\nPluginKit\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8715: an anonymous researcher\nEntry added October 29, 2019\n\nSharedFileList\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A malicious application may be able to access recent\ndocuments\nDescription: The issue was addressed with improved permissions logic. \nCVE-2019-8770: Stanislav Zinukhov of Parallels International GmbH\n\nsips\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8701: Simon Huang(@HuangShaomang), Rong Fan(@fanrong1992)\nand pjf of IceSword Lab of Qihoo 360\n\nUIFoundation\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Parsing a maliciously crafted text file may lead to\ndisclosure of user information\nDescription: This issue was addressed with improved checks. \nCVE-2019-8761: Renee Trisberg of SpectX\nEntry added October 29, 2019\n\nUIFoundation\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing a maliciously crafted text file may lead to\narbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2019-8745: riusksk of VulWar Corp working with Trend Micro\u0027s Zero\nDay Initiative\n\nWebKit\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A user may be unable to delete browsing history items\nDescription: \"Clear History and Website Data\" did not clear the\nhistory. The issue was addressed with improved data deletion. \nCVE-2019-8768: Hugo S. Diaz (coldpointblue)\n\nWebKit\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Visiting a maliciously crafted website may reveal browsing\nhistory\nDescription: An issue existed in the drawing of web page elements. \nThe issue was addressed with improved logic. \nCVE-2019-8769: Pi\u00e9rre Reimertz (@reimertz)\n\nAdditional recognition\n\nAppleRTC\nWe would like to acknowledge Vitaly Cheptsov for their assistance. \n\nAudio\nWe would like to acknowledge riusksk of VulWar Corp working with\nTrend Micro\u0027s Zero Day Initiative for their assistance. \n\nboringssl\nWe would like to acknowledge Nimrod Aviram of Tel Aviv University,\nRobert Merget of Ruhr University Bochum, Juraj Somorovsky of Ruhr\nUniversity Bochum and Thijs Alkemade (@xnyhps) of Computest for their\nassistance. \n\nFinder\nWe would like to acknowledge Csaba Fitzl (@theevilbit) for their\nassistance. \n\nGatekeeper\nWe would like to acknowledge Csaba Fitzl (@theevilbit) for their\nassistance. \n\nIdentity Service\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for\ntheir assistance. \n\nKernel\nWe would like to acknowledge Brandon Azad of Google Project Zero for\ntheir assistance. \n\nmDNSResponder\nWe would like to acknowledge Gregor Lang of e.solutions GmbH for\ntheir assistance. \n\npython\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nSafari Data Importing\nWe would like to acknowledge Kent Zoya for their assistance. \n\nSimple certificate enrollment protocol (SCEP)\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nTelephony\nWe would like to acknowledge Phil Stokes from SentinelOne for their\nassistance. \n\nVPN\nWe would like to acknowledge Royce Gawron of Second Son Consulting,\nInc. for their assistance. \n\nInstallation note:\n\nmacOS Catalina 10.15 may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl24s4QACgkQBz4uGe3y\n0M0s3w//QZG0JsE1BjWJ3mwKoSn/I1V0SLryV9UxJeibPfhyF6VJEYk63jZxZ5ki\n48vM7iKE3nAHamNFOMtUvyzEdO6VGNZ1uiuSu9nkyziEERapHJSLcEh83p2JhWV/\nSEsBB3bsT4l3V9ZYxk/9DX6ynCTzKLZTynw6Yo2PMYiMpavD5sfZ6v8U53qdZ+LX\nSNuw+vRTsvu3YlFkUStTdQ64sT72yGII0c8iFpSb2AWv7IgbypB5lW4/MRQjrzoc\n9yMhvMgXcgAlzoH5GpGE2EflbekcQxudxDh1t0o7f8OASRPTljNjL4oiKXBMhiAM\niUgDn7duE9LqupfSWK5WOUkF+XRV0qTaLCTDWaCzVa5YsApvSVPhbmoFqKXSQG8T\nU6SxQviqzJ06sD1jqm2sZ/LnD5xMEXhQvNx89oJrTRsCU/o0fy4tRhHp52aJoF7E\nWvr1kTlo6SGm6NjkmZVoKj6962/0XUYSOt8gR+L/sF7N6URUG+1Ko2jx8zhYHMEO\nju+Hw0TFHd+8mP29oOEIsIpuRpCp9jjgEJDdu7mGqJ1Py2Gs0uGeHEZd6DJhKggA\nIvdJu4Q9usjWaxQ9H3m2I/xEqw78sMEEFgCYfLTC0gf2ChaiGZuhKipcF04c81kM\nbOGmjuyJrajD/2rY9EHrqtCm5b2079YAIxUAmTOkT0uP2WmlZoM=\n=bhin\n-----END PGP SIGNATURE-----\n\n\n. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 7.3.9-1~deb10u1. \n\nWe recommend that you upgrade your php7.3 packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: rh-php72-php security update\nAdvisory ID: RHSA-2019:3299-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:3299\nIssue date: 2019-11-01\nCVE Names: CVE-2016-10166 CVE-2018-20783 CVE-2019-6977 \n CVE-2019-9020 CVE-2019-9021 CVE-2019-9022 \n CVE-2019-9023 CVE-2019-9024 CVE-2019-9637 \n CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 \n CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 \n CVE-2019-11038 CVE-2019-11039 CVE-2019-11040 \n CVE-2019-11041 CVE-2019-11042 CVE-2019-11043 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-php72-php is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. \n\nThe following packages have been upgraded to a later upstream version:\nrh-php72-php (7.2.24). (BZ#1766603)\n\nSecurity Fix(es):\n\n* php: underflow in env_path_info in fpm_main.c (CVE-2019-11043)\n\n* gd: Unsigned integer underflow _gdContributionsAlloc() (CVE-2016-10166)\n\n* gd: Heap based buffer overflow in gdImageColorMatch() in gd_color_match.c\n(CVE-2019-6977)\n\n* php: Invalid memory access in function xmlrpc_decode() (CVE-2019-9020)\n\n* php: File rename across filesystems may allow unwanted access during\nprocessing (CVE-2019-9637)\n\n* php: Uninitialized read in exif_process_IFD_in_MAKERNOTE (CVE-2019-9638)\n\n* php: Uninitialized read in exif_process_IFD_in_MAKERNOTE (CVE-2019-9639)\n\n* php: Invalid read in exif_process_SOFn() (CVE-2019-9640)\n\n* php: Out-of-bounds read due to integer overflow in\niconv_mime_decode_headers() (CVE-2019-11039)\n\n* php: Buffer over-read in exif_read_data() (CVE-2019-11040)\n\n* php: Buffer over-read in PHAR reading functions (CVE-2018-20783)\n\n* php: Heap-based buffer over-read in PHAR reading functions\n(CVE-2019-9021)\n\n* php: memcpy with negative length via crafted DNS response (CVE-2019-9022)\n\n* php: Heap-based buffer over-read in mbstring regular expression functions\n(CVE-2019-9023)\n\n* php: Out-of-bounds read in base64_decode_xmlrpc in\next/xmlrpc/libxmlrpc/base64.c (CVE-2019-9024)\n\n* php: Heap buffer overflow in function exif_process_IFD_TAG()\n(CVE-2019-11034)\n\n* php: Heap buffer overflow in function exif_iif_add_value()\n(CVE-2019-11035)\n\n* php: Buffer over-read in exif_process_IFD_TAG() leading to information\ndisclosure (CVE-2019-11036)\n\n* gd: Information disclosure in gdImageCreateFromXbm() (CVE-2019-11038)\n\n* php: heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041)\n\n* php: heap buffer over-read in exif_process_user_comment()\n(CVE-2019-11042)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon must be restarted\nfor the update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1418983 - CVE-2016-10166 gd: Unsigned integer underflow _gdContributionsAlloc()\n1672207 - CVE-2019-6977 gd: Heap based buffer overflow in gdImageColorMatch() in gd_color_match.c\n1680545 - CVE-2018-20783 php: Buffer over-read in PHAR reading functions\n1685123 - CVE-2019-9020 php: Invalid memory access in function xmlrpc_decode()\n1685132 - CVE-2019-9021 php: Heap-based buffer over-read in PHAR reading functions\n1685398 - CVE-2019-9023 php: Heap-based buffer over-read in mbstring regular expression functions\n1685404 - CVE-2019-9024 php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c\n1685412 - CVE-2019-9022 php: memcpy with negative length via crafted DNS response\n1688897 - CVE-2019-9637 php: File rename across filesystems may allow unwanted access during processing\n1688922 - CVE-2019-9638 php: Uninitialized read in exif_process_IFD_in_MAKERNOTE\n1688934 - CVE-2019-9639 php: Uninitialized read in exif_process_IFD_in_MAKERNOTE\n1688939 - CVE-2019-9640 php: Invalid read in exif_process_SOFn()\n1702246 - CVE-2019-11035 php: Heap buffer overflow in function exif_iif_add_value()\n1702256 - CVE-2019-11034 php: Heap buffer overflow in function exif_process_IFD_TAG()\n1707299 - CVE-2019-11036 php: Buffer over-read in exif_process_IFD_TAG() leading to information disclosure\n1724149 - CVE-2019-11038 gd: Information disclosure in gdImageCreateFromXbm()\n1724152 - CVE-2019-11039 php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers()\n1724154 - CVE-2019-11040 php: Buffer over-read in exif_read_data()\n1739459 - CVE-2019-11041 php: heap buffer over-read in exif_scan_thumbnail()\n1739465 - CVE-2019-11042 php: heap buffer over-read in exif_process_user_comment()\n1766378 - CVE-2019-11043 php: underflow in env_path_info in fpm_main.c\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-php72-php-7.2.24-1.el7.src.rpm\n\naarch64:\nrh-php72-php-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-cli-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-common-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-dba-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-dbg-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-devel-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-embedded-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-enchant-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-fpm-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-gd-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-gmp-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-intl-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-json-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-ldap-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-odbc-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-opcache-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-pdo-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-process-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-pspell-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-recode-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-snmp-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-soap-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-xml-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-zip-7.2.24-1.el7.aarch64.rpm\n\nppc64le:\nrh-php72-php-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-common-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-json-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-process-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm\n\ns390x:\nrh-php72-php-7.2.24-1.el7.s390x.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm\nrh-php72-php-cli-7.2.24-1.el7.s390x.rpm\nrh-php72-php-common-7.2.24-1.el7.s390x.rpm\nrh-php72-php-dba-7.2.24-1.el7.s390x.rpm\nrh-php72-php-dbg-7.2.24-1.el7.s390x.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm\nrh-php72-php-devel-7.2.24-1.el7.s390x.rpm\nrh-php72-php-embedded-7.2.24-1.el7.s390x.rpm\nrh-php72-php-enchant-7.2.24-1.el7.s390x.rpm\nrh-php72-php-fpm-7.2.24-1.el7.s390x.rpm\nrh-php72-php-gd-7.2.24-1.el7.s390x.rpm\nrh-php72-php-gmp-7.2.24-1.el7.s390x.rpm\nrh-php72-php-intl-7.2.24-1.el7.s390x.rpm\nrh-php72-php-json-7.2.24-1.el7.s390x.rpm\nrh-php72-php-ldap-7.2.24-1.el7.s390x.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm\nrh-php72-php-odbc-7.2.24-1.el7.s390x.rpm\nrh-php72-php-opcache-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pdo-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm\nrh-php72-php-process-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pspell-7.2.24-1.el7.s390x.rpm\nrh-php72-php-recode-7.2.24-1.el7.s390x.rpm\nrh-php72-php-snmp-7.2.24-1.el7.s390x.rpm\nrh-php72-php-soap-7.2.24-1.el7.s390x.rpm\nrh-php72-php-xml-7.2.24-1.el7.s390x.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm\nrh-php72-php-zip-7.2.24-1.el7.s390x.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-php72-php-7.2.24-1.el7.src.rpm\n\naarch64:\nrh-php72-php-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-cli-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-common-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-dba-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-dbg-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-devel-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-embedded-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-enchant-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-fpm-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-gd-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-gmp-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-intl-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-json-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-ldap-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-odbc-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-opcache-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-pdo-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-process-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-pspell-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-recode-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-snmp-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-soap-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-xml-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-zip-7.2.24-1.el7.aarch64.rpm\n\nppc64le:\nrh-php72-php-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-common-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-json-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-process-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm\n\ns390x:\nrh-php72-php-7.2.24-1.el7.s390x.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm\nrh-php72-php-cli-7.2.24-1.el7.s390x.rpm\nrh-php72-php-common-7.2.24-1.el7.s390x.rpm\nrh-php72-php-dba-7.2.24-1.el7.s390x.rpm\nrh-php72-php-dbg-7.2.24-1.el7.s390x.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm\nrh-php72-php-devel-7.2.24-1.el7.s390x.rpm\nrh-php72-php-embedded-7.2.24-1.el7.s390x.rpm\nrh-php72-php-enchant-7.2.24-1.el7.s390x.rpm\nrh-php72-php-fpm-7.2.24-1.el7.s390x.rpm\nrh-php72-php-gd-7.2.24-1.el7.s390x.rpm\nrh-php72-php-gmp-7.2.24-1.el7.s390x.rpm\nrh-php72-php-intl-7.2.24-1.el7.s390x.rpm\nrh-php72-php-json-7.2.24-1.el7.s390x.rpm\nrh-php72-php-ldap-7.2.24-1.el7.s390x.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm\nrh-php72-php-odbc-7.2.24-1.el7.s390x.rpm\nrh-php72-php-opcache-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pdo-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm\nrh-php72-php-process-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pspell-7.2.24-1.el7.s390x.rpm\nrh-php72-php-recode-7.2.24-1.el7.s390x.rpm\nrh-php72-php-snmp-7.2.24-1.el7.s390x.rpm\nrh-php72-php-soap-7.2.24-1.el7.s390x.rpm\nrh-php72-php-xml-7.2.24-1.el7.s390x.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm\nrh-php72-php-zip-7.2.24-1.el7.s390x.rpm\n\nx86_64:\nrh-php72-php-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-cli-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-common-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-dba-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-devel-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-gd-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-intl-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-json-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-process-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-recode-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-soap-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-xml-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-zip-7.2.24-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-php72-php-7.2.24-1.el7.src.rpm\n\nppc64le:\nrh-php72-php-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-common-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-json-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-process-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm\n\ns390x:\nrh-php72-php-7.2.24-1.el7.s390x.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm\nrh-php72-php-cli-7.2.24-1.el7.s390x.rpm\nrh-php72-php-common-7.2.24-1.el7.s390x.rpm\nrh-php72-php-dba-7.2.24-1.el7.s390x.rpm\nrh-php72-php-dbg-7.2.24-1.el7.s390x.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm\nrh-php72-php-devel-7.2.24-1.el7.s390x.rpm\nrh-php72-php-embedded-7.2.24-1.el7.s390x.rpm\nrh-php72-php-enchant-7.2.24-1.el7.s390x.rpm\nrh-php72-php-fpm-7.2.24-1.el7.s390x.rpm\nrh-php72-php-gd-7.2.24-1.el7.s390x.rpm\nrh-php72-php-gmp-7.2.24-1.el7.s390x.rpm\nrh-php72-php-intl-7.2.24-1.el7.s390x.rpm\nrh-php72-php-json-7.2.24-1.el7.s390x.rpm\nrh-php72-php-ldap-7.2.24-1.el7.s390x.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm\nrh-php72-php-odbc-7.2.24-1.el7.s390x.rpm\nrh-php72-php-opcache-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pdo-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm\nrh-php72-php-process-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pspell-7.2.24-1.el7.s390x.rpm\nrh-php72-php-recode-7.2.24-1.el7.s390x.rpm\nrh-php72-php-snmp-7.2.24-1.el7.s390x.rpm\nrh-php72-php-soap-7.2.24-1.el7.s390x.rpm\nrh-php72-php-xml-7.2.24-1.el7.s390x.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm\nrh-php72-php-zip-7.2.24-1.el7.s390x.rpm\n\nx86_64:\nrh-php72-php-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-cli-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-common-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-dba-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-devel-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-gd-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-intl-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-json-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-process-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-recode-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-soap-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-xml-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-zip-7.2.24-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-php72-php-7.2.24-1.el7.src.rpm\n\nppc64le:\nrh-php72-php-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-common-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-json-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-process-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm\n\ns390x:\nrh-php72-php-7.2.24-1.el7.s390x.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm\nrh-php72-php-cli-7.2.24-1.el7.s390x.rpm\nrh-php72-php-common-7.2.24-1.el7.s390x.rpm\nrh-php72-php-dba-7.2.24-1.el7.s390x.rpm\nrh-php72-php-dbg-7.2.24-1.el7.s390x.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm\nrh-php72-php-devel-7.2.24-1.el7.s390x.rpm\nrh-php72-php-embedded-7.2.24-1.el7.s390x.rpm\nrh-php72-php-enchant-7.2.24-1.el7.s390x.rpm\nrh-php72-php-fpm-7.2.24-1.el7.s390x.rpm\nrh-php72-php-gd-7.2.24-1.el7.s390x.rpm\nrh-php72-php-gmp-7.2.24-1.el7.s390x.rpm\nrh-php72-php-intl-7.2.24-1.el7.s390x.rpm\nrh-php72-php-json-7.2.24-1.el7.s390x.rpm\nrh-php72-php-ldap-7.2.24-1.el7.s390x.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm\nrh-php72-php-odbc-7.2.24-1.el7.s390x.rpm\nrh-php72-php-opcache-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pdo-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm\nrh-php72-php-process-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pspell-7.2.24-1.el7.s390x.rpm\nrh-php72-php-recode-7.2.24-1.el7.s390x.rpm\nrh-php72-php-snmp-7.2.24-1.el7.s390x.rpm\nrh-php72-php-soap-7.2.24-1.el7.s390x.rpm\nrh-php72-php-xml-7.2.24-1.el7.s390x.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm\nrh-php72-php-zip-7.2.24-1.el7.s390x.rpm\n\nx86_64:\nrh-php72-php-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-cli-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-common-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-dba-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-devel-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-gd-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-intl-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-json-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-process-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-recode-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-soap-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-xml-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-zip-7.2.24-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-php72-php-7.2.24-1.el7.src.rpm\n\nppc64le:\nrh-php72-php-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-common-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-json-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-process-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm\n\ns390x:\nrh-php72-php-7.2.24-1.el7.s390x.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm\nrh-php72-php-cli-7.2.24-1.el7.s390x.rpm\nrh-php72-php-common-7.2.24-1.el7.s390x.rpm\nrh-php72-php-dba-7.2.24-1.el7.s390x.rpm\nrh-php72-php-dbg-7.2.24-1.el7.s390x.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm\nrh-php72-php-devel-7.2.24-1.el7.s390x.rpm\nrh-php72-php-embedded-7.2.24-1.el7.s390x.rpm\nrh-php72-php-enchant-7.2.24-1.el7.s390x.rpm\nrh-php72-php-fpm-7.2.24-1.el7.s390x.rpm\nrh-php72-php-gd-7.2.24-1.el7.s390x.rpm\nrh-php72-php-gmp-7.2.24-1.el7.s390x.rpm\nrh-php72-php-intl-7.2.24-1.el7.s390x.rpm\nrh-php72-php-json-7.2.24-1.el7.s390x.rpm\nrh-php72-php-ldap-7.2.24-1.el7.s390x.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm\nrh-php72-php-odbc-7.2.24-1.el7.s390x.rpm\nrh-php72-php-opcache-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pdo-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm\nrh-php72-php-process-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pspell-7.2.24-1.el7.s390x.rpm\nrh-php72-php-recode-7.2.24-1.el7.s390x.rpm\nrh-php72-php-snmp-7.2.24-1.el7.s390x.rpm\nrh-php72-php-soap-7.2.24-1.el7.s390x.rpm\nrh-php72-php-xml-7.2.24-1.el7.s390x.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm\nrh-php72-php-zip-7.2.24-1.el7.s390x.rpm\n\nx86_64:\nrh-php72-php-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-cli-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-common-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-dba-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-devel-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-gd-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-intl-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-json-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-process-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-recode-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-soap-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-xml-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-zip-7.2.24-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-php72-php-7.2.24-1.el7.src.rpm\n\nx86_64:\nrh-php72-php-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-cli-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-common-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-dba-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-devel-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-gd-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-intl-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-json-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-process-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-recode-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-soap-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-xml-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-zip-7.2.24-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-10166\nhttps://access.redhat.com/security/cve/CVE-2018-20783\nhttps://access.redhat.com/security/cve/CVE-2019-6977\nhttps://access.redhat.com/security/cve/CVE-2019-9020\nhttps://access.redhat.com/security/cve/CVE-2019-9021\nhttps://access.redhat.com/security/cve/CVE-2019-9022\nhttps://access.redhat.com/security/cve/CVE-2019-9023\nhttps://access.redhat.com/security/cve/CVE-2019-9024\nhttps://access.redhat.com/security/cve/CVE-2019-9637\nhttps://access.redhat.com/security/cve/CVE-2019-9638\nhttps://access.redhat.com/security/cve/CVE-2019-9639\nhttps://access.redhat.com/security/cve/CVE-2019-9640\nhttps://access.redhat.com/security/cve/CVE-2019-11034\nhttps://access.redhat.com/security/cve/CVE-2019-11035\nhttps://access.redhat.com/security/cve/CVE-2019-11036\nhttps://access.redhat.com/security/cve/CVE-2019-11038\nhttps://access.redhat.com/security/cve/CVE-2019-11039\nhttps://access.redhat.com/security/cve/CVE-2019-11040\nhttps://access.redhat.com/security/cve/CVE-2019-11041\nhttps://access.redhat.com/security/cve/CVE-2019-11042\nhttps://access.redhat.com/security/cve/CVE-2019-11043\nhttps://access.redhat.com/security/updates/classification/#critical\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXbwslNzjgjWX9erEAQgZrA//YpBwARJTytrbpWQquZ4hnjbScNEZK1d4\nsOOT+oiQSrzvghsNKNCKwEO1CLbNA9XOT7bCchtpD/HguTc4XeGNk7dAf/qA6UVB\ntJCxmqNBVBKqoe9UafmxLUFcVSkv/PHRVD2h+/TvmqdB8Uf2Z8hIIaBt7UsW34sb\nyBMLJVhyG98c/7VzwqFXW6Vm+Ly6+/ViYtloe5/Ex4D8FvB72Cc9uRvCTWdLLOXu\nPlwQKdaEt5CtUrTmLFEX+9t6tybwhNBf/dZ96nazCaSRtQVnhZI9s+wjoE6vEOOB\n+bOldvJ9tu7LclzMIz7SbSqjhPBSLtEMGZKcO1havVGDwcfPAEc12TW9DtVFDlqA\nXq+dFW5vviRCoMlSmNBmSqQZSWMF64LdzjvWfW2G/nBnNLOdhu/Wufs1sJUOc+cp\nV9PgQH0iWut0N89DaOzTH+4PQvvvTw12HuKHk+P+/O8bBBdcI9gpd5klce/5jquc\nQXqhy49koz6BturNpVnXfSWjdLPwQ1pwhGJOkv7vLsdx6HVeuY6BsSE+C28cHFl+\nz/AOZL4eCa9xKlePdGKCbqzTjMmCiJQbeShoBOKt1DtSgVVgtE0Kc5EZQcqop0aw\nRG304k1HSbrgsSRFxx6s1RophOQaC3ASvWkw5OY/8ylNrO9AAMxLRjZNCve6V7Rq\n86WRMpuQxpE=\n=winR\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.2 Release Notes linked from the References section", "sources": [ { "db": "NVD", "id": "CVE-2019-11042" }, { "db": "JVNDB", "id": "JVNDB-2019-007695" }, { "db": "VULHUB", "id": "VHN-142649" }, { "db": "VULMON", "id": "CVE-2019-11042" }, { "db": "PACKETSTORM", "id": "154561" }, { "db": "PACKETSTORM", "id": "155066" }, { "db": "PACKETSTORM", "id": "159094" }, { "db": "PACKETSTORM", "id": "154543" }, { "db": "PACKETSTORM", "id": "155070" }, { "db": "PACKETSTORM", "id": "157463" }, { "db": "PACKETSTORM", "id": "154768" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-11042", "trust": 3.3 }, { "db": "TENABLE", "id": "TNS-2021-14", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "159094", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-007695", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201908-142", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "157463", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.3073", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3349", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3272", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0741", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2515", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3072", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3332", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.4296", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1500", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3111", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.6056", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021072292", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-142649", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2019-11042", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154561", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "155066", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154543", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "155070", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154768", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-142649" }, { "db": "VULMON", "id": "CVE-2019-11042" }, { "db": "JVNDB", "id": "JVNDB-2019-007695" }, { "db": "PACKETSTORM", "id": "154561" }, { "db": "PACKETSTORM", "id": "155066" }, { "db": "PACKETSTORM", "id": "159094" }, { "db": "PACKETSTORM", "id": "154543" }, { "db": "PACKETSTORM", "id": "155070" }, { "db": "PACKETSTORM", "id": "157463" }, { "db": "PACKETSTORM", "id": "154768" }, { "db": "NVD", "id": "CVE-2019-11042" }, { "db": "CNNVD", "id": "CNNVD-201908-142" } ] }, "id": "VAR-201908-1841", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-142649" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:36:58.322000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "[SECURITY] [DLA 1878-1] php5 security update", "trust": 0.8, "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html" }, { "title": "78256", "trust": 0.8, "url": "https://bugs.php.net/bug.php?id=78256" }, { "title": "USN-4097-1", "trust": 0.8, "url": "https://usn.ubuntu.com/4097-1/" }, { "title": "USN-4097-2", "trust": 0.8, "url": "https://usn.ubuntu.com/4097-2/" }, { "title": "PHP Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=95904" }, { "title": "Ubuntu Security Notice: php7.0, php7.2 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4097-1" }, { "title": "Ubuntu Security Notice: php5 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4097-2" }, { "title": "Amazon Linux AMI: ALAS-2019-1284", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2019-1284" }, { "title": "Amazon Linux AMI: ALAS-2019-1283", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2019-1283" }, { "title": "Debian Security Advisories: DSA-4527-1 php7.3 -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=877cb76e8aeddfa40b275ad142be1771" }, { "title": "Red Hat: Moderate: php:7.2 security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201624 - security advisory" }, { "title": "Red Hat: Critical: rh-php72-php security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193299 - security advisory" }, { "title": "Apple: macOS Catalina 10.15", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=aafc8ca42bce10e92a70604a0d265a55" }, { "title": "Debian Security Advisories: DSA-4529-1 php7.0 -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=ee5cd1d3e8c521eee01300cbf544b2d7" }, { "title": "Threatpost", "trust": 0.1, "url": "https://threatpost.com/apple-tackles-a-dozen-bugs-in-catalina/148988/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-11042" }, { "db": "JVNDB", "id": "JVNDB-2019-007695" }, { "db": "CNNVD", "id": "CNNVD-201908-142" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-125", "trust": 1.1 }, { "problemtype": "CWE-119", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-142649" }, { "db": "JVNDB", "id": "JVNDB-2019-007695" }, { "db": "NVD", "id": "CVE-2019-11042" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://access.redhat.com/errata/rhsa-2019:3299" }, { "trust": 2.5, "url": "https://usn.ubuntu.com/4097-1/" }, { "trust": 2.4, "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html" }, { "trust": 2.4, "url": "https://usn.ubuntu.com/4097-2/" }, { "trust": 2.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11042" }, { "trust": 1.8, "url": "https://seclists.org/bugtraq/2019/sep/35" }, { "trust": 1.8, "url": "https://seclists.org/bugtraq/2019/sep/38" }, { "trust": 1.8, "url": "https://seclists.org/bugtraq/2019/oct/9" }, { "trust": 1.8, "url": "https://bugs.php.net/bug.php?id=78256" }, { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20190822-0003/" }, { "trust": 1.8, "url": "https://support.apple.com/kb/ht210634" }, { "trust": 1.8, "url": "https://www.debian.org/security/2019/dsa-4527" }, { "trust": 1.8, "url": "https://www.debian.org/security/2019/dsa-4529" }, { "trust": 1.8, "url": "http://seclists.org/fulldisclosure/2019/oct/15" }, { "trust": 1.8, "url": "http://seclists.org/fulldisclosure/2019/oct/55" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00019.html" }, { "trust": 1.7, "url": "https://support.apple.com/kb/ht210722" }, { "trust": 1.7, "url": "https://www.tenable.com/security/tns-2021-14" }, { "trust": 0.9, "url": "https://access.redhat.com/security/cve/cve-2019-11042" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11042" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11041" }, { "trust": 0.6, "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914158-1.html" }, { "trust": 0.6, "url": "https://access.redhat.com/errata/rhsa-2019:3300" }, { "trust": 0.6, "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192243-1.html" }, { "trust": 0.6, "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192270-1.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1500/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3073/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3272/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021072292" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/159094/red-hat-security-advisory-2020-3662-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2515" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/php-multiple-vulnerabilities-29928" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0741/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.4296/" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht210722" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht210634" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-api-connects-developer-portal-is-impacted-by-vulnerabilities-in-php/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3072/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.6056" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3349/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/157463/red-hat-security-advisory-2020-1624-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3111/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3332/" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11040" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11039" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11036" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11035" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11034" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-11040" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-11039" }, { "trust": 0.3, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.3, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-11041" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.2, "url": "https://www.debian.org/security/faq" }, { "trust": 0.2, "url": "https://www.debian.org/security/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11038" }, { "trust": 0.2, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8717" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8757" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8701" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8730" }, { "trust": 0.2, "url": "https://support.apple.com/downloads/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8745" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8748" }, { "trust": 0.2, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8758" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8755" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8705" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9022" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9640" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9024" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9638" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9637" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-11036" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-11035" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9638" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9024" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9639" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9023" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-20783" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9022" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9640" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9021" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9023" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9020" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20783" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9639" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9637" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-11034" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9020" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9021" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/119.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/109465" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/php7.0" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8753" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8706" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8744" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8736" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8750" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8746" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8708" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8509" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8756" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12153" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8737" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8749" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12154" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8709" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8741" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8715" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12152" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7065" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-11050" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11045" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19203" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7062" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7059" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-11045" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11047" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7066" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7065" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-11047" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13224" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19203" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13225" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19204" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7063" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7064" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19246" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3662" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7066" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11048" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13225" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-11048" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13224" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19204" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7060" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7064" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19246" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7063" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7062" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11050" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7059" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7060" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20454" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/php7.3" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10166" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11043" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-11038" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-6977" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-11043" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-10166" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6977" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:1624" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8770" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8769" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8772" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8781" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8768" } ], "sources": [ { "db": "VULHUB", "id": "VHN-142649" }, { "db": "VULMON", "id": "CVE-2019-11042" }, { "db": "JVNDB", "id": "JVNDB-2019-007695" }, { "db": "PACKETSTORM", "id": "154561" }, { "db": "PACKETSTORM", "id": "155066" }, { "db": "PACKETSTORM", "id": "159094" }, { "db": "PACKETSTORM", "id": "154543" }, { "db": "PACKETSTORM", "id": "155070" }, { "db": "PACKETSTORM", "id": "157463" }, { "db": "PACKETSTORM", "id": "154768" }, { "db": "NVD", "id": "CVE-2019-11042" }, { "db": "CNNVD", "id": "CNNVD-201908-142" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-142649" }, { "db": "VULMON", "id": "CVE-2019-11042" }, { "db": "JVNDB", "id": "JVNDB-2019-007695" }, { "db": "PACKETSTORM", "id": "154561" }, { "db": "PACKETSTORM", "id": "155066" }, { "db": "PACKETSTORM", "id": "159094" }, { "db": "PACKETSTORM", "id": "154543" }, { "db": "PACKETSTORM", "id": "155070" }, { "db": "PACKETSTORM", "id": "157463" }, { "db": "PACKETSTORM", "id": "154768" }, { "db": "NVD", "id": "CVE-2019-11042" }, { "db": "CNNVD", "id": "CNNVD-201908-142" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-08-09T00:00:00", "db": "VULHUB", "id": "VHN-142649" }, { "date": "2019-08-09T00:00:00", "db": "VULMON", "id": "CVE-2019-11042" }, { "date": "2019-08-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-007695" }, { "date": "2019-09-23T18:25:24", "db": "PACKETSTORM", "id": "154561" }, { "date": "2019-11-01T17:10:40", "db": "PACKETSTORM", "id": "155066" }, { "date": "2020-09-08T18:10:32", "db": "PACKETSTORM", "id": "159094" }, { "date": "2019-09-20T14:58:48", "db": "PACKETSTORM", "id": "154543" }, { "date": "2019-11-01T17:11:58", "db": "PACKETSTORM", "id": "155070" }, { "date": "2020-04-28T20:37:45", "db": "PACKETSTORM", "id": "157463" }, { "date": "2019-10-08T19:59:26", "db": "PACKETSTORM", "id": "154768" }, { "date": "2019-08-09T20:15:11.143000", "db": "NVD", "id": "CVE-2019-11042" }, { "date": "2019-08-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201908-142" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-28T00:00:00", "db": "VULHUB", "id": "VHN-142649" }, { "date": "2020-10-02T00:00:00", "db": "VULMON", "id": "CVE-2019-11042" }, { "date": "2019-08-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-007695" }, { "date": "2023-02-28T15:13:47.413000", "db": "NVD", "id": "CVE-2019-11042" }, { "date": "2023-03-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201908-142" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201908-142" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "PHP EXIF Buffer error vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-007695" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201908-142" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.