var-202002-1306
Vulnerability from variot
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash. PHP Exists in an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be put into a state. A buffer error vulnerability exists in PHP 7.2.x prior to 7.2.27, 7.3.x prior to 7.3.14, and 7.4.x prior to 7.4.2. (CVE-2015-9253). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: rh-php73-php security, bug fix, and enhancement update Advisory ID: RHSA-2020:5275-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2020:5275 Issue date: 2020-12-01 CVE Names: CVE-2019-11045 CVE-2019-11047 CVE-2019-11048 CVE-2019-11050 CVE-2019-19203 CVE-2019-19204 CVE-2019-19246 CVE-2020-7059 CVE-2020-7060 CVE-2020-7062 CVE-2020-7063 CVE-2020-7064 CVE-2020-7065 CVE-2020-7066 ==================================================================== 1. Summary:
An update for rh-php73-php is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
The following packages have been upgraded to a later upstream version: rh-php73-php (7.3.20). (BZ#1853211)
Security Fix(es):
-
php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte (CVE-2019-11045)
-
php: Information disclosure in exif_read_data() (CVE-2019-11047)
-
php: Integer wraparounds when receiving multipart forms (CVE-2019-11048)
-
oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c (CVE-2019-19203)
-
oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c (CVE-2019-19204)
-
php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059)
-
php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function (CVE-2020-7060)
-
php: NULL pointer dereference in PHP session upload progress (CVE-2020-7062)
-
php: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063)
-
php: Information disclosure in exif_read_data() function (CVE-2020-7064)
-
php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution (CVE-2020-7065)
-
php: Out of bounds read when parsing EXIF information (CVE-2019-11050)
-
oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c (CVE-2019-19246)
-
php: Information disclosure in function get_headers (CVE-2020-7066)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Software Collections 3.6 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1777537 - CVE-2019-19246 oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c 1786570 - CVE-2019-11047 php: Information disclosure in exif_read_data() 1786572 - CVE-2019-11045 php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte 1788258 - CVE-2019-11050 php: Out of bounds read when parsing EXIF information 1797776 - CVE-2020-7059 php: Out of bounds read in php_strip_tags_ex 1797779 - CVE-2020-7060 php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function 1802061 - CVE-2019-19203 oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c 1802068 - CVE-2019-19204 oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c 1808532 - CVE-2020-7062 php: NULL pointer dereference in PHP session upload progress 1808536 - CVE-2020-7063 php: Files added to tar with Phar::buildFromIterator have all-access permissions 1820601 - CVE-2020-7064 php: Information disclosure in exif_read_data() function 1820604 - CVE-2020-7066 php: Information disclosure in function get_headers 1820627 - CVE-2020-7065 php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution 1837842 - CVE-2019-11048 php: Integer wraparounds when receiving multipart forms
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-php73-php-7.3.20-1.el7.src.rpm
aarch64: rh-php73-php-7.3.20-1.el7.aarch64.rpm rh-php73-php-bcmath-7.3.20-1.el7.aarch64.rpm rh-php73-php-cli-7.3.20-1.el7.aarch64.rpm rh-php73-php-common-7.3.20-1.el7.aarch64.rpm rh-php73-php-dba-7.3.20-1.el7.aarch64.rpm rh-php73-php-dbg-7.3.20-1.el7.aarch64.rpm rh-php73-php-debuginfo-7.3.20-1.el7.aarch64.rpm rh-php73-php-devel-7.3.20-1.el7.aarch64.rpm rh-php73-php-embedded-7.3.20-1.el7.aarch64.rpm rh-php73-php-enchant-7.3.20-1.el7.aarch64.rpm rh-php73-php-fpm-7.3.20-1.el7.aarch64.rpm rh-php73-php-gd-7.3.20-1.el7.aarch64.rpm rh-php73-php-gmp-7.3.20-1.el7.aarch64.rpm rh-php73-php-intl-7.3.20-1.el7.aarch64.rpm rh-php73-php-json-7.3.20-1.el7.aarch64.rpm rh-php73-php-ldap-7.3.20-1.el7.aarch64.rpm rh-php73-php-mbstring-7.3.20-1.el7.aarch64.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.aarch64.rpm rh-php73-php-odbc-7.3.20-1.el7.aarch64.rpm rh-php73-php-opcache-7.3.20-1.el7.aarch64.rpm rh-php73-php-pdo-7.3.20-1.el7.aarch64.rpm rh-php73-php-pgsql-7.3.20-1.el7.aarch64.rpm rh-php73-php-process-7.3.20-1.el7.aarch64.rpm rh-php73-php-pspell-7.3.20-1.el7.aarch64.rpm rh-php73-php-recode-7.3.20-1.el7.aarch64.rpm rh-php73-php-snmp-7.3.20-1.el7.aarch64.rpm rh-php73-php-soap-7.3.20-1.el7.aarch64.rpm rh-php73-php-xml-7.3.20-1.el7.aarch64.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.aarch64.rpm rh-php73-php-zip-7.3.20-1.el7.aarch64.rpm
ppc64le: rh-php73-php-7.3.20-1.el7.ppc64le.rpm rh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm rh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm rh-php73-php-common-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm rh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm rh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm rh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm rh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm rh-php73-php-json-7.3.20-1.el7.ppc64le.rpm rh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm rh-php73-php-process-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm rh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm rh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm
s390x: rh-php73-php-7.3.20-1.el7.s390x.rpm rh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm rh-php73-php-cli-7.3.20-1.el7.s390x.rpm rh-php73-php-common-7.3.20-1.el7.s390x.rpm rh-php73-php-dba-7.3.20-1.el7.s390x.rpm rh-php73-php-dbg-7.3.20-1.el7.s390x.rpm rh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm rh-php73-php-devel-7.3.20-1.el7.s390x.rpm rh-php73-php-embedded-7.3.20-1.el7.s390x.rpm rh-php73-php-enchant-7.3.20-1.el7.s390x.rpm rh-php73-php-fpm-7.3.20-1.el7.s390x.rpm rh-php73-php-gd-7.3.20-1.el7.s390x.rpm rh-php73-php-gmp-7.3.20-1.el7.s390x.rpm rh-php73-php-intl-7.3.20-1.el7.s390x.rpm rh-php73-php-json-7.3.20-1.el7.s390x.rpm rh-php73-php-ldap-7.3.20-1.el7.s390x.rpm rh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm rh-php73-php-odbc-7.3.20-1.el7.s390x.rpm rh-php73-php-opcache-7.3.20-1.el7.s390x.rpm rh-php73-php-pdo-7.3.20-1.el7.s390x.rpm rh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm rh-php73-php-process-7.3.20-1.el7.s390x.rpm rh-php73-php-pspell-7.3.20-1.el7.s390x.rpm rh-php73-php-recode-7.3.20-1.el7.s390x.rpm rh-php73-php-snmp-7.3.20-1.el7.s390x.rpm rh-php73-php-soap-7.3.20-1.el7.s390x.rpm rh-php73-php-xml-7.3.20-1.el7.s390x.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm rh-php73-php-zip-7.3.20-1.el7.s390x.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-php73-php-7.3.20-1.el7.src.rpm
aarch64: rh-php73-php-7.3.20-1.el7.aarch64.rpm rh-php73-php-bcmath-7.3.20-1.el7.aarch64.rpm rh-php73-php-cli-7.3.20-1.el7.aarch64.rpm rh-php73-php-common-7.3.20-1.el7.aarch64.rpm rh-php73-php-dba-7.3.20-1.el7.aarch64.rpm rh-php73-php-dbg-7.3.20-1.el7.aarch64.rpm rh-php73-php-debuginfo-7.3.20-1.el7.aarch64.rpm rh-php73-php-devel-7.3.20-1.el7.aarch64.rpm rh-php73-php-embedded-7.3.20-1.el7.aarch64.rpm rh-php73-php-enchant-7.3.20-1.el7.aarch64.rpm rh-php73-php-fpm-7.3.20-1.el7.aarch64.rpm rh-php73-php-gd-7.3.20-1.el7.aarch64.rpm rh-php73-php-gmp-7.3.20-1.el7.aarch64.rpm rh-php73-php-intl-7.3.20-1.el7.aarch64.rpm rh-php73-php-json-7.3.20-1.el7.aarch64.rpm rh-php73-php-ldap-7.3.20-1.el7.aarch64.rpm rh-php73-php-mbstring-7.3.20-1.el7.aarch64.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.aarch64.rpm rh-php73-php-odbc-7.3.20-1.el7.aarch64.rpm rh-php73-php-opcache-7.3.20-1.el7.aarch64.rpm rh-php73-php-pdo-7.3.20-1.el7.aarch64.rpm rh-php73-php-pgsql-7.3.20-1.el7.aarch64.rpm rh-php73-php-process-7.3.20-1.el7.aarch64.rpm rh-php73-php-pspell-7.3.20-1.el7.aarch64.rpm rh-php73-php-recode-7.3.20-1.el7.aarch64.rpm rh-php73-php-snmp-7.3.20-1.el7.aarch64.rpm rh-php73-php-soap-7.3.20-1.el7.aarch64.rpm rh-php73-php-xml-7.3.20-1.el7.aarch64.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.aarch64.rpm rh-php73-php-zip-7.3.20-1.el7.aarch64.rpm
ppc64le: rh-php73-php-7.3.20-1.el7.ppc64le.rpm rh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm rh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm rh-php73-php-common-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm rh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm rh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm rh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm rh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm rh-php73-php-json-7.3.20-1.el7.ppc64le.rpm rh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm rh-php73-php-process-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm rh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm rh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm
s390x: rh-php73-php-7.3.20-1.el7.s390x.rpm rh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm rh-php73-php-cli-7.3.20-1.el7.s390x.rpm rh-php73-php-common-7.3.20-1.el7.s390x.rpm rh-php73-php-dba-7.3.20-1.el7.s390x.rpm rh-php73-php-dbg-7.3.20-1.el7.s390x.rpm rh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm rh-php73-php-devel-7.3.20-1.el7.s390x.rpm rh-php73-php-embedded-7.3.20-1.el7.s390x.rpm rh-php73-php-enchant-7.3.20-1.el7.s390x.rpm rh-php73-php-fpm-7.3.20-1.el7.s390x.rpm rh-php73-php-gd-7.3.20-1.el7.s390x.rpm rh-php73-php-gmp-7.3.20-1.el7.s390x.rpm rh-php73-php-intl-7.3.20-1.el7.s390x.rpm rh-php73-php-json-7.3.20-1.el7.s390x.rpm rh-php73-php-ldap-7.3.20-1.el7.s390x.rpm rh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm rh-php73-php-odbc-7.3.20-1.el7.s390x.rpm rh-php73-php-opcache-7.3.20-1.el7.s390x.rpm rh-php73-php-pdo-7.3.20-1.el7.s390x.rpm rh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm rh-php73-php-process-7.3.20-1.el7.s390x.rpm rh-php73-php-pspell-7.3.20-1.el7.s390x.rpm rh-php73-php-recode-7.3.20-1.el7.s390x.rpm rh-php73-php-snmp-7.3.20-1.el7.s390x.rpm rh-php73-php-soap-7.3.20-1.el7.s390x.rpm rh-php73-php-xml-7.3.20-1.el7.s390x.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm rh-php73-php-zip-7.3.20-1.el7.s390x.rpm
x86_64: rh-php73-php-7.3.20-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm rh-php73-php-cli-7.3.20-1.el7.x86_64.rpm rh-php73-php-common-7.3.20-1.el7.x86_64.rpm rh-php73-php-dba-7.3.20-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm rh-php73-php-devel-7.3.20-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm rh-php73-php-gd-7.3.20-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-intl-7.3.20-1.el7.x86_64.rpm rh-php73-php-json-7.3.20-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm rh-php73-php-process-7.3.20-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm rh-php73-php-recode-7.3.20-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-soap-7.3.20-1.el7.x86_64.rpm rh-php73-php-xml-7.3.20-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm rh-php73-php-zip-7.3.20-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-php73-php-7.3.20-1.el7.src.rpm
ppc64le: rh-php73-php-7.3.20-1.el7.ppc64le.rpm rh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm rh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm rh-php73-php-common-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm rh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm rh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm rh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm rh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm rh-php73-php-json-7.3.20-1.el7.ppc64le.rpm rh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm rh-php73-php-process-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm rh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm rh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm
s390x: rh-php73-php-7.3.20-1.el7.s390x.rpm rh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm rh-php73-php-cli-7.3.20-1.el7.s390x.rpm rh-php73-php-common-7.3.20-1.el7.s390x.rpm rh-php73-php-dba-7.3.20-1.el7.s390x.rpm rh-php73-php-dbg-7.3.20-1.el7.s390x.rpm rh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm rh-php73-php-devel-7.3.20-1.el7.s390x.rpm rh-php73-php-embedded-7.3.20-1.el7.s390x.rpm rh-php73-php-enchant-7.3.20-1.el7.s390x.rpm rh-php73-php-fpm-7.3.20-1.el7.s390x.rpm rh-php73-php-gd-7.3.20-1.el7.s390x.rpm rh-php73-php-gmp-7.3.20-1.el7.s390x.rpm rh-php73-php-intl-7.3.20-1.el7.s390x.rpm rh-php73-php-json-7.3.20-1.el7.s390x.rpm rh-php73-php-ldap-7.3.20-1.el7.s390x.rpm rh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm rh-php73-php-odbc-7.3.20-1.el7.s390x.rpm rh-php73-php-opcache-7.3.20-1.el7.s390x.rpm rh-php73-php-pdo-7.3.20-1.el7.s390x.rpm rh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm rh-php73-php-process-7.3.20-1.el7.s390x.rpm rh-php73-php-pspell-7.3.20-1.el7.s390x.rpm rh-php73-php-recode-7.3.20-1.el7.s390x.rpm rh-php73-php-snmp-7.3.20-1.el7.s390x.rpm rh-php73-php-soap-7.3.20-1.el7.s390x.rpm rh-php73-php-xml-7.3.20-1.el7.s390x.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm rh-php73-php-zip-7.3.20-1.el7.s390x.rpm
x86_64: rh-php73-php-7.3.20-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm rh-php73-php-cli-7.3.20-1.el7.x86_64.rpm rh-php73-php-common-7.3.20-1.el7.x86_64.rpm rh-php73-php-dba-7.3.20-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm rh-php73-php-devel-7.3.20-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm rh-php73-php-gd-7.3.20-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-intl-7.3.20-1.el7.x86_64.rpm rh-php73-php-json-7.3.20-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm rh-php73-php-process-7.3.20-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm rh-php73-php-recode-7.3.20-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-soap-7.3.20-1.el7.x86_64.rpm rh-php73-php-xml-7.3.20-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm rh-php73-php-zip-7.3.20-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source: rh-php73-php-7.3.20-1.el7.src.rpm
ppc64le: rh-php73-php-7.3.20-1.el7.ppc64le.rpm rh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm rh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm rh-php73-php-common-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm rh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm rh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm rh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm rh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm rh-php73-php-json-7.3.20-1.el7.ppc64le.rpm rh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm rh-php73-php-process-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm rh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm rh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm
s390x: rh-php73-php-7.3.20-1.el7.s390x.rpm rh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm rh-php73-php-cli-7.3.20-1.el7.s390x.rpm rh-php73-php-common-7.3.20-1.el7.s390x.rpm rh-php73-php-dba-7.3.20-1.el7.s390x.rpm rh-php73-php-dbg-7.3.20-1.el7.s390x.rpm rh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm rh-php73-php-devel-7.3.20-1.el7.s390x.rpm rh-php73-php-embedded-7.3.20-1.el7.s390x.rpm rh-php73-php-enchant-7.3.20-1.el7.s390x.rpm rh-php73-php-fpm-7.3.20-1.el7.s390x.rpm rh-php73-php-gd-7.3.20-1.el7.s390x.rpm rh-php73-php-gmp-7.3.20-1.el7.s390x.rpm rh-php73-php-intl-7.3.20-1.el7.s390x.rpm rh-php73-php-json-7.3.20-1.el7.s390x.rpm rh-php73-php-ldap-7.3.20-1.el7.s390x.rpm rh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm rh-php73-php-odbc-7.3.20-1.el7.s390x.rpm rh-php73-php-opcache-7.3.20-1.el7.s390x.rpm rh-php73-php-pdo-7.3.20-1.el7.s390x.rpm rh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm rh-php73-php-process-7.3.20-1.el7.s390x.rpm rh-php73-php-pspell-7.3.20-1.el7.s390x.rpm rh-php73-php-recode-7.3.20-1.el7.s390x.rpm rh-php73-php-snmp-7.3.20-1.el7.s390x.rpm rh-php73-php-soap-7.3.20-1.el7.s390x.rpm rh-php73-php-xml-7.3.20-1.el7.s390x.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm rh-php73-php-zip-7.3.20-1.el7.s390x.rpm
x86_64: rh-php73-php-7.3.20-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm rh-php73-php-cli-7.3.20-1.el7.x86_64.rpm rh-php73-php-common-7.3.20-1.el7.x86_64.rpm rh-php73-php-dba-7.3.20-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm rh-php73-php-devel-7.3.20-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm rh-php73-php-gd-7.3.20-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-intl-7.3.20-1.el7.x86_64.rpm rh-php73-php-json-7.3.20-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm rh-php73-php-process-7.3.20-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm rh-php73-php-recode-7.3.20-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-soap-7.3.20-1.el7.x86_64.rpm rh-php73-php-xml-7.3.20-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm rh-php73-php-zip-7.3.20-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-php73-php-7.3.20-1.el7.src.rpm
x86_64: rh-php73-php-7.3.20-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm rh-php73-php-cli-7.3.20-1.el7.x86_64.rpm rh-php73-php-common-7.3.20-1.el7.x86_64.rpm rh-php73-php-dba-7.3.20-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm rh-php73-php-devel-7.3.20-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm rh-php73-php-gd-7.3.20-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-intl-7.3.20-1.el7.x86_64.rpm rh-php73-php-json-7.3.20-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm rh-php73-php-process-7.3.20-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm rh-php73-php-recode-7.3.20-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-soap-7.3.20-1.el7.x86_64.rpm rh-php73-php-xml-7.3.20-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm rh-php73-php-zip-7.3.20-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-11045 https://access.redhat.com/security/cve/CVE-2019-11047 https://access.redhat.com/security/cve/CVE-2019-11048 https://access.redhat.com/security/cve/CVE-2019-11050 https://access.redhat.com/security/cve/CVE-2019-19203 https://access.redhat.com/security/cve/CVE-2019-19204 https://access.redhat.com/security/cve/CVE-2019-19246 https://access.redhat.com/security/cve/CVE-2020-7059 https://access.redhat.com/security/cve/CVE-2020-7060 https://access.redhat.com/security/cve/CVE-2020-7062 https://access.redhat.com/security/cve/CVE-2020-7063 https://access.redhat.com/security/cve/CVE-2020-7064 https://access.redhat.com/security/cve/CVE-2020-7065 https://access.redhat.com/security/cve/CVE-2020-7066 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.6_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBX8Y0i9zjgjWX9erEAQg0Fw/8DpkMHPAzp4Tb6ym275eMnlcICweGyFtw becOAQt6d3zo6+1fQ7TvsDhciqoSppofF1z4i1HKRZlvsrkzmPkzXfBh0Z1M99YQ KUsvTcbQ9fd5AzHzkVIQ1NL9Qvhl8We0DL/WEiz6ob3yczwgZAz7yVq+dl7IkfoI 6G/lbIT0g5C9OPpma+KPw2mB1fiaGnPp5+i3o1srMYOcqqd8oWDWOQZJVB1TlkEH rcPfqKdlrwIl2gu9LlGw8leNS0392lsd8UOaVt8rjsW5wdPAZno8rCFp+TMXymJ0 D1FlsrWwsc89QPgeJd13cc487nJnIos8bRxTDsJL/pQdyhIYNLGA7dA20YdMElDh viPblEXhfwRMHeSgTUUTU4dvNk6DiGQWigiNh2973EgYDTxA2AGvLo2ygfFXCVGi EWcECya+Cz+G0/IaJPE1ohnVqdfdrDVncOFNmfdQ6QvDZaoZyqi37UubtA+JB1qC 5f1j9vtfWTMRpkCqmF/94WQ81h2401lqHz6yWlbn2DOALN/R8Cso5mLwwd/9cWLo RwIpTvHOFY++tzoh8Mn9WDaMNkPkf39n30BDtKQA4XG53vo3/RZHmpkmwxy4UVgB gGP537Uy95zumCJMFRsKvkqTg62O6AEOneydtZT/yYGiF9uhHBboTorij+aD7LN4 0afoNZ3Sfdc\xaaB8 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64
For the stable distribution (buster), these problems have been fixed in version 7.3.14-1~deb10u1.
We recommend that you upgrade your php7.3 packages.
For the detailed security status of php7.3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php7.3
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl5K+WQACgkQEMKTtsN8 TjZA/xAAkC1VQPZceCr4L9w2SuZ3tqxhxtQudPw8NcH7kSZtrvFnFOYvqKTj/wNV wtHcx4TMZRPYWu+Pzl2WN7B+H++4PtvNDyUmyrwOycOIBnPrRRp9bmtTrs6Dzmm4 M/y2G5PYVGHxeilQWLKiOKX/EL/7EFjjEZq19DyujBGlOZsj3jGDAxtpGn510Q2d 94c2fa1hCBp8u0HGMcCQ632+bK6JS79JixzkkuGlWiih+2H94Qdwm3saiNt3ey/N QT7tiFsdPWwWUOuT4G6GYrpL0vOw+idm9OClfOAufaZOosgIbL/oUPtMtq7Gb7la ILxU1KbaLMX0vOszycpIP04AEBPETCKxvDuHNLKTGNaE6GQjIjDkSTIH0hGDeaeX gCrRosPh0jmI5M158dJrUPkC5JZpsX/WJWGmNnJ5DvCBMlQtaloVBP4eLXlda8fB 743tDdFlaiD6mC0aGMfXp54yTD3/0J2ENmZ8Rx+YEuTr7/7P1Ia8o2HiIoGE4URf AU4uQ1YjI6bhXo8muN29449vo/5yciVhH3EikHvGtdMAd7c2wD6GxDjpKj2ZWOF8 flI6DcATW+8rq9+dICZOtA0vgxTZb4iPzj4CXoqzfDg+JH5U2AGKQWY/650UIwOX Q2kshwrrFxQUml8AfiL68OJww4MkBmUb9fbwmgBg0pNASigWJa4=EPNV -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-57
https://security.gentoo.org/
Severity: High Title: PHP: Multiple vulnerabilities Date: March 26, 2020 Bugs: #671872, #706168, #710304, #713484 ID: 202003-57
Synopsis
Multiple vulnerabilities have been found in PHP, the worst of which could result in the execution of arbitrary shell commands.
Background
PHP is an open source general-purpose scripting language that is especially suited for web development. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All PHP 7.2.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-7.2.29"
All PHP 7.3.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-7.3.16"
All PHP 7.4.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-7.4.4"
References
[ 1 ] CVE-2018-19518 https://nvd.nist.gov/vuln/detail/CVE-2018-19518 [ 2 ] CVE-2020-7059 https://nvd.nist.gov/vuln/detail/CVE-2020-7059 [ 3 ] CVE-2020-7060 https://nvd.nist.gov/vuln/detail/CVE-2020-7060 [ 4 ] CVE-2020-7061 https://nvd.nist.gov/vuln/detail/CVE-2020-7061 [ 5 ] CVE-2020-7062 https://nvd.nist.gov/vuln/detail/CVE-2020-7062 [ 6 ] CVE-2020-7063 https://nvd.nist.gov/vuln/detail/CVE-2020-7063 [ 7 ] CVE-2020-7064 https://nvd.nist.gov/vuln/detail/CVE-2020-7064 [ 8 ] CVE-2020-7065 https://nvd.nist.gov/vuln/detail/CVE-2020-7065 [ 9 ] CVE-2020-7066 https://nvd.nist.gov/vuln/detail/CVE-2020-7066
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202003-57
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. ========================================================================== Ubuntu Security Notice USN-4279-2 February 19, 2020
php7.0 regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
USN-4279-1 introduced a regression in PHP. The updated packages caused a regression. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2015-9253)
It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-7059)
It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2020-7060)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: libapache2-mod-php7.0 7.0.33-0ubuntu0.16.04.12 php7.0-cgi 7.0.33-0ubuntu0.16.04.12 php7.0-cli 7.0.33-0ubuntu0.16.04.12 php7.0-fpm 7.0.33-0ubuntu0.16.04.12
In general, a standard system update will make all the necessary changes
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202002-1306", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "php", "scope": "lt", "trust": 1.0, "vendor": "php", "version": "7.2.27" }, { "model": "php", "scope": "lt", "trust": 1.0, "vendor": "php", "version": "7.4.2" }, { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "15.1" }, { "model": "php", "scope": "gte", "trust": 1.0, "vendor": "php", "version": "7.2.0" }, { "model": "php", "scope": "gte", "trust": 1.0, "vendor": "php", "version": "7.4.0" }, { "model": "tenable.sc", "scope": "lt", "trust": 1.0, "vendor": "tenable", "version": "5.19.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "communications diameter signaling router", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.4" }, { "model": "php", "scope": "gte", "trust": 1.0, "vendor": "php", "version": "7.3.0" }, { "model": "communications diameter signaling router", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0" }, { "model": "php", "scope": "lt", "trust": 1.0, "vendor": "php", "version": "7.3.14" }, { "model": "php", "scope": "eq", "trust": 0.8, "vendor": "the php group", "version": "7.2.27" }, { "model": "php", "scope": "eq", "trust": 0.8, "vendor": "the php group", "version": "7.3.14" }, { "model": "php", "scope": "eq", "trust": 0.8, "vendor": "the php group", "version": "7.4.2" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-001730" }, { "db": "NVD", "id": "CVE-2020-7060" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.4.2", "versionStartIncluding": "7.4.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.2.27", "versionStartIncluding": "7.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.3.14", "versionStartIncluding": "7.3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.19.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.4", "versionStartIncluding": "8.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-7060" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Ubuntu,Debian,Red Hat,Gentoo", "sources": [ { "db": "CNNVD", "id": "CNNVD-202002-315" } ], "trust": 0.6 }, "cve": "CVE-2020-7060", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 4.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.4, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2020-001730", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-185185", "impactScore": 4.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2020-7060", "impactScore": 4.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.2, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "security@php.net", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 3.9, "impactScore": 2.5, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.1, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-001730", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-7060", "trust": 1.0, "value": "CRITICAL" }, { "author": "security@php.net", "id": "CVE-2020-7060", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "JVNDB-2020-001730", "trust": 0.8, "value": "Critical" }, { "author": "CNNVD", "id": "CNNVD-202002-315", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-185185", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-7060", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-185185" }, { "db": "VULMON", "id": "CVE-2020-7060" }, { "db": "JVNDB", "id": "JVNDB-2020-001730" }, { "db": "NVD", "id": "CVE-2020-7060" }, { "db": "NVD", "id": "CVE-2020-7060" }, { "db": "CNNVD", "id": "CNNVD-202002-315" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash. PHP Exists in an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be put into a state. A buffer error vulnerability exists in PHP 7.2.x prior to 7.2.27, 7.3.x prior to 7.3.14, and 7.4.x prior to 7.4.2. \n(CVE-2015-9253). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: rh-php73-php security, bug fix, and enhancement update\nAdvisory ID: RHSA-2020:5275-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:5275\nIssue date: 2020-12-01\nCVE Names: CVE-2019-11045 CVE-2019-11047 CVE-2019-11048\n CVE-2019-11050 CVE-2019-19203 CVE-2019-19204\n CVE-2019-19246 CVE-2020-7059 CVE-2020-7060\n CVE-2020-7062 CVE-2020-7063 CVE-2020-7064\n CVE-2020-7065 CVE-2020-7066\n====================================================================\n1. Summary:\n\nAn update for rh-php73-php is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. \n\nThe following packages have been upgraded to a later upstream version:\nrh-php73-php (7.3.20). (BZ#1853211)\n\nSecurity Fix(es):\n\n* php: DirectoryIterator class accepts filenames with embedded \\0 byte and\ntreats them as terminating at that byte (CVE-2019-11045)\n\n* php: Information disclosure in exif_read_data() (CVE-2019-11047)\n\n* php: Integer wraparounds when receiving multipart forms (CVE-2019-11048)\n\n* oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in\nfile gb18030.c (CVE-2019-19203)\n\n* oniguruma: Heap-based buffer over-read in function\nfetch_interval_quantifier in regparse.c (CVE-2019-19204)\n\n* php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059)\n\n* php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function\n(CVE-2020-7060)\n\n* php: NULL pointer dereference in PHP session upload progress\n(CVE-2020-7062)\n\n* php: Files added to tar with Phar::buildFromIterator have all-access\npermissions (CVE-2020-7063)\n\n* php: Information disclosure in exif_read_data() function (CVE-2020-7064)\n\n* php: Using mb_strtolower() function with UTF-32LE encoding leads to\npotential code execution (CVE-2020-7065)\n\n* php: Out of bounds read when parsing EXIF information (CVE-2019-11050)\n\n* oniguruma: Heap-based buffer overflow in str_lower_case_match in\nregexec.c (CVE-2019-19246)\n\n* php: Information disclosure in function get_headers (CVE-2020-7066)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nSoftware Collections 3.6 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon must be restarted\nfor the update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1777537 - CVE-2019-19246 oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c\n1786570 - CVE-2019-11047 php: Information disclosure in exif_read_data()\n1786572 - CVE-2019-11045 php: DirectoryIterator class accepts filenames with embedded \\0 byte and treats them as terminating at that byte\n1788258 - CVE-2019-11050 php: Out of bounds read when parsing EXIF information\n1797776 - CVE-2020-7059 php: Out of bounds read in php_strip_tags_ex\n1797779 - CVE-2020-7060 php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function\n1802061 - CVE-2019-19203 oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c\n1802068 - CVE-2019-19204 oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c\n1808532 - CVE-2020-7062 php: NULL pointer dereference in PHP session upload progress\n1808536 - CVE-2020-7063 php: Files added to tar with Phar::buildFromIterator have all-access permissions\n1820601 - CVE-2020-7064 php: Information disclosure in exif_read_data() function\n1820604 - CVE-2020-7066 php: Information disclosure in function get_headers\n1820627 - CVE-2020-7065 php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution\n1837842 - CVE-2019-11048 php: Integer wraparounds when receiving multipart forms\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-php73-php-7.3.20-1.el7.src.rpm\n\naarch64:\nrh-php73-php-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-cli-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-common-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-dba-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-dbg-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-devel-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-embedded-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-enchant-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-fpm-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-gd-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-gmp-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-intl-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-json-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-ldap-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-odbc-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-opcache-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-pdo-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-process-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-pspell-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-recode-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-snmp-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-soap-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-xml-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-zip-7.3.20-1.el7.aarch64.rpm\n\nppc64le:\nrh-php73-php-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-common-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-json-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-process-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm\n\ns390x:\nrh-php73-php-7.3.20-1.el7.s390x.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm\nrh-php73-php-cli-7.3.20-1.el7.s390x.rpm\nrh-php73-php-common-7.3.20-1.el7.s390x.rpm\nrh-php73-php-dba-7.3.20-1.el7.s390x.rpm\nrh-php73-php-dbg-7.3.20-1.el7.s390x.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm\nrh-php73-php-devel-7.3.20-1.el7.s390x.rpm\nrh-php73-php-embedded-7.3.20-1.el7.s390x.rpm\nrh-php73-php-enchant-7.3.20-1.el7.s390x.rpm\nrh-php73-php-fpm-7.3.20-1.el7.s390x.rpm\nrh-php73-php-gd-7.3.20-1.el7.s390x.rpm\nrh-php73-php-gmp-7.3.20-1.el7.s390x.rpm\nrh-php73-php-intl-7.3.20-1.el7.s390x.rpm\nrh-php73-php-json-7.3.20-1.el7.s390x.rpm\nrh-php73-php-ldap-7.3.20-1.el7.s390x.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm\nrh-php73-php-odbc-7.3.20-1.el7.s390x.rpm\nrh-php73-php-opcache-7.3.20-1.el7.s390x.rpm\nrh-php73-php-pdo-7.3.20-1.el7.s390x.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm\nrh-php73-php-process-7.3.20-1.el7.s390x.rpm\nrh-php73-php-pspell-7.3.20-1.el7.s390x.rpm\nrh-php73-php-recode-7.3.20-1.el7.s390x.rpm\nrh-php73-php-snmp-7.3.20-1.el7.s390x.rpm\nrh-php73-php-soap-7.3.20-1.el7.s390x.rpm\nrh-php73-php-xml-7.3.20-1.el7.s390x.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm\nrh-php73-php-zip-7.3.20-1.el7.s390x.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-php73-php-7.3.20-1.el7.src.rpm\n\naarch64:\nrh-php73-php-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-cli-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-common-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-dba-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-dbg-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-devel-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-embedded-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-enchant-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-fpm-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-gd-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-gmp-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-intl-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-json-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-ldap-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-odbc-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-opcache-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-pdo-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-process-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-pspell-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-recode-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-snmp-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-soap-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-xml-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-zip-7.3.20-1.el7.aarch64.rpm\n\nppc64le:\nrh-php73-php-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-common-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-json-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-process-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm\n\ns390x:\nrh-php73-php-7.3.20-1.el7.s390x.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm\nrh-php73-php-cli-7.3.20-1.el7.s390x.rpm\nrh-php73-php-common-7.3.20-1.el7.s390x.rpm\nrh-php73-php-dba-7.3.20-1.el7.s390x.rpm\nrh-php73-php-dbg-7.3.20-1.el7.s390x.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm\nrh-php73-php-devel-7.3.20-1.el7.s390x.rpm\nrh-php73-php-embedded-7.3.20-1.el7.s390x.rpm\nrh-php73-php-enchant-7.3.20-1.el7.s390x.rpm\nrh-php73-php-fpm-7.3.20-1.el7.s390x.rpm\nrh-php73-php-gd-7.3.20-1.el7.s390x.rpm\nrh-php73-php-gmp-7.3.20-1.el7.s390x.rpm\nrh-php73-php-intl-7.3.20-1.el7.s390x.rpm\nrh-php73-php-json-7.3.20-1.el7.s390x.rpm\nrh-php73-php-ldap-7.3.20-1.el7.s390x.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm\nrh-php73-php-odbc-7.3.20-1.el7.s390x.rpm\nrh-php73-php-opcache-7.3.20-1.el7.s390x.rpm\nrh-php73-php-pdo-7.3.20-1.el7.s390x.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm\nrh-php73-php-process-7.3.20-1.el7.s390x.rpm\nrh-php73-php-pspell-7.3.20-1.el7.s390x.rpm\nrh-php73-php-recode-7.3.20-1.el7.s390x.rpm\nrh-php73-php-snmp-7.3.20-1.el7.s390x.rpm\nrh-php73-php-soap-7.3.20-1.el7.s390x.rpm\nrh-php73-php-xml-7.3.20-1.el7.s390x.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm\nrh-php73-php-zip-7.3.20-1.el7.s390x.rpm\n\nx86_64:\nrh-php73-php-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-cli-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-common-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-dba-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-devel-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-gd-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-intl-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-json-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-process-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-recode-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-soap-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-xml-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-zip-7.3.20-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-php73-php-7.3.20-1.el7.src.rpm\n\nppc64le:\nrh-php73-php-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-common-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-json-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-process-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm\n\ns390x:\nrh-php73-php-7.3.20-1.el7.s390x.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm\nrh-php73-php-cli-7.3.20-1.el7.s390x.rpm\nrh-php73-php-common-7.3.20-1.el7.s390x.rpm\nrh-php73-php-dba-7.3.20-1.el7.s390x.rpm\nrh-php73-php-dbg-7.3.20-1.el7.s390x.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm\nrh-php73-php-devel-7.3.20-1.el7.s390x.rpm\nrh-php73-php-embedded-7.3.20-1.el7.s390x.rpm\nrh-php73-php-enchant-7.3.20-1.el7.s390x.rpm\nrh-php73-php-fpm-7.3.20-1.el7.s390x.rpm\nrh-php73-php-gd-7.3.20-1.el7.s390x.rpm\nrh-php73-php-gmp-7.3.20-1.el7.s390x.rpm\nrh-php73-php-intl-7.3.20-1.el7.s390x.rpm\nrh-php73-php-json-7.3.20-1.el7.s390x.rpm\nrh-php73-php-ldap-7.3.20-1.el7.s390x.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm\nrh-php73-php-odbc-7.3.20-1.el7.s390x.rpm\nrh-php73-php-opcache-7.3.20-1.el7.s390x.rpm\nrh-php73-php-pdo-7.3.20-1.el7.s390x.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm\nrh-php73-php-process-7.3.20-1.el7.s390x.rpm\nrh-php73-php-pspell-7.3.20-1.el7.s390x.rpm\nrh-php73-php-recode-7.3.20-1.el7.s390x.rpm\nrh-php73-php-snmp-7.3.20-1.el7.s390x.rpm\nrh-php73-php-soap-7.3.20-1.el7.s390x.rpm\nrh-php73-php-xml-7.3.20-1.el7.s390x.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm\nrh-php73-php-zip-7.3.20-1.el7.s390x.rpm\n\nx86_64:\nrh-php73-php-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-cli-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-common-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-dba-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-devel-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-gd-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-intl-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-json-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-process-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-recode-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-soap-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-xml-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-zip-7.3.20-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-php73-php-7.3.20-1.el7.src.rpm\n\nppc64le:\nrh-php73-php-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-common-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-json-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-process-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm\n\ns390x:\nrh-php73-php-7.3.20-1.el7.s390x.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm\nrh-php73-php-cli-7.3.20-1.el7.s390x.rpm\nrh-php73-php-common-7.3.20-1.el7.s390x.rpm\nrh-php73-php-dba-7.3.20-1.el7.s390x.rpm\nrh-php73-php-dbg-7.3.20-1.el7.s390x.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm\nrh-php73-php-devel-7.3.20-1.el7.s390x.rpm\nrh-php73-php-embedded-7.3.20-1.el7.s390x.rpm\nrh-php73-php-enchant-7.3.20-1.el7.s390x.rpm\nrh-php73-php-fpm-7.3.20-1.el7.s390x.rpm\nrh-php73-php-gd-7.3.20-1.el7.s390x.rpm\nrh-php73-php-gmp-7.3.20-1.el7.s390x.rpm\nrh-php73-php-intl-7.3.20-1.el7.s390x.rpm\nrh-php73-php-json-7.3.20-1.el7.s390x.rpm\nrh-php73-php-ldap-7.3.20-1.el7.s390x.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm\nrh-php73-php-odbc-7.3.20-1.el7.s390x.rpm\nrh-php73-php-opcache-7.3.20-1.el7.s390x.rpm\nrh-php73-php-pdo-7.3.20-1.el7.s390x.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm\nrh-php73-php-process-7.3.20-1.el7.s390x.rpm\nrh-php73-php-pspell-7.3.20-1.el7.s390x.rpm\nrh-php73-php-recode-7.3.20-1.el7.s390x.rpm\nrh-php73-php-snmp-7.3.20-1.el7.s390x.rpm\nrh-php73-php-soap-7.3.20-1.el7.s390x.rpm\nrh-php73-php-xml-7.3.20-1.el7.s390x.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm\nrh-php73-php-zip-7.3.20-1.el7.s390x.rpm\n\nx86_64:\nrh-php73-php-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-cli-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-common-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-dba-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-devel-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-gd-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-intl-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-json-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-process-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-recode-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-soap-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-xml-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-zip-7.3.20-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-php73-php-7.3.20-1.el7.src.rpm\n\nx86_64:\nrh-php73-php-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-cli-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-common-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-dba-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-devel-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-gd-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-intl-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-json-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-process-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-recode-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-soap-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-xml-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-zip-7.3.20-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-11045\nhttps://access.redhat.com/security/cve/CVE-2019-11047\nhttps://access.redhat.com/security/cve/CVE-2019-11048\nhttps://access.redhat.com/security/cve/CVE-2019-11050\nhttps://access.redhat.com/security/cve/CVE-2019-19203\nhttps://access.redhat.com/security/cve/CVE-2019-19204\nhttps://access.redhat.com/security/cve/CVE-2019-19246\nhttps://access.redhat.com/security/cve/CVE-2020-7059\nhttps://access.redhat.com/security/cve/CVE-2020-7060\nhttps://access.redhat.com/security/cve/CVE-2020-7062\nhttps://access.redhat.com/security/cve/CVE-2020-7063\nhttps://access.redhat.com/security/cve/CVE-2020-7064\nhttps://access.redhat.com/security/cve/CVE-2020-7065\nhttps://access.redhat.com/security/cve/CVE-2020-7066\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.6_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX8Y0i9zjgjWX9erEAQg0Fw/8DpkMHPAzp4Tb6ym275eMnlcICweGyFtw\nbecOAQt6d3zo6+1fQ7TvsDhciqoSppofF1z4i1HKRZlvsrkzmPkzXfBh0Z1M99YQ\nKUsvTcbQ9fd5AzHzkVIQ1NL9Qvhl8We0DL/WEiz6ob3yczwgZAz7yVq+dl7IkfoI\n6G/lbIT0g5C9OPpma+KPw2mB1fiaGnPp5+i3o1srMYOcqqd8oWDWOQZJVB1TlkEH\nrcPfqKdlrwIl2gu9LlGw8leNS0392lsd8UOaVt8rjsW5wdPAZno8rCFp+TMXymJ0\nD1FlsrWwsc89QPgeJd13cc487nJnIos8bRxTDsJL/pQdyhIYNLGA7dA20YdMElDh\nviPblEXhfwRMHeSgTUUTU4dvNk6DiGQWigiNh2973EgYDTxA2AGvLo2ygfFXCVGi\nEWcECya+Cz+G0/IaJPE1ohnVqdfdrDVncOFNmfdQ6QvDZaoZyqi37UubtA+JB1qC\n5f1j9vtfWTMRpkCqmF/94WQ81h2401lqHz6yWlbn2DOALN/R8Cso5mLwwd/9cWLo\nRwIpTvHOFY++tzoh8Mn9WDaMNkPkf39n30BDtKQA4XG53vo3/RZHmpkmwxy4UVgB\ngGP537Uy95zumCJMFRsKvkqTg62O6AEOneydtZT/yYGiF9uhHBboTorij+aD7LN4\n0afoNZ3Sfdc\\xaaB8\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 7.3.14-1~deb10u1. \n\nWe recommend that you upgrade your php7.3 packages. \n\nFor the detailed security status of php7.3 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/php7.3\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl5K+WQACgkQEMKTtsN8\nTjZA/xAAkC1VQPZceCr4L9w2SuZ3tqxhxtQudPw8NcH7kSZtrvFnFOYvqKTj/wNV\nwtHcx4TMZRPYWu+Pzl2WN7B+H++4PtvNDyUmyrwOycOIBnPrRRp9bmtTrs6Dzmm4\nM/y2G5PYVGHxeilQWLKiOKX/EL/7EFjjEZq19DyujBGlOZsj3jGDAxtpGn510Q2d\n94c2fa1hCBp8u0HGMcCQ632+bK6JS79JixzkkuGlWiih+2H94Qdwm3saiNt3ey/N\nQT7tiFsdPWwWUOuT4G6GYrpL0vOw+idm9OClfOAufaZOosgIbL/oUPtMtq7Gb7la\nILxU1KbaLMX0vOszycpIP04AEBPETCKxvDuHNLKTGNaE6GQjIjDkSTIH0hGDeaeX\ngCrRosPh0jmI5M158dJrUPkC5JZpsX/WJWGmNnJ5DvCBMlQtaloVBP4eLXlda8fB\n743tDdFlaiD6mC0aGMfXp54yTD3/0J2ENmZ8Rx+YEuTr7/7P1Ia8o2HiIoGE4URf\nAU4uQ1YjI6bhXo8muN29449vo/5yciVhH3EikHvGtdMAd7c2wD6GxDjpKj2ZWOF8\nflI6DcATW+8rq9+dICZOtA0vgxTZb4iPzj4CXoqzfDg+JH5U2AGKQWY/650UIwOX\nQ2kshwrrFxQUml8AfiL68OJww4MkBmUb9fbwmgBg0pNASigWJa4=EPNV\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202003-57\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: PHP: Multiple vulnerabilities\n Date: March 26, 2020\n Bugs: #671872, #706168, #710304, #713484\n ID: 202003-57\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in PHP, the worst of which\ncould result in the execution of arbitrary shell commands. \n\nBackground\n==========\n\nPHP is an open source general-purpose scripting language that is\nespecially suited for web development. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PHP 7.2.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-lang/php-7.2.29\"\n\nAll PHP 7.3.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-lang/php-7.3.16\"\n\nAll PHP 7.4.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-lang/php-7.4.4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2018-19518\n https://nvd.nist.gov/vuln/detail/CVE-2018-19518\n[ 2 ] CVE-2020-7059\n https://nvd.nist.gov/vuln/detail/CVE-2020-7059\n[ 3 ] CVE-2020-7060\n https://nvd.nist.gov/vuln/detail/CVE-2020-7060\n[ 4 ] CVE-2020-7061\n https://nvd.nist.gov/vuln/detail/CVE-2020-7061\n[ 5 ] CVE-2020-7062\n https://nvd.nist.gov/vuln/detail/CVE-2020-7062\n[ 6 ] CVE-2020-7063\n https://nvd.nist.gov/vuln/detail/CVE-2020-7063\n[ 7 ] CVE-2020-7064\n https://nvd.nist.gov/vuln/detail/CVE-2020-7064\n[ 8 ] CVE-2020-7065\n https://nvd.nist.gov/vuln/detail/CVE-2020-7065\n[ 9 ] CVE-2020-7066\n https://nvd.nist.gov/vuln/detail/CVE-2020-7066\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202003-57\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n\n. ==========================================================================\nUbuntu Security Notice USN-4279-2\nFebruary 19, 2020\n\nphp7.0 regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n\nSummary:\n\nUSN-4279-1 introduced a regression in PHP. The updated packages caused a regression. \nThis update fixes the problem. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\n It was discovered that PHP incorrectly handled certain scripts. \n An attacker could possibly use this issue to cause a denial of service. \n This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. \n (CVE-2015-9253)\n \n It was discovered that PHP incorrectly handled certain inputs. An attacker\n could possibly use this issue to expose sensitive information. \n (CVE-2020-7059)\n \n It was discovered that PHP incorrectly handled certain inputs. \n An attacker could possibly use this issue to execute arbitrary code. \n This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS\n and Ubuntu 19.10. (CVE-2020-7060)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n libapache2-mod-php7.0 7.0.33-0ubuntu0.16.04.12\n php7.0-cgi 7.0.33-0ubuntu0.16.04.12\n php7.0-cli 7.0.33-0ubuntu0.16.04.12\n php7.0-fpm 7.0.33-0ubuntu0.16.04.12\n\nIn general, a standard system update will make all the necessary changes", "sources": [ { "db": "NVD", "id": "CVE-2020-7060" }, { "db": "JVNDB", "id": "JVNDB-2020-001730" }, { "db": "VULHUB", "id": "VHN-185185" }, { "db": "VULMON", "id": "CVE-2020-7060" }, { "db": "PACKETSTORM", "id": "156397" }, { "db": "PACKETSTORM", "id": "160292" }, { "db": "PACKETSTORM", "id": "159094" }, { "db": "PACKETSTORM", "id": "156399" }, { "db": "PACKETSTORM", "id": "156934" }, { "db": "PACKETSTORM", "id": "156441" }, { "db": "PACKETSTORM", "id": "156423" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-7060", "trust": 3.3 }, { "db": "TENABLE", "id": "TNS-2021-14", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "160292", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "159094", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-001730", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202002-315", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "156399", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "156934", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "156441", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "156423", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2022.6056", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.4262", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0741", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0748", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0566", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0584", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3072", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0853", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.4296", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2515", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021072292", "trust": 0.6 }, { "db": "CNVD", "id": "CNVD-2020-14917", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-185185", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-7060", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "156397", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-185185" }, { "db": "VULMON", "id": "CVE-2020-7060" }, { "db": "JVNDB", "id": "JVNDB-2020-001730" }, { "db": "PACKETSTORM", "id": "156397" }, { "db": "PACKETSTORM", "id": "160292" }, { "db": "PACKETSTORM", "id": "159094" }, { "db": "PACKETSTORM", "id": "156399" }, { "db": "PACKETSTORM", "id": "156934" }, { "db": "PACKETSTORM", "id": "156441" }, { "db": "PACKETSTORM", "id": "156423" }, { "db": "NVD", "id": "CVE-2020-7060" }, { "db": "CNNVD", "id": "CNNVD-202002-315" } ] }, "id": "VAR-202002-1306", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-185185" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:51:25.814000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Sec Bug #79037", "trust": 0.8, "url": "https://bugs.php.net/bug.php?id=79037" }, { "title": "PHP mbstring Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=109491" }, { "title": "Ubuntu Security Notice: php5, php7.0, php7.2, php7.3 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4279-1" }, { "title": "Ubuntu Security Notice: php7.0 regression", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4279-2" }, { "title": "Amazon Linux AMI: ALAS-2020-1347", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2020-1347" }, { "title": "Amazon Linux AMI: ALAS-2020-1346", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2020-1346" }, { "title": "Red Hat: Moderate: rh-php73-php security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205275 - security advisory" }, { "title": "Debian Security Advisories: DSA-4628-1 php7.0 -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=688741de46e2d16edb2da10e1d501450" }, { "title": "Red Hat: Moderate: php:7.3 security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203662 - security advisory" }, { "title": "Debian Security Advisories: DSA-4626-1 php7.3 -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=66162fd32170228a0805fd7114196e44" }, { "title": "Tenable Security Advisories: [R1] Tenable.sc 5.19.0 Fixes Multiple Third-party Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2021-14" } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-7060" }, { "db": "JVNDB", "id": "JVNDB-2020-001730" }, { "db": "CNNVD", "id": "CNNVD-202002-315" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-125", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-185185" }, { "db": "JVNDB", "id": "JVNDB-2020-001730" }, { "db": "NVD", "id": "CVE-2020-7060" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://www.debian.org/security/2020/dsa-4628" }, { "trust": 2.4, "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "trust": 2.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7060" }, { "trust": 1.9, "url": "https://security.gentoo.org/glsa/202003-57" }, { "trust": 1.9, "url": "https://usn.ubuntu.com/4279-1/" }, { "trust": 1.8, "url": "https://seclists.org/bugtraq/2020/feb/27" }, { "trust": 1.8, "url": "https://seclists.org/bugtraq/2020/feb/31" }, { "trust": 1.8, "url": "https://seclists.org/bugtraq/2021/jan/3" }, { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20200221-0002/" }, { "trust": 1.8, "url": "https://www.debian.org/security/2020/dsa-4626" }, { "trust": 1.8, "url": "https://bugs.php.net/bug.php?id=79037" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "trust": 1.8, "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00030.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html" }, { "trust": 1.7, "url": "https://www.tenable.com/security/tns-2021-14" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7060" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2020-7060" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7059" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.4262/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/156423/debian-security-advisory-4628-1.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0748/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021072292" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/156441/ubuntu-security-notice-usn-4279-2.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/159094/red-hat-security-advisory-2020-3662-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2515" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/160292/red-hat-security-advisory-2020-5275-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0566/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0741/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/156934/gentoo-linux-security-advisory-202003-57.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0853/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.4296/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0584/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-php-cve-2020-7069-cve-2020-7059-2/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3072/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.6056" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/php-multiple-vulnerabilities-31420" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/156399/debian-security-advisory-4626-1.html" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11045" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11047" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11050" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7065" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7062" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7064" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7066" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7063" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-9253" }, { "trust": 0.2, "url": "https://usn.ubuntu.com/4279-1" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-11050" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-19203" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-7059" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-11045" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-7066" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-7065" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-11047" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19203" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19204" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-7063" }, { "trust": 0.2, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-19246" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11048" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-11048" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-19204" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-7064" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19246" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-7062" }, { "trust": 0.2, "url": "https://www.debian.org/security/faq" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11046" }, { "trust": 0.2, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/125.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/php7.3/7.3.11-0ubuntu0.19.10.3" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/php7.2/7.2.24-0ubuntu0.18.04.3" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/php7.0/7.0.33-0ubuntu0.16.04.11" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:5275" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.6_release_notes/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11042" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11041" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11040" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-11040" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11039" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-11039" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13224" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-11042" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13225" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-11041" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3662" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13225" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13224" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16163" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20454" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11049" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/php7.3" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19518" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7061" }, { "trust": 0.1, "url": "https://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/4279-2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/php7.0/7.0.33-0ubuntu0.16.04.12" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/php7.0" } ], "sources": [ { "db": "VULHUB", "id": "VHN-185185" }, { "db": "VULMON", "id": "CVE-2020-7060" }, { "db": "JVNDB", "id": "JVNDB-2020-001730" }, { "db": "PACKETSTORM", "id": "156397" }, { "db": "PACKETSTORM", "id": "160292" }, { "db": "PACKETSTORM", "id": "159094" }, { "db": "PACKETSTORM", "id": "156399" }, { "db": "PACKETSTORM", "id": "156934" }, { "db": "PACKETSTORM", "id": "156441" }, { "db": "PACKETSTORM", "id": "156423" }, { "db": "NVD", "id": "CVE-2020-7060" }, { "db": "CNNVD", "id": "CNNVD-202002-315" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-185185" }, { "db": "VULMON", "id": "CVE-2020-7060" }, { "db": "JVNDB", "id": "JVNDB-2020-001730" }, { "db": "PACKETSTORM", "id": "156397" }, { "db": "PACKETSTORM", "id": "160292" }, { "db": "PACKETSTORM", "id": "159094" }, { "db": "PACKETSTORM", "id": "156399" }, { "db": "PACKETSTORM", "id": "156934" }, { "db": "PACKETSTORM", "id": "156441" }, { "db": "PACKETSTORM", "id": "156423" }, { "db": "NVD", "id": "CVE-2020-7060" }, { "db": "CNNVD", "id": "CNNVD-202002-315" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-02-10T00:00:00", "db": "VULHUB", "id": "VHN-185185" }, { "date": "2020-02-10T00:00:00", "db": "VULMON", "id": "CVE-2020-7060" }, { "date": "2020-02-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-001730" }, { "date": "2020-02-18T15:04:45", "db": "PACKETSTORM", "id": "156397" }, { "date": "2020-12-01T16:36:40", "db": "PACKETSTORM", "id": "160292" }, { "date": "2020-09-08T18:10:32", "db": "PACKETSTORM", "id": "159094" }, { "date": "2020-02-18T15:05:02", "db": "PACKETSTORM", "id": "156399" }, { "date": "2020-03-27T13:06:15", "db": "PACKETSTORM", "id": "156934" }, { "date": "2020-02-20T17:44:31", "db": "PACKETSTORM", "id": "156441" }, { "date": "2020-02-19T15:28:10", "db": "PACKETSTORM", "id": "156423" }, { "date": "2020-02-10T08:15:12.797000", "db": "NVD", "id": "CVE-2020-7060" }, { "date": "2020-02-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202002-315" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-01T00:00:00", "db": "VULHUB", "id": "VHN-185185" }, { "date": "2021-07-22T00:00:00", "db": "VULMON", "id": "CVE-2020-7060" }, { "date": "2020-02-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-001730" }, { "date": "2022-07-01T12:33:19.773000", "db": "NVD", "id": "CVE-2020-7060" }, { "date": "2022-11-22T00:00:00", "db": "CNNVD", "id": "CNNVD-202002-315" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202002-315" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "PHP Out-of-bounds read vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-001730" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202002-315" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.