Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.4077 Critical: rh-php71-php and rh-php72-php security updates 4 November 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: rh-php71-php rh-php72-php Publisher: Red Hat Operating System: Red Hat Enterprise Linux Server 7 Red Hat Enterprise Linux WS/Desktop 7 Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-11043 CVE-2019-11042 CVE-2019-11041 CVE-2019-11040 CVE-2019-11039 CVE-2019-11038 CVE-2019-11036 CVE-2019-11035 CVE-2019-11034 CVE-2019-9640 CVE-2019-9639 CVE-2019-9638 CVE-2019-9637 CVE-2019-9024 CVE-2019-9023 CVE-2019-9022 CVE-2019-9021 CVE-2019-9020 CVE-2019-6977 CVE-2018-20783 CVE-2016-10166 Reference: ESB-2019.4051 ESB-2019.4042 ESB-2019.4021 ESB-2019.4014 ESB-2019.3984 ESB-2019.3982 ESB-2019.3980 ESB-2019.3963 Original Bulletin: https://access.redhat.com/errata/RHSA-2019:3300 https://access.redhat.com/errata/RHSA-2019:3299 Comment: This bulletin contains two (2) Red Hat security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Critical: rh-php71-php security update Advisory ID: RHSA-2019:3300-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:3300 Issue date: 2019-11-01 CVE Names: CVE-2019-11043 ===================================================================== 1. Summary: An update for rh-php71-php is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1766378 - CVE-2019-11043 php: underflow in env_path_info in fpm_main.c 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-php71-php-7.1.30-2.el7.src.rpm aarch64: rh-php71-php-7.1.30-2.el7.aarch64.rpm rh-php71-php-bcmath-7.1.30-2.el7.aarch64.rpm rh-php71-php-cli-7.1.30-2.el7.aarch64.rpm rh-php71-php-common-7.1.30-2.el7.aarch64.rpm rh-php71-php-dba-7.1.30-2.el7.aarch64.rpm rh-php71-php-dbg-7.1.30-2.el7.aarch64.rpm rh-php71-php-debuginfo-7.1.30-2.el7.aarch64.rpm rh-php71-php-devel-7.1.30-2.el7.aarch64.rpm rh-php71-php-embedded-7.1.30-2.el7.aarch64.rpm rh-php71-php-enchant-7.1.30-2.el7.aarch64.rpm rh-php71-php-fpm-7.1.30-2.el7.aarch64.rpm rh-php71-php-gd-7.1.30-2.el7.aarch64.rpm rh-php71-php-gmp-7.1.30-2.el7.aarch64.rpm rh-php71-php-intl-7.1.30-2.el7.aarch64.rpm rh-php71-php-json-7.1.30-2.el7.aarch64.rpm rh-php71-php-ldap-7.1.30-2.el7.aarch64.rpm rh-php71-php-mbstring-7.1.30-2.el7.aarch64.rpm rh-php71-php-mysqlnd-7.1.30-2.el7.aarch64.rpm rh-php71-php-odbc-7.1.30-2.el7.aarch64.rpm rh-php71-php-opcache-7.1.30-2.el7.aarch64.rpm rh-php71-php-pdo-7.1.30-2.el7.aarch64.rpm rh-php71-php-pgsql-7.1.30-2.el7.aarch64.rpm rh-php71-php-process-7.1.30-2.el7.aarch64.rpm rh-php71-php-pspell-7.1.30-2.el7.aarch64.rpm rh-php71-php-recode-7.1.30-2.el7.aarch64.rpm rh-php71-php-snmp-7.1.30-2.el7.aarch64.rpm rh-php71-php-soap-7.1.30-2.el7.aarch64.rpm rh-php71-php-xml-7.1.30-2.el7.aarch64.rpm rh-php71-php-xmlrpc-7.1.30-2.el7.aarch64.rpm rh-php71-php-zip-7.1.30-2.el7.aarch64.rpm ppc64le: rh-php71-php-7.1.30-2.el7.ppc64le.rpm rh-php71-php-bcmath-7.1.30-2.el7.ppc64le.rpm rh-php71-php-cli-7.1.30-2.el7.ppc64le.rpm rh-php71-php-common-7.1.30-2.el7.ppc64le.rpm rh-php71-php-dba-7.1.30-2.el7.ppc64le.rpm rh-php71-php-dbg-7.1.30-2.el7.ppc64le.rpm rh-php71-php-debuginfo-7.1.30-2.el7.ppc64le.rpm rh-php71-php-devel-7.1.30-2.el7.ppc64le.rpm rh-php71-php-embedded-7.1.30-2.el7.ppc64le.rpm rh-php71-php-enchant-7.1.30-2.el7.ppc64le.rpm rh-php71-php-fpm-7.1.30-2.el7.ppc64le.rpm rh-php71-php-gd-7.1.30-2.el7.ppc64le.rpm rh-php71-php-gmp-7.1.30-2.el7.ppc64le.rpm rh-php71-php-intl-7.1.30-2.el7.ppc64le.rpm rh-php71-php-json-7.1.30-2.el7.ppc64le.rpm rh-php71-php-ldap-7.1.30-2.el7.ppc64le.rpm rh-php71-php-mbstring-7.1.30-2.el7.ppc64le.rpm rh-php71-php-mysqlnd-7.1.30-2.el7.ppc64le.rpm rh-php71-php-odbc-7.1.30-2.el7.ppc64le.rpm rh-php71-php-opcache-7.1.30-2.el7.ppc64le.rpm rh-php71-php-pdo-7.1.30-2.el7.ppc64le.rpm rh-php71-php-pgsql-7.1.30-2.el7.ppc64le.rpm rh-php71-php-process-7.1.30-2.el7.ppc64le.rpm rh-php71-php-pspell-7.1.30-2.el7.ppc64le.rpm rh-php71-php-recode-7.1.30-2.el7.ppc64le.rpm rh-php71-php-snmp-7.1.30-2.el7.ppc64le.rpm rh-php71-php-soap-7.1.30-2.el7.ppc64le.rpm rh-php71-php-xml-7.1.30-2.el7.ppc64le.rpm rh-php71-php-xmlrpc-7.1.30-2.el7.ppc64le.rpm rh-php71-php-zip-7.1.30-2.el7.ppc64le.rpm s390x: rh-php71-php-7.1.30-2.el7.s390x.rpm rh-php71-php-bcmath-7.1.30-2.el7.s390x.rpm rh-php71-php-cli-7.1.30-2.el7.s390x.rpm rh-php71-php-common-7.1.30-2.el7.s390x.rpm rh-php71-php-dba-7.1.30-2.el7.s390x.rpm rh-php71-php-dbg-7.1.30-2.el7.s390x.rpm rh-php71-php-debuginfo-7.1.30-2.el7.s390x.rpm rh-php71-php-devel-7.1.30-2.el7.s390x.rpm rh-php71-php-embedded-7.1.30-2.el7.s390x.rpm rh-php71-php-enchant-7.1.30-2.el7.s390x.rpm rh-php71-php-fpm-7.1.30-2.el7.s390x.rpm rh-php71-php-gd-7.1.30-2.el7.s390x.rpm rh-php71-php-gmp-7.1.30-2.el7.s390x.rpm rh-php71-php-intl-7.1.30-2.el7.s390x.rpm rh-php71-php-json-7.1.30-2.el7.s390x.rpm rh-php71-php-ldap-7.1.30-2.el7.s390x.rpm rh-php71-php-mbstring-7.1.30-2.el7.s390x.rpm rh-php71-php-mysqlnd-7.1.30-2.el7.s390x.rpm rh-php71-php-odbc-7.1.30-2.el7.s390x.rpm rh-php71-php-opcache-7.1.30-2.el7.s390x.rpm rh-php71-php-pdo-7.1.30-2.el7.s390x.rpm rh-php71-php-pgsql-7.1.30-2.el7.s390x.rpm rh-php71-php-process-7.1.30-2.el7.s390x.rpm rh-php71-php-pspell-7.1.30-2.el7.s390x.rpm rh-php71-php-recode-7.1.30-2.el7.s390x.rpm rh-php71-php-snmp-7.1.30-2.el7.s390x.rpm rh-php71-php-soap-7.1.30-2.el7.s390x.rpm rh-php71-php-xml-7.1.30-2.el7.s390x.rpm rh-php71-php-xmlrpc-7.1.30-2.el7.s390x.rpm rh-php71-php-zip-7.1.30-2.el7.s390x.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-php71-php-7.1.30-2.el7.src.rpm aarch64: rh-php71-php-7.1.30-2.el7.aarch64.rpm rh-php71-php-bcmath-7.1.30-2.el7.aarch64.rpm rh-php71-php-cli-7.1.30-2.el7.aarch64.rpm rh-php71-php-common-7.1.30-2.el7.aarch64.rpm rh-php71-php-dba-7.1.30-2.el7.aarch64.rpm rh-php71-php-dbg-7.1.30-2.el7.aarch64.rpm rh-php71-php-debuginfo-7.1.30-2.el7.aarch64.rpm rh-php71-php-devel-7.1.30-2.el7.aarch64.rpm rh-php71-php-embedded-7.1.30-2.el7.aarch64.rpm rh-php71-php-enchant-7.1.30-2.el7.aarch64.rpm rh-php71-php-fpm-7.1.30-2.el7.aarch64.rpm rh-php71-php-gd-7.1.30-2.el7.aarch64.rpm rh-php71-php-gmp-7.1.30-2.el7.aarch64.rpm rh-php71-php-intl-7.1.30-2.el7.aarch64.rpm rh-php71-php-json-7.1.30-2.el7.aarch64.rpm rh-php71-php-ldap-7.1.30-2.el7.aarch64.rpm rh-php71-php-mbstring-7.1.30-2.el7.aarch64.rpm rh-php71-php-mysqlnd-7.1.30-2.el7.aarch64.rpm rh-php71-php-odbc-7.1.30-2.el7.aarch64.rpm rh-php71-php-opcache-7.1.30-2.el7.aarch64.rpm rh-php71-php-pdo-7.1.30-2.el7.aarch64.rpm rh-php71-php-pgsql-7.1.30-2.el7.aarch64.rpm rh-php71-php-process-7.1.30-2.el7.aarch64.rpm rh-php71-php-pspell-7.1.30-2.el7.aarch64.rpm rh-php71-php-recode-7.1.30-2.el7.aarch64.rpm rh-php71-php-snmp-7.1.30-2.el7.aarch64.rpm rh-php71-php-soap-7.1.30-2.el7.aarch64.rpm rh-php71-php-xml-7.1.30-2.el7.aarch64.rpm rh-php71-php-xmlrpc-7.1.30-2.el7.aarch64.rpm rh-php71-php-zip-7.1.30-2.el7.aarch64.rpm ppc64le: rh-php71-php-7.1.30-2.el7.ppc64le.rpm rh-php71-php-bcmath-7.1.30-2.el7.ppc64le.rpm rh-php71-php-cli-7.1.30-2.el7.ppc64le.rpm rh-php71-php-common-7.1.30-2.el7.ppc64le.rpm rh-php71-php-dba-7.1.30-2.el7.ppc64le.rpm rh-php71-php-dbg-7.1.30-2.el7.ppc64le.rpm rh-php71-php-debuginfo-7.1.30-2.el7.ppc64le.rpm rh-php71-php-devel-7.1.30-2.el7.ppc64le.rpm rh-php71-php-embedded-7.1.30-2.el7.ppc64le.rpm rh-php71-php-enchant-7.1.30-2.el7.ppc64le.rpm rh-php71-php-fpm-7.1.30-2.el7.ppc64le.rpm rh-php71-php-gd-7.1.30-2.el7.ppc64le.rpm rh-php71-php-gmp-7.1.30-2.el7.ppc64le.rpm rh-php71-php-intl-7.1.30-2.el7.ppc64le.rpm rh-php71-php-json-7.1.30-2.el7.ppc64le.rpm rh-php71-php-ldap-7.1.30-2.el7.ppc64le.rpm rh-php71-php-mbstring-7.1.30-2.el7.ppc64le.rpm rh-php71-php-mysqlnd-7.1.30-2.el7.ppc64le.rpm rh-php71-php-odbc-7.1.30-2.el7.ppc64le.rpm rh-php71-php-opcache-7.1.30-2.el7.ppc64le.rpm rh-php71-php-pdo-7.1.30-2.el7.ppc64le.rpm rh-php71-php-pgsql-7.1.30-2.el7.ppc64le.rpm rh-php71-php-process-7.1.30-2.el7.ppc64le.rpm rh-php71-php-pspell-7.1.30-2.el7.ppc64le.rpm rh-php71-php-recode-7.1.30-2.el7.ppc64le.rpm rh-php71-php-snmp-7.1.30-2.el7.ppc64le.rpm rh-php71-php-soap-7.1.30-2.el7.ppc64le.rpm rh-php71-php-xml-7.1.30-2.el7.ppc64le.rpm rh-php71-php-xmlrpc-7.1.30-2.el7.ppc64le.rpm rh-php71-php-zip-7.1.30-2.el7.ppc64le.rpm s390x: rh-php71-php-7.1.30-2.el7.s390x.rpm rh-php71-php-bcmath-7.1.30-2.el7.s390x.rpm rh-php71-php-cli-7.1.30-2.el7.s390x.rpm rh-php71-php-common-7.1.30-2.el7.s390x.rpm rh-php71-php-dba-7.1.30-2.el7.s390x.rpm rh-php71-php-dbg-7.1.30-2.el7.s390x.rpm rh-php71-php-debuginfo-7.1.30-2.el7.s390x.rpm rh-php71-php-devel-7.1.30-2.el7.s390x.rpm rh-php71-php-embedded-7.1.30-2.el7.s390x.rpm rh-php71-php-enchant-7.1.30-2.el7.s390x.rpm rh-php71-php-fpm-7.1.30-2.el7.s390x.rpm rh-php71-php-gd-7.1.30-2.el7.s390x.rpm rh-php71-php-gmp-7.1.30-2.el7.s390x.rpm rh-php71-php-intl-7.1.30-2.el7.s390x.rpm rh-php71-php-json-7.1.30-2.el7.s390x.rpm rh-php71-php-ldap-7.1.30-2.el7.s390x.rpm rh-php71-php-mbstring-7.1.30-2.el7.s390x.rpm rh-php71-php-mysqlnd-7.1.30-2.el7.s390x.rpm rh-php71-php-odbc-7.1.30-2.el7.s390x.rpm rh-php71-php-opcache-7.1.30-2.el7.s390x.rpm rh-php71-php-pdo-7.1.30-2.el7.s390x.rpm rh-php71-php-pgsql-7.1.30-2.el7.s390x.rpm rh-php71-php-process-7.1.30-2.el7.s390x.rpm rh-php71-php-pspell-7.1.30-2.el7.s390x.rpm rh-php71-php-recode-7.1.30-2.el7.s390x.rpm rh-php71-php-snmp-7.1.30-2.el7.s390x.rpm rh-php71-php-soap-7.1.30-2.el7.s390x.rpm rh-php71-php-xml-7.1.30-2.el7.s390x.rpm rh-php71-php-xmlrpc-7.1.30-2.el7.s390x.rpm rh-php71-php-zip-7.1.30-2.el7.s390x.rpm x86_64: rh-php71-php-7.1.30-2.el7.x86_64.rpm rh-php71-php-bcmath-7.1.30-2.el7.x86_64.rpm rh-php71-php-cli-7.1.30-2.el7.x86_64.rpm rh-php71-php-common-7.1.30-2.el7.x86_64.rpm rh-php71-php-dba-7.1.30-2.el7.x86_64.rpm rh-php71-php-dbg-7.1.30-2.el7.x86_64.rpm rh-php71-php-debuginfo-7.1.30-2.el7.x86_64.rpm rh-php71-php-devel-7.1.30-2.el7.x86_64.rpm rh-php71-php-embedded-7.1.30-2.el7.x86_64.rpm rh-php71-php-enchant-7.1.30-2.el7.x86_64.rpm rh-php71-php-fpm-7.1.30-2.el7.x86_64.rpm rh-php71-php-gd-7.1.30-2.el7.x86_64.rpm rh-php71-php-gmp-7.1.30-2.el7.x86_64.rpm rh-php71-php-intl-7.1.30-2.el7.x86_64.rpm rh-php71-php-json-7.1.30-2.el7.x86_64.rpm rh-php71-php-ldap-7.1.30-2.el7.x86_64.rpm rh-php71-php-mbstring-7.1.30-2.el7.x86_64.rpm rh-php71-php-mysqlnd-7.1.30-2.el7.x86_64.rpm rh-php71-php-odbc-7.1.30-2.el7.x86_64.rpm rh-php71-php-opcache-7.1.30-2.el7.x86_64.rpm rh-php71-php-pdo-7.1.30-2.el7.x86_64.rpm rh-php71-php-pgsql-7.1.30-2.el7.x86_64.rpm rh-php71-php-process-7.1.30-2.el7.x86_64.rpm rh-php71-php-pspell-7.1.30-2.el7.x86_64.rpm rh-php71-php-recode-7.1.30-2.el7.x86_64.rpm rh-php71-php-snmp-7.1.30-2.el7.x86_64.rpm rh-php71-php-soap-7.1.30-2.el7.x86_64.rpm rh-php71-php-xml-7.1.30-2.el7.x86_64.rpm rh-php71-php-xmlrpc-7.1.30-2.el7.x86_64.rpm rh-php71-php-zip-7.1.30-2.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5): Source: rh-php71-php-7.1.30-2.el7.src.rpm ppc64le: rh-php71-php-7.1.30-2.el7.ppc64le.rpm rh-php71-php-bcmath-7.1.30-2.el7.ppc64le.rpm rh-php71-php-cli-7.1.30-2.el7.ppc64le.rpm rh-php71-php-common-7.1.30-2.el7.ppc64le.rpm rh-php71-php-dba-7.1.30-2.el7.ppc64le.rpm rh-php71-php-dbg-7.1.30-2.el7.ppc64le.rpm rh-php71-php-debuginfo-7.1.30-2.el7.ppc64le.rpm rh-php71-php-devel-7.1.30-2.el7.ppc64le.rpm rh-php71-php-embedded-7.1.30-2.el7.ppc64le.rpm rh-php71-php-enchant-7.1.30-2.el7.ppc64le.rpm rh-php71-php-fpm-7.1.30-2.el7.ppc64le.rpm rh-php71-php-gd-7.1.30-2.el7.ppc64le.rpm rh-php71-php-gmp-7.1.30-2.el7.ppc64le.rpm rh-php71-php-intl-7.1.30-2.el7.ppc64le.rpm rh-php71-php-json-7.1.30-2.el7.ppc64le.rpm rh-php71-php-ldap-7.1.30-2.el7.ppc64le.rpm rh-php71-php-mbstring-7.1.30-2.el7.ppc64le.rpm rh-php71-php-mysqlnd-7.1.30-2.el7.ppc64le.rpm rh-php71-php-odbc-7.1.30-2.el7.ppc64le.rpm rh-php71-php-opcache-7.1.30-2.el7.ppc64le.rpm rh-php71-php-pdo-7.1.30-2.el7.ppc64le.rpm rh-php71-php-pgsql-7.1.30-2.el7.ppc64le.rpm rh-php71-php-process-7.1.30-2.el7.ppc64le.rpm rh-php71-php-pspell-7.1.30-2.el7.ppc64le.rpm rh-php71-php-recode-7.1.30-2.el7.ppc64le.rpm rh-php71-php-snmp-7.1.30-2.el7.ppc64le.rpm rh-php71-php-soap-7.1.30-2.el7.ppc64le.rpm rh-php71-php-xml-7.1.30-2.el7.ppc64le.rpm rh-php71-php-xmlrpc-7.1.30-2.el7.ppc64le.rpm rh-php71-php-zip-7.1.30-2.el7.ppc64le.rpm s390x: rh-php71-php-7.1.30-2.el7.s390x.rpm rh-php71-php-bcmath-7.1.30-2.el7.s390x.rpm rh-php71-php-cli-7.1.30-2.el7.s390x.rpm rh-php71-php-common-7.1.30-2.el7.s390x.rpm rh-php71-php-dba-7.1.30-2.el7.s390x.rpm rh-php71-php-dbg-7.1.30-2.el7.s390x.rpm rh-php71-php-debuginfo-7.1.30-2.el7.s390x.rpm rh-php71-php-devel-7.1.30-2.el7.s390x.rpm rh-php71-php-embedded-7.1.30-2.el7.s390x.rpm rh-php71-php-enchant-7.1.30-2.el7.s390x.rpm rh-php71-php-fpm-7.1.30-2.el7.s390x.rpm rh-php71-php-gd-7.1.30-2.el7.s390x.rpm rh-php71-php-gmp-7.1.30-2.el7.s390x.rpm rh-php71-php-intl-7.1.30-2.el7.s390x.rpm rh-php71-php-json-7.1.30-2.el7.s390x.rpm rh-php71-php-ldap-7.1.30-2.el7.s390x.rpm rh-php71-php-mbstring-7.1.30-2.el7.s390x.rpm rh-php71-php-mysqlnd-7.1.30-2.el7.s390x.rpm rh-php71-php-odbc-7.1.30-2.el7.s390x.rpm rh-php71-php-opcache-7.1.30-2.el7.s390x.rpm rh-php71-php-pdo-7.1.30-2.el7.s390x.rpm rh-php71-php-pgsql-7.1.30-2.el7.s390x.rpm rh-php71-php-process-7.1.30-2.el7.s390x.rpm rh-php71-php-pspell-7.1.30-2.el7.s390x.rpm rh-php71-php-recode-7.1.30-2.el7.s390x.rpm rh-php71-php-snmp-7.1.30-2.el7.s390x.rpm rh-php71-php-soap-7.1.30-2.el7.s390x.rpm rh-php71-php-xml-7.1.30-2.el7.s390x.rpm rh-php71-php-xmlrpc-7.1.30-2.el7.s390x.rpm rh-php71-php-zip-7.1.30-2.el7.s390x.rpm x86_64: rh-php71-php-7.1.30-2.el7.x86_64.rpm rh-php71-php-bcmath-7.1.30-2.el7.x86_64.rpm rh-php71-php-cli-7.1.30-2.el7.x86_64.rpm rh-php71-php-common-7.1.30-2.el7.x86_64.rpm rh-php71-php-dba-7.1.30-2.el7.x86_64.rpm rh-php71-php-dbg-7.1.30-2.el7.x86_64.rpm rh-php71-php-debuginfo-7.1.30-2.el7.x86_64.rpm rh-php71-php-devel-7.1.30-2.el7.x86_64.rpm rh-php71-php-embedded-7.1.30-2.el7.x86_64.rpm rh-php71-php-enchant-7.1.30-2.el7.x86_64.rpm rh-php71-php-fpm-7.1.30-2.el7.x86_64.rpm rh-php71-php-gd-7.1.30-2.el7.x86_64.rpm rh-php71-php-gmp-7.1.30-2.el7.x86_64.rpm rh-php71-php-intl-7.1.30-2.el7.x86_64.rpm rh-php71-php-json-7.1.30-2.el7.x86_64.rpm rh-php71-php-ldap-7.1.30-2.el7.x86_64.rpm rh-php71-php-mbstring-7.1.30-2.el7.x86_64.rpm rh-php71-php-mysqlnd-7.1.30-2.el7.x86_64.rpm rh-php71-php-odbc-7.1.30-2.el7.x86_64.rpm rh-php71-php-opcache-7.1.30-2.el7.x86_64.rpm rh-php71-php-pdo-7.1.30-2.el7.x86_64.rpm rh-php71-php-pgsql-7.1.30-2.el7.x86_64.rpm rh-php71-php-process-7.1.30-2.el7.x86_64.rpm rh-php71-php-pspell-7.1.30-2.el7.x86_64.rpm rh-php71-php-recode-7.1.30-2.el7.x86_64.rpm rh-php71-php-snmp-7.1.30-2.el7.x86_64.rpm rh-php71-php-soap-7.1.30-2.el7.x86_64.rpm rh-php71-php-xml-7.1.30-2.el7.x86_64.rpm rh-php71-php-xmlrpc-7.1.30-2.el7.x86_64.rpm rh-php71-php-zip-7.1.30-2.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6): Source: rh-php71-php-7.1.30-2.el7.src.rpm ppc64le: rh-php71-php-7.1.30-2.el7.ppc64le.rpm rh-php71-php-bcmath-7.1.30-2.el7.ppc64le.rpm rh-php71-php-cli-7.1.30-2.el7.ppc64le.rpm rh-php71-php-common-7.1.30-2.el7.ppc64le.rpm rh-php71-php-dba-7.1.30-2.el7.ppc64le.rpm rh-php71-php-dbg-7.1.30-2.el7.ppc64le.rpm rh-php71-php-debuginfo-7.1.30-2.el7.ppc64le.rpm rh-php71-php-devel-7.1.30-2.el7.ppc64le.rpm rh-php71-php-embedded-7.1.30-2.el7.ppc64le.rpm rh-php71-php-enchant-7.1.30-2.el7.ppc64le.rpm rh-php71-php-fpm-7.1.30-2.el7.ppc64le.rpm rh-php71-php-gd-7.1.30-2.el7.ppc64le.rpm rh-php71-php-gmp-7.1.30-2.el7.ppc64le.rpm rh-php71-php-intl-7.1.30-2.el7.ppc64le.rpm rh-php71-php-json-7.1.30-2.el7.ppc64le.rpm rh-php71-php-ldap-7.1.30-2.el7.ppc64le.rpm rh-php71-php-mbstring-7.1.30-2.el7.ppc64le.rpm rh-php71-php-mysqlnd-7.1.30-2.el7.ppc64le.rpm rh-php71-php-odbc-7.1.30-2.el7.ppc64le.rpm rh-php71-php-opcache-7.1.30-2.el7.ppc64le.rpm rh-php71-php-pdo-7.1.30-2.el7.ppc64le.rpm rh-php71-php-pgsql-7.1.30-2.el7.ppc64le.rpm rh-php71-php-process-7.1.30-2.el7.ppc64le.rpm rh-php71-php-pspell-7.1.30-2.el7.ppc64le.rpm rh-php71-php-recode-7.1.30-2.el7.ppc64le.rpm rh-php71-php-snmp-7.1.30-2.el7.ppc64le.rpm rh-php71-php-soap-7.1.30-2.el7.ppc64le.rpm rh-php71-php-xml-7.1.30-2.el7.ppc64le.rpm rh-php71-php-xmlrpc-7.1.30-2.el7.ppc64le.rpm rh-php71-php-zip-7.1.30-2.el7.ppc64le.rpm s390x: rh-php71-php-7.1.30-2.el7.s390x.rpm rh-php71-php-bcmath-7.1.30-2.el7.s390x.rpm rh-php71-php-cli-7.1.30-2.el7.s390x.rpm rh-php71-php-common-7.1.30-2.el7.s390x.rpm rh-php71-php-dba-7.1.30-2.el7.s390x.rpm rh-php71-php-dbg-7.1.30-2.el7.s390x.rpm rh-php71-php-debuginfo-7.1.30-2.el7.s390x.rpm rh-php71-php-devel-7.1.30-2.el7.s390x.rpm rh-php71-php-embedded-7.1.30-2.el7.s390x.rpm rh-php71-php-enchant-7.1.30-2.el7.s390x.rpm rh-php71-php-fpm-7.1.30-2.el7.s390x.rpm rh-php71-php-gd-7.1.30-2.el7.s390x.rpm rh-php71-php-gmp-7.1.30-2.el7.s390x.rpm rh-php71-php-intl-7.1.30-2.el7.s390x.rpm rh-php71-php-json-7.1.30-2.el7.s390x.rpm rh-php71-php-ldap-7.1.30-2.el7.s390x.rpm rh-php71-php-mbstring-7.1.30-2.el7.s390x.rpm rh-php71-php-mysqlnd-7.1.30-2.el7.s390x.rpm rh-php71-php-odbc-7.1.30-2.el7.s390x.rpm rh-php71-php-opcache-7.1.30-2.el7.s390x.rpm rh-php71-php-pdo-7.1.30-2.el7.s390x.rpm rh-php71-php-pgsql-7.1.30-2.el7.s390x.rpm rh-php71-php-process-7.1.30-2.el7.s390x.rpm rh-php71-php-pspell-7.1.30-2.el7.s390x.rpm rh-php71-php-recode-7.1.30-2.el7.s390x.rpm rh-php71-php-snmp-7.1.30-2.el7.s390x.rpm rh-php71-php-soap-7.1.30-2.el7.s390x.rpm rh-php71-php-xml-7.1.30-2.el7.s390x.rpm rh-php71-php-xmlrpc-7.1.30-2.el7.s390x.rpm rh-php71-php-zip-7.1.30-2.el7.s390x.rpm x86_64: rh-php71-php-7.1.30-2.el7.x86_64.rpm rh-php71-php-bcmath-7.1.30-2.el7.x86_64.rpm rh-php71-php-cli-7.1.30-2.el7.x86_64.rpm rh-php71-php-common-7.1.30-2.el7.x86_64.rpm rh-php71-php-dba-7.1.30-2.el7.x86_64.rpm rh-php71-php-dbg-7.1.30-2.el7.x86_64.rpm rh-php71-php-debuginfo-7.1.30-2.el7.x86_64.rpm rh-php71-php-devel-7.1.30-2.el7.x86_64.rpm rh-php71-php-embedded-7.1.30-2.el7.x86_64.rpm rh-php71-php-enchant-7.1.30-2.el7.x86_64.rpm rh-php71-php-fpm-7.1.30-2.el7.x86_64.rpm rh-php71-php-gd-7.1.30-2.el7.x86_64.rpm rh-php71-php-gmp-7.1.30-2.el7.x86_64.rpm rh-php71-php-intl-7.1.30-2.el7.x86_64.rpm rh-php71-php-json-7.1.30-2.el7.x86_64.rpm rh-php71-php-ldap-7.1.30-2.el7.x86_64.rpm rh-php71-php-mbstring-7.1.30-2.el7.x86_64.rpm rh-php71-php-mysqlnd-7.1.30-2.el7.x86_64.rpm rh-php71-php-odbc-7.1.30-2.el7.x86_64.rpm rh-php71-php-opcache-7.1.30-2.el7.x86_64.rpm rh-php71-php-pdo-7.1.30-2.el7.x86_64.rpm rh-php71-php-pgsql-7.1.30-2.el7.x86_64.rpm rh-php71-php-process-7.1.30-2.el7.x86_64.rpm rh-php71-php-pspell-7.1.30-2.el7.x86_64.rpm rh-php71-php-recode-7.1.30-2.el7.x86_64.rpm rh-php71-php-snmp-7.1.30-2.el7.x86_64.rpm rh-php71-php-soap-7.1.30-2.el7.x86_64.rpm rh-php71-php-xml-7.1.30-2.el7.x86_64.rpm rh-php71-php-xmlrpc-7.1.30-2.el7.x86_64.rpm rh-php71-php-zip-7.1.30-2.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7): Source: rh-php71-php-7.1.30-2.el7.src.rpm ppc64le: rh-php71-php-7.1.30-2.el7.ppc64le.rpm rh-php71-php-bcmath-7.1.30-2.el7.ppc64le.rpm rh-php71-php-cli-7.1.30-2.el7.ppc64le.rpm rh-php71-php-common-7.1.30-2.el7.ppc64le.rpm rh-php71-php-dba-7.1.30-2.el7.ppc64le.rpm rh-php71-php-dbg-7.1.30-2.el7.ppc64le.rpm rh-php71-php-debuginfo-7.1.30-2.el7.ppc64le.rpm rh-php71-php-devel-7.1.30-2.el7.ppc64le.rpm rh-php71-php-embedded-7.1.30-2.el7.ppc64le.rpm rh-php71-php-enchant-7.1.30-2.el7.ppc64le.rpm rh-php71-php-fpm-7.1.30-2.el7.ppc64le.rpm rh-php71-php-gd-7.1.30-2.el7.ppc64le.rpm rh-php71-php-gmp-7.1.30-2.el7.ppc64le.rpm rh-php71-php-intl-7.1.30-2.el7.ppc64le.rpm rh-php71-php-json-7.1.30-2.el7.ppc64le.rpm rh-php71-php-ldap-7.1.30-2.el7.ppc64le.rpm rh-php71-php-mbstring-7.1.30-2.el7.ppc64le.rpm rh-php71-php-mysqlnd-7.1.30-2.el7.ppc64le.rpm rh-php71-php-odbc-7.1.30-2.el7.ppc64le.rpm rh-php71-php-opcache-7.1.30-2.el7.ppc64le.rpm rh-php71-php-pdo-7.1.30-2.el7.ppc64le.rpm rh-php71-php-pgsql-7.1.30-2.el7.ppc64le.rpm rh-php71-php-process-7.1.30-2.el7.ppc64le.rpm rh-php71-php-pspell-7.1.30-2.el7.ppc64le.rpm rh-php71-php-recode-7.1.30-2.el7.ppc64le.rpm rh-php71-php-snmp-7.1.30-2.el7.ppc64le.rpm rh-php71-php-soap-7.1.30-2.el7.ppc64le.rpm rh-php71-php-xml-7.1.30-2.el7.ppc64le.rpm rh-php71-php-xmlrpc-7.1.30-2.el7.ppc64le.rpm rh-php71-php-zip-7.1.30-2.el7.ppc64le.rpm s390x: rh-php71-php-7.1.30-2.el7.s390x.rpm rh-php71-php-bcmath-7.1.30-2.el7.s390x.rpm rh-php71-php-cli-7.1.30-2.el7.s390x.rpm rh-php71-php-common-7.1.30-2.el7.s390x.rpm rh-php71-php-dba-7.1.30-2.el7.s390x.rpm rh-php71-php-dbg-7.1.30-2.el7.s390x.rpm rh-php71-php-debuginfo-7.1.30-2.el7.s390x.rpm rh-php71-php-devel-7.1.30-2.el7.s390x.rpm rh-php71-php-embedded-7.1.30-2.el7.s390x.rpm rh-php71-php-enchant-7.1.30-2.el7.s390x.rpm rh-php71-php-fpm-7.1.30-2.el7.s390x.rpm rh-php71-php-gd-7.1.30-2.el7.s390x.rpm rh-php71-php-gmp-7.1.30-2.el7.s390x.rpm rh-php71-php-intl-7.1.30-2.el7.s390x.rpm rh-php71-php-json-7.1.30-2.el7.s390x.rpm rh-php71-php-ldap-7.1.30-2.el7.s390x.rpm rh-php71-php-mbstring-7.1.30-2.el7.s390x.rpm rh-php71-php-mysqlnd-7.1.30-2.el7.s390x.rpm rh-php71-php-odbc-7.1.30-2.el7.s390x.rpm rh-php71-php-opcache-7.1.30-2.el7.s390x.rpm rh-php71-php-pdo-7.1.30-2.el7.s390x.rpm rh-php71-php-pgsql-7.1.30-2.el7.s390x.rpm rh-php71-php-process-7.1.30-2.el7.s390x.rpm rh-php71-php-pspell-7.1.30-2.el7.s390x.rpm rh-php71-php-recode-7.1.30-2.el7.s390x.rpm rh-php71-php-snmp-7.1.30-2.el7.s390x.rpm rh-php71-php-soap-7.1.30-2.el7.s390x.rpm rh-php71-php-xml-7.1.30-2.el7.s390x.rpm rh-php71-php-xmlrpc-7.1.30-2.el7.s390x.rpm rh-php71-php-zip-7.1.30-2.el7.s390x.rpm x86_64: rh-php71-php-7.1.30-2.el7.x86_64.rpm rh-php71-php-bcmath-7.1.30-2.el7.x86_64.rpm rh-php71-php-cli-7.1.30-2.el7.x86_64.rpm rh-php71-php-common-7.1.30-2.el7.x86_64.rpm rh-php71-php-dba-7.1.30-2.el7.x86_64.rpm rh-php71-php-dbg-7.1.30-2.el7.x86_64.rpm rh-php71-php-debuginfo-7.1.30-2.el7.x86_64.rpm rh-php71-php-devel-7.1.30-2.el7.x86_64.rpm rh-php71-php-embedded-7.1.30-2.el7.x86_64.rpm rh-php71-php-enchant-7.1.30-2.el7.x86_64.rpm rh-php71-php-fpm-7.1.30-2.el7.x86_64.rpm rh-php71-php-gd-7.1.30-2.el7.x86_64.rpm rh-php71-php-gmp-7.1.30-2.el7.x86_64.rpm rh-php71-php-intl-7.1.30-2.el7.x86_64.rpm rh-php71-php-json-7.1.30-2.el7.x86_64.rpm rh-php71-php-ldap-7.1.30-2.el7.x86_64.rpm rh-php71-php-mbstring-7.1.30-2.el7.x86_64.rpm rh-php71-php-mysqlnd-7.1.30-2.el7.x86_64.rpm rh-php71-php-odbc-7.1.30-2.el7.x86_64.rpm rh-php71-php-opcache-7.1.30-2.el7.x86_64.rpm rh-php71-php-pdo-7.1.30-2.el7.x86_64.rpm rh-php71-php-pgsql-7.1.30-2.el7.x86_64.rpm rh-php71-php-process-7.1.30-2.el7.x86_64.rpm rh-php71-php-pspell-7.1.30-2.el7.x86_64.rpm rh-php71-php-recode-7.1.30-2.el7.x86_64.rpm rh-php71-php-snmp-7.1.30-2.el7.x86_64.rpm rh-php71-php-soap-7.1.30-2.el7.x86_64.rpm rh-php71-php-xml-7.1.30-2.el7.x86_64.rpm rh-php71-php-xmlrpc-7.1.30-2.el7.x86_64.rpm rh-php71-php-zip-7.1.30-2.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-php71-php-7.1.30-2.el7.src.rpm x86_64: rh-php71-php-7.1.30-2.el7.x86_64.rpm rh-php71-php-bcmath-7.1.30-2.el7.x86_64.rpm rh-php71-php-cli-7.1.30-2.el7.x86_64.rpm rh-php71-php-common-7.1.30-2.el7.x86_64.rpm rh-php71-php-dba-7.1.30-2.el7.x86_64.rpm rh-php71-php-dbg-7.1.30-2.el7.x86_64.rpm rh-php71-php-debuginfo-7.1.30-2.el7.x86_64.rpm rh-php71-php-devel-7.1.30-2.el7.x86_64.rpm rh-php71-php-embedded-7.1.30-2.el7.x86_64.rpm rh-php71-php-enchant-7.1.30-2.el7.x86_64.rpm rh-php71-php-fpm-7.1.30-2.el7.x86_64.rpm rh-php71-php-gd-7.1.30-2.el7.x86_64.rpm rh-php71-php-gmp-7.1.30-2.el7.x86_64.rpm rh-php71-php-intl-7.1.30-2.el7.x86_64.rpm rh-php71-php-json-7.1.30-2.el7.x86_64.rpm rh-php71-php-ldap-7.1.30-2.el7.x86_64.rpm rh-php71-php-mbstring-7.1.30-2.el7.x86_64.rpm rh-php71-php-mysqlnd-7.1.30-2.el7.x86_64.rpm rh-php71-php-odbc-7.1.30-2.el7.x86_64.rpm rh-php71-php-opcache-7.1.30-2.el7.x86_64.rpm rh-php71-php-pdo-7.1.30-2.el7.x86_64.rpm rh-php71-php-pgsql-7.1.30-2.el7.x86_64.rpm rh-php71-php-process-7.1.30-2.el7.x86_64.rpm rh-php71-php-pspell-7.1.30-2.el7.x86_64.rpm rh-php71-php-recode-7.1.30-2.el7.x86_64.rpm rh-php71-php-snmp-7.1.30-2.el7.x86_64.rpm rh-php71-php-soap-7.1.30-2.el7.x86_64.rpm rh-php71-php-xml-7.1.30-2.el7.x86_64.rpm rh-php71-php-xmlrpc-7.1.30-2.el7.x86_64.rpm rh-php71-php-zip-7.1.30-2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-11043 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXbwtR9zjgjWX9erEAQjj5g/+M1WEchNrpwynJrZYCxqSik3yaRm2NUz8 rJC8EZSWpAyKmfs/qMPUuWS25mAdufb0MShUI2+KYLBRxxd8wT10dXZtnMSPCK2g F0mSGd3b68nK9Nz600LhO9e9/hfELz3J62RtQPwP7YP+XchawwpQ3eVNRXiOm11U WbPh7vnuy2DG2Bk70GlT2AZ23/9nE74FXLHBC8u3pJgC/5phIqZzrctDk41kHX3K YaAywjeH1EYoYTAj9+DG8F9DiTVZpeTmboUTRMqX7NGlA6hZ5dSodsGUJnSCIjIZ xf/nSSyagOstJEWJNY1YAN979sHfegU5gMH1Dr+lcr8ZGHNiIaC522RWUj4PsAWp PqEf12w+3MFMycQf11JYqnZaIsK9rsML8KhizPXH2ikvCiAGHQY6G/rPamwIjUrn OrvE7lzFjSxqUfUtiA8HO8IjPXFCbNgaHkQZk0x2dNiisLChNk4bJP7IZ7NL2eaG e6G8yFDr/JEDzu/7VAb1s6rZxxyqrZSgYxDX80rlMYzk2tgevQcbxF2wU3fsSDdT Z8rj2kfbe87hPEPLlGaAnNgpBKC+gvO6OoBFEshpIPUi9ngU39WCpxrsg/b1y0Lk dj7+D5n8C00rNlw3Ywzp40XwIV8SQ11/BzVlh5YkQsFZ4PB2WPW1qVYPD9MtS1tB LlhlX5pm3X0= =vmS2 - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Critical: rh-php72-php security update Advisory ID: RHSA-2019:3299-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:3299 Issue date: 2019-11-01 CVE Names: CVE-2016-10166 CVE-2018-20783 CVE-2019-6977 CVE-2019-9020 CVE-2019-9021 CVE-2019-9022 CVE-2019-9023 CVE-2019-9024 CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 CVE-2019-11038 CVE-2019-11039 CVE-2019-11040 CVE-2019-11041 CVE-2019-11042 CVE-2019-11043 ===================================================================== 1. Summary: An update for rh-php72-php is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: rh-php72-php (7.2.24). (BZ#1766603) Security Fix(es): * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) * gd: Unsigned integer underflow _gdContributionsAlloc() (CVE-2016-10166) * gd: Heap based buffer overflow in gdImageColorMatch() in gd_color_match.c (CVE-2019-6977) * php: Invalid memory access in function xmlrpc_decode() (CVE-2019-9020) * php: File rename across filesystems may allow unwanted access during processing (CVE-2019-9637) * php: Uninitialized read in exif_process_IFD_in_MAKERNOTE (CVE-2019-9638) * php: Uninitialized read in exif_process_IFD_in_MAKERNOTE (CVE-2019-9639) * php: Invalid read in exif_process_SOFn() (CVE-2019-9640) * php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() (CVE-2019-11039) * php: Buffer over-read in exif_read_data() (CVE-2019-11040) * php: Buffer over-read in PHAR reading functions (CVE-2018-20783) * php: Heap-based buffer over-read in PHAR reading functions (CVE-2019-9021) * php: memcpy with negative length via crafted DNS response (CVE-2019-9022) * php: Heap-based buffer over-read in mbstring regular expression functions (CVE-2019-9023) * php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c (CVE-2019-9024) * php: Heap buffer overflow in function exif_process_IFD_TAG() (CVE-2019-11034) * php: Heap buffer overflow in function exif_iif_add_value() (CVE-2019-11035) * php: Buffer over-read in exif_process_IFD_TAG() leading to information disclosure (CVE-2019-11036) * gd: Information disclosure in gdImageCreateFromXbm() (CVE-2019-11038) * php: heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041) * php: heap buffer over-read in exif_process_user_comment() (CVE-2019-11042) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1418983 - CVE-2016-10166 gd: Unsigned integer underflow _gdContributionsAlloc() 1672207 - CVE-2019-6977 gd: Heap based buffer overflow in gdImageColorMatch() in gd_color_match.c 1680545 - CVE-2018-20783 php: Buffer over-read in PHAR reading functions 1685123 - CVE-2019-9020 php: Invalid memory access in function xmlrpc_decode() 1685132 - CVE-2019-9021 php: Heap-based buffer over-read in PHAR reading functions 1685398 - CVE-2019-9023 php: Heap-based buffer over-read in mbstring regular expression functions 1685404 - CVE-2019-9024 php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c 1685412 - CVE-2019-9022 php: memcpy with negative length via crafted DNS response 1688897 - CVE-2019-9637 php: File rename across filesystems may allow unwanted access during processing 1688922 - CVE-2019-9638 php: Uninitialized read in exif_process_IFD_in_MAKERNOTE 1688934 - CVE-2019-9639 php: Uninitialized read in exif_process_IFD_in_MAKERNOTE 1688939 - CVE-2019-9640 php: Invalid read in exif_process_SOFn() 1702246 - CVE-2019-11035 php: Heap buffer overflow in function exif_iif_add_value() 1702256 - CVE-2019-11034 php: Heap buffer overflow in function exif_process_IFD_TAG() 1707299 - CVE-2019-11036 php: Buffer over-read in exif_process_IFD_TAG() leading to information disclosure 1724149 - CVE-2019-11038 gd: Information disclosure in gdImageCreateFromXbm() 1724152 - CVE-2019-11039 php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() 1724154 - CVE-2019-11040 php: Buffer over-read in exif_read_data() 1739459 - CVE-2019-11041 php: heap buffer over-read in exif_scan_thumbnail() 1739465 - CVE-2019-11042 php: heap buffer over-read in exif_process_user_comment() 1766378 - CVE-2019-11043 php: underflow in env_path_info in fpm_main.c 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-php72-php-7.2.24-1.el7.src.rpm aarch64: rh-php72-php-7.2.24-1.el7.aarch64.rpm rh-php72-php-bcmath-7.2.24-1.el7.aarch64.rpm rh-php72-php-cli-7.2.24-1.el7.aarch64.rpm rh-php72-php-common-7.2.24-1.el7.aarch64.rpm rh-php72-php-dba-7.2.24-1.el7.aarch64.rpm rh-php72-php-dbg-7.2.24-1.el7.aarch64.rpm rh-php72-php-debuginfo-7.2.24-1.el7.aarch64.rpm rh-php72-php-devel-7.2.24-1.el7.aarch64.rpm rh-php72-php-embedded-7.2.24-1.el7.aarch64.rpm rh-php72-php-enchant-7.2.24-1.el7.aarch64.rpm rh-php72-php-fpm-7.2.24-1.el7.aarch64.rpm rh-php72-php-gd-7.2.24-1.el7.aarch64.rpm rh-php72-php-gmp-7.2.24-1.el7.aarch64.rpm rh-php72-php-intl-7.2.24-1.el7.aarch64.rpm rh-php72-php-json-7.2.24-1.el7.aarch64.rpm rh-php72-php-ldap-7.2.24-1.el7.aarch64.rpm rh-php72-php-mbstring-7.2.24-1.el7.aarch64.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.aarch64.rpm rh-php72-php-odbc-7.2.24-1.el7.aarch64.rpm rh-php72-php-opcache-7.2.24-1.el7.aarch64.rpm rh-php72-php-pdo-7.2.24-1.el7.aarch64.rpm rh-php72-php-pgsql-7.2.24-1.el7.aarch64.rpm rh-php72-php-process-7.2.24-1.el7.aarch64.rpm rh-php72-php-pspell-7.2.24-1.el7.aarch64.rpm rh-php72-php-recode-7.2.24-1.el7.aarch64.rpm rh-php72-php-snmp-7.2.24-1.el7.aarch64.rpm rh-php72-php-soap-7.2.24-1.el7.aarch64.rpm rh-php72-php-xml-7.2.24-1.el7.aarch64.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.aarch64.rpm rh-php72-php-zip-7.2.24-1.el7.aarch64.rpm ppc64le: rh-php72-php-7.2.24-1.el7.ppc64le.rpm rh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm rh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm rh-php72-php-common-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm rh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm rh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm rh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm rh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm rh-php72-php-json-7.2.24-1.el7.ppc64le.rpm rh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm rh-php72-php-process-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm rh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm rh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm s390x: rh-php72-php-7.2.24-1.el7.s390x.rpm rh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm rh-php72-php-cli-7.2.24-1.el7.s390x.rpm rh-php72-php-common-7.2.24-1.el7.s390x.rpm rh-php72-php-dba-7.2.24-1.el7.s390x.rpm rh-php72-php-dbg-7.2.24-1.el7.s390x.rpm rh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm rh-php72-php-devel-7.2.24-1.el7.s390x.rpm rh-php72-php-embedded-7.2.24-1.el7.s390x.rpm rh-php72-php-enchant-7.2.24-1.el7.s390x.rpm rh-php72-php-fpm-7.2.24-1.el7.s390x.rpm rh-php72-php-gd-7.2.24-1.el7.s390x.rpm rh-php72-php-gmp-7.2.24-1.el7.s390x.rpm rh-php72-php-intl-7.2.24-1.el7.s390x.rpm rh-php72-php-json-7.2.24-1.el7.s390x.rpm rh-php72-php-ldap-7.2.24-1.el7.s390x.rpm rh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm rh-php72-php-odbc-7.2.24-1.el7.s390x.rpm rh-php72-php-opcache-7.2.24-1.el7.s390x.rpm rh-php72-php-pdo-7.2.24-1.el7.s390x.rpm rh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm rh-php72-php-process-7.2.24-1.el7.s390x.rpm rh-php72-php-pspell-7.2.24-1.el7.s390x.rpm rh-php72-php-recode-7.2.24-1.el7.s390x.rpm rh-php72-php-snmp-7.2.24-1.el7.s390x.rpm rh-php72-php-soap-7.2.24-1.el7.s390x.rpm rh-php72-php-xml-7.2.24-1.el7.s390x.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm rh-php72-php-zip-7.2.24-1.el7.s390x.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-php72-php-7.2.24-1.el7.src.rpm aarch64: rh-php72-php-7.2.24-1.el7.aarch64.rpm rh-php72-php-bcmath-7.2.24-1.el7.aarch64.rpm rh-php72-php-cli-7.2.24-1.el7.aarch64.rpm rh-php72-php-common-7.2.24-1.el7.aarch64.rpm rh-php72-php-dba-7.2.24-1.el7.aarch64.rpm rh-php72-php-dbg-7.2.24-1.el7.aarch64.rpm rh-php72-php-debuginfo-7.2.24-1.el7.aarch64.rpm rh-php72-php-devel-7.2.24-1.el7.aarch64.rpm rh-php72-php-embedded-7.2.24-1.el7.aarch64.rpm rh-php72-php-enchant-7.2.24-1.el7.aarch64.rpm rh-php72-php-fpm-7.2.24-1.el7.aarch64.rpm rh-php72-php-gd-7.2.24-1.el7.aarch64.rpm rh-php72-php-gmp-7.2.24-1.el7.aarch64.rpm rh-php72-php-intl-7.2.24-1.el7.aarch64.rpm rh-php72-php-json-7.2.24-1.el7.aarch64.rpm rh-php72-php-ldap-7.2.24-1.el7.aarch64.rpm rh-php72-php-mbstring-7.2.24-1.el7.aarch64.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.aarch64.rpm rh-php72-php-odbc-7.2.24-1.el7.aarch64.rpm rh-php72-php-opcache-7.2.24-1.el7.aarch64.rpm rh-php72-php-pdo-7.2.24-1.el7.aarch64.rpm rh-php72-php-pgsql-7.2.24-1.el7.aarch64.rpm rh-php72-php-process-7.2.24-1.el7.aarch64.rpm rh-php72-php-pspell-7.2.24-1.el7.aarch64.rpm rh-php72-php-recode-7.2.24-1.el7.aarch64.rpm rh-php72-php-snmp-7.2.24-1.el7.aarch64.rpm rh-php72-php-soap-7.2.24-1.el7.aarch64.rpm rh-php72-php-xml-7.2.24-1.el7.aarch64.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.aarch64.rpm rh-php72-php-zip-7.2.24-1.el7.aarch64.rpm ppc64le: rh-php72-php-7.2.24-1.el7.ppc64le.rpm rh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm rh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm rh-php72-php-common-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm rh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm rh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm rh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm rh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm rh-php72-php-json-7.2.24-1.el7.ppc64le.rpm rh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm rh-php72-php-process-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm rh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm rh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm s390x: rh-php72-php-7.2.24-1.el7.s390x.rpm rh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm rh-php72-php-cli-7.2.24-1.el7.s390x.rpm rh-php72-php-common-7.2.24-1.el7.s390x.rpm rh-php72-php-dba-7.2.24-1.el7.s390x.rpm rh-php72-php-dbg-7.2.24-1.el7.s390x.rpm rh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm rh-php72-php-devel-7.2.24-1.el7.s390x.rpm rh-php72-php-embedded-7.2.24-1.el7.s390x.rpm rh-php72-php-enchant-7.2.24-1.el7.s390x.rpm rh-php72-php-fpm-7.2.24-1.el7.s390x.rpm rh-php72-php-gd-7.2.24-1.el7.s390x.rpm rh-php72-php-gmp-7.2.24-1.el7.s390x.rpm rh-php72-php-intl-7.2.24-1.el7.s390x.rpm rh-php72-php-json-7.2.24-1.el7.s390x.rpm rh-php72-php-ldap-7.2.24-1.el7.s390x.rpm rh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm rh-php72-php-odbc-7.2.24-1.el7.s390x.rpm rh-php72-php-opcache-7.2.24-1.el7.s390x.rpm rh-php72-php-pdo-7.2.24-1.el7.s390x.rpm rh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm rh-php72-php-process-7.2.24-1.el7.s390x.rpm rh-php72-php-pspell-7.2.24-1.el7.s390x.rpm rh-php72-php-recode-7.2.24-1.el7.s390x.rpm rh-php72-php-snmp-7.2.24-1.el7.s390x.rpm rh-php72-php-soap-7.2.24-1.el7.s390x.rpm rh-php72-php-xml-7.2.24-1.el7.s390x.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm rh-php72-php-zip-7.2.24-1.el7.s390x.rpm x86_64: rh-php72-php-7.2.24-1.el7.x86_64.rpm rh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm rh-php72-php-cli-7.2.24-1.el7.x86_64.rpm rh-php72-php-common-7.2.24-1.el7.x86_64.rpm rh-php72-php-dba-7.2.24-1.el7.x86_64.rpm rh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm rh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm rh-php72-php-devel-7.2.24-1.el7.x86_64.rpm rh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm rh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm rh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm rh-php72-php-gd-7.2.24-1.el7.x86_64.rpm rh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-intl-7.2.24-1.el7.x86_64.rpm rh-php72-php-json-7.2.24-1.el7.x86_64.rpm rh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm rh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm rh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm rh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm rh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm rh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm rh-php72-php-process-7.2.24-1.el7.x86_64.rpm rh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm rh-php72-php-recode-7.2.24-1.el7.x86_64.rpm rh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-soap-7.2.24-1.el7.x86_64.rpm rh-php72-php-xml-7.2.24-1.el7.x86_64.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm rh-php72-php-zip-7.2.24-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5): Source: rh-php72-php-7.2.24-1.el7.src.rpm ppc64le: rh-php72-php-7.2.24-1.el7.ppc64le.rpm rh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm rh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm rh-php72-php-common-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm rh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm rh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm rh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm rh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm rh-php72-php-json-7.2.24-1.el7.ppc64le.rpm rh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm rh-php72-php-process-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm rh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm rh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm s390x: rh-php72-php-7.2.24-1.el7.s390x.rpm rh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm rh-php72-php-cli-7.2.24-1.el7.s390x.rpm rh-php72-php-common-7.2.24-1.el7.s390x.rpm rh-php72-php-dba-7.2.24-1.el7.s390x.rpm rh-php72-php-dbg-7.2.24-1.el7.s390x.rpm rh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm rh-php72-php-devel-7.2.24-1.el7.s390x.rpm rh-php72-php-embedded-7.2.24-1.el7.s390x.rpm rh-php72-php-enchant-7.2.24-1.el7.s390x.rpm rh-php72-php-fpm-7.2.24-1.el7.s390x.rpm rh-php72-php-gd-7.2.24-1.el7.s390x.rpm rh-php72-php-gmp-7.2.24-1.el7.s390x.rpm rh-php72-php-intl-7.2.24-1.el7.s390x.rpm rh-php72-php-json-7.2.24-1.el7.s390x.rpm rh-php72-php-ldap-7.2.24-1.el7.s390x.rpm rh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm rh-php72-php-odbc-7.2.24-1.el7.s390x.rpm rh-php72-php-opcache-7.2.24-1.el7.s390x.rpm rh-php72-php-pdo-7.2.24-1.el7.s390x.rpm rh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm rh-php72-php-process-7.2.24-1.el7.s390x.rpm rh-php72-php-pspell-7.2.24-1.el7.s390x.rpm rh-php72-php-recode-7.2.24-1.el7.s390x.rpm rh-php72-php-snmp-7.2.24-1.el7.s390x.rpm rh-php72-php-soap-7.2.24-1.el7.s390x.rpm rh-php72-php-xml-7.2.24-1.el7.s390x.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm rh-php72-php-zip-7.2.24-1.el7.s390x.rpm x86_64: rh-php72-php-7.2.24-1.el7.x86_64.rpm rh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm rh-php72-php-cli-7.2.24-1.el7.x86_64.rpm rh-php72-php-common-7.2.24-1.el7.x86_64.rpm rh-php72-php-dba-7.2.24-1.el7.x86_64.rpm rh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm rh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm rh-php72-php-devel-7.2.24-1.el7.x86_64.rpm rh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm rh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm rh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm rh-php72-php-gd-7.2.24-1.el7.x86_64.rpm rh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-intl-7.2.24-1.el7.x86_64.rpm rh-php72-php-json-7.2.24-1.el7.x86_64.rpm rh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm rh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm rh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm rh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm rh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm rh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm rh-php72-php-process-7.2.24-1.el7.x86_64.rpm rh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm rh-php72-php-recode-7.2.24-1.el7.x86_64.rpm rh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-soap-7.2.24-1.el7.x86_64.rpm rh-php72-php-xml-7.2.24-1.el7.x86_64.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm rh-php72-php-zip-7.2.24-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6): Source: rh-php72-php-7.2.24-1.el7.src.rpm ppc64le: rh-php72-php-7.2.24-1.el7.ppc64le.rpm rh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm rh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm rh-php72-php-common-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm rh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm rh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm rh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm rh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm rh-php72-php-json-7.2.24-1.el7.ppc64le.rpm rh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm rh-php72-php-process-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm rh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm rh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm s390x: rh-php72-php-7.2.24-1.el7.s390x.rpm rh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm rh-php72-php-cli-7.2.24-1.el7.s390x.rpm rh-php72-php-common-7.2.24-1.el7.s390x.rpm rh-php72-php-dba-7.2.24-1.el7.s390x.rpm rh-php72-php-dbg-7.2.24-1.el7.s390x.rpm rh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm rh-php72-php-devel-7.2.24-1.el7.s390x.rpm rh-php72-php-embedded-7.2.24-1.el7.s390x.rpm rh-php72-php-enchant-7.2.24-1.el7.s390x.rpm rh-php72-php-fpm-7.2.24-1.el7.s390x.rpm rh-php72-php-gd-7.2.24-1.el7.s390x.rpm rh-php72-php-gmp-7.2.24-1.el7.s390x.rpm rh-php72-php-intl-7.2.24-1.el7.s390x.rpm rh-php72-php-json-7.2.24-1.el7.s390x.rpm rh-php72-php-ldap-7.2.24-1.el7.s390x.rpm rh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm rh-php72-php-odbc-7.2.24-1.el7.s390x.rpm rh-php72-php-opcache-7.2.24-1.el7.s390x.rpm rh-php72-php-pdo-7.2.24-1.el7.s390x.rpm rh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm rh-php72-php-process-7.2.24-1.el7.s390x.rpm rh-php72-php-pspell-7.2.24-1.el7.s390x.rpm rh-php72-php-recode-7.2.24-1.el7.s390x.rpm rh-php72-php-snmp-7.2.24-1.el7.s390x.rpm rh-php72-php-soap-7.2.24-1.el7.s390x.rpm rh-php72-php-xml-7.2.24-1.el7.s390x.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm rh-php72-php-zip-7.2.24-1.el7.s390x.rpm x86_64: rh-php72-php-7.2.24-1.el7.x86_64.rpm rh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm rh-php72-php-cli-7.2.24-1.el7.x86_64.rpm rh-php72-php-common-7.2.24-1.el7.x86_64.rpm rh-php72-php-dba-7.2.24-1.el7.x86_64.rpm rh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm rh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm rh-php72-php-devel-7.2.24-1.el7.x86_64.rpm rh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm rh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm rh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm rh-php72-php-gd-7.2.24-1.el7.x86_64.rpm rh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-intl-7.2.24-1.el7.x86_64.rpm rh-php72-php-json-7.2.24-1.el7.x86_64.rpm rh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm rh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm rh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm rh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm rh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm rh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm rh-php72-php-process-7.2.24-1.el7.x86_64.rpm rh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm rh-php72-php-recode-7.2.24-1.el7.x86_64.rpm rh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-soap-7.2.24-1.el7.x86_64.rpm rh-php72-php-xml-7.2.24-1.el7.x86_64.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm rh-php72-php-zip-7.2.24-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7): Source: rh-php72-php-7.2.24-1.el7.src.rpm ppc64le: rh-php72-php-7.2.24-1.el7.ppc64le.rpm rh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm rh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm rh-php72-php-common-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm rh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm rh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm rh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm rh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm rh-php72-php-json-7.2.24-1.el7.ppc64le.rpm rh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm rh-php72-php-process-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm rh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm rh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm s390x: rh-php72-php-7.2.24-1.el7.s390x.rpm rh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm rh-php72-php-cli-7.2.24-1.el7.s390x.rpm rh-php72-php-common-7.2.24-1.el7.s390x.rpm rh-php72-php-dba-7.2.24-1.el7.s390x.rpm rh-php72-php-dbg-7.2.24-1.el7.s390x.rpm rh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm rh-php72-php-devel-7.2.24-1.el7.s390x.rpm rh-php72-php-embedded-7.2.24-1.el7.s390x.rpm rh-php72-php-enchant-7.2.24-1.el7.s390x.rpm rh-php72-php-fpm-7.2.24-1.el7.s390x.rpm rh-php72-php-gd-7.2.24-1.el7.s390x.rpm rh-php72-php-gmp-7.2.24-1.el7.s390x.rpm rh-php72-php-intl-7.2.24-1.el7.s390x.rpm rh-php72-php-json-7.2.24-1.el7.s390x.rpm rh-php72-php-ldap-7.2.24-1.el7.s390x.rpm rh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm rh-php72-php-odbc-7.2.24-1.el7.s390x.rpm rh-php72-php-opcache-7.2.24-1.el7.s390x.rpm rh-php72-php-pdo-7.2.24-1.el7.s390x.rpm rh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm rh-php72-php-process-7.2.24-1.el7.s390x.rpm rh-php72-php-pspell-7.2.24-1.el7.s390x.rpm rh-php72-php-recode-7.2.24-1.el7.s390x.rpm rh-php72-php-snmp-7.2.24-1.el7.s390x.rpm rh-php72-php-soap-7.2.24-1.el7.s390x.rpm rh-php72-php-xml-7.2.24-1.el7.s390x.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm rh-php72-php-zip-7.2.24-1.el7.s390x.rpm x86_64: rh-php72-php-7.2.24-1.el7.x86_64.rpm rh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm rh-php72-php-cli-7.2.24-1.el7.x86_64.rpm rh-php72-php-common-7.2.24-1.el7.x86_64.rpm rh-php72-php-dba-7.2.24-1.el7.x86_64.rpm rh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm rh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm rh-php72-php-devel-7.2.24-1.el7.x86_64.rpm rh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm rh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm rh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm rh-php72-php-gd-7.2.24-1.el7.x86_64.rpm rh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-intl-7.2.24-1.el7.x86_64.rpm rh-php72-php-json-7.2.24-1.el7.x86_64.rpm rh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm rh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm rh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm rh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm rh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm rh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm rh-php72-php-process-7.2.24-1.el7.x86_64.rpm rh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm rh-php72-php-recode-7.2.24-1.el7.x86_64.rpm rh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-soap-7.2.24-1.el7.x86_64.rpm rh-php72-php-xml-7.2.24-1.el7.x86_64.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm rh-php72-php-zip-7.2.24-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-php72-php-7.2.24-1.el7.src.rpm x86_64: rh-php72-php-7.2.24-1.el7.x86_64.rpm rh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm rh-php72-php-cli-7.2.24-1.el7.x86_64.rpm rh-php72-php-common-7.2.24-1.el7.x86_64.rpm rh-php72-php-dba-7.2.24-1.el7.x86_64.rpm rh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm rh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm rh-php72-php-devel-7.2.24-1.el7.x86_64.rpm rh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm rh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm rh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm rh-php72-php-gd-7.2.24-1.el7.x86_64.rpm rh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-intl-7.2.24-1.el7.x86_64.rpm rh-php72-php-json-7.2.24-1.el7.x86_64.rpm rh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm rh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm rh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm rh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm rh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm rh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm rh-php72-php-process-7.2.24-1.el7.x86_64.rpm rh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm rh-php72-php-recode-7.2.24-1.el7.x86_64.rpm rh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-soap-7.2.24-1.el7.x86_64.rpm rh-php72-php-xml-7.2.24-1.el7.x86_64.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm rh-php72-php-zip-7.2.24-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-10166 https://access.redhat.com/security/cve/CVE-2018-20783 https://access.redhat.com/security/cve/CVE-2019-6977 https://access.redhat.com/security/cve/CVE-2019-9020 https://access.redhat.com/security/cve/CVE-2019-9021 https://access.redhat.com/security/cve/CVE-2019-9022 https://access.redhat.com/security/cve/CVE-2019-9023 https://access.redhat.com/security/cve/CVE-2019-9024 https://access.redhat.com/security/cve/CVE-2019-9637 https://access.redhat.com/security/cve/CVE-2019-9638 https://access.redhat.com/security/cve/CVE-2019-9639 https://access.redhat.com/security/cve/CVE-2019-9640 https://access.redhat.com/security/cve/CVE-2019-11034 https://access.redhat.com/security/cve/CVE-2019-11035 https://access.redhat.com/security/cve/CVE-2019-11036 https://access.redhat.com/security/cve/CVE-2019-11038 https://access.redhat.com/security/cve/CVE-2019-11039 https://access.redhat.com/security/cve/CVE-2019-11040 https://access.redhat.com/security/cve/CVE-2019-11041 https://access.redhat.com/security/cve/CVE-2019-11042 https://access.redhat.com/security/cve/CVE-2019-11043 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXbwslNzjgjWX9erEAQgZrA//YpBwARJTytrbpWQquZ4hnjbScNEZK1d4 sOOT+oiQSrzvghsNKNCKwEO1CLbNA9XOT7bCchtpD/HguTc4XeGNk7dAf/qA6UVB tJCxmqNBVBKqoe9UafmxLUFcVSkv/PHRVD2h+/TvmqdB8Uf2Z8hIIaBt7UsW34sb yBMLJVhyG98c/7VzwqFXW6Vm+Ly6+/ViYtloe5/Ex4D8FvB72Cc9uRvCTWdLLOXu PlwQKdaEt5CtUrTmLFEX+9t6tybwhNBf/dZ96nazCaSRtQVnhZI9s+wjoE6vEOOB +bOldvJ9tu7LclzMIz7SbSqjhPBSLtEMGZKcO1havVGDwcfPAEc12TW9DtVFDlqA Xq+dFW5vviRCoMlSmNBmSqQZSWMF64LdzjvWfW2G/nBnNLOdhu/Wufs1sJUOc+cp V9PgQH0iWut0N89DaOzTH+4PQvvvTw12HuKHk+P+/O8bBBdcI9gpd5klce/5jquc QXqhy49koz6BturNpVnXfSWjdLPwQ1pwhGJOkv7vLsdx6HVeuY6BsSE+C28cHFl+ z/AOZL4eCa9xKlePdGKCbqzTjMmCiJQbeShoBOKt1DtSgVVgtE0Kc5EZQcqop0aw RG304k1HSbrgsSRFxx6s1RophOQaC3ASvWkw5OY/8ylNrO9AAMxLRjZNCve6V7Rq 86WRMpuQxpE= =winR - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXb9oemaOgq3Tt24GAQh7zg/8C3A7Btx5I9X+EU2sYMZcYgrdi/BNLYBn VDeulVNUwG6K/RQ//Faq+Wh0Qp6Wb22kG8VKaFK/zlGaWg2R/XdII9YDoM4UP7BU jl3jNkoKVBdeHi52mGoPCiYmd/w0fbrNbxLbjtHzhVB9xF7B1e1mZOH+ejvq66MO HbhoP0pznxiWTR2OBfsw/UmF6kC0HRSYpY43Chi69EA65+zXcLhu99Q/Ed1vJ1Ap w+Aa6v4ZwnEfIMsMjr22YTCjVS5mfGVeLdeFgWgxyLjQAvaoDAg6DbZhXlnoe6Rb DRoST0DvX4QLC46CSDbNgiVm1ior+3M5Ga4zgB5NLfQZUaQS893qqvBa80CpxKIR QbmEmpk72JTyIJH7e6DRpNOENcLP5WQdYTagPBBpadwetsY4lVAU8VlZ2NTdgKHE UiZntpQ+URI4tm8hX7iqHJj/NowrFd7cS5gHFXClbynwe8b6z6bga5ZrrhgBR0It +K1ZQ3fuDmaMpJ/F2UewM3Fs+vbRtdFDHHJTpb9keLXXScNP1M20uRZ5Yrq8SZkV dDRnMd6+quT1xR2gRyxgCvOh8nSvXzJWCqxzvSrGyABank8cLgSNXFfVNlvRvQfs nWhSZyiScSUUtDCPBUAs1tP7MFKGZKxbzJiEATKjkz4sXvoT0432O2OylfDjMjrR sIorJD/Zatk= =7Rfj -----END PGP SIGNATURE-----