{"id":"RLSA-2020:3662","summary":"Moderate: php:7.3 security, bug fix, and enhancement update","details":"PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nThe following packages have been upgraded to a later upstream version: php (7.3.20). (BZ#1856655)\n\nSecurity Fix(es):\n\n* php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() (CVE-2019-11039)\n\n* php: Buffer over-read in exif_read_data() (CVE-2019-11040)\n\n* php: DirectoryIterator class accepts filenames with embedded \\0 byte and treats them as terminating at that byte (CVE-2019-11045)\n\n* php: Information disclosure in exif_read_data() (CVE-2019-11047)\n\n* php: Integer wraparounds when receiving multipart forms (CVE-2019-11048)\n\n* oniguruma: Use-after-free in onig_new_deluxe() in regext.c (CVE-2019-13224)\n\n* oniguruma: NULL pointer dereference in match_at() in regexec.c (CVE-2019-13225)\n\n* oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c (CVE-2019-16163)\n\n* oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c (CVE-2019-19203)\n\n* oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c (CVE-2019-19204)\n\n* pcre: Out of bounds read in JIT mode when \\X is used in non-UTF mode (CVE-2019-20454)\n\n* php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059)\n\n* php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function (CVE-2020-7060)\n\n* php: NULL pointer dereference in PHP session upload progress (CVE-2020-7062)\n\n* php: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063)\n\n* php: Information disclosure in exif_read_data() function (CVE-2020-7064)\n\n* php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution (CVE-2020-7065)\n\n* php: Heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041)\n\n* php: Heap buffer over-read in exif_process_user_comment() (CVE-2019-11042)\n\n* php: Out of bounds read when parsing EXIF information (CVE-2019-11050)\n\n* oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c (CVE-2019-19246)\n\n* php: Information disclosure in function get_headers (CVE-2020-7066)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","modified":"2026-02-04T20:15:13.875002Z","published":"2020-09-08T08:38:31Z","upstream":["CVE-2019-11039","CVE-2019-11040","CVE-2019-11041","CVE-2019-11042","CVE-2019-11045","CVE-2019-11047","CVE-2019-11048","CVE-2019-11050","CVE-2019-13224","CVE-2019-13225","CVE-2019-16163","CVE-2019-19203","CVE-2019-19204","CVE-2019-19246","CVE-2019-20454","CVE-2020-7059","CVE-2020-7060","CVE-2020-7062","CVE-2020-7063","CVE-2020-7064","CVE-2020-7065","CVE-2020-7066"],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2020:3662"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1724152"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1724154"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728965"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728970"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1735494"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1739459"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1739465"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1768997"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1777537"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1786570"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1786572"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1788258"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1797776"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1797779"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1802061"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1802068"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1808532"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1808536"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1820601"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1820604"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1820627"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1837842"}],"affected":[{"package":{"name":"libzip","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/libzip?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.5.2-1.module+el8.4.0+414+2e7afcdd"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2020:3662.json"}},{"package":{"name":"php","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/php?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.3.20-1.module+el8.4.0+414+2e7afcdd"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2020:3662.json"}},{"package":{"name":"php-pear","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/php-pear?distro=rocky-linux-8&epoch=1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.10.9-1.module+el8.4.0+414+2e7afcdd"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2020:3662.json"}},{"package":{"name":"php-pecl-apcu","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/php-pecl-apcu?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.1.17-1.module+el8.4.0+414+2e7afcdd"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2020:3662.json"}},{"package":{"name":"php-pecl-rrd","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/php-pecl-rrd?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.0.1-1.module+el8.4.0+414+2e7afcdd"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2020:3662.json"}},{"package":{"name":"php-pecl-xdebug","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/php-pecl-xdebug?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.8.0-1.module+el8.4.0+414+2e7afcdd"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2020:3662.json"}},{"package":{"name":"php-pecl-zip","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/php-pecl-zip?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.15.4-1.module+el8.4.0+414+2e7afcdd"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2020:3662.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]}