Executive Summary
Summary | |
---|---|
Title | rh-php71-php security, bug fix, and enhancement update |
Informations | |||
---|---|---|---|
Name | RHSA-2019:2519 | First vendor Publication | 2019-08-19 |
Vendor | RedHat | Last vendor Modification | 2019-08-19 |
Severity (Vendor) | N/A | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: An update for rh-php71-php is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: rh-php71-php (7.1.30). (BZ#1631672) Security Fix(es): * gd: Unsigned integer underflow _gdContributionsAlloc() (CVE-2016-10166) * php: Out of bounds access in php_pcre.c:php_pcre_replace_impl() (CVE-2017-9118) * php: Integer overflow in mysqli_api.c:mysqli_real_escape_string() (CVE-2017-9120) * php: Heap use after free in ext/standard/var_unserializer.re (CVE-2017-12932) * php: Reflected XSS in .phar 404 page (CVE-2018-5712) * php: Stack-based buffer under-read in php_stream_url_wrap_http_ex() in http_fopen_wrapper.c when parsing HTTP response (CVE-2018-7584) * php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service (CVE-2018-10546) * php: Reflected XSS vulnerability on PHAR 403 and 404 error pages (CVE-2018-10547) * php: NULL pointer dereference due to mishandling of ldap_get_dn return value allows DoS via malicious LDAP server reply (CVE-2018-10548) * php: Mishandled http_header_value in an atoi() call in http_fopen_wrapper.c (CVE-2018-14884) * php: Cross-site scripting (XSS) flaw in Apache2 component via body of 'Transfer-Encoding: chunked' request (CVE-2018-17082) * gd: Heap based buffer overflow in gdImageColorMatch() in gd_color_match.c (CVE-2019-6977) * php: Invalid memory access in function xmlrpc_decode() (CVE-2019-9020) * php: File rename across filesystems may allow unwanted access during processing (CVE-2019-9637) * php: Uninitialized read in exif_process_IFD_in_MAKERNOTE (CVE-2019-9638) * php: Uninitialized read in exif_process_IFD_in_MAKERNOTE (CVE-2019-9639) * php: Invalid read in exif_process_SOFn() (CVE-2019-9640) * php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() (CVE-2019-11039) * php: Buffer over-read in exif_read_data() (CVE-2019-11040) * php: Out-of-bound read in timelib_meridian() (CVE-2017-16642) * gd: Infinite loop in gdImageCreateFromGifCtx() in gd_gif_in.c (CVE-2018-5711) * php: Dumpable FPM child processes allow bypassing opcache access controls (CVE-2018-10545) * php: Out-of-bounds read in ext/exif/exif.c:exif_read_data() when reading crafted JPEG data (CVE-2018-10549) * php: exif: Buffer over-read in exif_process_IFD_in_MAKERNOTE() (CVE-2018-14851) * php: Buffer over-read in PHAR reading functions (CVE-2018-20783) * php: Heap-based buffer over-read in PHAR reading functions (CVE-2019-9021) * php: memcpy with negative length via crafted DNS response (CVE-2019-9022) * php: Heap-based buffer over-read in mbstring regular expression functions (CVE-2019-9023) * php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c (CVE-2019-9024) * php: Heap buffer overflow in function exif_process_IFD_TAG() (CVE-2019-11034) * php: Heap buffer overflow in function exif_iif_add_value() (CVE-2019-11035) * php: Buffer over-read in exif_process_IFD_TAG() leading to information disclosure (CVE-2019-11036) * gd: Information disclosure in gdImageCreateFromXbm() (CVE-2019-11038) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1418983 - CVE-2016-10166 gd: Unsigned integer underflow _gdContributionsAlloc() 1484837 - CVE-2017-12932 php: Heap use after free in ext/standard/var_unserializer.re 1512057 - CVE-2017-16642 php: Out-of-bound read in timelib_meridian() 1535246 - CVE-2018-5711 gd: Infinite loop in gdImageCreateFromGifCtx() in gd_gif_in.c 1535251 - CVE-2018-5712 php: Reflected XSS in .phar 404 page 1551039 - CVE-2018-7584 php: Stack-based buffer under-read in php_stream_url_wrap_http_ex() in http_fopen_wrapper.c when parsing HTTP response 1563858 - CVE-2018-10545 php: Dumpable FPM child processes allow bypassing opcache access controls 1573797 - CVE-2018-10549 php: Out-of-bounds read in ext/exif/exif.c:exif_read_data() when reading crafted JPEG data 1573802 - CVE-2018-10546 php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service 1573805 - CVE-2018-10548 php: NULL pointer dereference due to mishandling of ldap_get_dn return value allows DoS via malicious LDAP server reply 1573814 - CVE-2018-10547 php: Reflected XSS vulnerability on PHAR 403 and 404 error pages 1609642 - CVE-2018-14851 php: exif: Buffer over-read in exif_process_IFD_in_MAKERNOTE() 1611890 - CVE-2017-9118 php: Out of bounds access in php_pcre.c:php_pcre_replace_impl() 1611898 - CVE-2017-9120 php: Integer overflow in mysqli_api.c:mysqli_real_escape_string() 1612362 - CVE-2018-14884 php: Mishandled http_header_value in an atoi() call in http_fopen_wrapper.c 1629552 - CVE-2018-17082 php: Cross-site scripting (XSS) flaw in Apache2 component via body of 'Transfer-Encoding: chunked' request 1672207 - CVE-2019-6977 gd: Heap based buffer overflow in gdImageColorMatch() in gd_color_match.c 1680545 - CVE-2018-20783 php: Buffer over-read in PHAR reading functions 1685123 - CVE-2019-9020 php: Invalid memory access in function xmlrpc_decode() 1685132 - CVE-2019-9021 php: Heap-based buffer over-read in PHAR reading functions 1685398 - CVE-2019-9023 php: Heap-based buffer over-read in mbstring regular expression functions 1685404 - CVE-2019-9024 php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c 1685412 - CVE-2019-9022 php: memcpy with negative length via crafted DNS response 1688897 - CVE-2019-9637 php: File rename across filesystems may allow unwanted access during processing 1688922 - CVE-2019-9638 php: Uninitialized read in exif_process_IFD_in_MAKERNOTE 1688934 - CVE-2019-9639 php: Uninitialized read in exif_process_IFD_in_MAKERNOTE 1688939 - CVE-2019-9640 php: Invalid read in exif_process_SOFn() 1702246 - CVE-2019-11035 php: Heap buffer overflow in function exif_iif_add_value() 1702256 - CVE-2019-11034 php: Heap buffer overflow in function exif_process_IFD_TAG() 1707299 - CVE-2019-11036 php: Buffer over-read in exif_process_IFD_TAG() leading to information disclosure 1724149 - CVE-2019-11038 gd: Information disclosure in gdImageCreateFromXbm() 1724152 - CVE-2019-11039 php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() 1724154 - CVE-2019-11040 php: Buffer over-read in exif_read_data() |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2019-2519.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
53 % | CWE-125 | Out-of-bounds Read |
9 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
6 % | CWE-476 | NULL Pointer Dereference |
6 % | CWE-416 | Use After Free |
6 % | CWE-190 | Integer Overflow or Wraparound (CWE/SANS Top 25) |
3 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
3 % | CWE-681 | Incorrect Conversion between Numeric Types |
3 % | CWE-264 | Permissions, Privileges, and Access Controls |
3 % | CWE-200 | Information Exposure |
3 % | CWE-191 | Integer Underflow (Wrap or Wraparound) |
3 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2019-10-23 | PHP http fopen stack buffer overflow attempt RuleID : 51578 - Revision : 1 - Type : SERVER-WEBAPP |
2019-05-07 | PHP gdImageColorMatch heap buffer overflow file download attempt RuleID : 49673 - Revision : 1 - Type : SERVER-OTHER |
2019-05-07 | PHP gdImageColorMatch heap buffer overflow file upload attempt RuleID : 49672 - Revision : 1 - Type : SERVER-OTHER |
2018-12-11 | CVE PHP infinite loop from use of stream filter and convert.iconv file upload... RuleID : 48354 - Revision : 2 - Type : SERVER-WEBAPP |
2018-06-26 | PHP .phar cross site scripting attempt RuleID : 46808 - Revision : 2 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2019-01-03 | Name : The remote Fedora host is missing a security update. File : fedora_2018-ee6707d519.nasl - Type : ACT_GATHER_INFO |
2019-01-03 | Name : The remote Fedora host is missing a security update. File : fedora_2018-b6072889db.nasl - Type : ACT_GATHER_INFO |
2019-01-03 | Name : The remote Fedora host is missing a security update. File : fedora_2018-791c3cfe21.nasl - Type : ACT_GATHER_INFO |
2019-01-03 | Name : The remote Fedora host is missing a security update. File : fedora_2018-1aeac808ce.nasl - Type : ACT_GATHER_INFO |
2018-12-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-4353.nasl - Type : ACT_GATHER_INFO |
2018-12-03 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201812-01.nasl - Type : ACT_GATHER_INFO |
2018-10-26 | Name : The remote EulerOS Virtualization host is missing a security update. File : EulerOS_SA-2018-1325.nasl - Type : ACT_GATHER_INFO |
2018-10-19 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2018-1090.nasl - Type : ACT_GATHER_INFO |
2018-09-27 | Name : The remote EulerOS host is missing a security update. File : EulerOS_SA-2018-1310.nasl - Type : ACT_GATHER_INFO |
2018-09-27 | Name : The remote EulerOS host is missing a security update. File : EulerOS_SA-2018-1309.nasl - Type : ACT_GATHER_INFO |
2018-09-24 | Name : The remote Fedora host is missing a security update. File : fedora_2018-25100b492c.nasl - Type : ACT_GATHER_INFO |
2018-09-20 | Name : The remote Debian host is missing a security update. File : debian_DLA-1509.nasl - Type : ACT_GATHER_INFO |
2018-09-04 | Name : The remote Debian host is missing a security update. File : debian_DLA-1490.nasl - Type : ACT_GATHER_INFO |
2018-08-24 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2018-1067.nasl - Type : ACT_GATHER_INFO |
2018-08-24 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2018-1066.nasl - Type : ACT_GATHER_INFO |
2018-08-10 | Name : The remote EulerOS host is missing a security update. File : EulerOS_SA-2018-1224.nasl - Type : ACT_GATHER_INFO |
2018-07-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-4240.nasl - Type : ACT_GATHER_INFO |
2018-07-03 | Name : The remote EulerOS host is missing a security update. File : EulerOS_SA-2018-1217.nasl - Type : ACT_GATHER_INFO |
2018-06-28 | Name : The remote EulerOS host is missing a security update. File : EulerOS_SA-2018-1158.nasl - Type : ACT_GATHER_INFO |
2018-06-27 | Name : The remote Debian host is missing a security update. File : debian_DLA-1397.nasl - Type : ACT_GATHER_INFO |
2018-06-05 | Name : The remote host is missing a macOS update that fixes multiple security vulner... File : macos_10_13_5.nasl - Type : ACT_GATHER_INFO |
2018-05-17 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2018-136-02.nasl - Type : ACT_GATHER_INFO |
2018-05-11 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2018-1019.nasl - Type : ACT_GATHER_INFO |
2018-05-10 | Name : The remote Debian host is missing a security update. File : debian_DLA-1373.nasl - Type : ACT_GATHER_INFO |
2018-05-04 | Name : The remote Fedora host is missing a security update. File : fedora_2018-6071a600e8.nasl - Type : ACT_GATHER_INFO |
2018-05-04 | Name : The remote Fedora host is missing a security update. File : fedora_2018-04f6056c42.nasl - Type : ACT_GATHER_INFO |
2018-05-02 | Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2018-1097.nasl - Type : ACT_GATHER_INFO |
2018-05-02 | Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2018-1096.nasl - Type : ACT_GATHER_INFO |
2018-04-06 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2018-988.nasl - Type : ACT_GATHER_INFO |
2018-04-05 | Name : The remote Fedora host is missing a security update. File : fedora_2018-331af74020.nasl - Type : ACT_GATHER_INFO |
2018-03-30 | Name : The remote Debian host is missing a security update. File : debian_DLA-1326.nasl - Type : ACT_GATHER_INFO |
2018-03-29 | Name : The remote Fedora host is missing a security update. File : fedora_2018-ba81e4e4a0.nasl - Type : ACT_GATHER_INFO |
2018-03-29 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2018-982.nasl - Type : ACT_GATHER_INFO |
2018-03-12 | Name : The remote Fedora host is missing a security update. File : fedora_2018-e8bc8d2784.nasl - Type : ACT_GATHER_INFO |
2018-03-09 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2018-067-02.nasl - Type : ACT_GATHER_INFO |
2018-03-07 | Name : The remote Fedora host is missing a security update. File : fedora_2018-a89ccf7133.nasl - Type : ACT_GATHER_INFO |
2018-02-09 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2018-946.nasl - Type : ACT_GATHER_INFO |
2018-02-05 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2018-034-01.nasl - Type : ACT_GATHER_INFO |
2018-01-22 | Name : The remote Debian host is missing a security update. File : debian_DLA-1251.nasl - Type : ACT_GATHER_INFO |
2018-01-19 | Name : The remote Debian host is missing a security update. File : debian_DLA-1248.nasl - Type : ACT_GATHER_INFO |
2018-01-09 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-4081.nasl - Type : ACT_GATHER_INFO |
2018-01-09 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-4080.nasl - Type : ACT_GATHER_INFO |
2017-12-15 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-1371.nasl - Type : ACT_GATHER_INFO |
2017-12-14 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-1353.nasl - Type : ACT_GATHER_INFO |
2017-11-16 | Name : The version of PHP running on the remote web server is affected by multiple v... File : php_7_1_11.nasl - Type : ACT_GATHER_INFO |
2017-11-16 | Name : The version of PHP running on the remote web server is affected by multiple v... File : php_7_0_25.nasl - Type : ACT_GATHER_INFO |
2017-11-16 | Name : The version of PHP running on the remote web server is affected by multiple v... File : php_5_6_32.nasl - Type : ACT_GATHER_INFO |
2017-09-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201709-21.nasl - Type : ACT_GATHER_INFO |
2017-09-18 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-1061.nasl - Type : ACT_GATHER_INFO |
2017-07-19 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2017-199-02.nasl - Type : ACT_GATHER_INFO |
2017-03-14 | Name : The remote Fedora host is missing a security update. File : fedora_2017-9a5b89363f.nasl - Type : ACT_GATHER_INFO |
2017-03-07 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-304.nasl - Type : ACT_GATHER_INFO |
2017-03-01 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-3213-1.nasl - Type : ACT_GATHER_INFO |
2017-02-28 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-0568-1.nasl - Type : ACT_GATHER_INFO |
2017-02-24 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-289.nasl - Type : ACT_GATHER_INFO |
2017-02-16 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-0468-1.nasl - Type : ACT_GATHER_INFO |
2017-02-15 | Name : The remote Fedora host is missing a security update. File : fedora_2017-f787c35494.nasl - Type : ACT_GATHER_INFO |
2017-02-01 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3777.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2020-03-19 13:19:01 |
|