Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title rh-php72-php security update
Informations
Name RHSA-2019:3299 First vendor Publication 2019-11-01
Vendor RedHat Last vendor Modification 2019-11-01
Severity (Vendor) N/A Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

An update for rh-php72-php is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

The following packages have been upgraded to a later upstream version: rh-php72-php (7.2.24). (BZ#1766603)

Security Fix(es):

* php: underflow in env_path_info in fpm_main.c (CVE-2019-11043)

* gd: Unsigned integer underflow _gdContributionsAlloc() (CVE-2016-10166)

* gd: Heap based buffer overflow in gdImageColorMatch() in gd_color_match.c (CVE-2019-6977)

* php: Invalid memory access in function xmlrpc_decode() (CVE-2019-9020)

* php: File rename across filesystems may allow unwanted access during processing (CVE-2019-9637)

* php: Uninitialized read in exif_process_IFD_in_MAKERNOTE (CVE-2019-9638)

* php: Uninitialized read in exif_process_IFD_in_MAKERNOTE (CVE-2019-9639)

* php: Invalid read in exif_process_SOFn() (CVE-2019-9640)

* php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() (CVE-2019-11039)

* php: Buffer over-read in exif_read_data() (CVE-2019-11040)

* php: Buffer over-read in PHAR reading functions (CVE-2018-20783)

* php: Heap-based buffer over-read in PHAR reading functions (CVE-2019-9021)

* php: memcpy with negative length via crafted DNS response (CVE-2019-9022)

* php: Heap-based buffer over-read in mbstring regular expression functions (CVE-2019-9023)

* php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c (CVE-2019-9024)

* php: Heap buffer overflow in function exif_process_IFD_TAG() (CVE-2019-11034)

* php: Heap buffer overflow in function exif_iif_add_value() (CVE-2019-11035)

* php: Buffer over-read in exif_process_IFD_TAG() leading to information disclosure (CVE-2019-11036)

* gd: Information disclosure in gdImageCreateFromXbm() (CVE-2019-11038)

* php: heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041)

* php: heap buffer over-read in exif_process_user_comment() (CVE-2019-11042)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1418983 - CVE-2016-10166 gd: Unsigned integer underflow _gdContributionsAlloc() 1672207 - CVE-2019-6977 gd: Heap based buffer overflow in gdImageColorMatch() in gd_color_match.c 1680545 - CVE-2018-20783 php: Buffer over-read in PHAR reading functions 1685123 - CVE-2019-9020 php: Invalid memory access in function xmlrpc_decode() 1685132 - CVE-2019-9021 php: Heap-based buffer over-read in PHAR reading functions 1685398 - CVE-2019-9023 php: Heap-based buffer over-read in mbstring regular expression functions 1685404 - CVE-2019-9024 php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c 1685412 - CVE-2019-9022 php: memcpy with negative length via crafted DNS response 1688897 - CVE-2019-9637 php: File rename across filesystems may allow unwanted access during processing 1688922 - CVE-2019-9638 php: Uninitialized read in exif_process_IFD_in_MAKERNOTE 1688934 - CVE-2019-9639 php: Uninitialized read in exif_process_IFD_in_MAKERNOTE 1688939 - CVE-2019-9640 php: Invalid read in exif_process_SOFn() 1702246 - CVE-2019-11035 php: Heap buffer overflow in function exif_iif_add_value() 1702256 - CVE-2019-11034 php: Heap buffer overflow in function exif_process_IFD_TAG() 1707299 - CVE-2019-11036 php: Buffer over-read in exif_process_IFD_TAG() leading to information disclosure 1724149 - CVE-2019-11038 gd: Information disclosure in gdImageCreateFromXbm() 1724152 - CVE-2019-11039 php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() 1724154 - CVE-2019-11040 php: Buffer over-read in exif_read_data() 1739459 - CVE-2019-11041 php: heap buffer over-read in exif_scan_thumbnail() 1739465 - CVE-2019-11042 php: heap buffer over-read in exif_process_user_comment() 1766378 - CVE-2019-11043 php: underflow in env_path_info in fpm_main.c

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2019-3299.html

CWE : Common Weakness Enumeration

% Id Name
71 % CWE-125 Out-of-bounds Read
10 % CWE-787 Out-of-bounds Write (CWE/SANS Top 25)
5 % CWE-416 Use After Free
5 % CWE-264 Permissions, Privileges, and Access Controls
5 % CWE-191 Integer Underflow (Wrap or Wraparound)
5 % CWE-190 Integer Overflow or Wraparound (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2
Application 10
Application 2
Application 888
Application 1
Application 1
Application 4
Os 184
Os 8
Os 3
Os 4
Os 3
Os 2
Os 1
Os 2
Os 2
Os 2

Snort® IPS/IDS

Date Description
2019-12-10 PHP FPM env_path_info buffer underflow attempt
RuleID : 52123 - Revision : 1 - Type : SERVER-WEBAPP
2019-05-07 PHP gdImageColorMatch heap buffer overflow file download attempt
RuleID : 49673 - Revision : 1 - Type : SERVER-OTHER
2019-05-07 PHP gdImageColorMatch heap buffer overflow file upload attempt
RuleID : 49672 - Revision : 1 - Type : SERVER-OTHER
2014-01-10 PHP uri tag injection attempt
RuleID : 23111 - Revision : 12 - Type : POLICY-OTHER
2014-01-10 PHP function CRLF injection attempt
RuleID : 12360 - Revision : 11 - Type : SERVER-WEBAPP

Nessus® Vulnerability Scanner

Date Description
2017-07-19 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2017-199-02.nasl - Type : ACT_GATHER_INFO
2017-03-14 Name : The remote Fedora host is missing a security update.
File : fedora_2017-9a5b89363f.nasl - Type : ACT_GATHER_INFO
2017-03-07 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-304.nasl - Type : ACT_GATHER_INFO
2017-03-01 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-3213-1.nasl - Type : ACT_GATHER_INFO
2017-02-28 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-0568-1.nasl - Type : ACT_GATHER_INFO
2017-02-24 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-289.nasl - Type : ACT_GATHER_INFO
2017-02-16 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-0468-1.nasl - Type : ACT_GATHER_INFO
2017-02-15 Name : The remote Fedora host is missing a security update.
File : fedora_2017-f787c35494.nasl - Type : ACT_GATHER_INFO
2017-02-01 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3777.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2020-03-19 13:19:29
  • First insertion