Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title rh-php71-php security, bug fix, and enhancement update
Informations
Name RHSA-2019:2519 First vendor Publication 2019-08-19
Vendor RedHat Last vendor Modification 2019-08-19
Severity (Vendor) N/A Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

An update for rh-php71-php is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

The following packages have been upgraded to a later upstream version: rh-php71-php (7.1.30). (BZ#1631672)

Security Fix(es):

* gd: Unsigned integer underflow _gdContributionsAlloc() (CVE-2016-10166)

* php: Out of bounds access in php_pcre.c:php_pcre_replace_impl() (CVE-2017-9118)

* php: Integer overflow in mysqli_api.c:mysqli_real_escape_string() (CVE-2017-9120)

* php: Heap use after free in ext/standard/var_unserializer.re (CVE-2017-12932)

* php: Reflected XSS in .phar 404 page (CVE-2018-5712)

* php: Stack-based buffer under-read in php_stream_url_wrap_http_ex() in http_fopen_wrapper.c when parsing HTTP response (CVE-2018-7584)

* php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service (CVE-2018-10546)

* php: Reflected XSS vulnerability on PHAR 403 and 404 error pages (CVE-2018-10547)

* php: NULL pointer dereference due to mishandling of ldap_get_dn return value allows DoS via malicious LDAP server reply (CVE-2018-10548)

* php: Mishandled http_header_value in an atoi() call in http_fopen_wrapper.c (CVE-2018-14884)

* php: Cross-site scripting (XSS) flaw in Apache2 component via body of 'Transfer-Encoding: chunked' request (CVE-2018-17082)

* gd: Heap based buffer overflow in gdImageColorMatch() in gd_color_match.c (CVE-2019-6977)

* php: Invalid memory access in function xmlrpc_decode() (CVE-2019-9020)

* php: File rename across filesystems may allow unwanted access during processing (CVE-2019-9637)

* php: Uninitialized read in exif_process_IFD_in_MAKERNOTE (CVE-2019-9638)

* php: Uninitialized read in exif_process_IFD_in_MAKERNOTE (CVE-2019-9639)

* php: Invalid read in exif_process_SOFn() (CVE-2019-9640)

* php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() (CVE-2019-11039)

* php: Buffer over-read in exif_read_data() (CVE-2019-11040)

* php: Out-of-bound read in timelib_meridian() (CVE-2017-16642)

* gd: Infinite loop in gdImageCreateFromGifCtx() in gd_gif_in.c (CVE-2018-5711)

* php: Dumpable FPM child processes allow bypassing opcache access controls (CVE-2018-10545)

* php: Out-of-bounds read in ext/exif/exif.c:exif_read_data() when reading crafted JPEG data (CVE-2018-10549)

* php: exif: Buffer over-read in exif_process_IFD_in_MAKERNOTE() (CVE-2018-14851)

* php: Buffer over-read in PHAR reading functions (CVE-2018-20783)

* php: Heap-based buffer over-read in PHAR reading functions (CVE-2019-9021)

* php: memcpy with negative length via crafted DNS response (CVE-2019-9022)

* php: Heap-based buffer over-read in mbstring regular expression functions (CVE-2019-9023)

* php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c (CVE-2019-9024)

* php: Heap buffer overflow in function exif_process_IFD_TAG() (CVE-2019-11034)

* php: Heap buffer overflow in function exif_iif_add_value() (CVE-2019-11035)

* php: Buffer over-read in exif_process_IFD_TAG() leading to information disclosure (CVE-2019-11036)

* gd: Information disclosure in gdImageCreateFromXbm() (CVE-2019-11038)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1418983 - CVE-2016-10166 gd: Unsigned integer underflow _gdContributionsAlloc() 1484837 - CVE-2017-12932 php: Heap use after free in ext/standard/var_unserializer.re 1512057 - CVE-2017-16642 php: Out-of-bound read in timelib_meridian() 1535246 - CVE-2018-5711 gd: Infinite loop in gdImageCreateFromGifCtx() in gd_gif_in.c 1535251 - CVE-2018-5712 php: Reflected XSS in .phar 404 page 1551039 - CVE-2018-7584 php: Stack-based buffer under-read in php_stream_url_wrap_http_ex() in http_fopen_wrapper.c when parsing HTTP response 1563858 - CVE-2018-10545 php: Dumpable FPM child processes allow bypassing opcache access controls 1573797 - CVE-2018-10549 php: Out-of-bounds read in ext/exif/exif.c:exif_read_data() when reading crafted JPEG data 1573802 - CVE-2018-10546 php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service 1573805 - CVE-2018-10548 php: NULL pointer dereference due to mishandling of ldap_get_dn return value allows DoS via malicious LDAP server reply 1573814 - CVE-2018-10547 php: Reflected XSS vulnerability on PHAR 403 and 404 error pages 1609642 - CVE-2018-14851 php: exif: Buffer over-read in exif_process_IFD_in_MAKERNOTE() 1611890 - CVE-2017-9118 php: Out of bounds access in php_pcre.c:php_pcre_replace_impl() 1611898 - CVE-2017-9120 php: Integer overflow in mysqli_api.c:mysqli_real_escape_string() 1612362 - CVE-2018-14884 php: Mishandled http_header_value in an atoi() call in http_fopen_wrapper.c 1629552 - CVE-2018-17082 php: Cross-site scripting (XSS) flaw in Apache2 component via body of 'Transfer-Encoding: chunked' request 1672207 - CVE-2019-6977 gd: Heap based buffer overflow in gdImageColorMatch() in gd_color_match.c 1680545 - CVE-2018-20783 php: Buffer over-read in PHAR reading functions 1685123 - CVE-2019-9020 php: Invalid memory access in function xmlrpc_decode() 1685132 - CVE-2019-9021 php: Heap-based buffer over-read in PHAR reading functions 1685398 - CVE-2019-9023 php: Heap-based buffer over-read in mbstring regular expression functions 1685404 - CVE-2019-9024 php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c 1685412 - CVE-2019-9022 php: memcpy with negative length via crafted DNS response 1688897 - CVE-2019-9637 php: File rename across filesystems may allow unwanted access during processing 1688922 - CVE-2019-9638 php: Uninitialized read in exif_process_IFD_in_MAKERNOTE 1688934 - CVE-2019-9639 php: Uninitialized read in exif_process_IFD_in_MAKERNOTE 1688939 - CVE-2019-9640 php: Invalid read in exif_process_SOFn() 1702246 - CVE-2019-11035 php: Heap buffer overflow in function exif_iif_add_value() 1702256 - CVE-2019-11034 php: Heap buffer overflow in function exif_process_IFD_TAG() 1707299 - CVE-2019-11036 php: Buffer over-read in exif_process_IFD_TAG() leading to information disclosure 1724149 - CVE-2019-11038 gd: Information disclosure in gdImageCreateFromXbm() 1724152 - CVE-2019-11039 php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() 1724154 - CVE-2019-11040 php: Buffer over-read in exif_read_data()

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2019-2519.html

CWE : Common Weakness Enumeration

% Id Name
33 % CWE-125 Out-of-bounds Read
24 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
9 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
6 % CWE-476 NULL Pointer Dereference
6 % CWE-416 Use After Free
3 % CWE-787 Out-of-bounds Write (CWE/SANS Top 25)
3 % CWE-681 Incorrect Conversion between Numeric Types
3 % CWE-264 Permissions, Privileges, and Access Controls
3 % CWE-200 Information Exposure
3 % CWE-191 Integer Underflow (Wrap or Wraparound)
3 % CWE-190 Integer Overflow or Wraparound (CWE/SANS Top 25)
3 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 10
Application 2
Application 887
Os 8
Os 3
Os 1
Os 1

Snort® IPS/IDS

Date Description
2019-10-23 PHP http fopen stack buffer overflow attempt
RuleID : 51578 - Revision : 1 - Type : SERVER-WEBAPP
2019-05-07 PHP gdImageColorMatch heap buffer overflow file download attempt
RuleID : 49673 - Revision : 1 - Type : SERVER-OTHER
2019-05-07 PHP gdImageColorMatch heap buffer overflow file upload attempt
RuleID : 49672 - Revision : 1 - Type : SERVER-OTHER
2018-12-11 CVE PHP infinite loop from use of stream filter and convert.iconv file upload...
RuleID : 48354 - Revision : 2 - Type : SERVER-WEBAPP
2018-06-26 PHP .phar cross site scripting attempt
RuleID : 46808 - Revision : 2 - Type : SERVER-WEBAPP

Nessus® Vulnerability Scanner

Date Description
2019-01-03 Name : The remote Fedora host is missing a security update.
File : fedora_2018-ee6707d519.nasl - Type : ACT_GATHER_INFO
2019-01-03 Name : The remote Fedora host is missing a security update.
File : fedora_2018-b6072889db.nasl - Type : ACT_GATHER_INFO
2019-01-03 Name : The remote Fedora host is missing a security update.
File : fedora_2018-791c3cfe21.nasl - Type : ACT_GATHER_INFO
2019-01-03 Name : The remote Fedora host is missing a security update.
File : fedora_2018-1aeac808ce.nasl - Type : ACT_GATHER_INFO
2018-12-11 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4353.nasl - Type : ACT_GATHER_INFO
2018-12-03 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201812-01.nasl - Type : ACT_GATHER_INFO
2018-10-26 Name : The remote EulerOS Virtualization host is missing a security update.
File : EulerOS_SA-2018-1325.nasl - Type : ACT_GATHER_INFO
2018-10-19 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1090.nasl - Type : ACT_GATHER_INFO
2018-09-27 Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2018-1310.nasl - Type : ACT_GATHER_INFO
2018-09-27 Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2018-1309.nasl - Type : ACT_GATHER_INFO
2018-09-24 Name : The remote Fedora host is missing a security update.
File : fedora_2018-25100b492c.nasl - Type : ACT_GATHER_INFO
2018-09-20 Name : The remote Debian host is missing a security update.
File : debian_DLA-1509.nasl - Type : ACT_GATHER_INFO
2018-09-04 Name : The remote Debian host is missing a security update.
File : debian_DLA-1490.nasl - Type : ACT_GATHER_INFO
2018-08-24 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1067.nasl - Type : ACT_GATHER_INFO
2018-08-24 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1066.nasl - Type : ACT_GATHER_INFO
2018-08-10 Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2018-1224.nasl - Type : ACT_GATHER_INFO
2018-07-06 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4240.nasl - Type : ACT_GATHER_INFO
2018-07-03 Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2018-1217.nasl - Type : ACT_GATHER_INFO
2018-06-28 Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2018-1158.nasl - Type : ACT_GATHER_INFO
2018-06-27 Name : The remote Debian host is missing a security update.
File : debian_DLA-1397.nasl - Type : ACT_GATHER_INFO
2018-06-05 Name : The remote host is missing a macOS update that fixes multiple security vulner...
File : macos_10_13_5.nasl - Type : ACT_GATHER_INFO
2018-05-17 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2018-136-02.nasl - Type : ACT_GATHER_INFO
2018-05-11 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1019.nasl - Type : ACT_GATHER_INFO
2018-05-10 Name : The remote Debian host is missing a security update.
File : debian_DLA-1373.nasl - Type : ACT_GATHER_INFO
2018-05-04 Name : The remote Fedora host is missing a security update.
File : fedora_2018-6071a600e8.nasl - Type : ACT_GATHER_INFO
2018-05-04 Name : The remote Fedora host is missing a security update.
File : fedora_2018-04f6056c42.nasl - Type : ACT_GATHER_INFO
2018-05-02 Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2018-1097.nasl - Type : ACT_GATHER_INFO
2018-05-02 Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2018-1096.nasl - Type : ACT_GATHER_INFO
2018-04-06 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-988.nasl - Type : ACT_GATHER_INFO
2018-04-05 Name : The remote Fedora host is missing a security update.
File : fedora_2018-331af74020.nasl - Type : ACT_GATHER_INFO
2018-03-30 Name : The remote Debian host is missing a security update.
File : debian_DLA-1326.nasl - Type : ACT_GATHER_INFO
2018-03-29 Name : The remote Fedora host is missing a security update.
File : fedora_2018-ba81e4e4a0.nasl - Type : ACT_GATHER_INFO
2018-03-29 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-982.nasl - Type : ACT_GATHER_INFO
2018-03-12 Name : The remote Fedora host is missing a security update.
File : fedora_2018-e8bc8d2784.nasl - Type : ACT_GATHER_INFO
2018-03-09 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2018-067-02.nasl - Type : ACT_GATHER_INFO
2018-03-07 Name : The remote Fedora host is missing a security update.
File : fedora_2018-a89ccf7133.nasl - Type : ACT_GATHER_INFO
2018-02-09 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-946.nasl - Type : ACT_GATHER_INFO
2018-02-05 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2018-034-01.nasl - Type : ACT_GATHER_INFO
2018-01-22 Name : The remote Debian host is missing a security update.
File : debian_DLA-1251.nasl - Type : ACT_GATHER_INFO
2018-01-19 Name : The remote Debian host is missing a security update.
File : debian_DLA-1248.nasl - Type : ACT_GATHER_INFO
2018-01-09 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4081.nasl - Type : ACT_GATHER_INFO
2018-01-09 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4080.nasl - Type : ACT_GATHER_INFO
2017-12-15 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-1371.nasl - Type : ACT_GATHER_INFO
2017-12-14 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-1353.nasl - Type : ACT_GATHER_INFO
2017-11-16 Name : The version of PHP running on the remote web server is affected by multiple v...
File : php_7_1_11.nasl - Type : ACT_GATHER_INFO
2017-11-16 Name : The version of PHP running on the remote web server is affected by multiple v...
File : php_7_0_25.nasl - Type : ACT_GATHER_INFO
2017-11-16 Name : The version of PHP running on the remote web server is affected by multiple v...
File : php_5_6_32.nasl - Type : ACT_GATHER_INFO
2017-09-25 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201709-21.nasl - Type : ACT_GATHER_INFO
2017-09-18 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-1061.nasl - Type : ACT_GATHER_INFO
2017-07-19 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2017-199-02.nasl - Type : ACT_GATHER_INFO
2017-03-14 Name : The remote Fedora host is missing a security update.
File : fedora_2017-9a5b89363f.nasl - Type : ACT_GATHER_INFO
2017-03-07 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-304.nasl - Type : ACT_GATHER_INFO
2017-03-01 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-3213-1.nasl - Type : ACT_GATHER_INFO
2017-02-28 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-0568-1.nasl - Type : ACT_GATHER_INFO
2017-02-24 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-289.nasl - Type : ACT_GATHER_INFO
2017-02-16 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-0468-1.nasl - Type : ACT_GATHER_INFO
2017-02-15 Name : The remote Fedora host is missing a security update.
File : fedora_2017-f787c35494.nasl - Type : ACT_GATHER_INFO
2017-02-01 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3777.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2020-03-19 13:19:01
  • First insertion