SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   PHP Vendors:   PHP Group
(Red Hat Issues Fix) PHP Input Validation Flaw in PHAR 404 Error Page Lets Remote Users Conduct Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1040833
SecurityTracker URL:  http://securitytracker.com/id/1040833
CVE Reference:   CVE-2018-5712   (Links to External Site)
Date:  May 4 2018
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  

Description:   A vulnerability was reported in PHP. A remote user can conduct cross-site scripting attacks.

The phar 404 error page does not properly filter HTML code from user-supplied file name before displaying the input. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the PHP software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Systems configured to render '.phar' files via PHP are affected.

passownz at gmail reported this vulnerability.

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the PHP software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:   Red Hat has issued a fix for rh-php70-php.

The Red Hat advisory is available at:

https://access.redhat.com/errata/RHSA-2018:1296

Vendor URL:  access.redhat.com/errata/RHSA-2018:1296 (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Red Hat Enterprise)
Underlying OS Comments:  6, 6.7, 7, 7.3, 7.4, 7.5

Message History:   This archive entry is a follow-up to the message listed below.
Feb 12 2018 PHP Input Validation Flaw in PHAR 404 Error Page Lets Remote Users Conduct Cross-Site Scripting Attacks



 Source Message Contents

Subject:  [RHSA-2018:1296-01] Moderate: rh-php70-php security, bug fix, and enhancement update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: rh-php70-php security, bug fix, and enhancement update
Advisory ID:       RHSA-2018:1296-01
Product:           Red Hat Software Collections
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1296
Issue date:        2018-05-03
CVE Names:         CVE-2016-7412 CVE-2016-7413 CVE-2016-7414 
                   CVE-2016-7416 CVE-2016-7417 CVE-2016-7418 
                   CVE-2016-7479 CVE-2016-9933 CVE-2016-9934 
                   CVE-2016-9935 CVE-2016-9936 CVE-2016-10158 
                   CVE-2016-10159 CVE-2016-10160 CVE-2016-10161 
                   CVE-2016-10162 CVE-2016-10167 CVE-2016-10168 
                   CVE-2017-5340 CVE-2017-7890 CVE-2017-9224 
                   CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 
                   CVE-2017-9229 CVE-2017-11143 CVE-2017-11144 
                   CVE-2017-11145 CVE-2017-11147 CVE-2017-11362 
                   CVE-2017-11628 CVE-2017-12932 CVE-2017-12933 
                   CVE-2017-12934 CVE-2017-16642 CVE-2018-5711 
                   CVE-2018-5712 
=====================================================================

1. Summary:

An update for rh-php70-php is now available for Red Hat Software
Collections.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.

The following packages have been upgraded to a later upstream version:
rh-php70-php (7.0.27). (BZ#1518843)

Security Fix(es):

* php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT
field (CVE-2016-7412)

* php: Use after free in wddx_deserialize (CVE-2016-7413)

* php: Out of bounds heap read when verifying signature of zip phar in
phar_parse_zipfile (CVE-2016-7414)

* php: Stack based buffer overflow in msgfmt_format_message (CVE-2016-7416)

* php: Missing type check when unserializing SplArray (CVE-2016-7417)

* php: Null pointer dereference in php_wddx_push_element (CVE-2016-7418)

* php: Use-after-free vulnerability when resizing the 'properties' hash
table of a serialized object (CVE-2016-7479)

* php: Invalid read when wddx decodes empty boolean element (CVE-2016-9935)

* php: Use After Free in unserialize() (CVE-2016-9936)

* php: Wrong calculation in exif_convert_any_to_int function
(CVE-2016-10158)

* php: Integer overflow in phar_parse_pharfile (CVE-2016-10159)

* php: Off-by-one error in phar_parse_pharfile when loading crafted phar
archive (CVE-2016-10160)

* php: Out-of-bounds heap read on unserialize in finish_nested_data()
(CVE-2016-10161)

* php: Null pointer dereference when unserializing PHP object
(CVE-2016-10162)

* gd: DoS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167)

* gd: Integer overflow in gd_io.c (CVE-2016-10168)

* php: Use of uninitialized memory in unserialize() (CVE-2017-5340)

* php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx
function (CVE-2017-7890)

* oniguruma: Out-of-bounds stack read in match_at() during regular
expression searching (CVE-2017-9224)

* oniguruma: Heap buffer overflow in next_state_val() during regular
expression compilation (CVE-2017-9226)

* oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular
expression searching (CVE-2017-9227)

* oniguruma: Out-of-bounds heap write in bitset_set_range() (CVE-2017-9228)

* oniguruma: Invalid pointer dereference in left_adjust_char_head()
(CVE-2017-9229)

* php: Incorrect WDDX deserialization of boolean parameters leads to DoS
(CVE-2017-11143)

* php: Incorrect return value check of OpenSSL sealing function leads to
crash (CVE-2017-11144)

* php: Out-of-bounds read in phar_parse_pharfile (CVE-2017-11147)

* php: Stack-based buffer over-read in msgfmt_parse_message function
(CVE-2017-11362)

* php: Stack based 1-byte buffer over-write in zend_ini_do_op() function
Zend/zend_ini_parser.c (CVE-2017-11628)

* php: heap use after free in ext/standard/var_unserializer.re
(CVE-2017-12932)

* php: heap use after free in ext/standard/var_unserializer.re
(CVE-2017-12934)

* php: reflected XSS in .phar 404 page (CVE-2018-5712)

* php, gd: Stack overflow in gdImageFillToBorder on truecolor images
(CVE-2016-9933)

* php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow
(CVE-2016-9934)

* php: wddx_deserialize() heap out-of-bound read via php_parse_date()
(CVE-2017-11145)

* php: buffer over-read in finish_nested_data function (CVE-2017-12933)

* php: Out-of-bound read in timelib_meridian() (CVE-2017-16642)

* php: Denial of Service (DoS) via infinite loop in libgd
gdImageCreateFromGifCtx function in ext/gd/libgd/gd_gif_in.c
(CVE-2018-5711)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

Additional Changes:

For details, see the Red Hat Software Collections 3.1 Release Notes linked
from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon must be restarted
for the update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1377311 - CVE-2016-7412 php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field
1377314 - CVE-2016-7413 php: Use after free in wddx_deserialize
1377336 - CVE-2016-7414 php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile
1377340 - CVE-2016-7416 php: Stack based buffer overflow in msgfmt_format_message
1377344 - CVE-2016-7417 php: Missing type check when unserializing SplArray
1377352 - CVE-2016-7418 php: Null pointer dereference in php_wddx_push_element
1404723 - CVE-2016-9933 php, gd: Stack overflow in gdImageFillToBorder on truecolor images
1404726 - CVE-2016-9934 php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow
1404731 - CVE-2016-9935 php: Invalid read when wddx decodes empty boolean element
1404735 - CVE-2016-9936 php: Use After Free in unserialize()
1412631 - CVE-2017-5340 php: Use of uninitialized memory in unserialize()
1412686 - CVE-2016-7479 php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object
1418984 - CVE-2016-10167 gd: DoS vulnerability in gdImageCreateFromGd2Ctx()
1418986 - CVE-2016-10168 gd: Integer overflow in gd_io.c
1419010 - CVE-2016-10161 php: Out-of-bounds heap read on unserialize in finish_nested_data()
1419012 - CVE-2016-10162 php: Null pointer dereference when unserializing PHP object
1419015 - CVE-2016-10158 php: Wrong calculation in exif_convert_any_to_int function
1419018 - CVE-2016-10160 php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive
1419020 - CVE-2016-10159 php: Integer overflow in phar_parse_pharfile
1466730 - CVE-2017-9224 oniguruma: Out-of-bounds stack read in match_at() during regular expression searching
1466736 - CVE-2017-9226 oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation
1466739 - CVE-2017-9227 oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching
1466740 - CVE-2017-9228 oniguruma: Out-of-bounds heap write in bitset_set_range()
1466746 - CVE-2017-9229 oniguruma: Invalid pointer dereference in left_adjust_char_head()
1471824 - CVE-2017-11143 php: Incorrect WDDX deserialization of boolean parameters leads to DoS
1471827 - CVE-2017-11144 php: Incorrect return value check of OpenSSL sealing function leads to crash
1471834 - CVE-2017-11145 php: wddx_deserialize() heap out-of-bound read via php_parse_date()
1471842 - CVE-2017-11147 php: Out-of-bounds read in phar_parse_pharfile
1473822 - CVE-2017-7890 php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function
1475373 - CVE-2017-11362 php: Stack-based buffer over-read in msgfmt_parse_message function
1475522 - CVE-2017-11628 php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c
1484837 - CVE-2017-12932 php: heap use after free in ext/standard/var_unserializer.re
1484838 - CVE-2017-12933 php: buffer over-read in finish_nested_data function
1484839 - CVE-2017-12934 php: heap use after free in ext/standard/var_unserializer.re
1512057 - CVE-2017-16642 php: Out-of-bound read in timelib_meridian()
1535246 - CVE-2018-5711 php: Denial of Service (DoS) via infinite loop in libgd gdImageCreateFromGifCtx function in ext/gd/libgd/gd_gif_in.c
1535251 - CVE-2018-5712 php: reflected XSS in .phar 404 page

6. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):

Source:
rh-php70-php-7.0.27-1.el6.src.rpm

x86_64:
rh-php70-php-7.0.27-1.el6.x86_64.rpm
rh-php70-php-bcmath-7.0.27-1.el6.x86_64.rpm
rh-php70-php-cli-7.0.27-1.el6.x86_64.rpm
rh-php70-php-common-7.0.27-1.el6.x86_64.rpm
rh-php70-php-dba-7.0.27-1.el6.x86_64.rpm
rh-php70-php-dbg-7.0.27-1.el6.x86_64.rpm
rh-php70-php-debuginfo-7.0.27-1.el6.x86_64.rpm
rh-php70-php-devel-7.0.27-1.el6.x86_64.rpm
rh-php70-php-embedded-7.0.27-1.el6.x86_64.rpm
rh-php70-php-enchant-7.0.27-1.el6.x86_64.rpm
rh-php70-php-fpm-7.0.27-1.el6.x86_64.rpm
rh-php70-php-gd-7.0.27-1.el6.x86_64.rpm
rh-php70-php-gmp-7.0.27-1.el6.x86_64.rpm
rh-php70-php-imap-7.0.27-1.el6.x86_64.rpm
rh-php70-php-intl-7.0.27-1.el6.x86_64.rpm
rh-php70-php-json-7.0.27-1.el6.x86_64.rpm
rh-php70-php-ldap-7.0.27-1.el6.x86_64.rpm
rh-php70-php-mbstring-7.0.27-1.el6.x86_64.rpm
rh-php70-php-mysqlnd-7.0.27-1.el6.x86_64.rpm
rh-php70-php-odbc-7.0.27-1.el6.x86_64.rpm
rh-php70-php-opcache-7.0.27-1.el6.x86_64.rpm
rh-php70-php-pdo-7.0.27-1.el6.x86_64.rpm
rh-php70-php-pgsql-7.0.27-1.el6.x86_64.rpm
rh-php70-php-process-7.0.27-1.el6.x86_64.rpm
rh-php70-php-pspell-7.0.27-1.el6.x86_64.rpm
rh-php70-php-recode-7.0.27-1.el6.x86_64.rpm
rh-php70-php-snmp-7.0.27-1.el6.x86_64.rpm
rh-php70-php-soap-7.0.27-1.el6.x86_64.rpm
rh-php70-php-tidy-7.0.27-1.el6.x86_64.rpm
rh-php70-php-xml-7.0.27-1.el6.x86_64.rpm
rh-php70-php-xmlrpc-7.0.27-1.el6.x86_64.rpm
rh-php70-php-zip-7.0.27-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):

Source:
rh-php70-php-7.0.27-1.el6.src.rpm

x86_64:
rh-php70-php-7.0.27-1.el6.x86_64.rpm
rh-php70-php-bcmath-7.0.27-1.el6.x86_64.rpm
rh-php70-php-cli-7.0.27-1.el6.x86_64.rpm
rh-php70-php-common-7.0.27-1.el6.x86_64.rpm
rh-php70-php-dba-7.0.27-1.el6.x86_64.rpm
rh-php70-php-dbg-7.0.27-1.el6.x86_64.rpm
rh-php70-php-debuginfo-7.0.27-1.el6.x86_64.rpm
rh-php70-php-devel-7.0.27-1.el6.x86_64.rpm
rh-php70-php-embedded-7.0.27-1.el6.x86_64.rpm
rh-php70-php-enchant-7.0.27-1.el6.x86_64.rpm
rh-php70-php-fpm-7.0.27-1.el6.x86_64.rpm
rh-php70-php-gd-7.0.27-1.el6.x86_64.rpm
rh-php70-php-gmp-7.0.27-1.el6.x86_64.rpm
rh-php70-php-imap-7.0.27-1.el6.x86_64.rpm
rh-php70-php-intl-7.0.27-1.el6.x86_64.rpm
rh-php70-php-json-7.0.27-1.el6.x86_64.rpm
rh-php70-php-ldap-7.0.27-1.el6.x86_64.rpm
rh-php70-php-mbstring-7.0.27-1.el6.x86_64.rpm
rh-php70-php-mysqlnd-7.0.27-1.el6.x86_64.rpm
rh-php70-php-odbc-7.0.27-1.el6.x86_64.rpm
rh-php70-php-opcache-7.0.27-1.el6.x86_64.rpm
rh-php70-php-pdo-7.0.27-1.el6.x86_64.rpm
rh-php70-php-pgsql-7.0.27-1.el6.x86_64.rpm
rh-php70-php-process-7.0.27-1.el6.x86_64.rpm
rh-php70-php-pspell-7.0.27-1.el6.x86_64.rpm
rh-php70-php-recode-7.0.27-1.el6.x86_64.rpm
rh-php70-php-snmp-7.0.27-1.el6.x86_64.rpm
rh-php70-php-soap-7.0.27-1.el6.x86_64.rpm
rh-php70-php-tidy-7.0.27-1.el6.x86_64.rpm
rh-php70-php-xml-7.0.27-1.el6.x86_64.rpm
rh-php70-php-xmlrpc-7.0.27-1.el6.x86_64.rpm
rh-php70-php-zip-7.0.27-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):

Source:
rh-php70-php-7.0.27-1.el6.src.rpm

x86_64:
rh-php70-php-7.0.27-1.el6.x86_64.rpm
rh-php70-php-bcmath-7.0.27-1.el6.x86_64.rpm
rh-php70-php-cli-7.0.27-1.el6.x86_64.rpm
rh-php70-php-common-7.0.27-1.el6.x86_64.rpm
rh-php70-php-dba-7.0.27-1.el6.x86_64.rpm
rh-php70-php-dbg-7.0.27-1.el6.x86_64.rpm
rh-php70-php-debuginfo-7.0.27-1.el6.x86_64.rpm
rh-php70-php-devel-7.0.27-1.el6.x86_64.rpm
rh-php70-php-embedded-7.0.27-1.el6.x86_64.rpm
rh-php70-php-enchant-7.0.27-1.el6.x86_64.rpm
rh-php70-php-fpm-7.0.27-1.el6.x86_64.rpm
rh-php70-php-gd-7.0.27-1.el6.x86_64.rpm
rh-php70-php-gmp-7.0.27-1.el6.x86_64.rpm
rh-php70-php-imap-7.0.27-1.el6.x86_64.rpm
rh-php70-php-intl-7.0.27-1.el6.x86_64.rpm
rh-php70-php-json-7.0.27-1.el6.x86_64.rpm
rh-php70-php-ldap-7.0.27-1.el6.x86_64.rpm
rh-php70-php-mbstring-7.0.27-1.el6.x86_64.rpm
rh-php70-php-mysqlnd-7.0.27-1.el6.x86_64.rpm
rh-php70-php-odbc-7.0.27-1.el6.x86_64.rpm
rh-php70-php-opcache-7.0.27-1.el6.x86_64.rpm
rh-php70-php-pdo-7.0.27-1.el6.x86_64.rpm
rh-php70-php-pgsql-7.0.27-1.el6.x86_64.rpm
rh-php70-php-process-7.0.27-1.el6.x86_64.rpm
rh-php70-php-pspell-7.0.27-1.el6.x86_64.rpm
rh-php70-php-recode-7.0.27-1.el6.x86_64.rpm
rh-php70-php-snmp-7.0.27-1.el6.x86_64.rpm
rh-php70-php-soap-7.0.27-1.el6.x86_64.rpm
rh-php70-php-tidy-7.0.27-1.el6.x86_64.rpm
rh-php70-php-xml-7.0.27-1.el6.x86_64.rpm
rh-php70-php-xmlrpc-7.0.27-1.el6.x86_64.rpm
rh-php70-php-zip-7.0.27-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:
rh-php70-php-7.0.27-1.el7.src.rpm

x86_64:
rh-php70-php-7.0.27-1.el7.x86_64.rpm
rh-php70-php-bcmath-7.0.27-1.el7.x86_64.rpm
rh-php70-php-cli-7.0.27-1.el7.x86_64.rpm
rh-php70-php-common-7.0.27-1.el7.x86_64.rpm
rh-php70-php-dba-7.0.27-1.el7.x86_64.rpm
rh-php70-php-dbg-7.0.27-1.el7.x86_64.rpm
rh-php70-php-debuginfo-7.0.27-1.el7.x86_64.rpm
rh-php70-php-devel-7.0.27-1.el7.x86_64.rpm
rh-php70-php-embedded-7.0.27-1.el7.x86_64.rpm
rh-php70-php-enchant-7.0.27-1.el7.x86_64.rpm
rh-php70-php-fpm-7.0.27-1.el7.x86_64.rpm
rh-php70-php-gd-7.0.27-1.el7.x86_64.rpm
rh-php70-php-gmp-7.0.27-1.el7.x86_64.rpm
rh-php70-php-intl-7.0.27-1.el7.x86_64.rpm
rh-php70-php-json-7.0.27-1.el7.x86_64.rpm
rh-php70-php-ldap-7.0.27-1.el7.x86_64.rpm
rh-php70-php-mbstring-7.0.27-1.el7.x86_64.rpm
rh-php70-php-mysqlnd-7.0.27-1.el7.x86_64.rpm
rh-php70-php-odbc-7.0.27-1.el7.x86_64.rpm
rh-php70-php-opcache-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pdo-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pgsql-7.0.27-1.el7.x86_64.rpm
rh-php70-php-process-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pspell-7.0.27-1.el7.x86_64.rpm
rh-php70-php-recode-7.0.27-1.el7.x86_64.rpm
rh-php70-php-snmp-7.0.27-1.el7.x86_64.rpm
rh-php70-php-soap-7.0.27-1.el7.x86_64.rpm
rh-php70-php-xml-7.0.27-1.el7.x86_64.rpm
rh-php70-php-xmlrpc-7.0.27-1.el7.x86_64.rpm
rh-php70-php-zip-7.0.27-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):

Source:
rh-php70-php-7.0.27-1.el7.src.rpm

x86_64:
rh-php70-php-7.0.27-1.el7.x86_64.rpm
rh-php70-php-bcmath-7.0.27-1.el7.x86_64.rpm
rh-php70-php-cli-7.0.27-1.el7.x86_64.rpm
rh-php70-php-common-7.0.27-1.el7.x86_64.rpm
rh-php70-php-dba-7.0.27-1.el7.x86_64.rpm
rh-php70-php-dbg-7.0.27-1.el7.x86_64.rpm
rh-php70-php-debuginfo-7.0.27-1.el7.x86_64.rpm
rh-php70-php-devel-7.0.27-1.el7.x86_64.rpm
rh-php70-php-embedded-7.0.27-1.el7.x86_64.rpm
rh-php70-php-enchant-7.0.27-1.el7.x86_64.rpm
rh-php70-php-fpm-7.0.27-1.el7.x86_64.rpm
rh-php70-php-gd-7.0.27-1.el7.x86_64.rpm
rh-php70-php-gmp-7.0.27-1.el7.x86_64.rpm
rh-php70-php-intl-7.0.27-1.el7.x86_64.rpm
rh-php70-php-json-7.0.27-1.el7.x86_64.rpm
rh-php70-php-ldap-7.0.27-1.el7.x86_64.rpm
rh-php70-php-mbstring-7.0.27-1.el7.x86_64.rpm
rh-php70-php-mysqlnd-7.0.27-1.el7.x86_64.rpm
rh-php70-php-odbc-7.0.27-1.el7.x86_64.rpm
rh-php70-php-opcache-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pdo-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pgsql-7.0.27-1.el7.x86_64.rpm
rh-php70-php-process-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pspell-7.0.27-1.el7.x86_64.rpm
rh-php70-php-recode-7.0.27-1.el7.x86_64.rpm
rh-php70-php-snmp-7.0.27-1.el7.x86_64.rpm
rh-php70-php-soap-7.0.27-1.el7.x86_64.rpm
rh-php70-php-xml-7.0.27-1.el7.x86_64.rpm
rh-php70-php-xmlrpc-7.0.27-1.el7.x86_64.rpm
rh-php70-php-zip-7.0.27-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):

Source:
rh-php70-php-7.0.27-1.el7.src.rpm

x86_64:
rh-php70-php-7.0.27-1.el7.x86_64.rpm
rh-php70-php-bcmath-7.0.27-1.el7.x86_64.rpm
rh-php70-php-cli-7.0.27-1.el7.x86_64.rpm
rh-php70-php-common-7.0.27-1.el7.x86_64.rpm
rh-php70-php-dba-7.0.27-1.el7.x86_64.rpm
rh-php70-php-dbg-7.0.27-1.el7.x86_64.rpm
rh-php70-php-debuginfo-7.0.27-1.el7.x86_64.rpm
rh-php70-php-devel-7.0.27-1.el7.x86_64.rpm
rh-php70-php-embedded-7.0.27-1.el7.x86_64.rpm
rh-php70-php-enchant-7.0.27-1.el7.x86_64.rpm
rh-php70-php-fpm-7.0.27-1.el7.x86_64.rpm
rh-php70-php-gd-7.0.27-1.el7.x86_64.rpm
rh-php70-php-gmp-7.0.27-1.el7.x86_64.rpm
rh-php70-php-intl-7.0.27-1.el7.x86_64.rpm
rh-php70-php-json-7.0.27-1.el7.x86_64.rpm
rh-php70-php-ldap-7.0.27-1.el7.x86_64.rpm
rh-php70-php-mbstring-7.0.27-1.el7.x86_64.rpm
rh-php70-php-mysqlnd-7.0.27-1.el7.x86_64.rpm
rh-php70-php-odbc-7.0.27-1.el7.x86_64.rpm
rh-php70-php-opcache-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pdo-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pgsql-7.0.27-1.el7.x86_64.rpm
rh-php70-php-process-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pspell-7.0.27-1.el7.x86_64.rpm
rh-php70-php-recode-7.0.27-1.el7.x86_64.rpm
rh-php70-php-snmp-7.0.27-1.el7.x86_64.rpm
rh-php70-php-soap-7.0.27-1.el7.x86_64.rpm
rh-php70-php-xml-7.0.27-1.el7.x86_64.rpm
rh-php70-php-xmlrpc-7.0.27-1.el7.x86_64.rpm
rh-php70-php-zip-7.0.27-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):

Source:
rh-php70-php-7.0.27-1.el7.src.rpm

x86_64:
rh-php70-php-7.0.27-1.el7.x86_64.rpm
rh-php70-php-bcmath-7.0.27-1.el7.x86_64.rpm
rh-php70-php-cli-7.0.27-1.el7.x86_64.rpm
rh-php70-php-common-7.0.27-1.el7.x86_64.rpm
rh-php70-php-dba-7.0.27-1.el7.x86_64.rpm
rh-php70-php-dbg-7.0.27-1.el7.x86_64.rpm
rh-php70-php-debuginfo-7.0.27-1.el7.x86_64.rpm
rh-php70-php-devel-7.0.27-1.el7.x86_64.rpm
rh-php70-php-embedded-7.0.27-1.el7.x86_64.rpm
rh-php70-php-enchant-7.0.27-1.el7.x86_64.rpm
rh-php70-php-fpm-7.0.27-1.el7.x86_64.rpm
rh-php70-php-gd-7.0.27-1.el7.x86_64.rpm
rh-php70-php-gmp-7.0.27-1.el7.x86_64.rpm
rh-php70-php-intl-7.0.27-1.el7.x86_64.rpm
rh-php70-php-json-7.0.27-1.el7.x86_64.rpm
rh-php70-php-ldap-7.0.27-1.el7.x86_64.rpm
rh-php70-php-mbstring-7.0.27-1.el7.x86_64.rpm
rh-php70-php-mysqlnd-7.0.27-1.el7.x86_64.rpm
rh-php70-php-odbc-7.0.27-1.el7.x86_64.rpm
rh-php70-php-opcache-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pdo-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pgsql-7.0.27-1.el7.x86_64.rpm
rh-php70-php-process-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pspell-7.0.27-1.el7.x86_64.rpm
rh-php70-php-recode-7.0.27-1.el7.x86_64.rpm
rh-php70-php-snmp-7.0.27-1.el7.x86_64.rpm
rh-php70-php-soap-7.0.27-1.el7.x86_64.rpm
rh-php70-php-xml-7.0.27-1.el7.x86_64.rpm
rh-php70-php-xmlrpc-7.0.27-1.el7.x86_64.rpm
rh-php70-php-zip-7.0.27-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source:
rh-php70-php-7.0.27-1.el7.src.rpm

x86_64:
rh-php70-php-7.0.27-1.el7.x86_64.rpm
rh-php70-php-bcmath-7.0.27-1.el7.x86_64.rpm
rh-php70-php-cli-7.0.27-1.el7.x86_64.rpm
rh-php70-php-common-7.0.27-1.el7.x86_64.rpm
rh-php70-php-dba-7.0.27-1.el7.x86_64.rpm
rh-php70-php-dbg-7.0.27-1.el7.x86_64.rpm
rh-php70-php-debuginfo-7.0.27-1.el7.x86_64.rpm
rh-php70-php-devel-7.0.27-1.el7.x86_64.rpm
rh-php70-php-embedded-7.0.27-1.el7.x86_64.rpm
rh-php70-php-enchant-7.0.27-1.el7.x86_64.rpm
rh-php70-php-fpm-7.0.27-1.el7.x86_64.rpm
rh-php70-php-gd-7.0.27-1.el7.x86_64.rpm
rh-php70-php-gmp-7.0.27-1.el7.x86_64.rpm
rh-php70-php-intl-7.0.27-1.el7.x86_64.rpm
rh-php70-php-json-7.0.27-1.el7.x86_64.rpm
rh-php70-php-ldap-7.0.27-1.el7.x86_64.rpm
rh-php70-php-mbstring-7.0.27-1.el7.x86_64.rpm
rh-php70-php-mysqlnd-7.0.27-1.el7.x86_64.rpm
rh-php70-php-odbc-7.0.27-1.el7.x86_64.rpm
rh-php70-php-opcache-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pdo-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pgsql-7.0.27-1.el7.x86_64.rpm
rh-php70-php-process-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pspell-7.0.27-1.el7.x86_64.rpm
rh-php70-php-recode-7.0.27-1.el7.x86_64.rpm
rh-php70-php-snmp-7.0.27-1.el7.x86_64.rpm
rh-php70-php-soap-7.0.27-1.el7.x86_64.rpm
rh-php70-php-xml-7.0.27-1.el7.x86_64.rpm
rh-php70-php-xmlrpc-7.0.27-1.el7.x86_64.rpm
rh-php70-php-zip-7.0.27-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2016-7412
https://access.redhat.com/security/cve/CVE-2016-7413
https://access.redhat.com/security/cve/CVE-2016-7414
https://access.redhat.com/security/cve/CVE-2016-7416
https://access.redhat.com/security/cve/CVE-2016-7417
https://access.redhat.com/security/cve/CVE-2016-7418
https://access.redhat.com/security/cve/CVE-2016-7479
https://access.redhat.com/security/cve/CVE-2016-9933
https://access.redhat.com/security/cve/CVE-2016-9934
https://access.redhat.com/security/cve/CVE-2016-9935
https://access.redhat.com/security/cve/CVE-2016-9936
https://access.redhat.com/security/cve/CVE-2016-10158
https://access.redhat.com/security/cve/CVE-2016-10159
https://access.redhat.com/security/cve/CVE-2016-10160
https://access.redhat.com/security/cve/CVE-2016-10161
https://access.redhat.com/security/cve/CVE-2016-10162
https://access.redhat.com/security/cve/CVE-2016-10167
https://access.redhat.com/security/cve/CVE-2016-10168
https://access.redhat.com/security/cve/CVE-2017-5340
https://access.redhat.com/security/cve/CVE-2017-7890
https://access.redhat.com/security/cve/CVE-2017-9224
https://access.redhat.com/security/cve/CVE-2017-9226
https://access.redhat.com/security/cve/CVE-2017-9227
https://access.redhat.com/security/cve/CVE-2017-9228
https://access.redhat.com/security/cve/CVE-2017-9229
https://access.redhat.com/security/cve/CVE-2017-11143
https://access.redhat.com/security/cve/CVE-2017-11144
https://access.redhat.com/security/cve/CVE-2017-11145
https://access.redhat.com/security/cve/CVE-2017-11147
https://access.redhat.com/security/cve/CVE-2017-11362
https://access.redhat.com/security/cve/CVE-2017-11628
https://access.redhat.com/security/cve/CVE-2017-12932
https://access.redhat.com/security/cve/CVE-2017-12933
https://access.redhat.com/security/cve/CVE-2017-12934
https://access.redhat.com/security/cve/CVE-2017-16642
https://access.redhat.com/security/cve/CVE-2018-5711
https://access.redhat.com/security/cve/CVE-2018-5712
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.1_release_notes/chap-rhscl#sect-RHSCL-Changes-php

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFa6pjLXlSAg2UNWIIRAl/4AJ4xZ6FVm1vp0atAm6qH0wRy9BaoXwCeNY7y
Yn2H3QsxbivwF5TiiQJrAgA=
=ZLRk
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC