Scientific Linux alert SLSA-2020:1112-1 (php)
| From: | Farhan Ahmed <fahmed@fnal.gov> | |
| To: | scientific-linux-errata@listserv.fnal.gov | |
| Subject: | Security ERRATA Moderate: php on SL7.x x86_64 | |
| Date: | Mon, 20 Apr 2020 16:43:51 -0000 | |
| Message-ID: | <20200420164351.21964.67872@slpackages.fnal.gov> |
Synopsis: Moderate: php security update Advisory ID: SLSA-2020:1112-1 Issue Date: 2020-04-07 CVE Numbers: CVE-2018-10547 CVE-2019-9024 CVE-2018-7584 CVE-2018-5712 -- * php: Reflected XSS on PHAR 404 page * php: Stack-based buffer under-read in php_stream_url_wrap_http_ex() in http_fopen_wrapper.c when parsing HTTP response * php: Reflected XSS vulnerability on PHAR 403 and 404 error pages * php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c -- SL7 x86_64 php-pdo-5.4.16-48.el7.x86_64.rpm php-pgsql-5.4.16-48.el7.x86_64.rpm php-recode-5.4.16-48.el7.x86_64.rpm php-common-5.4.16-48.el7.x86_64.rpm php-gd-5.4.16-48.el7.x86_64.rpm php-mysql-5.4.16-48.el7.x86_64.rpm php-soap-5.4.16-48.el7.x86_64.rpm php-xml-5.4.16-48.el7.x86_64.rpm php-xmlrpc-5.4.16-48.el7.x86_64.rpm php-process-5.4.16-48.el7.x86_64.rpm php-odbc-5.4.16-48.el7.x86_64.rpm php-ldap-5.4.16-48.el7.x86_64.rpm php-5.4.16-48.el7.x86_64.rpm php-cli-5.4.16-48.el7.x86_64.rpm php-bcmath-5.4.16-48.el7.x86_64.rpm php-dba-5.4.16-48.el7.x86_64.rpm php-debuginfo-5.4.16-48.el7.x86_64.rpm php-devel-5.4.16-48.el7.x86_64.rpm php-embedded-5.4.16-48.el7.x86_64.rpm php-enchant-5.4.16-48.el7.x86_64.rpm php-fpm-5.4.16-48.el7.x86_64.rpm php-intl-5.4.16-48.el7.x86_64.rpm php-mbstring-5.4.16-48.el7.x86_64.rpm php-mysqlnd-5.4.16-48.el7.x86_64.rpm php-pspell-5.4.16-48.el7.x86_64.rpm php-snmp-5.4.16-48.el7.x86_64.rpm - Scientific Linux Development Team