Sign-up

ID

VAR-201908-1840


CVE

CVE-2019-11041


TITLE

PHP EXIF Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-007694

DESCRIPTION

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. PHP EXIF Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by PHPGroup and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. A buffer error vulnerability exists in PHP 7.1.x prior to 7.1.31, 7.2.x prior to 7.2.21, and 7.3.x prior to 7.3.8. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. PHP is prone to a heap-based buffer-overflow vulnerability. Failed exploits will result in denial-of-service conditions. PHP versions before 7.3.8 are vulnerable. ========================================================================= Ubuntu Security Notice USN-4097-2 August 13, 2019 php5 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: PHP could be made to crash or execute arbitrary code if it received specially crafted image. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that PHP incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2019-11041, CVE-2019-11042) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.29+esm5 php5-cgi 5.5.9+dfsg-1ubuntu4.29+esm5 php5-cli 5.5.9+dfsg-1ubuntu4.29+esm5 php5-fpm 5.5.9+dfsg-1ubuntu4.29+esm5 php5-xmlrpc 5.5.9+dfsg-1ubuntu4.29+esm5 Ubuntu 12.04 ESM: libapache2-mod-php5 5.3.10-1ubuntu3.39 php5-cgi 5.3.10-1ubuntu3.39 php5-cli 5.3.10-1ubuntu3.39 php5-fpm 5.3.10-1ubuntu3.39 php5-xmlrpc 5.3.10-1ubuntu3.39 In general, a standard system update will make all the necessary changes. For the stable distribution (buster), these problems have been fixed in version 7.3.9-1~deb10u1. We recommend that you upgrade your php7.3 packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Critical: rh-php72-php security update Advisory ID: RHSA-2019:3299-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:3299 Issue date: 2019-11-01 CVE Names: CVE-2016-10166 CVE-2018-20783 CVE-2019-6977 CVE-2019-9020 CVE-2019-9021 CVE-2019-9022 CVE-2019-9023 CVE-2019-9024 CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 CVE-2019-11038 CVE-2019-11039 CVE-2019-11040 CVE-2019-11041 CVE-2019-11042 CVE-2019-11043 ===================================================================== 1. Summary: An update for rh-php72-php is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: rh-php72-php (7.2.24). (BZ#1766603) Security Fix(es): * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) * gd: Unsigned integer underflow _gdContributionsAlloc() (CVE-2016-10166) * gd: Heap based buffer overflow in gdImageColorMatch() in gd_color_match.c (CVE-2019-6977) * php: Invalid memory access in function xmlrpc_decode() (CVE-2019-9020) * php: File rename across filesystems may allow unwanted access during processing (CVE-2019-9637) * php: Uninitialized read in exif_process_IFD_in_MAKERNOTE (CVE-2019-9638) * php: Uninitialized read in exif_process_IFD_in_MAKERNOTE (CVE-2019-9639) * php: Invalid read in exif_process_SOFn() (CVE-2019-9640) * php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() (CVE-2019-11039) * php: Buffer over-read in exif_read_data() (CVE-2019-11040) * php: Buffer over-read in PHAR reading functions (CVE-2018-20783) * php: Heap-based buffer over-read in PHAR reading functions (CVE-2019-9021) * php: memcpy with negative length via crafted DNS response (CVE-2019-9022) * php: Heap-based buffer over-read in mbstring regular expression functions (CVE-2019-9023) * php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c (CVE-2019-9024) * php: Heap buffer overflow in function exif_process_IFD_TAG() (CVE-2019-11034) * php: Heap buffer overflow in function exif_iif_add_value() (CVE-2019-11035) * php: Buffer over-read in exif_process_IFD_TAG() leading to information disclosure (CVE-2019-11036) * gd: Information disclosure in gdImageCreateFromXbm() (CVE-2019-11038) * php: heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041) * php: heap buffer over-read in exif_process_user_comment() (CVE-2019-11042) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1418983 - CVE-2016-10166 gd: Unsigned integer underflow _gdContributionsAlloc() 1672207 - CVE-2019-6977 gd: Heap based buffer overflow in gdImageColorMatch() in gd_color_match.c 1680545 - CVE-2018-20783 php: Buffer over-read in PHAR reading functions 1685123 - CVE-2019-9020 php: Invalid memory access in function xmlrpc_decode() 1685132 - CVE-2019-9021 php: Heap-based buffer over-read in PHAR reading functions 1685398 - CVE-2019-9023 php: Heap-based buffer over-read in mbstring regular expression functions 1685404 - CVE-2019-9024 php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c 1685412 - CVE-2019-9022 php: memcpy with negative length via crafted DNS response 1688897 - CVE-2019-9637 php: File rename across filesystems may allow unwanted access during processing 1688922 - CVE-2019-9638 php: Uninitialized read in exif_process_IFD_in_MAKERNOTE 1688934 - CVE-2019-9639 php: Uninitialized read in exif_process_IFD_in_MAKERNOTE 1688939 - CVE-2019-9640 php: Invalid read in exif_process_SOFn() 1702246 - CVE-2019-11035 php: Heap buffer overflow in function exif_iif_add_value() 1702256 - CVE-2019-11034 php: Heap buffer overflow in function exif_process_IFD_TAG() 1707299 - CVE-2019-11036 php: Buffer over-read in exif_process_IFD_TAG() leading to information disclosure 1724149 - CVE-2019-11038 gd: Information disclosure in gdImageCreateFromXbm() 1724152 - CVE-2019-11039 php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() 1724154 - CVE-2019-11040 php: Buffer over-read in exif_read_data() 1739459 - CVE-2019-11041 php: heap buffer over-read in exif_scan_thumbnail() 1739465 - CVE-2019-11042 php: heap buffer over-read in exif_process_user_comment() 1766378 - CVE-2019-11043 php: underflow in env_path_info in fpm_main.c 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-php72-php-7.2.24-1.el7.src.rpm aarch64: rh-php72-php-7.2.24-1.el7.aarch64.rpm rh-php72-php-bcmath-7.2.24-1.el7.aarch64.rpm rh-php72-php-cli-7.2.24-1.el7.aarch64.rpm rh-php72-php-common-7.2.24-1.el7.aarch64.rpm rh-php72-php-dba-7.2.24-1.el7.aarch64.rpm rh-php72-php-dbg-7.2.24-1.el7.aarch64.rpm rh-php72-php-debuginfo-7.2.24-1.el7.aarch64.rpm rh-php72-php-devel-7.2.24-1.el7.aarch64.rpm rh-php72-php-embedded-7.2.24-1.el7.aarch64.rpm rh-php72-php-enchant-7.2.24-1.el7.aarch64.rpm rh-php72-php-fpm-7.2.24-1.el7.aarch64.rpm rh-php72-php-gd-7.2.24-1.el7.aarch64.rpm rh-php72-php-gmp-7.2.24-1.el7.aarch64.rpm rh-php72-php-intl-7.2.24-1.el7.aarch64.rpm rh-php72-php-json-7.2.24-1.el7.aarch64.rpm rh-php72-php-ldap-7.2.24-1.el7.aarch64.rpm rh-php72-php-mbstring-7.2.24-1.el7.aarch64.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.aarch64.rpm rh-php72-php-odbc-7.2.24-1.el7.aarch64.rpm rh-php72-php-opcache-7.2.24-1.el7.aarch64.rpm rh-php72-php-pdo-7.2.24-1.el7.aarch64.rpm rh-php72-php-pgsql-7.2.24-1.el7.aarch64.rpm rh-php72-php-process-7.2.24-1.el7.aarch64.rpm rh-php72-php-pspell-7.2.24-1.el7.aarch64.rpm rh-php72-php-recode-7.2.24-1.el7.aarch64.rpm rh-php72-php-snmp-7.2.24-1.el7.aarch64.rpm rh-php72-php-soap-7.2.24-1.el7.aarch64.rpm rh-php72-php-xml-7.2.24-1.el7.aarch64.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.aarch64.rpm rh-php72-php-zip-7.2.24-1.el7.aarch64.rpm ppc64le: rh-php72-php-7.2.24-1.el7.ppc64le.rpm rh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm rh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm rh-php72-php-common-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm rh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm rh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm rh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm rh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm rh-php72-php-json-7.2.24-1.el7.ppc64le.rpm rh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm rh-php72-php-process-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm rh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm rh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm s390x: rh-php72-php-7.2.24-1.el7.s390x.rpm rh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm rh-php72-php-cli-7.2.24-1.el7.s390x.rpm rh-php72-php-common-7.2.24-1.el7.s390x.rpm rh-php72-php-dba-7.2.24-1.el7.s390x.rpm rh-php72-php-dbg-7.2.24-1.el7.s390x.rpm rh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm rh-php72-php-devel-7.2.24-1.el7.s390x.rpm rh-php72-php-embedded-7.2.24-1.el7.s390x.rpm rh-php72-php-enchant-7.2.24-1.el7.s390x.rpm rh-php72-php-fpm-7.2.24-1.el7.s390x.rpm rh-php72-php-gd-7.2.24-1.el7.s390x.rpm rh-php72-php-gmp-7.2.24-1.el7.s390x.rpm rh-php72-php-intl-7.2.24-1.el7.s390x.rpm rh-php72-php-json-7.2.24-1.el7.s390x.rpm rh-php72-php-ldap-7.2.24-1.el7.s390x.rpm rh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm rh-php72-php-odbc-7.2.24-1.el7.s390x.rpm rh-php72-php-opcache-7.2.24-1.el7.s390x.rpm rh-php72-php-pdo-7.2.24-1.el7.s390x.rpm rh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm rh-php72-php-process-7.2.24-1.el7.s390x.rpm rh-php72-php-pspell-7.2.24-1.el7.s390x.rpm rh-php72-php-recode-7.2.24-1.el7.s390x.rpm rh-php72-php-snmp-7.2.24-1.el7.s390x.rpm rh-php72-php-soap-7.2.24-1.el7.s390x.rpm rh-php72-php-xml-7.2.24-1.el7.s390x.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm rh-php72-php-zip-7.2.24-1.el7.s390x.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-php72-php-7.2.24-1.el7.src.rpm aarch64: rh-php72-php-7.2.24-1.el7.aarch64.rpm rh-php72-php-bcmath-7.2.24-1.el7.aarch64.rpm rh-php72-php-cli-7.2.24-1.el7.aarch64.rpm rh-php72-php-common-7.2.24-1.el7.aarch64.rpm rh-php72-php-dba-7.2.24-1.el7.aarch64.rpm rh-php72-php-dbg-7.2.24-1.el7.aarch64.rpm rh-php72-php-debuginfo-7.2.24-1.el7.aarch64.rpm rh-php72-php-devel-7.2.24-1.el7.aarch64.rpm rh-php72-php-embedded-7.2.24-1.el7.aarch64.rpm rh-php72-php-enchant-7.2.24-1.el7.aarch64.rpm rh-php72-php-fpm-7.2.24-1.el7.aarch64.rpm rh-php72-php-gd-7.2.24-1.el7.aarch64.rpm rh-php72-php-gmp-7.2.24-1.el7.aarch64.rpm rh-php72-php-intl-7.2.24-1.el7.aarch64.rpm rh-php72-php-json-7.2.24-1.el7.aarch64.rpm rh-php72-php-ldap-7.2.24-1.el7.aarch64.rpm rh-php72-php-mbstring-7.2.24-1.el7.aarch64.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.aarch64.rpm rh-php72-php-odbc-7.2.24-1.el7.aarch64.rpm rh-php72-php-opcache-7.2.24-1.el7.aarch64.rpm rh-php72-php-pdo-7.2.24-1.el7.aarch64.rpm rh-php72-php-pgsql-7.2.24-1.el7.aarch64.rpm rh-php72-php-process-7.2.24-1.el7.aarch64.rpm rh-php72-php-pspell-7.2.24-1.el7.aarch64.rpm rh-php72-php-recode-7.2.24-1.el7.aarch64.rpm rh-php72-php-snmp-7.2.24-1.el7.aarch64.rpm rh-php72-php-soap-7.2.24-1.el7.aarch64.rpm rh-php72-php-xml-7.2.24-1.el7.aarch64.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.aarch64.rpm rh-php72-php-zip-7.2.24-1.el7.aarch64.rpm ppc64le: rh-php72-php-7.2.24-1.el7.ppc64le.rpm rh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm rh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm rh-php72-php-common-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm rh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm rh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm rh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm rh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm rh-php72-php-json-7.2.24-1.el7.ppc64le.rpm rh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm rh-php72-php-process-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm rh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm rh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm s390x: rh-php72-php-7.2.24-1.el7.s390x.rpm rh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm rh-php72-php-cli-7.2.24-1.el7.s390x.rpm rh-php72-php-common-7.2.24-1.el7.s390x.rpm rh-php72-php-dba-7.2.24-1.el7.s390x.rpm rh-php72-php-dbg-7.2.24-1.el7.s390x.rpm rh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm rh-php72-php-devel-7.2.24-1.el7.s390x.rpm rh-php72-php-embedded-7.2.24-1.el7.s390x.rpm rh-php72-php-enchant-7.2.24-1.el7.s390x.rpm rh-php72-php-fpm-7.2.24-1.el7.s390x.rpm rh-php72-php-gd-7.2.24-1.el7.s390x.rpm rh-php72-php-gmp-7.2.24-1.el7.s390x.rpm rh-php72-php-intl-7.2.24-1.el7.s390x.rpm rh-php72-php-json-7.2.24-1.el7.s390x.rpm rh-php72-php-ldap-7.2.24-1.el7.s390x.rpm rh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm rh-php72-php-odbc-7.2.24-1.el7.s390x.rpm rh-php72-php-opcache-7.2.24-1.el7.s390x.rpm rh-php72-php-pdo-7.2.24-1.el7.s390x.rpm rh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm rh-php72-php-process-7.2.24-1.el7.s390x.rpm rh-php72-php-pspell-7.2.24-1.el7.s390x.rpm rh-php72-php-recode-7.2.24-1.el7.s390x.rpm rh-php72-php-snmp-7.2.24-1.el7.s390x.rpm rh-php72-php-soap-7.2.24-1.el7.s390x.rpm rh-php72-php-xml-7.2.24-1.el7.s390x.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm rh-php72-php-zip-7.2.24-1.el7.s390x.rpm x86_64: rh-php72-php-7.2.24-1.el7.x86_64.rpm rh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm rh-php72-php-cli-7.2.24-1.el7.x86_64.rpm rh-php72-php-common-7.2.24-1.el7.x86_64.rpm rh-php72-php-dba-7.2.24-1.el7.x86_64.rpm rh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm rh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm rh-php72-php-devel-7.2.24-1.el7.x86_64.rpm rh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm rh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm rh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm rh-php72-php-gd-7.2.24-1.el7.x86_64.rpm rh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-intl-7.2.24-1.el7.x86_64.rpm rh-php72-php-json-7.2.24-1.el7.x86_64.rpm rh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm rh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm rh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm rh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm rh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm rh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm rh-php72-php-process-7.2.24-1.el7.x86_64.rpm rh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm rh-php72-php-recode-7.2.24-1.el7.x86_64.rpm rh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-soap-7.2.24-1.el7.x86_64.rpm rh-php72-php-xml-7.2.24-1.el7.x86_64.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm rh-php72-php-zip-7.2.24-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5): Source: rh-php72-php-7.2.24-1.el7.src.rpm ppc64le: rh-php72-php-7.2.24-1.el7.ppc64le.rpm rh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm rh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm rh-php72-php-common-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm rh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm rh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm rh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm rh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm rh-php72-php-json-7.2.24-1.el7.ppc64le.rpm rh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm rh-php72-php-process-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm rh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm rh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm s390x: rh-php72-php-7.2.24-1.el7.s390x.rpm rh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm rh-php72-php-cli-7.2.24-1.el7.s390x.rpm rh-php72-php-common-7.2.24-1.el7.s390x.rpm rh-php72-php-dba-7.2.24-1.el7.s390x.rpm rh-php72-php-dbg-7.2.24-1.el7.s390x.rpm rh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm rh-php72-php-devel-7.2.24-1.el7.s390x.rpm rh-php72-php-embedded-7.2.24-1.el7.s390x.rpm rh-php72-php-enchant-7.2.24-1.el7.s390x.rpm rh-php72-php-fpm-7.2.24-1.el7.s390x.rpm rh-php72-php-gd-7.2.24-1.el7.s390x.rpm rh-php72-php-gmp-7.2.24-1.el7.s390x.rpm rh-php72-php-intl-7.2.24-1.el7.s390x.rpm rh-php72-php-json-7.2.24-1.el7.s390x.rpm rh-php72-php-ldap-7.2.24-1.el7.s390x.rpm rh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm rh-php72-php-odbc-7.2.24-1.el7.s390x.rpm rh-php72-php-opcache-7.2.24-1.el7.s390x.rpm rh-php72-php-pdo-7.2.24-1.el7.s390x.rpm rh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm rh-php72-php-process-7.2.24-1.el7.s390x.rpm rh-php72-php-pspell-7.2.24-1.el7.s390x.rpm rh-php72-php-recode-7.2.24-1.el7.s390x.rpm rh-php72-php-snmp-7.2.24-1.el7.s390x.rpm rh-php72-php-soap-7.2.24-1.el7.s390x.rpm rh-php72-php-xml-7.2.24-1.el7.s390x.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm rh-php72-php-zip-7.2.24-1.el7.s390x.rpm x86_64: rh-php72-php-7.2.24-1.el7.x86_64.rpm rh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm rh-php72-php-cli-7.2.24-1.el7.x86_64.rpm rh-php72-php-common-7.2.24-1.el7.x86_64.rpm rh-php72-php-dba-7.2.24-1.el7.x86_64.rpm rh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm rh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm rh-php72-php-devel-7.2.24-1.el7.x86_64.rpm rh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm rh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm rh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm rh-php72-php-gd-7.2.24-1.el7.x86_64.rpm rh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-intl-7.2.24-1.el7.x86_64.rpm rh-php72-php-json-7.2.24-1.el7.x86_64.rpm rh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm rh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm rh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm rh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm rh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm rh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm rh-php72-php-process-7.2.24-1.el7.x86_64.rpm rh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm rh-php72-php-recode-7.2.24-1.el7.x86_64.rpm rh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-soap-7.2.24-1.el7.x86_64.rpm rh-php72-php-xml-7.2.24-1.el7.x86_64.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm rh-php72-php-zip-7.2.24-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6): Source: rh-php72-php-7.2.24-1.el7.src.rpm ppc64le: rh-php72-php-7.2.24-1.el7.ppc64le.rpm rh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm rh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm rh-php72-php-common-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm rh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm rh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm rh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm rh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm rh-php72-php-json-7.2.24-1.el7.ppc64le.rpm rh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm rh-php72-php-process-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm rh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm rh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm s390x: rh-php72-php-7.2.24-1.el7.s390x.rpm rh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm rh-php72-php-cli-7.2.24-1.el7.s390x.rpm rh-php72-php-common-7.2.24-1.el7.s390x.rpm rh-php72-php-dba-7.2.24-1.el7.s390x.rpm rh-php72-php-dbg-7.2.24-1.el7.s390x.rpm rh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm rh-php72-php-devel-7.2.24-1.el7.s390x.rpm rh-php72-php-embedded-7.2.24-1.el7.s390x.rpm rh-php72-php-enchant-7.2.24-1.el7.s390x.rpm rh-php72-php-fpm-7.2.24-1.el7.s390x.rpm rh-php72-php-gd-7.2.24-1.el7.s390x.rpm rh-php72-php-gmp-7.2.24-1.el7.s390x.rpm rh-php72-php-intl-7.2.24-1.el7.s390x.rpm rh-php72-php-json-7.2.24-1.el7.s390x.rpm rh-php72-php-ldap-7.2.24-1.el7.s390x.rpm rh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm rh-php72-php-odbc-7.2.24-1.el7.s390x.rpm rh-php72-php-opcache-7.2.24-1.el7.s390x.rpm rh-php72-php-pdo-7.2.24-1.el7.s390x.rpm rh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm rh-php72-php-process-7.2.24-1.el7.s390x.rpm rh-php72-php-pspell-7.2.24-1.el7.s390x.rpm rh-php72-php-recode-7.2.24-1.el7.s390x.rpm rh-php72-php-snmp-7.2.24-1.el7.s390x.rpm rh-php72-php-soap-7.2.24-1.el7.s390x.rpm rh-php72-php-xml-7.2.24-1.el7.s390x.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm rh-php72-php-zip-7.2.24-1.el7.s390x.rpm x86_64: rh-php72-php-7.2.24-1.el7.x86_64.rpm rh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm rh-php72-php-cli-7.2.24-1.el7.x86_64.rpm rh-php72-php-common-7.2.24-1.el7.x86_64.rpm rh-php72-php-dba-7.2.24-1.el7.x86_64.rpm rh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm rh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm rh-php72-php-devel-7.2.24-1.el7.x86_64.rpm rh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm rh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm rh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm rh-php72-php-gd-7.2.24-1.el7.x86_64.rpm rh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-intl-7.2.24-1.el7.x86_64.rpm rh-php72-php-json-7.2.24-1.el7.x86_64.rpm rh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm rh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm rh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm rh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm rh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm rh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm rh-php72-php-process-7.2.24-1.el7.x86_64.rpm rh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm rh-php72-php-recode-7.2.24-1.el7.x86_64.rpm rh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-soap-7.2.24-1.el7.x86_64.rpm rh-php72-php-xml-7.2.24-1.el7.x86_64.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm rh-php72-php-zip-7.2.24-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7): Source: rh-php72-php-7.2.24-1.el7.src.rpm ppc64le: rh-php72-php-7.2.24-1.el7.ppc64le.rpm rh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm rh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm rh-php72-php-common-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm rh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm rh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm rh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm rh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm rh-php72-php-json-7.2.24-1.el7.ppc64le.rpm rh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm rh-php72-php-process-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm rh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm rh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm s390x: rh-php72-php-7.2.24-1.el7.s390x.rpm rh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm rh-php72-php-cli-7.2.24-1.el7.s390x.rpm rh-php72-php-common-7.2.24-1.el7.s390x.rpm rh-php72-php-dba-7.2.24-1.el7.s390x.rpm rh-php72-php-dbg-7.2.24-1.el7.s390x.rpm rh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm rh-php72-php-devel-7.2.24-1.el7.s390x.rpm rh-php72-php-embedded-7.2.24-1.el7.s390x.rpm rh-php72-php-enchant-7.2.24-1.el7.s390x.rpm rh-php72-php-fpm-7.2.24-1.el7.s390x.rpm rh-php72-php-gd-7.2.24-1.el7.s390x.rpm rh-php72-php-gmp-7.2.24-1.el7.s390x.rpm rh-php72-php-intl-7.2.24-1.el7.s390x.rpm rh-php72-php-json-7.2.24-1.el7.s390x.rpm rh-php72-php-ldap-7.2.24-1.el7.s390x.rpm rh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm rh-php72-php-odbc-7.2.24-1.el7.s390x.rpm rh-php72-php-opcache-7.2.24-1.el7.s390x.rpm rh-php72-php-pdo-7.2.24-1.el7.s390x.rpm rh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm rh-php72-php-process-7.2.24-1.el7.s390x.rpm rh-php72-php-pspell-7.2.24-1.el7.s390x.rpm rh-php72-php-recode-7.2.24-1.el7.s390x.rpm rh-php72-php-snmp-7.2.24-1.el7.s390x.rpm rh-php72-php-soap-7.2.24-1.el7.s390x.rpm rh-php72-php-xml-7.2.24-1.el7.s390x.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm rh-php72-php-zip-7.2.24-1.el7.s390x.rpm x86_64: rh-php72-php-7.2.24-1.el7.x86_64.rpm rh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm rh-php72-php-cli-7.2.24-1.el7.x86_64.rpm rh-php72-php-common-7.2.24-1.el7.x86_64.rpm rh-php72-php-dba-7.2.24-1.el7.x86_64.rpm rh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm rh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm rh-php72-php-devel-7.2.24-1.el7.x86_64.rpm rh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm rh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm rh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm rh-php72-php-gd-7.2.24-1.el7.x86_64.rpm rh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-intl-7.2.24-1.el7.x86_64.rpm rh-php72-php-json-7.2.24-1.el7.x86_64.rpm rh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm rh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm rh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm rh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm rh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm rh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm rh-php72-php-process-7.2.24-1.el7.x86_64.rpm rh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm rh-php72-php-recode-7.2.24-1.el7.x86_64.rpm rh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-soap-7.2.24-1.el7.x86_64.rpm rh-php72-php-xml-7.2.24-1.el7.x86_64.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm rh-php72-php-zip-7.2.24-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-php72-php-7.2.24-1.el7.src.rpm x86_64: rh-php72-php-7.2.24-1.el7.x86_64.rpm rh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm rh-php72-php-cli-7.2.24-1.el7.x86_64.rpm rh-php72-php-common-7.2.24-1.el7.x86_64.rpm rh-php72-php-dba-7.2.24-1.el7.x86_64.rpm rh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm rh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm rh-php72-php-devel-7.2.24-1.el7.x86_64.rpm rh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm rh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm rh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm rh-php72-php-gd-7.2.24-1.el7.x86_64.rpm rh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-intl-7.2.24-1.el7.x86_64.rpm rh-php72-php-json-7.2.24-1.el7.x86_64.rpm rh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm rh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm rh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm rh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm rh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm rh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm rh-php72-php-process-7.2.24-1.el7.x86_64.rpm rh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm rh-php72-php-recode-7.2.24-1.el7.x86_64.rpm rh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-soap-7.2.24-1.el7.x86_64.rpm rh-php72-php-xml-7.2.24-1.el7.x86_64.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm rh-php72-php-zip-7.2.24-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-10166 https://access.redhat.com/security/cve/CVE-2018-20783 https://access.redhat.com/security/cve/CVE-2019-6977 https://access.redhat.com/security/cve/CVE-2019-9020 https://access.redhat.com/security/cve/CVE-2019-9021 https://access.redhat.com/security/cve/CVE-2019-9022 https://access.redhat.com/security/cve/CVE-2019-9023 https://access.redhat.com/security/cve/CVE-2019-9024 https://access.redhat.com/security/cve/CVE-2019-9637 https://access.redhat.com/security/cve/CVE-2019-9638 https://access.redhat.com/security/cve/CVE-2019-9639 https://access.redhat.com/security/cve/CVE-2019-9640 https://access.redhat.com/security/cve/CVE-2019-11034 https://access.redhat.com/security/cve/CVE-2019-11035 https://access.redhat.com/security/cve/CVE-2019-11036 https://access.redhat.com/security/cve/CVE-2019-11038 https://access.redhat.com/security/cve/CVE-2019-11039 https://access.redhat.com/security/cve/CVE-2019-11040 https://access.redhat.com/security/cve/CVE-2019-11041 https://access.redhat.com/security/cve/CVE-2019-11042 https://access.redhat.com/security/cve/CVE-2019-11043 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXbwslNzjgjWX9erEAQgZrA//YpBwARJTytrbpWQquZ4hnjbScNEZK1d4 sOOT+oiQSrzvghsNKNCKwEO1CLbNA9XOT7bCchtpD/HguTc4XeGNk7dAf/qA6UVB tJCxmqNBVBKqoe9UafmxLUFcVSkv/PHRVD2h+/TvmqdB8Uf2Z8hIIaBt7UsW34sb yBMLJVhyG98c/7VzwqFXW6Vm+Ly6+/ViYtloe5/Ex4D8FvB72Cc9uRvCTWdLLOXu PlwQKdaEt5CtUrTmLFEX+9t6tybwhNBf/dZ96nazCaSRtQVnhZI9s+wjoE6vEOOB +bOldvJ9tu7LclzMIz7SbSqjhPBSLtEMGZKcO1havVGDwcfPAEc12TW9DtVFDlqA Xq+dFW5vviRCoMlSmNBmSqQZSWMF64LdzjvWfW2G/nBnNLOdhu/Wufs1sJUOc+cp V9PgQH0iWut0N89DaOzTH+4PQvvvTw12HuKHk+P+/O8bBBdcI9gpd5klce/5jquc QXqhy49koz6BturNpVnXfSWjdLPwQ1pwhGJOkv7vLsdx6HVeuY6BsSE+C28cHFl+ z/AOZL4eCa9xKlePdGKCbqzTjMmCiJQbeShoBOKt1DtSgVVgtE0Kc5EZQcqop0aw RG304k1HSbrgsSRFxx6s1RophOQaC3ASvWkw5OY/8ylNrO9AAMxLRjZNCve6V7Rq 86WRMpuQxpE= =winR -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-10-07-1 macOS Catalina 10.15 macOS Catalina 10.15 is now available and addresses the following: AMD Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8748: Lilang Wu and Moony Li of TrendMicro Mobile Security Research Team apache_mod_php Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Multiple issues in PHP Description: Multiple issues were addressed by updating to PHP version 7.3.8. CVE-2019-11041 CVE-2019-11042 CoreAudio Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing a maliciously crafted movie may result in the disclosure of process memory Description: A memory corruption issue was addressed with improved validation. CVE-2019-8705: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative Crash Reporter Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: The "Share Mac Analytics" setting may not be disabled when a user deselects the switch to share analytics Description: A race condition existed when reading and writing user preferences. This was addressed with improved state handling. CVE-2019-8757: William Cerniuk of Core Development, LLC Intel Graphics Driver Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8758: Lilang Wu and Moony Li of Trend Micro IOGraphics Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A malicious application may be able to determine kernel memory layout Description: A logic issue was addressed with improved restrictions. CVE-2019-8755: Lilang Wu and Moony Li of Trend Micro Kernel Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8717: Jann Horn of Google Project Zero Kernel Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2019-8781: Linus Henze (pinauten.de) Notes Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A local user may be able to view a user's locked notes Description: The contents of locked notes sometimes appeared in search results. This issue was addressed with improved data cleanup. CVE-2019-8730: Jamie Blumberg (@jamie_blumberg) of Virginia Polytechnic Institute and State University PDFKit Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An attacker may be able to exfiltrate the contents of an encrypted PDF Description: An issue existed in the handling of links in encrypted PDFs. This issue was addressed by adding a confirmation prompt. CVE-2019-8772: Jens Müller of Ruhr University Bochum, Fabian Ising of FH Münster University of Applied Sciences, Vladislav Mladenov of Ruhr University Bochum, Christian Mainka of Ruhr University Bochum, Sebastian Schinzel of FH Münster University of Applied Sciences, and Jörg Schwenk of Ruhr University Bochum SharedFileList Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A malicious application may be able to access recent documents Description: The issue was addressed with improved permissions logic. CVE-2019-8770: Stanislav Zinukhov of Parallels International GmbH sips Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8701: Simon Huang(@HuangShaomang), Rong Fan(@fanrong1992) and pjf of IceSword Lab of Qihoo 360 UIFoundation Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8745: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative WebKit Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Visiting a maliciously crafted website may reveal browsing history Description: An issue existed in the drawing of web page elements. The issue was addressed with improved logic. CVE-2019-8769: Piérre Reimertz (@reimertz) WebKit Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A user may be unable to delete browsing history items Description: "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. CVE-2019-8768: Hugo S. Diaz (coldpointblue) Additional recognition Finder We would like to acknowledge Csaba Fitzl (@theevilbit) for their assistance. Gatekeeper We would like to acknowledge Csaba Fitzl (@theevilbit) for their assistance. Safari Data Importing We would like to acknowledge Kent Zoya for their assistance. Simple certificate enrollment protocol (SCEP) We would like to acknowledge an anonymous researcher for their assistance. Telephony We would like to acknowledge Phil Stokes from SentinelOne for their assistance. Installation note: macOS Catalina 10.15 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl2blu0ACgkQBz4uGe3y 0M1A7g//e9fSj7PMQLPpztkv54U3jAPgU5jxKEIeSxvImDLg94YFDH1RxiZ8UP+4 R8tb2vEi+gEV/MWHQyExunrUoxMc0szqFEEyTcA1nxUMTsYtmQNDVeMlv4nc9sOs n3Eh1wajdkmnBJoEzQoJfM7W09ND0eFcyr2ucnH7bZXQWkG4ZdJwgtCA0kdlcODK Y7730ZREKqt88cBKJMow0y2CyeCWK4E1yWD6OTx0Iqf2fZXNinZw/ViDQEOrULy0 Dydi9GF8BmTWNQfiRd9quYN3k0ETe3jMYv7SFwv3LV820OobvY0qlSOAucjkjcNe SKhbewe2MRo5EXCRVPYgVMW9elVFtjgSITr7B7a/u6NGUW2jhFj1EeonvOaKDUqu Kybq7oa3F4EY1hZRs288GzIFdV8osjwggAJ4AithJVEa8fhepS4Q9wIDsEHgkHZa /epkzfoXTRNBMC2qf87i1vbLSrN9qxegxHoGn/dVzz/p008m3AfKZmndZ6vRG0ac jv/lw1lhaKVKyusvix3MU5GVwZvGVqYuqfISp+uaJEBJ4nuUw4LKuzimCAjjCmnw CV2Mz9aZG1PX5KrfuYwEc/bw49ODnCW3KiaCD0XlO4MdtEDA9lYoUdmsCbnmMzIa rJ3xEcFpjOnJVVXLIWopXzIb23/5YaKctqcRScfmGpoHKRIkzQo= =ibLV -----END PGP SIGNATURE-----

Trust: 2.52

sources: NVD: CVE-2019-11041 // JVNDB: JVNDB-2019-007694 // VULHUB: VHN-142648 // VULMON: CVE-2019-11041 // PACKETSTORM: 154561 // PACKETSTORM: 159094 // PACKETSTORM: 154051 // PACKETSTORM: 154543 // PACKETSTORM: 154050 // PACKETSTORM: 155070 // PACKETSTORM: 157463 // PACKETSTORM: 154768

AFFECTED PRODUCTS

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.04

Trust: 1.1

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.1

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.1

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.1

vendor:canonicalmodel:ubuntu linuxscope:eqversion:19.04

Trust: 1.1

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.1

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.1

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.1

vendor:opensusemodel:leapscope:eqversion:15.0

Trust: 1.1

vendor:applemodel:mac os xscope:ltversion:10.15.1

Trust: 1.0

vendor:phpmodel:phpscope:ltversion:7.1.31

Trust: 1.0

vendor:phpmodel:phpscope:ltversion:7.2.21

Trust: 1.0

vendor:phpmodel:phpscope:gteversion:7.2.0

Trust: 1.0

vendor:phpmodel:phpscope:ltversion:7.3.8

Trust: 1.0

vendor:redhatmodel:software collectionsscope:eqversion:1.0

Trust: 1.0

vendor:phpmodel:phpscope:gteversion:7.1.0

Trust: 1.0

vendor:tenablemodel:tenable.scscope:ltversion:5.19.0

Trust: 1.0

vendor:phpmodel:phpscope:gteversion:7.3.0

Trust: 1.0

vendor:canonicalmodel:ubuntuscope: - version: -

Trust: 0.8

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:the php groupmodel:phpscope:eqversion:7.1.31 for up to 7.1.x

Trust: 0.8

vendor:the php groupmodel:phpscope:eqversion:7.2.21 for up to 7.2.x

Trust: 0.8

vendor:the php groupmodel:phpscope:eqversion:7.3.8 for up to 7.3.x

Trust: 0.8

vendor:phpmodel:phpscope:eqversion:7.1.0

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.1.1

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.1.2

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.1.3

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.1.4

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.1.5

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.1.6

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.1.7

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.1.8

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.1.9

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.1.10

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.1.11

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.1.12

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.1.13

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.1.14

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.1.15

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.1.16

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.1.17

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.1.18

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.1.19

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.1.20

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.1.21

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.1.22

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.1.23

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.1.24

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.1.25

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.1.26

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.1.27

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.1.28

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.1.29

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.1.30

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.2.0

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.2.1

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.2.2

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.2.3

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.2.4

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.2.5

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.2.6

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.2.7

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.2.8

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.2.9

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.2.10

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.2.11

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.2.12

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.2.13

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.2.14

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.2.15

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.2.16

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.2.17

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.2.18

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.2.19

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.2.20

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.3.0

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.3.1

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.3.2

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.3.3

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.3.4

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.3.5

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.3.6

Trust: 0.1

vendor:phpmodel:phpscope:eqversion:7.3.7

Trust: 0.1

vendor:applemodel:mac os xscope:eqversion:10.15

Trust: 0.1

sources: VULMON: CVE-2019-11041 // JVNDB: JVNDB-2019-007694 // NVD: CVE-2019-11041

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-11041
value: HIGH

Trust: 1.0

security@php.net: CVE-2019-11041
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-11041
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201908-140
value: HIGH

Trust: 0.6

VULHUB: VHN-142648
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-11041
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-11041
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: CVE-2019-11041
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-142648
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-11041
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.2
version: 3.1

Trust: 1.0

security@php.net: CVE-2019-11041
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 2.2
impactScore: 2.5
version: 3.0

Trust: 1.0

NVD: CVE-2019-11041
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-142648 // VULMON: CVE-2019-11041 // JVNDB: JVNDB-2019-007694 // CNNVD: CNNVD-201908-140 // NVD: CVE-2019-11041 // NVD: CVE-2019-11041

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.1

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-142648 // JVNDB: JVNDB-2019-007694 // NVD: CVE-2019-11041

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-140

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201908-140

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-007694

PATCH
title:[SECURITY] [DLA 1878-1] php5 security updateurl:https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html
Trust: 0.8
title:78222url:https://bugs.php.net/bug.php?id=78222
Trust: 0.8
title:USN-4097-1url:https://usn.ubuntu.com/4097-1/
Trust: 0.8
title:USN-4097-2url:https://usn.ubuntu.com/4097-2/
Trust: 0.8
title:PHP Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=95902
Trust: 0.6
title:Ubuntu Security Notice: php7.0, php7.2 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4097-1
Trust: 0.1
title:Ubuntu Security Notice: php5 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4097-2
Trust: 0.1
title:Amazon Linux AMI: ALAS-2019-1284url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2019-1284
Trust: 0.1
title:Amazon Linux AMI: ALAS-2019-1283url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2019-1283
Trust: 0.1
title:Debian Security Advisories: DSA-4527-1 php7.3 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=877cb76e8aeddfa40b275ad142be1771
Trust: 0.1
title:Red Hat: Moderate: php:7.2 security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20201624 - Security Advisory
Trust: 0.1
title:Red Hat: Critical: rh-php72-php security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193299 - Security Advisory
Trust: 0.1
title:Apple: macOS Catalina 10.15url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=aafc8ca42bce10e92a70604a0d265a55
Trust: 0.1
title:Debian Security Advisories: DSA-4529-1 php7.0 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=ee5cd1d3e8c521eee01300cbf544b2d7
Trust: 0.1
title:Threatposturl:https://threatpost.com/apple-tackles-a-dozen-bugs-in-catalina/148988/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-11041 // 
            
            
            
            JVNDB: JVNDB-2019-007694 // 
            
            
            
            CNNVD: CNNVD-201908-140

EXTERNAL IDS
db:NVDid:CVE-2019-11041
Trust: 3.4
db:TENABLEid:TNS-2021-14
Trust: 1.7
db:PACKETSTORMid:159094
Trust: 0.8
db:PACKETSTORMid:154051
Trust: 0.8
db:JVNDBid:JVNDB-2019-007694
Trust: 0.8
db:CNNVDid:CNNVD-201908-140
Trust: 0.7
db:PACKETSTORMid:157463
Trust: 0.7
db:AUSCERTid:ESB-2019.3073
Trust: 0.6
db:AUSCERTid:ESB-2019.3272
Trust: 0.6
db:AUSCERTid:ESB-2021.2515
Trust: 0.6
db:AUSCERTid:ESB-2020.0741
Trust: 0.6
db:AUSCERTid:ESB-2020.3072
Trust: 0.6
db:AUSCERTid:ESB-2020.4296
Trust: 0.6
db:AUSCERTid:ESB-2020.1500
Trust: 0.6
db:AUSCERTid:ESB-2019.3111
Trust: 0.6
db:AUSCERTid:ESB-2022.6056
Trust: 0.6
db:CS-HELPid:SB2021072292
Trust: 0.6
db:PACKETSTORMid:154050
Trust: 0.2
db:PACKETSTORMid:154768
Trust: 0.2
db:VULHUBid:VHN-142648
Trust: 0.1
db:VULMONid:CVE-2019-11041
Trust: 0.1
db:PACKETSTORMid:154561
Trust: 0.1
db:PACKETSTORMid:154543
Trust: 0.1
db:PACKETSTORMid:155070
Trust: 0.1
sources:
            
            
            VULHUB: VHN-142648 // 
            
            
            
            VULMON: CVE-2019-11041 // 
            
            
            
            JVNDB: JVNDB-2019-007694 // 
            
            
            
            PACKETSTORM: 154561 // 
            
            
            
            PACKETSTORM: 159094 // 
            
            
            
            PACKETSTORM: 154051 // 
            
            
            
            PACKETSTORM: 154543 // 
            
            
            
            PACKETSTORM: 154050 // 
            
            
            
            PACKETSTORM: 155070 // 
            
            
            
            PACKETSTORM: 157463 // 
            
            
            
            PACKETSTORM: 154768 // 
            
            
            
            CNNVD: CNNVD-201908-140 // 
            
            
            
            NVD: CVE-2019-11041

REFERENCES
url:https://access.redhat.com/errata/rhsa-2019:3299
Trust: 2.5
url:https://usn.ubuntu.com/4097-1/
Trust: 2.5
url:https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html
Trust: 2.4
url:https://usn.ubuntu.com/4097-2/
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-11041
Trust: 2.2
url:https://seclists.org/bugtraq/2019/sep/35
Trust: 1.8
url:https://seclists.org/bugtraq/2019/sep/38
Trust: 1.8
url:https://seclists.org/bugtraq/2019/oct/9
Trust: 1.8
url:https://bugs.php.net/bug.php?id=78222
Trust: 1.8
url:https://security.netapp.com/advisory/ntap-20190822-0003/
Trust: 1.8
url:https://support.apple.com/kb/ht210634
Trust: 1.8
url:https://www.debian.org/security/2019/dsa-4527
Trust: 1.8
url:https://www.debian.org/security/2019/dsa-4529
Trust: 1.8
url:http://seclists.org/fulldisclosure/2019/oct/15
Trust: 1.8
url:http://seclists.org/fulldisclosure/2019/oct/55
Trust: 1.8
url:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00019.html
Trust: 1.8
url:https://support.apple.com/kb/ht210722
Trust: 1.7
url:https://www.tenable.com/security/tns-2021-14
Trust: 1.7
url:https://access.redhat.com/security/cve/cve-2019-11041
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11041
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11042
Trust: 0.6
url:https://access.redhat.com/errata/rhsa-2019:3300
Trust: 0.6
url:https://www.suse.com/support/update/announcement/2019/suse-su-20192243-1.html
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1500/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3073/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3272/
Trust: 0.6
url:https://www.cybersecurity-help.cz/vdb/sb2021072292
Trust: 0.6
url:https://packetstormsecurity.com/files/159094/red-hat-security-advisory-2020-3662-01.html
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2021.2515
Trust: 0.6
url:https://vigilance.fr/vulnerability/php-multiple-vulnerabilities-29928
Trust: 0.6
url:https://packetstormsecurity.com/files/154051/ubuntu-security-notice-usn-4097-2.html
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.0741/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.4296/
Trust: 0.6
url:https://support.apple.com/en-us/ht210722
Trust: 0.6
url:https://support.apple.com/en-us/ht210634
Trust: 0.6
url:https://www.ibm.com/blogs/psirt/security-bulletin-api-connects-developer-portal-is-impacted-by-vulnerabilities-in-php/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.3072/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2022.6056
Trust: 0.6
url:https://packetstormsecurity.com/files/157463/red-hat-security-advisory-2020-1624-01.html
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3111/
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-11040
Trust: 0.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-11039
Trust: 0.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-11036
Trust: 0.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-11035
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2019-11034
Trust: 0.3
url:https://access.redhat.com/security/cve/cve-2019-11040
Trust: 0.3
url:https://access.redhat.com/security/cve/cve-2019-11039
Trust: 0.3
url:https://access.redhat.com/articles/11258
Trust: 0.3
url:https://access.redhat.com/security/team/contact/
Trust: 0.3
url:https://access.redhat.com/security/cve/cve-2019-11042
Trust: 0.3
url:https://www.redhat.com/mailman/listinfo/rhsa-announce
Trust: 0.3
url:https://bugzilla.redhat.com/):
Trust: 0.3
url:https://access.redhat.com/security/team/key/
Trust: 0.3
url:https://www.debian.org/security/faq
Trust: 0.2
url:https://www.debian.org/security/
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-11038
Trust: 0.2
url:https://access.redhat.com/security/updates/classification/#moderate
Trust: 0.2
url:https://usn.ubuntu.com/4097-1
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-9022
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2019-9640
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-9024
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-9638
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2019-9637
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2019-11036
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2019-11035
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2019-9638
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2019-9024
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-9639
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-9023
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2018-20783
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2019-9022
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-9640
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2019-9021
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2019-9023
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-9020
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-20783
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2019-9639
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-9637
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2019-11034
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2019-9020
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-9021
Trust: 0.2
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/109468
Trust: 0.1
url:https://security-tracker.debian.org/tracker/php7.0
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-7065
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2019-11050
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-11045
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2019-19203
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-7062
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2020-7059
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2019-11045
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-11047
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2020-7066
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2020-7065
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2019-11047
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-13224
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-19203
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2019-13225
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-19204
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2020-7063
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-7064
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2019-19246
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2019-16163
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-20454
Trust: 0.1
url:https://access.redhat.com/errata/rhsa-2020:3662
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-7066
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-11048
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-13225
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2019-11048
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2019-13224
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2019-19204
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2020-7060
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2020-7064
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-16163
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-19246
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-7063
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2020-7062
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-11050
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-7059
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-7060
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2019-20454
Trust: 0.1
url:https://usn.ubuntu.com/4097-2
Trust: 0.1
url:https://security-tracker.debian.org/tracker/php7.3
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/php7.2/7.2.19-0ubuntu0.18.04.2
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/php7.0/7.0.33-0ubuntu0.16.04.6
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/php7.2/7.2.19-0ubuntu0.19.04.2
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-10166
Trust: 0.1
url:https://access.redhat.com/security/updates/classification/#critical
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-11043
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2019-11038
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2019-6977
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2019-11043
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2016-10166
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-6977
Trust: 0.1
url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index
Trust: 0.1
url:https://access.redhat.com/errata/rhsa-2020:1624
Trust: 0.1
url:https://support.apple.com/kb/ht201222
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-8717
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-8757
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-8701
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-8730
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-8770
Trust: 0.1
url:https://support.apple.com/downloads/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-8769
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-8745
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-8748
Trust: 0.1
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-8772
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-8758
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-8781
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-8755
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-8705
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-8768
Trust: 0.1
sources:
            
            
            VULHUB: VHN-142648 // 
            
            
            
            VULMON: CVE-2019-11041 // 
            
            
            
            JVNDB: JVNDB-2019-007694 // 
            
            
            
            PACKETSTORM: 154561 // 
            
            
            
            PACKETSTORM: 159094 // 
            
            
            
            PACKETSTORM: 154051 // 
            
            
            
            PACKETSTORM: 154543 // 
            
            
            
            PACKETSTORM: 154050 // 
            
            
            
            PACKETSTORM: 155070 // 
            
            
            
            PACKETSTORM: 157463 // 
            
            
            
            PACKETSTORM: 154768 // 
            
            
            
            CNNVD: CNNVD-201908-140 // 
            
            
            
            NVD: CVE-2019-11041

CREDITS
Ubuntu,Red Hat
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201908-140

SOURCES
db:VULHUBid:VHN-142648
db:VULMONid:CVE-2019-11041
db:JVNDBid:JVNDB-2019-007694
db:PACKETSTORMid:154561
db:PACKETSTORMid:159094
db:PACKETSTORMid:154051
db:PACKETSTORMid:154543
db:PACKETSTORMid:154050
db:PACKETSTORMid:155070
db:PACKETSTORMid:157463
db:PACKETSTORMid:154768
db:CNNVDid:CNNVD-201908-140
db:NVDid:CVE-2019-11041

LAST UPDATE DATE
2025-04-03T20:14:48.700000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-142648date:2023-02-28T00:00:00
db:VULMONid:CVE-2019-11041date:2020-10-02T00:00:00
db:JVNDBid:JVNDB-2019-007694date:2019-08-19T00:00:00
db:CNNVDid:CNNVD-201908-140date:2023-03-01T00:00:00
db:NVDid:CVE-2019-11041date:2024-11-21T04:20:25.723

SOURCES RELEASE DATE
db:VULHUBid:VHN-142648date:2019-08-09T00:00:00
db:VULMONid:CVE-2019-11041date:2019-08-09T00:00:00
db:JVNDBid:JVNDB-2019-007694date:2019-08-19T00:00:00
db:PACKETSTORMid:154561date:2019-09-23T18:25:24
db:PACKETSTORMid:159094date:2020-09-08T18:10:32
db:PACKETSTORMid:154051date:2019-08-14T02:37:12
db:PACKETSTORMid:154543date:2019-09-20T14:58:48
db:PACKETSTORMid:154050date:2019-08-14T02:37:04
db:PACKETSTORMid:155070date:2019-11-01T17:11:58
db:PACKETSTORMid:157463date:2020-04-28T20:37:45
db:PACKETSTORMid:154768date:2019-10-08T19:59:26
db:CNNVDid:CNNVD-201908-140date:2019-08-01T00:00:00
db:NVDid:CVE-2019-11041date:2019-08-09T20:15:11.050