Red Hat Security Advisory 2018-1296-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: rh-php70-php. Issues addressed include buffer overflow, cross site scripting, denial of service, heap overflow, remote file inclusion, and use-after-free vulnerabilities.
7d3b1f62dd47f6ccce2cd1aa1495159b5a0ec53d7009c7657d7a8518e489c754
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: rh-php70-php security, bug fix, and enhancement update
Advisory ID: RHSA-2018:1296-01
Product: Red Hat Software Collections
Advisory URL: https://access.redhat.com/errata/RHSA-2018:1296
Issue date: 2018-05-03
CVE Names: CVE-2016-7412 CVE-2016-7413 CVE-2016-7414
CVE-2016-7416 CVE-2016-7417 CVE-2016-7418
CVE-2016-7479 CVE-2016-9933 CVE-2016-9934
CVE-2016-9935 CVE-2016-9936 CVE-2016-10158
CVE-2016-10159 CVE-2016-10160 CVE-2016-10161
CVE-2016-10162 CVE-2016-10167 CVE-2016-10168
CVE-2017-5340 CVE-2017-7890 CVE-2017-9224
CVE-2017-9226 CVE-2017-9227 CVE-2017-9228
CVE-2017-9229 CVE-2017-11143 CVE-2017-11144
CVE-2017-11145 CVE-2017-11147 CVE-2017-11362
CVE-2017-11628 CVE-2017-12932 CVE-2017-12933
CVE-2017-12934 CVE-2017-16642 CVE-2018-5711
CVE-2018-5712
=====================================================================
1. Summary:
An update for rh-php70-php is now available for Red Hat Software
Collections.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
3. Description:
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.
The following packages have been upgraded to a later upstream version:
rh-php70-php (7.0.27). (BZ#1518843)
Security Fix(es):
* php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT
field (CVE-2016-7412)
* php: Use after free in wddx_deserialize (CVE-2016-7413)
* php: Out of bounds heap read when verifying signature of zip phar in
phar_parse_zipfile (CVE-2016-7414)
* php: Stack based buffer overflow in msgfmt_format_message (CVE-2016-7416)
* php: Missing type check when unserializing SplArray (CVE-2016-7417)
* php: Null pointer dereference in php_wddx_push_element (CVE-2016-7418)
* php: Use-after-free vulnerability when resizing the 'properties' hash
table of a serialized object (CVE-2016-7479)
* php: Invalid read when wddx decodes empty boolean element (CVE-2016-9935)
* php: Use After Free in unserialize() (CVE-2016-9936)
* php: Wrong calculation in exif_convert_any_to_int function
(CVE-2016-10158)
* php: Integer overflow in phar_parse_pharfile (CVE-2016-10159)
* php: Off-by-one error in phar_parse_pharfile when loading crafted phar
archive (CVE-2016-10160)
* php: Out-of-bounds heap read on unserialize in finish_nested_data()
(CVE-2016-10161)
* php: Null pointer dereference when unserializing PHP object
(CVE-2016-10162)
* gd: DoS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167)
* gd: Integer overflow in gd_io.c (CVE-2016-10168)
* php: Use of uninitialized memory in unserialize() (CVE-2017-5340)
* php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx
function (CVE-2017-7890)
* oniguruma: Out-of-bounds stack read in match_at() during regular
expression searching (CVE-2017-9224)
* oniguruma: Heap buffer overflow in next_state_val() during regular
expression compilation (CVE-2017-9226)
* oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular
expression searching (CVE-2017-9227)
* oniguruma: Out-of-bounds heap write in bitset_set_range() (CVE-2017-9228)
* oniguruma: Invalid pointer dereference in left_adjust_char_head()
(CVE-2017-9229)
* php: Incorrect WDDX deserialization of boolean parameters leads to DoS
(CVE-2017-11143)
* php: Incorrect return value check of OpenSSL sealing function leads to
crash (CVE-2017-11144)
* php: Out-of-bounds read in phar_parse_pharfile (CVE-2017-11147)
* php: Stack-based buffer over-read in msgfmt_parse_message function
(CVE-2017-11362)
* php: Stack based 1-byte buffer over-write in zend_ini_do_op() function
Zend/zend_ini_parser.c (CVE-2017-11628)
* php: heap use after free in ext/standard/var_unserializer.re
(CVE-2017-12932)
* php: heap use after free in ext/standard/var_unserializer.re
(CVE-2017-12934)
* php: reflected XSS in .phar 404 page (CVE-2018-5712)
* php, gd: Stack overflow in gdImageFillToBorder on truecolor images
(CVE-2016-9933)
* php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow
(CVE-2016-9934)
* php: wddx_deserialize() heap out-of-bound read via php_parse_date()
(CVE-2017-11145)
* php: buffer over-read in finish_nested_data function (CVE-2017-12933)
* php: Out-of-bound read in timelib_meridian() (CVE-2017-16642)
* php: Denial of Service (DoS) via infinite loop in libgd
gdImageCreateFromGifCtx function in ext/gd/libgd/gd_gif_in.c
(CVE-2018-5711)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
Additional Changes:
For details, see the Red Hat Software Collections 3.1 Release Notes linked
from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon must be restarted
for the update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1377311 - CVE-2016-7412 php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field
1377314 - CVE-2016-7413 php: Use after free in wddx_deserialize
1377336 - CVE-2016-7414 php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile
1377340 - CVE-2016-7416 php: Stack based buffer overflow in msgfmt_format_message
1377344 - CVE-2016-7417 php: Missing type check when unserializing SplArray
1377352 - CVE-2016-7418 php: Null pointer dereference in php_wddx_push_element
1404723 - CVE-2016-9933 php, gd: Stack overflow in gdImageFillToBorder on truecolor images
1404726 - CVE-2016-9934 php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow
1404731 - CVE-2016-9935 php: Invalid read when wddx decodes empty boolean element
1404735 - CVE-2016-9936 php: Use After Free in unserialize()
1412631 - CVE-2017-5340 php: Use of uninitialized memory in unserialize()
1412686 - CVE-2016-7479 php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object
1418984 - CVE-2016-10167 gd: DoS vulnerability in gdImageCreateFromGd2Ctx()
1418986 - CVE-2016-10168 gd: Integer overflow in gd_io.c
1419010 - CVE-2016-10161 php: Out-of-bounds heap read on unserialize in finish_nested_data()
1419012 - CVE-2016-10162 php: Null pointer dereference when unserializing PHP object
1419015 - CVE-2016-10158 php: Wrong calculation in exif_convert_any_to_int function
1419018 - CVE-2016-10160 php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive
1419020 - CVE-2016-10159 php: Integer overflow in phar_parse_pharfile
1466730 - CVE-2017-9224 oniguruma: Out-of-bounds stack read in match_at() during regular expression searching
1466736 - CVE-2017-9226 oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation
1466739 - CVE-2017-9227 oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching
1466740 - CVE-2017-9228 oniguruma: Out-of-bounds heap write in bitset_set_range()
1466746 - CVE-2017-9229 oniguruma: Invalid pointer dereference in left_adjust_char_head()
1471824 - CVE-2017-11143 php: Incorrect WDDX deserialization of boolean parameters leads to DoS
1471827 - CVE-2017-11144 php: Incorrect return value check of OpenSSL sealing function leads to crash
1471834 - CVE-2017-11145 php: wddx_deserialize() heap out-of-bound read via php_parse_date()
1471842 - CVE-2017-11147 php: Out-of-bounds read in phar_parse_pharfile
1473822 - CVE-2017-7890 php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function
1475373 - CVE-2017-11362 php: Stack-based buffer over-read in msgfmt_parse_message function
1475522 - CVE-2017-11628 php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c
1484837 - CVE-2017-12932 php: heap use after free in ext/standard/var_unserializer.re
1484838 - CVE-2017-12933 php: buffer over-read in finish_nested_data function
1484839 - CVE-2017-12934 php: heap use after free in ext/standard/var_unserializer.re
1512057 - CVE-2017-16642 php: Out-of-bound read in timelib_meridian()
1535246 - CVE-2018-5711 php: Denial of Service (DoS) via infinite loop in libgd gdImageCreateFromGifCtx function in ext/gd/libgd/gd_gif_in.c
1535251 - CVE-2018-5712 php: reflected XSS in .phar 404 page
6. Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source:
rh-php70-php-7.0.27-1.el6.src.rpm
x86_64:
rh-php70-php-7.0.27-1.el6.x86_64.rpm
rh-php70-php-bcmath-7.0.27-1.el6.x86_64.rpm
rh-php70-php-cli-7.0.27-1.el6.x86_64.rpm
rh-php70-php-common-7.0.27-1.el6.x86_64.rpm
rh-php70-php-dba-7.0.27-1.el6.x86_64.rpm
rh-php70-php-dbg-7.0.27-1.el6.x86_64.rpm
rh-php70-php-debuginfo-7.0.27-1.el6.x86_64.rpm
rh-php70-php-devel-7.0.27-1.el6.x86_64.rpm
rh-php70-php-embedded-7.0.27-1.el6.x86_64.rpm
rh-php70-php-enchant-7.0.27-1.el6.x86_64.rpm
rh-php70-php-fpm-7.0.27-1.el6.x86_64.rpm
rh-php70-php-gd-7.0.27-1.el6.x86_64.rpm
rh-php70-php-gmp-7.0.27-1.el6.x86_64.rpm
rh-php70-php-imap-7.0.27-1.el6.x86_64.rpm
rh-php70-php-intl-7.0.27-1.el6.x86_64.rpm
rh-php70-php-json-7.0.27-1.el6.x86_64.rpm
rh-php70-php-ldap-7.0.27-1.el6.x86_64.rpm
rh-php70-php-mbstring-7.0.27-1.el6.x86_64.rpm
rh-php70-php-mysqlnd-7.0.27-1.el6.x86_64.rpm
rh-php70-php-odbc-7.0.27-1.el6.x86_64.rpm
rh-php70-php-opcache-7.0.27-1.el6.x86_64.rpm
rh-php70-php-pdo-7.0.27-1.el6.x86_64.rpm
rh-php70-php-pgsql-7.0.27-1.el6.x86_64.rpm
rh-php70-php-process-7.0.27-1.el6.x86_64.rpm
rh-php70-php-pspell-7.0.27-1.el6.x86_64.rpm
rh-php70-php-recode-7.0.27-1.el6.x86_64.rpm
rh-php70-php-snmp-7.0.27-1.el6.x86_64.rpm
rh-php70-php-soap-7.0.27-1.el6.x86_64.rpm
rh-php70-php-tidy-7.0.27-1.el6.x86_64.rpm
rh-php70-php-xml-7.0.27-1.el6.x86_64.rpm
rh-php70-php-xmlrpc-7.0.27-1.el6.x86_64.rpm
rh-php70-php-zip-7.0.27-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source:
rh-php70-php-7.0.27-1.el6.src.rpm
x86_64:
rh-php70-php-7.0.27-1.el6.x86_64.rpm
rh-php70-php-bcmath-7.0.27-1.el6.x86_64.rpm
rh-php70-php-cli-7.0.27-1.el6.x86_64.rpm
rh-php70-php-common-7.0.27-1.el6.x86_64.rpm
rh-php70-php-dba-7.0.27-1.el6.x86_64.rpm
rh-php70-php-dbg-7.0.27-1.el6.x86_64.rpm
rh-php70-php-debuginfo-7.0.27-1.el6.x86_64.rpm
rh-php70-php-devel-7.0.27-1.el6.x86_64.rpm
rh-php70-php-embedded-7.0.27-1.el6.x86_64.rpm
rh-php70-php-enchant-7.0.27-1.el6.x86_64.rpm
rh-php70-php-fpm-7.0.27-1.el6.x86_64.rpm
rh-php70-php-gd-7.0.27-1.el6.x86_64.rpm
rh-php70-php-gmp-7.0.27-1.el6.x86_64.rpm
rh-php70-php-imap-7.0.27-1.el6.x86_64.rpm
rh-php70-php-intl-7.0.27-1.el6.x86_64.rpm
rh-php70-php-json-7.0.27-1.el6.x86_64.rpm
rh-php70-php-ldap-7.0.27-1.el6.x86_64.rpm
rh-php70-php-mbstring-7.0.27-1.el6.x86_64.rpm
rh-php70-php-mysqlnd-7.0.27-1.el6.x86_64.rpm
rh-php70-php-odbc-7.0.27-1.el6.x86_64.rpm
rh-php70-php-opcache-7.0.27-1.el6.x86_64.rpm
rh-php70-php-pdo-7.0.27-1.el6.x86_64.rpm
rh-php70-php-pgsql-7.0.27-1.el6.x86_64.rpm
rh-php70-php-process-7.0.27-1.el6.x86_64.rpm
rh-php70-php-pspell-7.0.27-1.el6.x86_64.rpm
rh-php70-php-recode-7.0.27-1.el6.x86_64.rpm
rh-php70-php-snmp-7.0.27-1.el6.x86_64.rpm
rh-php70-php-soap-7.0.27-1.el6.x86_64.rpm
rh-php70-php-tidy-7.0.27-1.el6.x86_64.rpm
rh-php70-php-xml-7.0.27-1.el6.x86_64.rpm
rh-php70-php-xmlrpc-7.0.27-1.el6.x86_64.rpm
rh-php70-php-zip-7.0.27-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source:
rh-php70-php-7.0.27-1.el6.src.rpm
x86_64:
rh-php70-php-7.0.27-1.el6.x86_64.rpm
rh-php70-php-bcmath-7.0.27-1.el6.x86_64.rpm
rh-php70-php-cli-7.0.27-1.el6.x86_64.rpm
rh-php70-php-common-7.0.27-1.el6.x86_64.rpm
rh-php70-php-dba-7.0.27-1.el6.x86_64.rpm
rh-php70-php-dbg-7.0.27-1.el6.x86_64.rpm
rh-php70-php-debuginfo-7.0.27-1.el6.x86_64.rpm
rh-php70-php-devel-7.0.27-1.el6.x86_64.rpm
rh-php70-php-embedded-7.0.27-1.el6.x86_64.rpm
rh-php70-php-enchant-7.0.27-1.el6.x86_64.rpm
rh-php70-php-fpm-7.0.27-1.el6.x86_64.rpm
rh-php70-php-gd-7.0.27-1.el6.x86_64.rpm
rh-php70-php-gmp-7.0.27-1.el6.x86_64.rpm
rh-php70-php-imap-7.0.27-1.el6.x86_64.rpm
rh-php70-php-intl-7.0.27-1.el6.x86_64.rpm
rh-php70-php-json-7.0.27-1.el6.x86_64.rpm
rh-php70-php-ldap-7.0.27-1.el6.x86_64.rpm
rh-php70-php-mbstring-7.0.27-1.el6.x86_64.rpm
rh-php70-php-mysqlnd-7.0.27-1.el6.x86_64.rpm
rh-php70-php-odbc-7.0.27-1.el6.x86_64.rpm
rh-php70-php-opcache-7.0.27-1.el6.x86_64.rpm
rh-php70-php-pdo-7.0.27-1.el6.x86_64.rpm
rh-php70-php-pgsql-7.0.27-1.el6.x86_64.rpm
rh-php70-php-process-7.0.27-1.el6.x86_64.rpm
rh-php70-php-pspell-7.0.27-1.el6.x86_64.rpm
rh-php70-php-recode-7.0.27-1.el6.x86_64.rpm
rh-php70-php-snmp-7.0.27-1.el6.x86_64.rpm
rh-php70-php-soap-7.0.27-1.el6.x86_64.rpm
rh-php70-php-tidy-7.0.27-1.el6.x86_64.rpm
rh-php70-php-xml-7.0.27-1.el6.x86_64.rpm
rh-php70-php-xmlrpc-7.0.27-1.el6.x86_64.rpm
rh-php70-php-zip-7.0.27-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source:
rh-php70-php-7.0.27-1.el7.src.rpm
x86_64:
rh-php70-php-7.0.27-1.el7.x86_64.rpm
rh-php70-php-bcmath-7.0.27-1.el7.x86_64.rpm
rh-php70-php-cli-7.0.27-1.el7.x86_64.rpm
rh-php70-php-common-7.0.27-1.el7.x86_64.rpm
rh-php70-php-dba-7.0.27-1.el7.x86_64.rpm
rh-php70-php-dbg-7.0.27-1.el7.x86_64.rpm
rh-php70-php-debuginfo-7.0.27-1.el7.x86_64.rpm
rh-php70-php-devel-7.0.27-1.el7.x86_64.rpm
rh-php70-php-embedded-7.0.27-1.el7.x86_64.rpm
rh-php70-php-enchant-7.0.27-1.el7.x86_64.rpm
rh-php70-php-fpm-7.0.27-1.el7.x86_64.rpm
rh-php70-php-gd-7.0.27-1.el7.x86_64.rpm
rh-php70-php-gmp-7.0.27-1.el7.x86_64.rpm
rh-php70-php-intl-7.0.27-1.el7.x86_64.rpm
rh-php70-php-json-7.0.27-1.el7.x86_64.rpm
rh-php70-php-ldap-7.0.27-1.el7.x86_64.rpm
rh-php70-php-mbstring-7.0.27-1.el7.x86_64.rpm
rh-php70-php-mysqlnd-7.0.27-1.el7.x86_64.rpm
rh-php70-php-odbc-7.0.27-1.el7.x86_64.rpm
rh-php70-php-opcache-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pdo-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pgsql-7.0.27-1.el7.x86_64.rpm
rh-php70-php-process-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pspell-7.0.27-1.el7.x86_64.rpm
rh-php70-php-recode-7.0.27-1.el7.x86_64.rpm
rh-php70-php-snmp-7.0.27-1.el7.x86_64.rpm
rh-php70-php-soap-7.0.27-1.el7.x86_64.rpm
rh-php70-php-xml-7.0.27-1.el7.x86_64.rpm
rh-php70-php-xmlrpc-7.0.27-1.el7.x86_64.rpm
rh-php70-php-zip-7.0.27-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):
Source:
rh-php70-php-7.0.27-1.el7.src.rpm
x86_64:
rh-php70-php-7.0.27-1.el7.x86_64.rpm
rh-php70-php-bcmath-7.0.27-1.el7.x86_64.rpm
rh-php70-php-cli-7.0.27-1.el7.x86_64.rpm
rh-php70-php-common-7.0.27-1.el7.x86_64.rpm
rh-php70-php-dba-7.0.27-1.el7.x86_64.rpm
rh-php70-php-dbg-7.0.27-1.el7.x86_64.rpm
rh-php70-php-debuginfo-7.0.27-1.el7.x86_64.rpm
rh-php70-php-devel-7.0.27-1.el7.x86_64.rpm
rh-php70-php-embedded-7.0.27-1.el7.x86_64.rpm
rh-php70-php-enchant-7.0.27-1.el7.x86_64.rpm
rh-php70-php-fpm-7.0.27-1.el7.x86_64.rpm
rh-php70-php-gd-7.0.27-1.el7.x86_64.rpm
rh-php70-php-gmp-7.0.27-1.el7.x86_64.rpm
rh-php70-php-intl-7.0.27-1.el7.x86_64.rpm
rh-php70-php-json-7.0.27-1.el7.x86_64.rpm
rh-php70-php-ldap-7.0.27-1.el7.x86_64.rpm
rh-php70-php-mbstring-7.0.27-1.el7.x86_64.rpm
rh-php70-php-mysqlnd-7.0.27-1.el7.x86_64.rpm
rh-php70-php-odbc-7.0.27-1.el7.x86_64.rpm
rh-php70-php-opcache-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pdo-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pgsql-7.0.27-1.el7.x86_64.rpm
rh-php70-php-process-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pspell-7.0.27-1.el7.x86_64.rpm
rh-php70-php-recode-7.0.27-1.el7.x86_64.rpm
rh-php70-php-snmp-7.0.27-1.el7.x86_64.rpm
rh-php70-php-soap-7.0.27-1.el7.x86_64.rpm
rh-php70-php-xml-7.0.27-1.el7.x86_64.rpm
rh-php70-php-xmlrpc-7.0.27-1.el7.x86_64.rpm
rh-php70-php-zip-7.0.27-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source:
rh-php70-php-7.0.27-1.el7.src.rpm
x86_64:
rh-php70-php-7.0.27-1.el7.x86_64.rpm
rh-php70-php-bcmath-7.0.27-1.el7.x86_64.rpm
rh-php70-php-cli-7.0.27-1.el7.x86_64.rpm
rh-php70-php-common-7.0.27-1.el7.x86_64.rpm
rh-php70-php-dba-7.0.27-1.el7.x86_64.rpm
rh-php70-php-dbg-7.0.27-1.el7.x86_64.rpm
rh-php70-php-debuginfo-7.0.27-1.el7.x86_64.rpm
rh-php70-php-devel-7.0.27-1.el7.x86_64.rpm
rh-php70-php-embedded-7.0.27-1.el7.x86_64.rpm
rh-php70-php-enchant-7.0.27-1.el7.x86_64.rpm
rh-php70-php-fpm-7.0.27-1.el7.x86_64.rpm
rh-php70-php-gd-7.0.27-1.el7.x86_64.rpm
rh-php70-php-gmp-7.0.27-1.el7.x86_64.rpm
rh-php70-php-intl-7.0.27-1.el7.x86_64.rpm
rh-php70-php-json-7.0.27-1.el7.x86_64.rpm
rh-php70-php-ldap-7.0.27-1.el7.x86_64.rpm
rh-php70-php-mbstring-7.0.27-1.el7.x86_64.rpm
rh-php70-php-mysqlnd-7.0.27-1.el7.x86_64.rpm
rh-php70-php-odbc-7.0.27-1.el7.x86_64.rpm
rh-php70-php-opcache-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pdo-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pgsql-7.0.27-1.el7.x86_64.rpm
rh-php70-php-process-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pspell-7.0.27-1.el7.x86_64.rpm
rh-php70-php-recode-7.0.27-1.el7.x86_64.rpm
rh-php70-php-snmp-7.0.27-1.el7.x86_64.rpm
rh-php70-php-soap-7.0.27-1.el7.x86_64.rpm
rh-php70-php-xml-7.0.27-1.el7.x86_64.rpm
rh-php70-php-xmlrpc-7.0.27-1.el7.x86_64.rpm
rh-php70-php-zip-7.0.27-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source:
rh-php70-php-7.0.27-1.el7.src.rpm
x86_64:
rh-php70-php-7.0.27-1.el7.x86_64.rpm
rh-php70-php-bcmath-7.0.27-1.el7.x86_64.rpm
rh-php70-php-cli-7.0.27-1.el7.x86_64.rpm
rh-php70-php-common-7.0.27-1.el7.x86_64.rpm
rh-php70-php-dba-7.0.27-1.el7.x86_64.rpm
rh-php70-php-dbg-7.0.27-1.el7.x86_64.rpm
rh-php70-php-debuginfo-7.0.27-1.el7.x86_64.rpm
rh-php70-php-devel-7.0.27-1.el7.x86_64.rpm
rh-php70-php-embedded-7.0.27-1.el7.x86_64.rpm
rh-php70-php-enchant-7.0.27-1.el7.x86_64.rpm
rh-php70-php-fpm-7.0.27-1.el7.x86_64.rpm
rh-php70-php-gd-7.0.27-1.el7.x86_64.rpm
rh-php70-php-gmp-7.0.27-1.el7.x86_64.rpm
rh-php70-php-intl-7.0.27-1.el7.x86_64.rpm
rh-php70-php-json-7.0.27-1.el7.x86_64.rpm
rh-php70-php-ldap-7.0.27-1.el7.x86_64.rpm
rh-php70-php-mbstring-7.0.27-1.el7.x86_64.rpm
rh-php70-php-mysqlnd-7.0.27-1.el7.x86_64.rpm
rh-php70-php-odbc-7.0.27-1.el7.x86_64.rpm
rh-php70-php-opcache-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pdo-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pgsql-7.0.27-1.el7.x86_64.rpm
rh-php70-php-process-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pspell-7.0.27-1.el7.x86_64.rpm
rh-php70-php-recode-7.0.27-1.el7.x86_64.rpm
rh-php70-php-snmp-7.0.27-1.el7.x86_64.rpm
rh-php70-php-soap-7.0.27-1.el7.x86_64.rpm
rh-php70-php-xml-7.0.27-1.el7.x86_64.rpm
rh-php70-php-xmlrpc-7.0.27-1.el7.x86_64.rpm
rh-php70-php-zip-7.0.27-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source:
rh-php70-php-7.0.27-1.el7.src.rpm
x86_64:
rh-php70-php-7.0.27-1.el7.x86_64.rpm
rh-php70-php-bcmath-7.0.27-1.el7.x86_64.rpm
rh-php70-php-cli-7.0.27-1.el7.x86_64.rpm
rh-php70-php-common-7.0.27-1.el7.x86_64.rpm
rh-php70-php-dba-7.0.27-1.el7.x86_64.rpm
rh-php70-php-dbg-7.0.27-1.el7.x86_64.rpm
rh-php70-php-debuginfo-7.0.27-1.el7.x86_64.rpm
rh-php70-php-devel-7.0.27-1.el7.x86_64.rpm
rh-php70-php-embedded-7.0.27-1.el7.x86_64.rpm
rh-php70-php-enchant-7.0.27-1.el7.x86_64.rpm
rh-php70-php-fpm-7.0.27-1.el7.x86_64.rpm
rh-php70-php-gd-7.0.27-1.el7.x86_64.rpm
rh-php70-php-gmp-7.0.27-1.el7.x86_64.rpm
rh-php70-php-intl-7.0.27-1.el7.x86_64.rpm
rh-php70-php-json-7.0.27-1.el7.x86_64.rpm
rh-php70-php-ldap-7.0.27-1.el7.x86_64.rpm
rh-php70-php-mbstring-7.0.27-1.el7.x86_64.rpm
rh-php70-php-mysqlnd-7.0.27-1.el7.x86_64.rpm
rh-php70-php-odbc-7.0.27-1.el7.x86_64.rpm
rh-php70-php-opcache-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pdo-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pgsql-7.0.27-1.el7.x86_64.rpm
rh-php70-php-process-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pspell-7.0.27-1.el7.x86_64.rpm
rh-php70-php-recode-7.0.27-1.el7.x86_64.rpm
rh-php70-php-snmp-7.0.27-1.el7.x86_64.rpm
rh-php70-php-soap-7.0.27-1.el7.x86_64.rpm
rh-php70-php-xml-7.0.27-1.el7.x86_64.rpm
rh-php70-php-xmlrpc-7.0.27-1.el7.x86_64.rpm
rh-php70-php-zip-7.0.27-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-7412
https://access.redhat.com/security/cve/CVE-2016-7413
https://access.redhat.com/security/cve/CVE-2016-7414
https://access.redhat.com/security/cve/CVE-2016-7416
https://access.redhat.com/security/cve/CVE-2016-7417
https://access.redhat.com/security/cve/CVE-2016-7418
https://access.redhat.com/security/cve/CVE-2016-7479
https://access.redhat.com/security/cve/CVE-2016-9933
https://access.redhat.com/security/cve/CVE-2016-9934
https://access.redhat.com/security/cve/CVE-2016-9935
https://access.redhat.com/security/cve/CVE-2016-9936
https://access.redhat.com/security/cve/CVE-2016-10158
https://access.redhat.com/security/cve/CVE-2016-10159
https://access.redhat.com/security/cve/CVE-2016-10160
https://access.redhat.com/security/cve/CVE-2016-10161
https://access.redhat.com/security/cve/CVE-2016-10162
https://access.redhat.com/security/cve/CVE-2016-10167
https://access.redhat.com/security/cve/CVE-2016-10168
https://access.redhat.com/security/cve/CVE-2017-5340
https://access.redhat.com/security/cve/CVE-2017-7890
https://access.redhat.com/security/cve/CVE-2017-9224
https://access.redhat.com/security/cve/CVE-2017-9226
https://access.redhat.com/security/cve/CVE-2017-9227
https://access.redhat.com/security/cve/CVE-2017-9228
https://access.redhat.com/security/cve/CVE-2017-9229
https://access.redhat.com/security/cve/CVE-2017-11143
https://access.redhat.com/security/cve/CVE-2017-11144
https://access.redhat.com/security/cve/CVE-2017-11145
https://access.redhat.com/security/cve/CVE-2017-11147
https://access.redhat.com/security/cve/CVE-2017-11362
https://access.redhat.com/security/cve/CVE-2017-11628
https://access.redhat.com/security/cve/CVE-2017-12932
https://access.redhat.com/security/cve/CVE-2017-12933
https://access.redhat.com/security/cve/CVE-2017-12934
https://access.redhat.com/security/cve/CVE-2017-16642
https://access.redhat.com/security/cve/CVE-2018-5711
https://access.redhat.com/security/cve/CVE-2018-5712
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.1_release_notes/chap-rhscl#sect-RHSCL-Changes-php
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFa6pjLXlSAg2UNWIIRAl/4AJ4xZ6FVm1vp0atAm6qH0wRy9BaoXwCeNY7y
Yn2H3QsxbivwF5TiiQJrAgA=
=ZLRk
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce