Synopsis: Moderate: php security update
Advisory ID: SLSA-2020:1112-1
Issue Date: 2020-04-07
CVE Numbers: CVE-2018-10547
CVE-2019-9024
CVE-2018-7584
CVE-2018-5712
—
* php: Reflected XSS on PHAR 404 page
* php: Stack-based buffer under-read in php_stream_url_wrap_http_ex() in
http_fopen_wrapper.c when parsing HTTP response
* php: Reflected XSS vulnerability on PHAR 403 and 404 error pages
* php: Out-of-bounds read in base64_decode_xmlrpc in
ext/xmlrpc/libxmlrpc/base64.c
—
SL7
x86_64
php-pdo-5.4.16-48.el7.x86_64.rpm
php-pgsql-5.4.16-48.el7.x86_64.rpm
php-recode-5.4.16-48.el7.x86_64.rpm
php-common-5.4.16-48.el7.x86_64.rpm
php-gd-5.4.16-48.el7.x86_64.rpm
php-mysql-5.4.16-48.el7.x86_64.rpm
php-soap-5.4.16-48.el7.x86_64.rpm
php-xml-5.4.16-48.el7.x86_64.rpm
php-xmlrpc-5.4.16-48.el7.x86_64.rpm
php-process-5.4.16-48.el7.x86_64.rpm
php-odbc-5.4.16-48.el7.x86_64.rpm
php-ldap-5.4.16-48.el7.x86_64.rpm
php-5.4.16-48.el7.x86_64.rpm
php-cli-5.4.16-48.el7.x86_64.rpm
php-bcmath-5.4.16-48.el7.x86_64.rpm
php-dba-5.4.16-48.el7.x86_64.rpm
php-debuginfo-5.4.16-48.el7.x86_64.rpm
php-devel-5.4.16-48.el7.x86_64.rpm
php-embedded-5.4.16-48.el7.x86_64.rpm
php-enchant-5.4.16-48.el7.x86_64.rpm
php-fpm-5.4.16-48.el7.x86_64.rpm
php-intl-5.4.16-48.el7.x86_64.rpm
php-mbstring-5.4.16-48.el7.x86_64.rpm
php-mysqlnd-5.4.16-48.el7.x86_64.rpm
php-pspell-5.4.16-48.el7.x86_64.rpm
php-snmp-5.4.16-48.el7.x86_64.rpm
– Scientific Linux Development Team
