Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2020-1112

Опубликовано: 06 апр. 2020
Источник: oracle-oval
Платформа: Oracle Linux 7

Описание

ELSA-2020-1112: php security update (MODERATE)

[5.4.16-48]

  • fix underflow in env_path_info in fpm_main.c CVE-2019-11043

[5.4.16-47]

  • fix stack-buffer-overflow while parsing HTTP response CVE-2018-7584
  • fix out-of-bounds read in base64_decode_xmlrpc CVE-2019-9024
  • fix reflected XSS in phar 404 page CVE-2018-5712
  • fix reflected XSS in phar 403 and 404 error pages CVE-2018-10547

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

php

5.4.16-48.el7

php-bcmath

5.4.16-48.el7

php-cli

5.4.16-48.el7

php-common

5.4.16-48.el7

php-dba

5.4.16-48.el7

php-devel

5.4.16-48.el7

php-embedded

5.4.16-48.el7

php-enchant

5.4.16-48.el7

php-fpm

5.4.16-48.el7

php-gd

5.4.16-48.el7

php-intl

5.4.16-48.el7

php-ldap

5.4.16-48.el7

php-mbstring

5.4.16-48.el7

php-mysql

5.4.16-48.el7

php-mysqlnd

5.4.16-48.el7

php-odbc

5.4.16-48.el7

php-pdo

5.4.16-48.el7

php-pgsql

5.4.16-48.el7

php-process

5.4.16-48.el7

php-pspell

5.4.16-48.el7

php-recode

5.4.16-48.el7

php-snmp

5.4.16-48.el7

php-soap

5.4.16-48.el7

php-xml

5.4.16-48.el7

php-xmlrpc

5.4.16-48.el7

Oracle Linux x86_64

php

5.4.16-48.el7

php-bcmath

5.4.16-48.el7

php-cli

5.4.16-48.el7

php-common

5.4.16-48.el7

php-dba

5.4.16-48.el7

php-devel

5.4.16-48.el7

php-embedded

5.4.16-48.el7

php-enchant

5.4.16-48.el7

php-fpm

5.4.16-48.el7

php-gd

5.4.16-48.el7

php-intl

5.4.16-48.el7

php-ldap

5.4.16-48.el7

php-mbstring

5.4.16-48.el7

php-mysql

5.4.16-48.el7

php-mysqlnd

5.4.16-48.el7

php-odbc

5.4.16-48.el7

php-pdo

5.4.16-48.el7

php-pgsql

5.4.16-48.el7

php-process

5.4.16-48.el7

php-pspell

5.4.16-48.el7

php-recode

5.4.16-48.el7

php-snmp

5.4.16-48.el7

php-soap

5.4.16-48.el7

php-xml

5.4.16-48.el7

php-xmlrpc

5.4.16-48.el7

Связанные CVE

CVE-2018-5712
CVE-2019-9024
CVE-2018-10547
CVE-2018-7584

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2018-5712

CVSS3: 6.1
ubuntu
больше 7 лет назад

An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.

redhat логотип

CVE-2018-5712

CVSS3: 6.1
redhat
около 8 лет назад

An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.

nvd логотип

CVE-2018-5712

CVSS3: 6.1
nvd
больше 7 лет назад

An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.

debian логотип

CVE-2018-5712

CVSS3: 6.1
debian
больше 7 лет назад

An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1 ...

suse-cvrf логотип

SUSE-SU-2018:0806-1

suse-cvrf
около 7 лет назад

Security update for php53