ID CVE-2020-7066
Summary In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server.
References
Vulnerable Configurations
  • cpe:2.3:a:php:php:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.0:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.0:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.0:alpha1:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.0:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.0:alpha2:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.0:alpha3:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.0:rc5:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.0:rc5:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.0:rc6:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.0:rc6:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.1:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.1:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.2:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.2:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.3:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.3:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.4:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.4:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.4:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.4:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.5:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.5:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.5:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.5:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.6:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.6:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.6:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.6:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.7:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.7:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.7:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.7:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.8:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.8:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.8:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.8:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.9:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.9:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.9:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.9:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.10:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.10:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.10:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.10:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.11:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.11:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.11:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.11:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.12:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.12:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.12:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.12:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.13:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.13:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.13:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.13:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.13:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.13:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.14:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.14:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.14:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.14:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.14:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.14:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.15:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.15:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.16:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.16:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.17:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.17:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.18:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.19:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.19:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.20:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.20:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.21:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.21:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.22:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.22:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.23:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.23:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.24:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.24:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.25:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.25:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.26:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.26:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.2.27:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.2.27:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.3.0:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.3.0:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.3.0:alpha1:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.3.0:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.3.0:alpha2:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.3.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.3.0:alpha3:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.3.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.3.0:alpha4:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.3.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.3.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.3.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.3.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.3.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.3.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.3.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.3.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.3.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.3.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.3.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.3.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.3.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.3.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.3.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.3.0:rc5:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.3.0:rc5:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.3.0:rc6:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.3.0:rc6:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.3.1:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.3.1:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.3.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.3.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.3.2:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.3.2:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.3.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.3.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.3.3:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.3.3:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.3.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.3.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.3.9:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.3.10:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.3.11:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.3.11:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.3.12:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.3.12:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.3.13:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.3.13:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.3.14:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.3.14:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.3.15:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.3.15:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.4.3:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 08-07-2020 - 12:15)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:N/A:N
redhat via4
advisories
bugzilla
id 1837842
title CVE-2019-11048 php: Integer wraparounds when receiving multipart forms
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 8 is installed
      oval oval:com.redhat.rhba:tst:20193384074
    • comment Module php:7.3 is enabled
      oval oval:com.redhat.rhsa:tst:20193736079
    • OR
      • AND
        • comment apcu-panel is earlier than 0:5.1.17-1.module+el8.1.0+3189+a1bff096
          oval oval:com.redhat.rhsa:tst:20193736001
        • comment apcu-panel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193735002
      • AND
        • comment libzip is earlier than 0:1.5.2-1.module+el8.1.0+3189+a1bff096
          oval oval:com.redhat.rhsa:tst:20193736003
        • comment libzip is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193735004
      • AND
        • comment libzip-debugsource is earlier than 0:1.5.2-1.module+el8.1.0+3189+a1bff096
          oval oval:com.redhat.rhsa:tst:20193736005
        • comment libzip-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193735006
      • AND
        • comment libzip-devel is earlier than 0:1.5.2-1.module+el8.1.0+3189+a1bff096
          oval oval:com.redhat.rhsa:tst:20193736007
        • comment libzip-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193735008
      • AND
        • comment libzip-tools is earlier than 0:1.5.2-1.module+el8.1.0+3189+a1bff096
          oval oval:com.redhat.rhsa:tst:20193736009
        • comment libzip-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193735010
      • AND
        • comment php is earlier than 0:7.3.20-1.module+el8.2.0+7373+b272fdef
          oval oval:com.redhat.rhsa:tst:20203662011
        • comment php is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195002
      • AND
        • comment php-bcmath is earlier than 0:7.3.20-1.module+el8.2.0+7373+b272fdef
          oval oval:com.redhat.rhsa:tst:20203662013
        • comment php-bcmath is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195004
      • AND
        • comment php-cli is earlier than 0:7.3.20-1.module+el8.2.0+7373+b272fdef
          oval oval:com.redhat.rhsa:tst:20203662015
        • comment php-cli is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195006
      • AND
        • comment php-common is earlier than 0:7.3.20-1.module+el8.2.0+7373+b272fdef
          oval oval:com.redhat.rhsa:tst:20203662017
        • comment php-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195008
      • AND
        • comment php-dba is earlier than 0:7.3.20-1.module+el8.2.0+7373+b272fdef
          oval oval:com.redhat.rhsa:tst:20203662019
        • comment php-dba is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195010
      • AND
        • comment php-dbg is earlier than 0:7.3.20-1.module+el8.2.0+7373+b272fdef
          oval oval:com.redhat.rhsa:tst:20203662021
        • comment php-dbg is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193735022
      • AND
        • comment php-debugsource is earlier than 0:7.3.20-1.module+el8.2.0+7373+b272fdef
          oval oval:com.redhat.rhsa:tst:20203662023
        • comment php-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193735024
      • AND
        • comment php-devel is earlier than 0:7.3.20-1.module+el8.2.0+7373+b272fdef
          oval oval:com.redhat.rhsa:tst:20203662025
        • comment php-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195012
      • AND
        • comment php-embedded is earlier than 0:7.3.20-1.module+el8.2.0+7373+b272fdef
          oval oval:com.redhat.rhsa:tst:20203662027
        • comment php-embedded is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195014
      • AND
        • comment php-enchant is earlier than 0:7.3.20-1.module+el8.2.0+7373+b272fdef
          oval oval:com.redhat.rhsa:tst:20203662029
        • comment php-enchant is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195016
      • AND
        • comment php-fpm is earlier than 0:7.3.20-1.module+el8.2.0+7373+b272fdef
          oval oval:com.redhat.rhsa:tst:20203662031
        • comment php-fpm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130514018
      • AND
        • comment php-gd is earlier than 0:7.3.20-1.module+el8.2.0+7373+b272fdef
          oval oval:com.redhat.rhsa:tst:20203662033
        • comment php-gd is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195018
      • AND
        • comment php-gmp is earlier than 0:7.3.20-1.module+el8.2.0+7373+b272fdef
          oval oval:com.redhat.rhsa:tst:20203662035
        • comment php-gmp is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193735036
      • AND
        • comment php-intl is earlier than 0:7.3.20-1.module+el8.2.0+7373+b272fdef
          oval oval:com.redhat.rhsa:tst:20203662037
        • comment php-intl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195022
      • AND
        • comment php-json is earlier than 0:7.3.20-1.module+el8.2.0+7373+b272fdef
          oval oval:com.redhat.rhsa:tst:20203662039
        • comment php-json is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193735040
      • AND
        • comment php-ldap is earlier than 0:7.3.20-1.module+el8.2.0+7373+b272fdef
          oval oval:com.redhat.rhsa:tst:20203662041
        • comment php-ldap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195024
      • AND
        • comment php-mbstring is earlier than 0:7.3.20-1.module+el8.2.0+7373+b272fdef
          oval oval:com.redhat.rhsa:tst:20203662043
        • comment php-mbstring is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195026
      • AND
        • comment php-mysqlnd is earlier than 0:7.3.20-1.module+el8.2.0+7373+b272fdef
          oval oval:com.redhat.rhsa:tst:20203662045
        • comment php-mysqlnd is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141013030
      • AND
        • comment php-odbc is earlier than 0:7.3.20-1.module+el8.2.0+7373+b272fdef
          oval oval:com.redhat.rhsa:tst:20203662047
        • comment php-odbc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195030
      • AND
        • comment php-opcache is earlier than 0:7.3.20-1.module+el8.2.0+7373+b272fdef
          oval oval:com.redhat.rhsa:tst:20203662049
        • comment php-opcache is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193735050
      • AND
        • comment php-pdo is earlier than 0:7.3.20-1.module+el8.2.0+7373+b272fdef
          oval oval:com.redhat.rhsa:tst:20203662051
        • comment php-pdo is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195032
      • AND
        • comment php-pear is earlier than 1:1.10.9-1.module+el8.1.0+3189+a1bff096
          oval oval:com.redhat.rhsa:tst:20193736053
        • comment php-pear is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111741002
      • AND
        • comment php-pecl-apcu is earlier than 0:5.1.17-1.module+el8.1.0+3189+a1bff096
          oval oval:com.redhat.rhsa:tst:20193736055
        • comment php-pecl-apcu is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193735056
      • AND
        • comment php-pecl-apcu-debugsource is earlier than 0:5.1.17-1.module+el8.1.0+3189+a1bff096
          oval oval:com.redhat.rhsa:tst:20193736057
        • comment php-pecl-apcu-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193735058
      • AND
        • comment php-pecl-apcu-devel is earlier than 0:5.1.17-1.module+el8.1.0+3189+a1bff096
          oval oval:com.redhat.rhsa:tst:20193736059
        • comment php-pecl-apcu-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193735060
      • AND
        • comment php-pecl-rrd is earlier than 0:2.0.1-1.module+el8.2.0+4968+1d5097db
          oval oval:com.redhat.rhsa:tst:20203662061
        • comment php-pecl-rrd is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20203662062
      • AND
        • comment php-pecl-rrd-debugsource is earlier than 0:2.0.1-1.module+el8.2.0+4968+1d5097db
          oval oval:com.redhat.rhsa:tst:20203662063
        • comment php-pecl-rrd-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20203662064
      • AND
        • comment php-pecl-xdebug is earlier than 0:2.8.0-1.module+el8.2.0+4968+1d5097db
          oval oval:com.redhat.rhsa:tst:20203662065
        • comment php-pecl-xdebug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20203662066
      • AND
        • comment php-pecl-xdebug-debugsource is earlier than 0:2.8.0-1.module+el8.2.0+4968+1d5097db
          oval oval:com.redhat.rhsa:tst:20203662067
        • comment php-pecl-xdebug-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20203662068
      • AND
        • comment php-pecl-zip is earlier than 0:1.15.4-1.module+el8.1.0+3189+a1bff096
          oval oval:com.redhat.rhsa:tst:20193736061
        • comment php-pecl-zip is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193735062
      • AND
        • comment php-pecl-zip-debugsource is earlier than 0:1.15.4-1.module+el8.1.0+3189+a1bff096
          oval oval:com.redhat.rhsa:tst:20193736063
        • comment php-pecl-zip-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193735064
      • AND
        • comment php-pgsql is earlier than 0:7.3.20-1.module+el8.2.0+7373+b272fdef
          oval oval:com.redhat.rhsa:tst:20203662073
        • comment php-pgsql is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195034
      • AND
        • comment php-process is earlier than 0:7.3.20-1.module+el8.2.0+7373+b272fdef
          oval oval:com.redhat.rhsa:tst:20203662075
        • comment php-process is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195036
      • AND
        • comment php-recode is earlier than 0:7.3.20-1.module+el8.2.0+7373+b272fdef
          oval oval:com.redhat.rhsa:tst:20203662077
        • comment php-recode is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195040
      • AND
        • comment php-snmp is earlier than 0:7.3.20-1.module+el8.2.0+7373+b272fdef
          oval oval:com.redhat.rhsa:tst:20203662079
        • comment php-snmp is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195042
      • AND
        • comment php-soap is earlier than 0:7.3.20-1.module+el8.2.0+7373+b272fdef
          oval oval:com.redhat.rhsa:tst:20203662081
        • comment php-soap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195044
      • AND
        • comment php-xml is earlier than 0:7.3.20-1.module+el8.2.0+7373+b272fdef
          oval oval:com.redhat.rhsa:tst:20203662083
        • comment php-xml is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195048
      • AND
        • comment php-xmlrpc is earlier than 0:7.3.20-1.module+el8.2.0+7373+b272fdef
          oval oval:com.redhat.rhsa:tst:20203662085
        • comment php-xmlrpc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195050
rhsa
id RHSA-2020:3662
released 2020-09-08
severity Moderate
title RHSA-2020:3662: php:7.3 security, bug fix, and enhancement update (Moderate)
rpms
  • apcu-panel-0:5.1.17-1.module+el8.1.0+3189+a1bff096
  • libzip-0:1.5.2-1.module+el8.1.0+3189+a1bff096
  • libzip-debuginfo-0:1.5.2-1.module+el8.1.0+3189+a1bff096
  • libzip-debugsource-0:1.5.2-1.module+el8.1.0+3189+a1bff096
  • libzip-devel-0:1.5.2-1.module+el8.1.0+3189+a1bff096
  • libzip-tools-0:1.5.2-1.module+el8.1.0+3189+a1bff096
  • libzip-tools-debuginfo-0:1.5.2-1.module+el8.1.0+3189+a1bff096
  • php-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-bcmath-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-bcmath-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-cli-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-cli-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-common-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-common-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-dba-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-dba-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-dbg-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-dbg-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-debugsource-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-devel-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-embedded-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-embedded-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-enchant-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-enchant-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-fpm-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-fpm-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-gd-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-gd-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-gmp-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-gmp-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-intl-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-intl-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-json-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-json-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-ldap-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-ldap-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-mbstring-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-mbstring-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-mysqlnd-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-mysqlnd-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-odbc-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-odbc-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-opcache-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-opcache-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-pdo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-pdo-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-pear-1:1.10.9-1.module+el8.1.0+3189+a1bff096
  • php-pecl-apcu-0:5.1.17-1.module+el8.1.0+3189+a1bff096
  • php-pecl-apcu-debuginfo-0:5.1.17-1.module+el8.1.0+3189+a1bff096
  • php-pecl-apcu-debugsource-0:5.1.17-1.module+el8.1.0+3189+a1bff096
  • php-pecl-apcu-devel-0:5.1.17-1.module+el8.1.0+3189+a1bff096
  • php-pecl-rrd-0:2.0.1-1.module+el8.2.0+4968+1d5097db
  • php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.2.0+4968+1d5097db
  • php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.2.0+4968+1d5097db
  • php-pecl-xdebug-0:2.8.0-1.module+el8.2.0+4968+1d5097db
  • php-pecl-xdebug-debuginfo-0:2.8.0-1.module+el8.2.0+4968+1d5097db
  • php-pecl-xdebug-debugsource-0:2.8.0-1.module+el8.2.0+4968+1d5097db
  • php-pecl-zip-0:1.15.4-1.module+el8.1.0+3189+a1bff096
  • php-pecl-zip-debuginfo-0:1.15.4-1.module+el8.1.0+3189+a1bff096
  • php-pecl-zip-debugsource-0:1.15.4-1.module+el8.1.0+3189+a1bff096
  • php-pgsql-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-pgsql-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-process-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-process-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-recode-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-recode-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-snmp-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-snmp-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-soap-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-soap-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-xml-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-xml-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-xmlrpc-0:7.3.20-1.module+el8.2.0+7373+b272fdef
  • php-xmlrpc-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
refmap via4
confirm https://security.netapp.com/advisory/ntap-20200403-0001/
debian
  • DSA-4717
  • DSA-4719
misc https://bugs.php.net/bug.php?id=79329
mlist [debian-lts-announce] 20200426 [SECURITY] [DLA 2188-1] php5 security update
suse openSUSE-SU-2020:0642
ubuntu USN-4330-2
Last major update 08-07-2020 - 12:15
Published 01-04-2020 - 04:15
Last modified 08-07-2020 - 12:15
Back to Top