Detections
Analytics
RHEL 8 : php:7.3 (RHSA-2020:3662)
critical Nessus Plugin ID 140396
Language:
Synopsis
The remote Red Hat host is missing one or more security updates.Description
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3662 advisory.- php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() (CVE-2019-11039)
- php: Buffer over-read in exif_read_data() (CVE-2019-11040)
- php: Heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041)
- php: Heap buffer over-read in exif_process_user_comment() (CVE-2019-11042)
- php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte (CVE-2019-11045)
- php: Information disclosure in exif_read_data() (CVE-2019-11047)
- php: Integer wraparounds when receiving multipart forms (CVE-2019-11048)
- php: Out of bounds read when parsing EXIF information (CVE-2019-11050)
- oniguruma: Use-after-free in onig_new_deluxe() in regext.c (CVE-2019-13224)
- oniguruma: NULL pointer dereference in match_at() in regexec.c (CVE-2019-13225)
- oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c (CVE-2019-16163)
- oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c (CVE-2019-19203)
- oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c (CVE-2019-19204)
- oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c (CVE-2019-19246)
- pcre: Out of bounds read in JIT mode when \X is used in non-UTF mode (CVE-2019-20454)
- php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059)
- php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function (CVE-2020-7060)
- php: NULL pointer dereference in PHP session upload progress (CVE-2020-7062)
- php: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063)
- php: Information disclosure in exif_read_data() function (CVE-2020-7064)
- php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution (CVE-2020-7065)
- php: Information disclosure in function get_headers (CVE-2020-7066)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://access.redhat.com/security/cve/CVE-2019-11039
https://access.redhat.com/security/cve/CVE-2019-11040
https://access.redhat.com/security/cve/CVE-2019-11041
https://access.redhat.com/security/cve/CVE-2019-11042
https://access.redhat.com/security/cve/CVE-2019-11045
https://access.redhat.com/security/cve/CVE-2019-11047
https://access.redhat.com/security/cve/CVE-2019-11048
https://access.redhat.com/security/cve/CVE-2019-11050
https://access.redhat.com/security/cve/CVE-2019-13224
https://access.redhat.com/security/cve/CVE-2019-13225
https://access.redhat.com/security/cve/CVE-2019-16163
https://access.redhat.com/security/cve/CVE-2019-19203
https://access.redhat.com/security/cve/CVE-2019-19204
https://access.redhat.com/security/cve/CVE-2019-19246
https://access.redhat.com/security/cve/CVE-2019-20454
https://access.redhat.com/security/cve/CVE-2020-7059
https://access.redhat.com/security/cve/CVE-2020-7060
https://access.redhat.com/security/cve/CVE-2020-7062
https://access.redhat.com/security/cve/CVE-2020-7063
https://access.redhat.com/security/cve/CVE-2020-7064
https://access.redhat.com/security/cve/CVE-2020-7065
https://access.redhat.com/security/cve/CVE-2020-7066
https://access.redhat.com/errata/RHSA-2020:3662
https://bugzilla.redhat.com/1724152
https://bugzilla.redhat.com/1724154
https://bugzilla.redhat.com/1728965
https://bugzilla.redhat.com/1728970
https://bugzilla.redhat.com/1735494
https://bugzilla.redhat.com/1739459
https://bugzilla.redhat.com/1739465
https://bugzilla.redhat.com/1768997
https://bugzilla.redhat.com/1777537
https://bugzilla.redhat.com/1786570
https://bugzilla.redhat.com/1786572
https://bugzilla.redhat.com/1788258
https://bugzilla.redhat.com/1797776
https://bugzilla.redhat.com/1797779
https://bugzilla.redhat.com/1802061
https://bugzilla.redhat.com/1802068
https://bugzilla.redhat.com/1808532
https://bugzilla.redhat.com/1808536
https://bugzilla.redhat.com/1820601
https://bugzilla.redhat.com/1820604
Plugin Details
Severity: Critical
ID: 140396
File Name: redhat-RHSA-2020-3662.nasl
Version: 1.9
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 9/8/2020
Updated: 5/25/2023
Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2019-13224
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:libzip-tools, p-cpe:/a:redhat:enterprise_linux:php, cpe:/o:redhat:enterprise_linux:8, cpe:/o:redhat:rhel_aus:8.2, cpe:/o:redhat:rhel_aus:8.4, cpe:/o:redhat:rhel_aus:8.6, cpe:/o:redhat:rhel_e4s:8.2, cpe:/o:redhat:rhel_e4s:8.4, cpe:/o:redhat:rhel_e4s:8.6, cpe:/o:redhat:rhel_eus:8.2, cpe:/o:redhat:rhel_eus:8.4, cpe:/o:redhat:rhel_eus:8.6, cpe:/o:redhat:rhel_tus:8.2, cpe:/o:redhat:rhel_tus:8.4, cpe:/o:redhat:rhel_tus:8.6, p-cpe:/a:redhat:enterprise_linux:apcu-panel, p-cpe:/a:redhat:enterprise_linux:libzip, p-cpe:/a:redhat:enterprise_linux:libzip-devel, p-cpe:/a:redhat:enterprise_linux:php-bcmath, p-cpe:/a:redhat:enterprise_linux:php-cli, p-cpe:/a:redhat:enterprise_linux:php-common, p-cpe:/a:redhat:enterprise_linux:php-dba, p-cpe:/a:redhat:enterprise_linux:php-dbg, p-cpe:/a:redhat:enterprise_linux:php-devel, p-cpe:/a:redhat:enterprise_linux:php-embedded, p-cpe:/a:redhat:enterprise_linux:php-enchant, p-cpe:/a:redhat:enterprise_linux:php-fpm, p-cpe:/a:redhat:enterprise_linux:php-gd, p-cpe:/a:redhat:enterprise_linux:php-gmp, p-cpe:/a:redhat:enterprise_linux:php-intl, p-cpe:/a:redhat:enterprise_linux:php-json, p-cpe:/a:redhat:enterprise_linux:php-ldap, p-cpe:/a:redhat:enterprise_linux:php-mbstring, p-cpe:/a:redhat:enterprise_linux:php-mysqlnd, p-cpe:/a:redhat:enterprise_linux:php-odbc, p-cpe:/a:redhat:enterprise_linux:php-opcache, p-cpe:/a:redhat:enterprise_linux:php-pdo, p-cpe:/a:redhat:enterprise_linux:php-pear, p-cpe:/a:redhat:enterprise_linux:php-pecl-apcu, p-cpe:/a:redhat:enterprise_linux:php-pecl-apcu-devel, p-cpe:/a:redhat:enterprise_linux:php-pecl-rrd, p-cpe:/a:redhat:enterprise_linux:php-pecl-xdebug, p-cpe:/a:redhat:enterprise_linux:php-pecl-zip, p-cpe:/a:redhat:enterprise_linux:php-pgsql, p-cpe:/a:redhat:enterprise_linux:php-process, p-cpe:/a:redhat:enterprise_linux:php-recode, p-cpe:/a:redhat:enterprise_linux:php-snmp, p-cpe:/a:redhat:enterprise_linux:php-soap, p-cpe:/a:redhat:enterprise_linux:php-xml, p-cpe:/a:redhat:enterprise_linux:php-xmlrpc
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 9/8/2020
Vulnerability Publication Date: 5/7/2019
Reference Information
CVE: CVE-2019-11039, CVE-2019-11040, CVE-2019-11041, CVE-2019-11042, CVE-2019-11045, CVE-2019-11047, CVE-2019-11048, CVE-2019-11050, CVE-2019-13224, CVE-2019-13225, CVE-2019-16163, CVE-2019-19203, CVE-2019-19204, CVE-2019-19246, CVE-2019-20454, CVE-2020-7059, CVE-2020-7060, CVE-2020-7062, CVE-2020-7063, CVE-2020-7064, CVE-2020-7065, CVE-2020-7066