Headline
RHSA-2022:8197: Red Hat Security Advisory: php security, bug fix, and enhancement update
An update for php is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2021-21708: php: Use after free due to php_filter_float() failing for ints
- CVE-2022-31625: php: Uninitialized array in pg_query_params() leading to RCE
Issued:
2022-11-15
Updated:
2022-11-15
RHSA-2022:8197 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: php security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for php is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
The following packages have been upgraded to a later upstream version: php (8.0.20). (BZ#2095752)
Security Fix(es):
- php: Use after free due to php_filter_float() failing for ints (CVE-2021-21708)
- php: Uninitialized array in pg_query_params() leading to RCE (CVE-2022-31625)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
Fixes
- BZ - 2055879 - CVE-2021-21708 php: Use after free due to php_filter_float() failing for ints
- BZ - 2095447 - php-fpm has an odd Requires
- BZ - 2095752 - Rebase to 8.0.20
- BZ - 2098521 - CVE-2022-31625 php: Uninitialized array in pg_query_params() leading to RCE
- BZ - 2104630 - PHP 8 snmp3 Calls Using authPriv or authNoPriv Immediately Return False Without Error Message
References
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index
Red Hat Enterprise Linux for x86_64 9
SRPM
php-8.0.20-3.el9.src.rpm
SHA-256: dc4d6b5cc49504b0f2566fdb5a9bd9b93f2b75904f3fc200e7d4334f2f625e2f
x86_64
php-8.0.20-3.el9.x86_64.rpm
SHA-256: c2c023dced3310c667e2d44289b3298b6e6701349d7146f7e72bb69cc9424c6d
php-bcmath-8.0.20-3.el9.x86_64.rpm
SHA-256: 2a47a46bc95b9b01c08763a2a9a5a64f85728fb3c16ffb6ffc86b8cbce617472
php-bcmath-debuginfo-8.0.20-3.el9.x86_64.rpm
SHA-256: 622d097e138619237dc7a2c33bc22c13638a5eb50431ea157131b49a15b0514a
php-cli-8.0.20-3.el9.x86_64.rpm
SHA-256: 51d074693fbc2eb5b47593d86cfffa887dbca5b1b417379ffcd57cf65439cb16
php-cli-debuginfo-8.0.20-3.el9.x86_64.rpm
SHA-256: 339e563228e6040b94e5a40d4599139aa43373446da120f38b9ac3b70b24f118
php-common-8.0.20-3.el9.x86_64.rpm
SHA-256: d9925d0641b70ddc0ca3628e0aaab337e253c0548e418f9d632f5ca2f019b597
php-common-debuginfo-8.0.20-3.el9.x86_64.rpm
SHA-256: 34b25a7a7574fe90ba6df26ece2db9887d23485e07b269153cce72b9bf749175
php-dba-8.0.20-3.el9.x86_64.rpm
SHA-256: 319e46a77efce3cc2f664c94b2325a3d325777a4600c9aa0033222a84a75a067
php-dba-debuginfo-8.0.20-3.el9.x86_64.rpm
SHA-256: b812068e49cb62bbecbfd55d6bc71b0cea278351b642dea4285849e1a6230fff
php-dbg-8.0.20-3.el9.x86_64.rpm
SHA-256: 28e4090e05a41cc5cf17d3644ca7ac2238cbd7095abcf322fd62391ae917797e
php-dbg-debuginfo-8.0.20-3.el9.x86_64.rpm
SHA-256: 72830b937f0dacd2c1c008d93b5e06fb8077cb02f5948e8f8f77ed2cb24b7050
php-debuginfo-8.0.20-3.el9.x86_64.rpm
SHA-256: 0029bd8c31c65cbd3bdb410d94dcccdd185d8acbc385dac5455e3240bc8e0f9e
php-debugsource-8.0.20-3.el9.x86_64.rpm
SHA-256: 65bf338e4b80a40cdfb9fdac7d611b25ffac4808c0ca4ac85be715e4f3d65bfa
php-devel-8.0.20-3.el9.x86_64.rpm
SHA-256: b9ab107443f4b7a091ac60ed05302336c4954d8cb6b6419426201bb5212f6f15
php-embedded-8.0.20-3.el9.x86_64.rpm
SHA-256: 2d52e0b851ce45e0df92bb03ff9cb4f2a261f22da8d4ded3390e748d8143ac59
php-embedded-debuginfo-8.0.20-3.el9.x86_64.rpm
SHA-256: 6f5f039860476eca7bf86173774f9a9a735f772d2083e09a514370a0b57ebe35
php-enchant-8.0.20-3.el9.x86_64.rpm
SHA-256: 95cd7ea7e44fc4740f8bbd28288d00b6070b2ba52f4f8f4092b6309ec0f8216c
php-enchant-debuginfo-8.0.20-3.el9.x86_64.rpm
SHA-256: 158ec2bc32b9ad0a0db1483550e36aaf7b7e339410c74da36fff96663dc12176
php-ffi-8.0.20-3.el9.x86_64.rpm
SHA-256: d3ae9c9ad128b136cee13454b6f8417f1acaaf72d0d6a1d34b3b7526f94c9293
php-ffi-debuginfo-8.0.20-3.el9.x86_64.rpm
SHA-256: df02a2539b8e25f941928770808fd6aa57bfa62c185bf31239b43c672671f9b4
php-fpm-8.0.20-3.el9.x86_64.rpm
SHA-256: 3c9a7b679dcc168f76db856541e43754461c46ee2b1317b65eac7ca7bf741469
php-fpm-debuginfo-8.0.20-3.el9.x86_64.rpm
SHA-256: 145fca33d770adcf8de5795e7969d55fbc7392270807d06812cdacebed894d01
php-gd-8.0.20-3.el9.x86_64.rpm
SHA-256: 9209c963b46740d7c95c91de0403b4028263ac50daa02b9209cf64907de59a12
php-gd-debuginfo-8.0.20-3.el9.x86_64.rpm
SHA-256: c45054db5ab029306d0aaa78f1057a4e3e7432a9a5beb635bbfac49cfd81458b
php-gmp-8.0.20-3.el9.x86_64.rpm
SHA-256: 188ed61ff6329a927bcf3cdaa509cd0c04669dd9f5becc782bbfb9dd035316c0
php-gmp-debuginfo-8.0.20-3.el9.x86_64.rpm
SHA-256: 219690e53370acdbd7b9233a7ea34509572b6d9cb6bc8c24a39fe2aa7962bbd9
php-intl-8.0.20-3.el9.x86_64.rpm
SHA-256: 24ad66372d33ed1b2c62cd7bc39dfbf077d5cf4b1dfac0533c5ee46ef3f990bd
php-intl-debuginfo-8.0.20-3.el9.x86_64.rpm
SHA-256: a47bdc40f247410e25bf1ad7a1d502d5a2899d77172d67b50d67eee9ec97cb41
php-ldap-8.0.20-3.el9.x86_64.rpm
SHA-256: 90e8ea3d5d96269dd3b02224a8a67cb9cd30a85f17ffd09a027dfc4a5c0daefd
php-ldap-debuginfo-8.0.20-3.el9.x86_64.rpm
SHA-256: d4f3a11f472e9b6834c30296743b73e7e6c1651510422f6a24a21d4688618367
php-mbstring-8.0.20-3.el9.x86_64.rpm
SHA-256: 03d38d6785e22662cf9c9b86e087f74408883226180eb8f87f06a7a3a01b7082
php-mbstring-debuginfo-8.0.20-3.el9.x86_64.rpm
SHA-256: ff33f961d2bdfe2c1348787f844fb707a48d441f025c979dbdc5fbb24a8a5eea
php-mysqlnd-8.0.20-3.el9.x86_64.rpm
SHA-256: adf4756c3112018ea15c9af89db23beae7d2c329bf104244f52020f7dfbd46bd
php-mysqlnd-debuginfo-8.0.20-3.el9.x86_64.rpm
SHA-256: b86546c562b94908619512a8735d68ccabb42ff17e10957dd06050e8d8709419
php-odbc-8.0.20-3.el9.x86_64.rpm
SHA-256: a76e86e8ba5b0b2aa71d31af701102ff100ae5e8d6cc8e855445f491d5289be8
php-odbc-debuginfo-8.0.20-3.el9.x86_64.rpm
SHA-256: de199491ecc57e67908fad8283545d29c78fcfe3de0810d7e6eee0ba9ae4a6cf
php-opcache-8.0.20-3.el9.x86_64.rpm
SHA-256: 3b918dad03731120b4c8972c2a51a86dee8df56f8e300b32a46c936567cc3cd1
php-opcache-debuginfo-8.0.20-3.el9.x86_64.rpm
SHA-256: e81e6f5d6ec776725d7556e8a4fa619cd7cb1a0725c370a82c0f84bcc6575798
php-pdo-8.0.20-3.el9.x86_64.rpm
SHA-256: 1624a5a6d92352b47f9e921c8c7c8190640047b1a724b339c562375acf1ebab2
php-pdo-debuginfo-8.0.20-3.el9.x86_64.rpm
SHA-256: eeede9c76b3f72000176b5300c3bdaec4a262ed8fa95a6a5d674f18aa610b6c0
php-pgsql-8.0.20-3.el9.x86_64.rpm
SHA-256: 3809704cc41d2f0d8d67bb169df5b310112a623372dd6c153f8c7086c7b422a9
php-pgsql-debuginfo-8.0.20-3.el9.x86_64.rpm
SHA-256: a0122b4c7f5b60364b0016818106c14f738db3069cb40526a55fd6e942194376
php-process-8.0.20-3.el9.x86_64.rpm
SHA-256: b202f5a0f233324d644e149782747ee24597b6d1be58d4512ca175b722b33d2a
php-process-debuginfo-8.0.20-3.el9.x86_64.rpm
SHA-256: 7b01709a571a2bcc45154243a9277b58b0fa2479edc111ac2b7eeb24b84c4e7a
php-snmp-8.0.20-3.el9.x86_64.rpm
SHA-256: bf7a08b0f5321a994f470f386782201d9734cd4fbbe6a49574f339e4c1169bbc
php-snmp-debuginfo-8.0.20-3.el9.x86_64.rpm
SHA-256: 0344da316f29a6981bde3526a5395c0601ffcc899bbe879098597852bd663635
php-soap-8.0.20-3.el9.x86_64.rpm
SHA-256: c7adcd523b55a7688f5aec6093c2456be9da9e014b1a7721f75bf716ccff4c20
php-soap-debuginfo-8.0.20-3.el9.x86_64.rpm
SHA-256: 09b3c639edce4b3263586963af78a72a6b215a3a6fd172966dd7b791cf2eee50
php-xml-8.0.20-3.el9.x86_64.rpm
SHA-256: 9190aebc2d4020ea6d379ccd65661207b6f7a2de4875cab3eba9f034e8c7c283
php-xml-debuginfo-8.0.20-3.el9.x86_64.rpm
SHA-256: acb18c92dfc23cfa7d07f6003d2b17618881295ec467df352dbde96722f8c9cd
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
php-8.0.20-3.el9.src.rpm
SHA-256: dc4d6b5cc49504b0f2566fdb5a9bd9b93f2b75904f3fc200e7d4334f2f625e2f
s390x
php-8.0.20-3.el9.s390x.rpm
SHA-256: fcd8e759c6e6b63b645249a3a4cdf378eb032d118b1a36d183a281730c2810f9
php-bcmath-8.0.20-3.el9.s390x.rpm
SHA-256: c3014be42ad159c0571644803c5dd51e46e83100182cdb0df4dc3bf5315dcda0
php-bcmath-debuginfo-8.0.20-3.el9.s390x.rpm
SHA-256: 9709486dc710bad2c5fe75fa30c209b06d1629b642aee2ed9d2d55b6b4d5180f
php-cli-8.0.20-3.el9.s390x.rpm
SHA-256: 356d9dbda63c93ffefbba6c8c03460b18e9ca002b8bf413c3f819ac1508ee5b6
php-cli-debuginfo-8.0.20-3.el9.s390x.rpm
SHA-256: 7cd53917fdb81042a1e2421cce08815166c0e8d8aae9af5fc4c1a09f909cfc13
php-common-8.0.20-3.el9.s390x.rpm
SHA-256: d28bde30fe0f33579eb90e876d0ce6e8b43ec96b4a00063408d3545d458cc34b
php-common-debuginfo-8.0.20-3.el9.s390x.rpm
SHA-256: 38b24c67da947ea53ff071fded8e14eb63766f84dea9fe4eace071be64753463
php-dba-8.0.20-3.el9.s390x.rpm
SHA-256: 960546845f4b11f521911e0427cf6dd4ccac6720b5c2d62aab4e03a677633007
php-dba-debuginfo-8.0.20-3.el9.s390x.rpm
SHA-256: 7521cf038daa6503df8a073a4613332042715d2f267d2bedf4ce31d15d484847
php-dbg-8.0.20-3.el9.s390x.rpm
SHA-256: 9a384bfd7091f3f4c68f072ce84bf605760677311a6c71684c6861ea79dd3ee9
php-dbg-debuginfo-8.0.20-3.el9.s390x.rpm
SHA-256: df516eea1f0524fc6da311d39dc329105332d3d941345571c874361d8b2cab63
php-debuginfo-8.0.20-3.el9.s390x.rpm
SHA-256: 79d6ba275809ed21185f326fe7c729f1ab6a12faf58edb9960831644ac4940ff
php-debugsource-8.0.20-3.el9.s390x.rpm
SHA-256: 4f4372c85e42d0f7df9b93c13ba19a9cad26934bb04ee769804d89722391fb8d
php-devel-8.0.20-3.el9.s390x.rpm
SHA-256: 8e19943d020c14007582e26d56a54d2d8080d492cf5dd268242361e29709940b
php-embedded-8.0.20-3.el9.s390x.rpm
SHA-256: c8e6923e8dc2a6902d126e40362d49de9898a68eec4373437a5cae6013d8290c
php-embedded-debuginfo-8.0.20-3.el9.s390x.rpm
SHA-256: c3f8f3fa0372a8b59e324d792ee85f257e8661137a8174f133d993889e08f731
php-enchant-8.0.20-3.el9.s390x.rpm
SHA-256: ba96cb43600516299ca8bcc32250578779d0b70204bbe7b6e1c7f910100a61ac
php-enchant-debuginfo-8.0.20-3.el9.s390x.rpm
SHA-256: 4fb0ca7f7b6dbe71565487c5a40d317daf6eabfdbb73924feee304e37a4d4e56
php-ffi-8.0.20-3.el9.s390x.rpm
SHA-256: aa269eb16fd19541d0b14b3dda4239c7a6168ce4704a8e449063ffa3fbae3480
php-ffi-debuginfo-8.0.20-3.el9.s390x.rpm
SHA-256: 4e35f5ef06f7a576c916119a74c17fe30a7e04f177a8f54bd94a925d5c01de75
php-fpm-8.0.20-3.el9.s390x.rpm
SHA-256: 60f480df3dede2dfad5787f2b761be18ac66b854de7e87b59fb057ffcee6b116
php-fpm-debuginfo-8.0.20-3.el9.s390x.rpm
SHA-256: cc854c1861f04ea5119b6bee0ab848cc7cd4e7a7aed937fbebb356603f5221ae
php-gd-8.0.20-3.el9.s390x.rpm
SHA-256: 79099ea1f97de40bbbb658183b35cb2df8eccc1544c79a32ef06bbd6cb22ea82
php-gd-debuginfo-8.0.20-3.el9.s390x.rpm
SHA-256: aaed901d07cc69eca79bd8b44bffc5946eb3e74e22f014c84a2e1001a1cbb5a5
php-gmp-8.0.20-3.el9.s390x.rpm
SHA-256: b3133e58ee8c3f46364d5f462f457ac97ee20a96770381b4ca5ec26341bbeabb
php-gmp-debuginfo-8.0.20-3.el9.s390x.rpm
SHA-256: 9252a17085bbb5e44e583fc1ff7d279ca3ffe72de4e34dd23d1851b80cba79bf
php-intl-8.0.20-3.el9.s390x.rpm
SHA-256: 2874acfdb8551b6bff068b99930afeab6cda636bd68f001d8562da12d2cf15ff
php-intl-debuginfo-8.0.20-3.el9.s390x.rpm
SHA-256: 2c4508316fc63d1f144102f8f38921db025093f25dc766d188f982d68ecb1866
php-ldap-8.0.20-3.el9.s390x.rpm
SHA-256: 549095af299dec6890f544bc20e8597dda86046f93fb3627a9c3bbe9b11f9ba7
php-ldap-debuginfo-8.0.20-3.el9.s390x.rpm
SHA-256: 3aa9c2d813b98e25a667d8097fdf7ee234393cba1d902d994c16c48f762a4d79
php-mbstring-8.0.20-3.el9.s390x.rpm
SHA-256: fdd6d181434f1c5c99c8a95a4021bc96eaae13e57aacc249d1123050bbf305e5
php-mbstring-debuginfo-8.0.20-3.el9.s390x.rpm
SHA-256: fcc4411a6ea2bd4c5fcb4b0d3706222fd9236e15c376be176b7292fa0e264ffb
php-mysqlnd-8.0.20-3.el9.s390x.rpm
SHA-256: 5da2def6d23fb3cee41934eefe04d456a3c9e93dbd67cb63fbb27a79cbc23ece
php-mysqlnd-debuginfo-8.0.20-3.el9.s390x.rpm
SHA-256: 67bc6bff50f9763e3ec4f1ce7fcb4c3bb18d4a435ace89f98fa1db4969ad36bd
php-odbc-8.0.20-3.el9.s390x.rpm
SHA-256: 2319dfa56f9f5cd825577b104ac838be332055cd4a5e599bb79562ab31324f79
php-odbc-debuginfo-8.0.20-3.el9.s390x.rpm
SHA-256: 45b6dba3f3e2c70ca5754cf64428727f1030d08f9183d441aff60fde589ab915
php-opcache-8.0.20-3.el9.s390x.rpm
SHA-256: 0b7961d0258ce59ff7b38ca70570b7126ed1df16544861cad47c1c9fa635307a
php-opcache-debuginfo-8.0.20-3.el9.s390x.rpm
SHA-256: d980a8752ce23b0b5d158e8750d83e29aa4f3b27f8a415208210e416b01c4e22
php-pdo-8.0.20-3.el9.s390x.rpm
SHA-256: f8fc47eb9a5515dc5ad09a008051300dd2a9ddaf5bbcaa75bd5739eadbdec507
php-pdo-debuginfo-8.0.20-3.el9.s390x.rpm
SHA-256: a9b8b67feb9c829aa7309c6863b8e28e4f48f0f8b8bd7f84094ccac5be7bb157
php-pgsql-8.0.20-3.el9.s390x.rpm
SHA-256: 482569a4b5781dc3c8bebceeac51fc7f2756dc0c78d31fc4658dc0f3c5c7184a
php-pgsql-debuginfo-8.0.20-3.el9.s390x.rpm
SHA-256: 16ace9f6ca3ec4412242fa9245eb21b335d7af44fa1dcfb0bc185399993b2d6e
php-process-8.0.20-3.el9.s390x.rpm
SHA-256: d86614c9b005ecdc1c9ec7ee2e7bdc5ea6830b02b016ac977e57567282b51903
php-process-debuginfo-8.0.20-3.el9.s390x.rpm
SHA-256: 5cdac44dabd0b3700d1e3d242bb9e006a8930f8dc6c4e9df99dc3c5075d05d93
php-snmp-8.0.20-3.el9.s390x.rpm
SHA-256: 63d01a0b581167f5236878993cc3d1d80bfa9de42cb5c6fa361d750353c6e7b8
php-snmp-debuginfo-8.0.20-3.el9.s390x.rpm
SHA-256: fa50f69efb4af3cdcb60e2d7f3233de5e5cdcb7532e65992b8c504f4bba77ebf
php-soap-8.0.20-3.el9.s390x.rpm
SHA-256: ec8605a689952710304035a78b445b42cdb8abde4a1b3681a6545b74ca7c67c0
php-soap-debuginfo-8.0.20-3.el9.s390x.rpm
SHA-256: 9bf37c0f88d07dfeb32502a577aa6f37ce8d8506206e7e34ffb97e3e6759981a
php-xml-8.0.20-3.el9.s390x.rpm
SHA-256: 30a36f036f282eaba96889ea71ce43e0f552bc994b57519d5178e72b22c5b132
php-xml-debuginfo-8.0.20-3.el9.s390x.rpm
SHA-256: 535431485d4d521959c052c94db160cfea7e578153c8b9d3d5de023a51cbb902
Red Hat Enterprise Linux for Power, little endian 9
SRPM
php-8.0.20-3.el9.src.rpm
SHA-256: dc4d6b5cc49504b0f2566fdb5a9bd9b93f2b75904f3fc200e7d4334f2f625e2f
ppc64le
php-8.0.20-3.el9.ppc64le.rpm
SHA-256: 71f9b80bab7f4a3a47d894d3573d3d76e96428384a89e47b3b7f1e4496998f49
php-bcmath-8.0.20-3.el9.ppc64le.rpm
SHA-256: 66a86f4984a5023e97e73fffd4f1ae7c377f419795782ae4c86a7521b0aa3ab4
php-bcmath-debuginfo-8.0.20-3.el9.ppc64le.rpm
SHA-256: 11336d8e374a0655dea1ce3c0801a50ef2450d18bdc28786a58e1ed59bb4f9c4
php-cli-8.0.20-3.el9.ppc64le.rpm
SHA-256: 41f0fa01878990f39ca459d918dd4decce2adffff5f4a8351f61c13d1568615a
php-cli-debuginfo-8.0.20-3.el9.ppc64le.rpm
SHA-256: 9fa2cdb9dc44f5438a979710b31edb57c7d07d2239672040efb47656cd1f2deb
php-common-8.0.20-3.el9.ppc64le.rpm
SHA-256: 109f0558df49e26281ae5d55345aecfda8ea2bba62cc42af30c67f58886a032a
php-common-debuginfo-8.0.20-3.el9.ppc64le.rpm
SHA-256: 599b786a21f065a7fdf5744af2d13a8d554a0a4445f1046cb8f355b3ee22a680
php-dba-8.0.20-3.el9.ppc64le.rpm
SHA-256: 2a77abed73be90a117c73b05f9619673330de16055f5889558352a5bfc4a69f8
php-dba-debuginfo-8.0.20-3.el9.ppc64le.rpm
SHA-256: f25c1ecabf84610486bfc69f818cab71406b56d71604af51ec4fb6b58ce5328b
php-dbg-8.0.20-3.el9.ppc64le.rpm
SHA-256: 8f6fb5889534449a7f7aa1403ebcb0bb4706d6e02edae6588577efc077f56e8d
php-dbg-debuginfo-8.0.20-3.el9.ppc64le.rpm
SHA-256: 199e481e8f283594bff2dda3669146e9644bcba6cafa49845f1c15d65bf08877
php-debuginfo-8.0.20-3.el9.ppc64le.rpm
SHA-256: babfea9d957eaac73ed2b942c95d6ff2514c1b09597cd88d0da59f8ec9a3ca09
php-debugsource-8.0.20-3.el9.ppc64le.rpm
SHA-256: 419bca92d7c151d3d7ff0da077f4c3b58788b99ebf2765683d9f3a98da00696e
php-devel-8.0.20-3.el9.ppc64le.rpm
SHA-256: c0a96415d79df6580ab1e6c1306ca07ce52e7e8a92f2bd2802eebbbf69fe53e2
php-embedded-8.0.20-3.el9.ppc64le.rpm
SHA-256: 014024c8b06e67508e8c7b303eaec4b4f38e80f9488d6d2c0114424ef284cf04
php-embedded-debuginfo-8.0.20-3.el9.ppc64le.rpm
SHA-256: dfca0c0b75fa3230e2aafc15e0636f8b54086300a3f92862d73c9a25d3e6bc15
php-enchant-8.0.20-3.el9.ppc64le.rpm
SHA-256: 718f5bff2e89c9a0badfa3eeb3a8a100b1994d4b4295f59839d52955fd85627f
php-enchant-debuginfo-8.0.20-3.el9.ppc64le.rpm
SHA-256: 7a379d21a87137119c64b08872887c351b811af364210b68bb9068f756d980f2
php-ffi-8.0.20-3.el9.ppc64le.rpm
SHA-256: cb22dcf2cfecfcc7fa79e579419c08e145f7eea2689e73ac59f1a6375ebb7a40
php-ffi-debuginfo-8.0.20-3.el9.ppc64le.rpm
SHA-256: 8ae5b1ceabbd064cfbd61889026199e1e64ec8f576c103cd79aef305b745547d
php-fpm-8.0.20-3.el9.ppc64le.rpm
SHA-256: f579c2cdec1972566105b150b270251bc396e161ee30880e7b65fe4f0b2afd5f
php-fpm-debuginfo-8.0.20-3.el9.ppc64le.rpm
SHA-256: f9101d2e276533efa072a8546b5c2eb2d15d7bee205c4fcfa4102e04bdf55a9c
php-gd-8.0.20-3.el9.ppc64le.rpm
SHA-256: a87e910179bc18a65398f3f480b3b859a0de92e8ddd9a998acb22ab997c6ffd6
php-gd-debuginfo-8.0.20-3.el9.ppc64le.rpm
SHA-256: c6e3f7b3d0b023893208490bfc1476498d86694e5ef0fc83bee690155bd932f6
php-gmp-8.0.20-3.el9.ppc64le.rpm
SHA-256: 61fab3c000d84b29a57329b8dc07a83b0c5c970df6040d201fc47ecd79333095
php-gmp-debuginfo-8.0.20-3.el9.ppc64le.rpm
SHA-256: 956564d12b6c58ac09f04e82b06d05eb0761f9b210e24d70682113553bc88b40
php-intl-8.0.20-3.el9.ppc64le.rpm
SHA-256: 7e0f438d080b38f6b75d984ee558727ebe2151144e9820c65d3e6562aa38b8bb
php-intl-debuginfo-8.0.20-3.el9.ppc64le.rpm
SHA-256: 3090cd7554185c76727d85139a895e21e11c22d3539fab0e20702143d393812e
php-ldap-8.0.20-3.el9.ppc64le.rpm
SHA-256: 3371691a9e132071786170f2dd9fdbe6b7a6013789977d01bbef1c4c54202fe2
php-ldap-debuginfo-8.0.20-3.el9.ppc64le.rpm
SHA-256: 91ee2da3d74b014a1f7900edc05bc2896380fa415b962cfb0076e7556d041c17
php-mbstring-8.0.20-3.el9.ppc64le.rpm
SHA-256: 2eb2506da69ff7140e179d4aae6a0d6e052fb29a62dbf2eea6fb4a929ea9c2e2
php-mbstring-debuginfo-8.0.20-3.el9.ppc64le.rpm
SHA-256: 9ea6052cae5834de812360bb66773d91d68f8f38151662798b2e297459059e29
php-mysqlnd-8.0.20-3.el9.ppc64le.rpm
SHA-256: 3b8e3182bd164f89307349b59bc1ebee4c4e37b621c3809ef4fb6542fea52f4e
php-mysqlnd-debuginfo-8.0.20-3.el9.ppc64le.rpm
SHA-256: cb91a72fd983fd698cbe999acd7bc135d334f3124f0edb7e8a662a300553512b
php-odbc-8.0.20-3.el9.ppc64le.rpm
SHA-256: d2eb0cb1c21dad6461ebc7965d0e6bd678ee5db4b0b28f4e4edc339ea8fb01dc
php-odbc-debuginfo-8.0.20-3.el9.ppc64le.rpm
SHA-256: 1b11583402e0552bd02df154392b68aa53f81086b21fb439f5c7fa30172865b7
php-opcache-8.0.20-3.el9.ppc64le.rpm
SHA-256: b74067c25466e61699df90201419ee8721a0f810b492a955694a7493cb67d06d
php-opcache-debuginfo-8.0.20-3.el9.ppc64le.rpm
SHA-256: 820c4ecd7587ee987a2d3070f5fdb14bbdea9eb35bd5696334dc70d66b12dc5d
php-pdo-8.0.20-3.el9.ppc64le.rpm
SHA-256: fd757495c5d27ada95abef2cb84070895fd4fe08db14693be374d39eaaa13e04
php-pdo-debuginfo-8.0.20-3.el9.ppc64le.rpm
SHA-256: d3b6fd79dbcbadd0281b4fd660e2cf50243871eca22e35c44d744d2774ee0786
php-pgsql-8.0.20-3.el9.ppc64le.rpm
SHA-256: 3710a9053d8d3f861e3f8c760f7be30e0bd1f54679f066e9edb7f344d0e10310
php-pgsql-debuginfo-8.0.20-3.el9.ppc64le.rpm
SHA-256: ff7c23c21a32f351d828be72256ab514a0b4f00a80acf6dbe4c08821dc506b0d
php-process-8.0.20-3.el9.ppc64le.rpm
SHA-256: b681836753c78afa4b1a87effd3cbf8dedf4f1d0530420ae15630a656e5be8f6
php-process-debuginfo-8.0.20-3.el9.ppc64le.rpm
SHA-256: 5772109889da88d1ab9c6f4cecc934f99b578e8ecb88bb1550ba975d7b1c816e
php-snmp-8.0.20-3.el9.ppc64le.rpm
SHA-256: 4fe64e841bf91c3366cfffeba5c44f7def15c36f55fbaa0f52c5f00f45b50039
php-snmp-debuginfo-8.0.20-3.el9.ppc64le.rpm
SHA-256: e58fd4dd231448ba09b956a167caa830fae7cc977f77170c12e1aacedbf98391
php-soap-8.0.20-3.el9.ppc64le.rpm
SHA-256: 672010f4314137063e44b5377eed900997457c9cde36e1ed8b32429ea9a631da
php-soap-debuginfo-8.0.20-3.el9.ppc64le.rpm
SHA-256: e63dfa98c457634c5be698b6073ac12b1831d5b9dd5aed8c2302eaba2f1f98e3
php-xml-8.0.20-3.el9.ppc64le.rpm
SHA-256: db4a860f7f580a3b153f2f55ce0b2805321e15c7de20b05a9bfff7b072ff406d
php-xml-debuginfo-8.0.20-3.el9.ppc64le.rpm
SHA-256: 371d7534ae7f0fcf4cc73b28abe9f10928c8e2061565cb73c7c9e3adbe45e4ea
Red Hat Enterprise Linux for ARM 64 9
SRPM
php-8.0.20-3.el9.src.rpm
SHA-256: dc4d6b5cc49504b0f2566fdb5a9bd9b93f2b75904f3fc200e7d4334f2f625e2f
aarch64
php-8.0.20-3.el9.aarch64.rpm
SHA-256: ddc75a2d453909998cfdd142b8792af5847909f6839dc689d2bb0d32d678b51f
php-bcmath-8.0.20-3.el9.aarch64.rpm
SHA-256: 43db266ddd0127cd0240fc7f0040b3aeb4e54e53d56963ee03de9b5d7664dea7
php-bcmath-debuginfo-8.0.20-3.el9.aarch64.rpm
SHA-256: aa25eb119b19fda42557b831498ad0bc733a9a6416df409f809bd7aadfa4a581
php-cli-8.0.20-3.el9.aarch64.rpm
SHA-256: 797fe110367e52de090d314119e252ccc8382afdc13a31d334e01bb4bebae8b4
php-cli-debuginfo-8.0.20-3.el9.aarch64.rpm
SHA-256: 450b9e2a52969088f0af5636f1e2dd4e56bdaf97e0fd7fc8c052e3632c9fb1bc
php-common-8.0.20-3.el9.aarch64.rpm
SHA-256: efbfed96b21889690e14aa038f7bac84d9289b377be68d4fe5c0e956ad52de36
php-common-debuginfo-8.0.20-3.el9.aarch64.rpm
SHA-256: 545d42c783f06cad103793d7fe0046117ba9adb5805ff88c9c6a872d93338f80
php-dba-8.0.20-3.el9.aarch64.rpm
SHA-256: 0d0da1d8977dbfd4169b0d41bc390e976fde99c010c44134344351e5c1495577
php-dba-debuginfo-8.0.20-3.el9.aarch64.rpm
SHA-256: e5dbaf28c8c72337eba9065e99347da28387ed66cd6b3da5ee16868e35ced70a
php-dbg-8.0.20-3.el9.aarch64.rpm
SHA-256: 7836316ceeeb84ec773e4db53d3924b86c371016c2632b0ec799de250122a20b
php-dbg-debuginfo-8.0.20-3.el9.aarch64.rpm
SHA-256: 9c84f318784193ea2bd13f9ff3e9c5450c61656b0a5e26633b64aba8d1525cdd
php-debuginfo-8.0.20-3.el9.aarch64.rpm
SHA-256: 27bbc04fa80245ba7087089d838617cbba8c55cfad0cfffaea233299d9c89112
php-debugsource-8.0.20-3.el9.aarch64.rpm
SHA-256: 8edaef7c217eff13be9e51b06c641e88f69a418e14d900c8b342bba032494042
php-devel-8.0.20-3.el9.aarch64.rpm
SHA-256: 550fdc5a32c3f246d718e156b9a35146625a11bfad70ab7bbd02920551988a57
php-embedded-8.0.20-3.el9.aarch64.rpm
SHA-256: 79cd12182efc87daa6a459135d23d587c35d230c75129b2c3f888ea36a12f6ec
php-embedded-debuginfo-8.0.20-3.el9.aarch64.rpm
SHA-256: b01fae06f3f84bb166d27df40121f7e63259bc4a7408968764f2ad3ae0e130f1
php-enchant-8.0.20-3.el9.aarch64.rpm
SHA-256: 4e03b9b443a48f9c83a8d3adeb2c8f89739cec37272bac27e421f354c6d07ae5
php-enchant-debuginfo-8.0.20-3.el9.aarch64.rpm
SHA-256: 5f38adb1201ac7917da6d60eeb8f2da6b90044af249cb2515d0587d0a34a3c73
php-ffi-8.0.20-3.el9.aarch64.rpm
SHA-256: 54462940855f8c8b0f007225845b610517d718fd14477ab2f127f6930619b635
php-ffi-debuginfo-8.0.20-3.el9.aarch64.rpm
SHA-256: e321d3b9b828b17bf60a02053dbf41417b39575e4ed8fbcece44d6a237b5581e
php-fpm-8.0.20-3.el9.aarch64.rpm
SHA-256: 3a53adcf4499392f4726c557a4ad43c06f549e0b18442df57a44e8ecd3b104fa
php-fpm-debuginfo-8.0.20-3.el9.aarch64.rpm
SHA-256: 11b466c75f2b270db177688d7f08ba9143fe555dc54400d6d220cca95b986549
php-gd-8.0.20-3.el9.aarch64.rpm
SHA-256: a814880903615ff07f4753d352ffc760ec69860fc1e3f2761a332600e532eb8f
php-gd-debuginfo-8.0.20-3.el9.aarch64.rpm
SHA-256: 3555ff8a305377d10d4517833bf1aeeef8c0f9b7103cabf56b2e273c3edaf8b8
php-gmp-8.0.20-3.el9.aarch64.rpm
SHA-256: c533f619978f28e754d90442814d4ee0a6c787a93b731118ce3dede93376bda0
php-gmp-debuginfo-8.0.20-3.el9.aarch64.rpm
SHA-256: 39c14ccc049ae2a3754ae5c6c1a66247b674e9a5e55d7be3bf280f632d9bf3df
php-intl-8.0.20-3.el9.aarch64.rpm
SHA-256: 615d7345383f7758bb336474f1f30cef326d641b53243ef5e1f5b645e903eabb
php-intl-debuginfo-8.0.20-3.el9.aarch64.rpm
SHA-256: f03429d8f95e455cbd77949e1a2a1d72cf75ac525ef2ad483a7f469201671505
php-ldap-8.0.20-3.el9.aarch64.rpm
SHA-256: 1c6574c1af00bf8f88c10a258ab373d9d646984117bdfcc282754f31a1cb5722
php-ldap-debuginfo-8.0.20-3.el9.aarch64.rpm
SHA-256: 66a2eac1252c6c42a895c5ea776635187e78b933869e0057f450298540d31d7d
php-mbstring-8.0.20-3.el9.aarch64.rpm
SHA-256: e34a4f949257e9603d659d54f49ab87768833e315c0dde3857607cbf7ed4b993
php-mbstring-debuginfo-8.0.20-3.el9.aarch64.rpm
SHA-256: c8202775d8a1201025e41aaa21a699195ca61e93d8ac9457611291963cc42b87
php-mysqlnd-8.0.20-3.el9.aarch64.rpm
SHA-256: 501aa4ce245e779c53ced4f946d8083907bc96f8e96a237410caa8a286a19b2f
php-mysqlnd-debuginfo-8.0.20-3.el9.aarch64.rpm
SHA-256: d0585944546f370bf35254c4cc665ad2d4ab67fd4c97301f224c3a2dea474adc
php-odbc-8.0.20-3.el9.aarch64.rpm
SHA-256: e53403cace859b220d5de8910d9bfb31724aa31272cb32339b4a2c5007d07dba
php-odbc-debuginfo-8.0.20-3.el9.aarch64.rpm
SHA-256: d0d9107203dc0252809ba2d885301589907efd1997c86868aac89446fdbc7aa5
php-opcache-8.0.20-3.el9.aarch64.rpm
SHA-256: c2e45d6d9335d77d7acb2cbd365b78dd029d8545536a1005447ed667b22d9c71
php-opcache-debuginfo-8.0.20-3.el9.aarch64.rpm
SHA-256: 4e6d268e3ff943b3c7c092934c92aa604d6dd54cb5c58225a7b009e6be8f4cb4
php-pdo-8.0.20-3.el9.aarch64.rpm
SHA-256: df2bc609c0748951a47b176e41c64348e83f62394d90eaf8346f7d40c6dbb9a6
php-pdo-debuginfo-8.0.20-3.el9.aarch64.rpm
SHA-256: 42bc406c5b239cf1473b33ec59296fe966f35aba6038517e0a7ab5d07a100ded
php-pgsql-8.0.20-3.el9.aarch64.rpm
SHA-256: 349500db116907b93c299cb1046550c53a37d3de1e29b8fa9a14a6c2efe89985
php-pgsql-debuginfo-8.0.20-3.el9.aarch64.rpm
SHA-256: 77042263b9b67b81fe162082a5e232858bf63dd1e605627a7e54df9814e5706b
php-process-8.0.20-3.el9.aarch64.rpm
SHA-256: c01bedc4577a85b1ab7431db7cc7b54d3f1d2c6d43e7563acca5ca096cd99f59
php-process-debuginfo-8.0.20-3.el9.aarch64.rpm
SHA-256: cd61548d19638befa23c5fe275de30af3d2d01a74e475dc98ad05b4726c404d1
php-snmp-8.0.20-3.el9.aarch64.rpm
SHA-256: 5d74cc596677c967c73466051eec36afc03454baaf278de100444ae4cf30cd76
php-snmp-debuginfo-8.0.20-3.el9.aarch64.rpm
SHA-256: cc6b6bcb29d23d9ed5d700e3087dc446894164730e541374c922a7990b8e715d
php-soap-8.0.20-3.el9.aarch64.rpm
SHA-256: 4ba4add742b2d775b72c0307d6e0b2fdd7cfb0a5eb90ea47960b982a4c841c83
php-soap-debuginfo-8.0.20-3.el9.aarch64.rpm
SHA-256: 114c44958029f79474fe06e84c8ee4eabde5e1e5e76b9d165719a4fc3498848c
php-xml-8.0.20-3.el9.aarch64.rpm
SHA-256: 60d947ea9803dd74b9ab7f9d7eb8da6c0c3c07d2e8642ad7749459bfdd310ab4
php-xml-debuginfo-8.0.20-3.el9.aarch64.rpm
SHA-256: 1a151798fea42f86e222b57e3c16a31e16231a131679dc9e179bd75d7bf245c1
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
Red Hat Security Advisory 2022-8197-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include a use-after-free vulnerability.
An update for the php:7.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-21707: php: Special character breaks path in xml parsing * CVE-2021-21708: php: Use after free due to php_filter_float() failing for ints * CVE-2021-32610: php-pear: Directory traversal vulnerability
An update for the php:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-21708: php: Use after free due to php_filter_float() failing for ints * CVE-2022-31625: php: Uninitialized array in pg_query_params() leading to RCE
An update for the php:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-21708: php: Use after free due to php_filter_float() failing for ints * CVE-2022-31625: php: Uninitialized array in pg_query_params() leading to RCE
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Gentoo Linux Security Advisory 202209-20 - Multiple vulnerabilities have been discovered in PHP, the worst of which could result in local root privilege escalation. Versions less than 7.4.30:7.4 are affected.
Gentoo Linux Security Advisory 202209-20 - Multiple vulnerabilities have been discovered in PHP, the worst of which could result in local root privilege escalation. Versions less than 7.4.30:7.4 are affected.
Red Hat Security Advisory 2022-6158-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
An update for the php:7.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31625: php: uninitialized array in pg_query_params() leading to RCE
Ubuntu Security Notice 5479-3 - USN-5479-1 fixed vulnerabilities in PHP. Unfortunately that update for CVE-2022-31625 was incomplete for Ubuntu 18.04 LTS. This update fixes the problem. Charles Fol discovered that PHP incorrectly handled initializing certain arrays when handling the pg_query_params function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Charles Fol discovered that PHP incorrectly handled passwords in mysqlnd. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 5479-2 - USN-5479-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 16.04 ESM. Charles Fol discovered that PHP incorrectly handled initializing certain arrays when handling the pg_query_params function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Charles Fol discovered that PHP incorrectly handled passwords in mysqlnd. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.
An update for rh-php73-php is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-21703: php: Local privilege escalation via PHP-FPM * CVE-2021-21707: php: special character breaks path in xml parsing * CVE-2022-31625: php: uninitialized array in pg_query_params() leading to RCE * CVE-2022-31626: php: password of excessive length triggers buffer overflow leading to RCE
Ubuntu Security Notice 5479-1 - Charles Fol discovered that PHP incorrectly handled initializing certain arrays when handling the pg_query_params function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Charles Fol discovered that PHP incorrectly handled passwords in mysqlnd. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive.
The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive.