- Issued:
- 2019-11-06
- Updated:
- 2019-11-06
RHBA-2019:3727 - Bug Fix Advisory
Synopsis
updated container image: rhscl/php-72-rhel7
Type/Severity
Bug Fix Advisory
Topic
An updated rhscl/php-72-rhel7 container image is now available in the Red Hat Container Registry.
Description
The rhscl/php-72-rhel7 container image has been updated to address security fixes provided by the following advisories: RHSA-2019:3299
To pull the rhscl/php-72-rhel7 image, run the following command as root:
podman pull registry.access.redhat.com/rhscl/php-72-rhel7
Solution
The container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com using the "podman pull" command.
Affected Products
- Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
- Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
- Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
Fixes
- BZ - 1418983 - CVE-2016-10166 gd: Unsigned integer underflow _gdContributionsAlloc()
- BZ - 1672207 - CVE-2019-6977 gd: Heap based buffer overflow in gdImageColorMatch() in gd_color_match.c
- BZ - 1680545 - CVE-2018-20783 php: Buffer over-read in PHAR reading functions
- BZ - 1685123 - CVE-2019-9020 php: Invalid memory access in function xmlrpc_decode()
- BZ - 1685132 - CVE-2019-9021 php: Heap-based buffer over-read in PHAR reading functions
- BZ - 1685398 - CVE-2019-9023 php: Heap-based buffer over-read in mbstring regular expression functions
- BZ - 1685404 - CVE-2019-9024 php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c
- BZ - 1685412 - CVE-2019-9022 php: memcpy with negative length via crafted DNS response
- BZ - 1688897 - CVE-2019-9637 php: File rename across filesystems may allow unwanted access during processing
- BZ - 1688922 - CVE-2019-9638 php: Uninitialized read in exif_process_IFD_in_MAKERNOTE
- BZ - 1688934 - CVE-2019-9639 php: Uninitialized read in exif_process_IFD_in_MAKERNOTE
- BZ - 1688939 - CVE-2019-9640 php: Invalid read in exif_process_SOFn()
- BZ - 1702246 - CVE-2019-11035 php: Heap buffer overflow in function exif_iif_add_value()
- BZ - 1702256 - CVE-2019-11034 php: Heap buffer overflow in function exif_process_IFD_TAG()
- BZ - 1707299 - CVE-2019-11036 php: Buffer over-read in exif_process_IFD_TAG() leading to information disclosure
- BZ - 1724149 - CVE-2019-11038 gd: Information disclosure in gdImageCreateFromXbm()
- BZ - 1724152 - CVE-2019-11039 php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers()
- BZ - 1724154 - CVE-2019-11040 php: Buffer over-read in exif_read_data()
- BZ - 1739459 - CVE-2019-11041 php: heap buffer over-read in exif_scan_thumbnail()
- BZ - 1739465 - CVE-2019-11042 php: heap buffer over-read in exif_process_user_comment()
- BZ - 1766378 - CVE-2019-11043 php: underflow in env_path_info in fpm_main.c
CVEs
- CVE-2016-10166
- CVE-2018-20783
- CVE-2019-6977
- CVE-2019-9020
- CVE-2019-9021
- CVE-2019-9022
- CVE-2019-9023
- CVE-2019-9024
- CVE-2019-9637
- CVE-2019-9638
- CVE-2019-9639
- CVE-2019-9640
- CVE-2019-11034
- CVE-2019-11035
- CVE-2019-11036
- CVE-2019-11038
- CVE-2019-11039
- CVE-2019-11040
- CVE-2019-11041
- CVE-2019-11042
- CVE-2019-11043
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
