RHSA-2019:3286: Critical: php security update
Published Oct 31, 2019
·Updated
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.<br>Security Fix(es):<br><li> php: underflow in envpathinfo in fpmmain.c (CVE-2019-11043)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
78 affected componentsFixes available
redhat/php<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-bcmath<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-cli<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-common<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-dba<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-debuginfo<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-devel<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-embedded<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-enchant<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-fpm<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-gd<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-intl<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-ldap<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-mbstring<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-mysql<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-mysqlnd<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-odbc<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-pdo<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-pgsql<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-process<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-pspell<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-recode<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-snmp<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-soap<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-xml<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-xmlrpc<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-bcmath<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-cli<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-common<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-dba<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-debuginfo<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-devel<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-embedded<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-enchant<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-fpm<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-gd<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-intl<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-ldap<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-mbstring<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-mysql<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-mysqlnd<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-odbc<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-pdo<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-pgsql<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-process<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-pspell<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-recode<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-snmp<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-soap<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-xml<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-xmlrpc<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-bcmath<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-cli<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-common<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-dba<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-debuginfo<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-devel<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-embedded<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-enchant<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-fpm<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-gd<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-intl<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-ldap<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-mbstring<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-mysql<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-mysqlnd<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-odbc<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-pdo<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-pgsql<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-process<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-pspell<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-recode<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-snmp<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-soap<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-xml<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
redhat/php-xmlrpc<5.4.16-46.1.el7_7
5.4.16-46.1.el7_7
Remediation
Event History
Aug 31, 2024
Advisory Published
via Red Hat·01:14 AM
Frequently Asked Questions
1
What is the severity of RHSA-2019:3286?
The severity of RHSA-2019:3286 is categorized as critical due to the potential for remote exploitation.
2
How do I fix RHSA-2019:3286?
To fix RHSA-2019:3286, update your PHP to version 5.4.16-46.1.el7_7 or later.
3
Which packages are affected by RHSA-2019:3286?
RHSA-2019:3286 affects several PHP packages including php, php-cli, php-fpm, and others.
4
What vulnerabilities are addressed in RHSA-2019:3286?
RHSA-2019:3286 addresses a critical vulnerability in PHP due to an underflow in the env_path_info function.
5
What systems are impacted by RHSA-2019:3286?
Systems running PHP versions earlier than 5.4.16-46.1.el7_7 are impacted by RHSA-2019:3286.