RHSA-2019:3300: Critical: rh-php71-php security update
Published Nov 1, 2019
·Updated
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.<br>Security Fix(es):<br><li> php: underflow in envpathinfo in fpmmain.c (CVE-2019-11043)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
120 affected componentsFixes available
redhat/rh-php71-php<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-bcmath<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-cli<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-common<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-dba<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-dbg<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-debuginfo<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-devel<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-embedded<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-enchant<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-fpm<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-gd<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-gmp<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-intl<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-json<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-ldap<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-mbstring<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-mysqlnd<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-odbc<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-opcache<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-pdo<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-pgsql<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-process<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-pspell<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-recode<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-snmp<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-soap<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-xml<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-xmlrpc<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-zip<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-bcmath<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-cli<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-common<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-dba<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-dbg<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-debuginfo<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-devel<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-embedded<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-enchant<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-fpm<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-gd<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-gmp<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-intl<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-json<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-ldap<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-mbstring<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-mysqlnd<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-odbc<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-opcache<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-pdo<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-pgsql<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-process<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-pspell<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-recode<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-snmp<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-soap<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-xml<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-xmlrpc<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-zip<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-bcmath<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-cli<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-common<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-dba<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-dbg<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-debuginfo<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-devel<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-embedded<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-enchant<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-fpm<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-gd<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-gmp<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-intl<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-json<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-ldap<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-mbstring<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-mysqlnd<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-odbc<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-opcache<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-pdo<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-pgsql<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-process<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-pspell<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-recode<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-snmp<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-soap<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-xml<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-xmlrpc<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php-zip<7.1.30-2.el7
7.1.30-2.el7
redhat/rh-php71-php<7.1.30-2.el7.aa
7.1.30-2.el7.aa
redhat/rh-php71-php-bcmath<7.1.30-2.el7.aa
7.1.30-2.el7.aa
redhat/rh-php71-php-cli<7.1.30-2.el7.aa
7.1.30-2.el7.aa
redhat/rh-php71-php-common<7.1.30-2.el7.aa
7.1.30-2.el7.aa
redhat/rh-php71-php-dba<7.1.30-2.el7.aa
7.1.30-2.el7.aa
redhat/rh-php71-php-dbg<7.1.30-2.el7.aa
7.1.30-2.el7.aa
redhat/rh-php71-php-debuginfo<7.1.30-2.el7.aa
7.1.30-2.el7.aa
redhat/rh-php71-php-devel<7.1.30-2.el7.aa
7.1.30-2.el7.aa
redhat/rh-php71-php-embedded<7.1.30-2.el7.aa
7.1.30-2.el7.aa
redhat/rh-php71-php-enchant<7.1.30-2.el7.aa
7.1.30-2.el7.aa
redhat/rh-php71-php-fpm<7.1.30-2.el7.aa
7.1.30-2.el7.aa
redhat/rh-php71-php-gd<7.1.30-2.el7.aa
7.1.30-2.el7.aa
redhat/rh-php71-php-gmp<7.1.30-2.el7.aa
7.1.30-2.el7.aa
redhat/rh-php71-php-intl<7.1.30-2.el7.aa
7.1.30-2.el7.aa
redhat/rh-php71-php-json<7.1.30-2.el7.aa
7.1.30-2.el7.aa
redhat/rh-php71-php-ldap<7.1.30-2.el7.aa
7.1.30-2.el7.aa
redhat/rh-php71-php-mbstring<7.1.30-2.el7.aa
7.1.30-2.el7.aa
redhat/rh-php71-php-mysqlnd<7.1.30-2.el7.aa
7.1.30-2.el7.aa
redhat/rh-php71-php-odbc<7.1.30-2.el7.aa
7.1.30-2.el7.aa
redhat/rh-php71-php-opcache<7.1.30-2.el7.aa
7.1.30-2.el7.aa
redhat/rh-php71-php-pdo<7.1.30-2.el7.aa
7.1.30-2.el7.aa
redhat/rh-php71-php-pgsql<7.1.30-2.el7.aa
7.1.30-2.el7.aa
redhat/rh-php71-php-process<7.1.30-2.el7.aa
7.1.30-2.el7.aa
redhat/rh-php71-php-pspell<7.1.30-2.el7.aa
7.1.30-2.el7.aa
redhat/rh-php71-php-recode<7.1.30-2.el7.aa
7.1.30-2.el7.aa
redhat/rh-php71-php-snmp<7.1.30-2.el7.aa
7.1.30-2.el7.aa
redhat/rh-php71-php-soap<7.1.30-2.el7.aa
7.1.30-2.el7.aa
redhat/rh-php71-php-xml<7.1.30-2.el7.aa
7.1.30-2.el7.aa
redhat/rh-php71-php-xmlrpc<7.1.30-2.el7.aa
7.1.30-2.el7.aa
redhat/rh-php71-php-zip<7.1.30-2.el7.aa
7.1.30-2.el7.aa
Remediation
Event History
Jun 20, 2024
Advisory Published
via Red Hat·01:01 AM
Frequently Asked Questions
1
What is the severity of RHSA-2019:3300?
The severity of RHSA-2019:3300 is categorized as critical due to the potential for remote code execution.
2
How do I fix RHSA-2019:3300?
To fix RHSA-2019:3300, update your PHP package to version 7.1.30-2.el7 or later.
3
What versions of PHP are affected by RHSA-2019:3300?
RHSA-2019:3300 affects all versions of PHP prior to 7.1.30-2.el7.
4
What vulnerabilities does RHSA-2019:3300 address?
RHSA-2019:3300 addresses a critical underflow vulnerability in env_path_info in fpm_main.c (CVE-2019-11043).
5
Is there a specific package I need to update for RHSA-2019:3300?
Yes, the specific package that needs to be updated is the rh-php71-php and its related packages to version 7.1.30-2.el7.