Red Hat Enterprise Linux 7 update for php



Published: 2020-04-01
Risk Medium
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2018-5712
CVE-2018-7584
CVE-2018-10547
CVE-2019-9024
CWE-ID CWE-79
CWE-121
CWE-125
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
php (Red Hat package)
Operating systems & Components / Operating system package or component

Red Hat Enterprise Linux for Power, little endian
Operating systems & Components / Operating system

Red Hat Enterprise Linux for Power, big endian
Operating systems & Components / Operating system

Red Hat Enterprise Linux for IBM z Systems
Operating systems & Components / Operating system

Red Hat Enterprise Linux for Scientific Computing
Operating systems & Components / Operating system

Red Hat Enterprise Linux Desktop
Operating systems & Components / Operating system

Red Hat Enterprise Linux Workstation
Operating systems & Components / Operating system

Red Hat Enterprise Linux Server
Operating systems & Components / Operating system

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Reflected cross-site scripting

EUVDB-ID: #VU10389

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-5712

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists on the PHAR 404 error page due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

php (Red Hat package): 5.4.16-23.el7_0 - 5.4.16-46.1.el7_7

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for IBM z Systems: 7

Red Hat Enterprise Linux for Scientific Computing: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:1112

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Stack-based buffer overflow

EUVDB-ID: #VU10800

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-7584

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to stack-based buffer overflow when handling malicious input. A remote attacker can send specially crafted HTTP response packets, trigger memory corruption and cause the application to crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

php (Red Hat package): 5.4.16-23.el7_0 - 5.4.16-46.1.el7_7

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for IBM z Systems: 7

Red Hat Enterprise Linux for Scientific Computing: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:1112

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Cross-site scripting

EUVDB-ID: #VU12327

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-10547

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists in the phar_do_404() and phar_do_403() functions due to insufficient sanitization of user-supplied data processed by the phar_do_404() and phar_do_403() functions, as defined in the ext/phar/phar_object.c source code file. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

The vulnerability exists due to an incomplete fix for CVE-2018-5712.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

php (Red Hat package): 5.4.16-23.el7_0 - 5.4.16-46.1.el7_7

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for IBM z Systems: 7

Red Hat Enterprise Linux for Scientific Computing: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:1112

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Out-of-bounds read

EUVDB-ID: #VU22479

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-9024

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the base64_decode_xmlrpc() function in ext/xmlrpc/libxmlrpc/base64.c when parsing untrusted input via the xmlrpc_decode() PHP function. A remote attacker can setup a malicious XMLRPC server, trick the application into connecting to it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

php (Red Hat package): 5.4.16-23.el7_0 - 5.4.16-46.1.el7_7

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for IBM z Systems: 7

Red Hat Enterprise Linux for Scientific Computing: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:1112

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###