5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.004 Low
EPSS
Percentile
72.6%
Issue Overview:
An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data.(CVE-2019-9637)
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.(CVE-2019-9640)
Note: The Release Date is incorrect, These CVEs were fixed Mar. 2019
Affected Packages:
php71, php72, php73
Issue Correction:
Run yum update php71 to update your system.
Run yum update php72 to update your system.
Run yum update php73 to update your system.
New Packages:
i686:
php71-process-7.1.27-1.37.amzn1.i686
php71-imap-7.1.27-1.37.amzn1.i686
php71-cli-7.1.27-1.37.amzn1.i686
php71-dba-7.1.27-1.37.amzn1.i686
php71-debuginfo-7.1.27-1.37.amzn1.i686
php71-mbstring-7.1.27-1.37.amzn1.i686
php71-enchant-7.1.27-1.37.amzn1.i686
php71-devel-7.1.27-1.37.amzn1.i686
php71-odbc-7.1.27-1.37.amzn1.i686
php71-pgsql-7.1.27-1.37.amzn1.i686
php71-pdo-7.1.27-1.37.amzn1.i686
php71-opcache-7.1.27-1.37.amzn1.i686
php71-7.1.27-1.37.amzn1.i686
php71-soap-7.1.27-1.37.amzn1.i686
php71-mysqlnd-7.1.27-1.37.amzn1.i686
php71-pdo-dblib-7.1.27-1.37.amzn1.i686
php71-tidy-7.1.27-1.37.amzn1.i686
php71-common-7.1.27-1.37.amzn1.i686
php71-bcmath-7.1.27-1.37.amzn1.i686
php71-mcrypt-7.1.27-1.37.amzn1.i686
php71-xmlrpc-7.1.27-1.37.amzn1.i686
php71-ldap-7.1.27-1.37.amzn1.i686
php71-json-7.1.27-1.37.amzn1.i686
php71-recode-7.1.27-1.37.amzn1.i686
php71-xml-7.1.27-1.37.amzn1.i686
php71-pspell-7.1.27-1.37.amzn1.i686
php71-intl-7.1.27-1.37.amzn1.i686
php71-snmp-7.1.27-1.37.amzn1.i686
php71-embedded-7.1.27-1.37.amzn1.i686
php71-gd-7.1.27-1.37.amzn1.i686
php71-fpm-7.1.27-1.37.amzn1.i686
php71-dbg-7.1.27-1.37.amzn1.i686
php71-gmp-7.1.27-1.37.amzn1.i686
php72-pdo-7.2.16-1.11.amzn1.i686
php72-pdo-dblib-7.2.16-1.11.amzn1.i686
php72-xmlrpc-7.2.16-1.11.amzn1.i686
php72-dba-7.2.16-1.11.amzn1.i686
php72-bcmath-7.2.16-1.11.amzn1.i686
php72-cli-7.2.16-1.11.amzn1.i686
php72-tidy-7.2.16-1.11.amzn1.i686
php72-7.2.16-1.11.amzn1.i686
php72-gmp-7.2.16-1.11.amzn1.i686
php72-opcache-7.2.16-1.11.amzn1.i686
php72-gd-7.2.16-1.11.amzn1.i686
php72-intl-7.2.16-1.11.amzn1.i686
php72-soap-7.2.16-1.11.amzn1.i686
php72-imap-7.2.16-1.11.amzn1.i686
php72-embedded-7.2.16-1.11.amzn1.i686
php72-common-7.2.16-1.11.amzn1.i686
php72-xml-7.2.16-1.11.amzn1.i686
php72-odbc-7.2.16-1.11.amzn1.i686
php72-mbstring-7.2.16-1.11.amzn1.i686
php72-debuginfo-7.2.16-1.11.amzn1.i686
php72-pspell-7.2.16-1.11.amzn1.i686
php72-fpm-7.2.16-1.11.amzn1.i686
php72-recode-7.2.16-1.11.amzn1.i686
php72-snmp-7.2.16-1.11.amzn1.i686
php72-dbg-7.2.16-1.11.amzn1.i686
php72-mysqlnd-7.2.16-1.11.amzn1.i686
php72-devel-7.2.16-1.11.amzn1.i686
php72-process-7.2.16-1.11.amzn1.i686
php72-pgsql-7.2.16-1.11.amzn1.i686
php72-enchant-7.2.16-1.11.amzn1.i686
php72-json-7.2.16-1.11.amzn1.i686
php72-ldap-7.2.16-1.11.amzn1.i686
php73-snmp-7.3.4-1.14.amzn1.i686
php73-process-7.3.4-1.14.amzn1.i686
php73-embedded-7.3.4-1.14.amzn1.i686
php73-odbc-7.3.4-1.14.amzn1.i686
php73-pspell-7.3.4-1.14.amzn1.i686
php73-debuginfo-7.3.4-1.14.amzn1.i686
php73-dba-7.3.4-1.14.amzn1.i686
php73-common-7.3.4-1.14.amzn1.i686
php73-tidy-7.3.4-1.14.amzn1.i686
php73-gd-7.3.4-1.14.amzn1.i686
php73-7.3.4-1.14.amzn1.i686
php73-bcmath-7.3.4-1.14.amzn1.i686
php73-fpm-7.3.4-1.14.amzn1.i686
php73-xml-7.3.4-1.14.amzn1.i686
php73-ldap-7.3.4-1.14.amzn1.i686
php73-pgsql-7.3.4-1.14.amzn1.i686
php73-dbg-7.3.4-1.14.amzn1.i686
php73-xmlrpc-7.3.4-1.14.amzn1.i686
php73-enchant-7.3.4-1.14.amzn1.i686
php73-mbstring-7.3.4-1.14.amzn1.i686
php73-json-7.3.4-1.14.amzn1.i686
php73-imap-7.3.4-1.14.amzn1.i686
php73-pdo-7.3.4-1.14.amzn1.i686
php73-mysqlnd-7.3.4-1.14.amzn1.i686
php73-cli-7.3.4-1.14.amzn1.i686
php73-soap-7.3.4-1.14.amzn1.i686
php73-intl-7.3.4-1.14.amzn1.i686
php73-pdo-dblib-7.3.4-1.14.amzn1.i686
php73-recode-7.3.4-1.14.amzn1.i686
php73-opcache-7.3.4-1.14.amzn1.i686
php73-devel-7.3.4-1.14.amzn1.i686
php73-gmp-7.3.4-1.14.amzn1.i686
src:
php71-7.1.27-1.37.amzn1.src
php72-7.2.16-1.11.amzn1.src
php73-7.3.4-1.14.amzn1.src
x86_64:
php71-debuginfo-7.1.27-1.37.amzn1.x86_64
php71-pgsql-7.1.27-1.37.amzn1.x86_64
php71-pdo-7.1.27-1.37.amzn1.x86_64
php71-fpm-7.1.27-1.37.amzn1.x86_64
php71-mcrypt-7.1.27-1.37.amzn1.x86_64
php71-pspell-7.1.27-1.37.amzn1.x86_64
php71-gd-7.1.27-1.37.amzn1.x86_64
php71-json-7.1.27-1.37.amzn1.x86_64
php71-tidy-7.1.27-1.37.amzn1.x86_64
php71-xmlrpc-7.1.27-1.37.amzn1.x86_64
php71-embedded-7.1.27-1.37.amzn1.x86_64
php71-dba-7.1.27-1.37.amzn1.x86_64
php71-mbstring-7.1.27-1.37.amzn1.x86_64
php71-process-7.1.27-1.37.amzn1.x86_64
php71-odbc-7.1.27-1.37.amzn1.x86_64
php71-dbg-7.1.27-1.37.amzn1.x86_64
php71-bcmath-7.1.27-1.37.amzn1.x86_64
php71-soap-7.1.27-1.37.amzn1.x86_64
php71-imap-7.1.27-1.37.amzn1.x86_64
php71-mysqlnd-7.1.27-1.37.amzn1.x86_64
php71-common-7.1.27-1.37.amzn1.x86_64
php71-gmp-7.1.27-1.37.amzn1.x86_64
php71-xml-7.1.27-1.37.amzn1.x86_64
php71-intl-7.1.27-1.37.amzn1.x86_64
php71-recode-7.1.27-1.37.amzn1.x86_64
php71-opcache-7.1.27-1.37.amzn1.x86_64
php71-pdo-dblib-7.1.27-1.37.amzn1.x86_64
php71-enchant-7.1.27-1.37.amzn1.x86_64
php71-ldap-7.1.27-1.37.amzn1.x86_64
php71-cli-7.1.27-1.37.amzn1.x86_64
php71-devel-7.1.27-1.37.amzn1.x86_64
php71-snmp-7.1.27-1.37.amzn1.x86_64
php71-7.1.27-1.37.amzn1.x86_64
php72-fpm-7.2.16-1.11.amzn1.x86_64
php72-mbstring-7.2.16-1.11.amzn1.x86_64
php72-mysqlnd-7.2.16-1.11.amzn1.x86_64
php72-bcmath-7.2.16-1.11.amzn1.x86_64
php72-cli-7.2.16-1.11.amzn1.x86_64
php72-soap-7.2.16-1.11.amzn1.x86_64
php72-gd-7.2.16-1.11.amzn1.x86_64
php72-recode-7.2.16-1.11.amzn1.x86_64
php72-ldap-7.2.16-1.11.amzn1.x86_64
php72-devel-7.2.16-1.11.amzn1.x86_64
php72-intl-7.2.16-1.11.amzn1.x86_64
php72-imap-7.2.16-1.11.amzn1.x86_64
php72-tidy-7.2.16-1.11.amzn1.x86_64
php72-debuginfo-7.2.16-1.11.amzn1.x86_64
php72-pgsql-7.2.16-1.11.amzn1.x86_64
php72-snmp-7.2.16-1.11.amzn1.x86_64
php72-dba-7.2.16-1.11.amzn1.x86_64
php72-7.2.16-1.11.amzn1.x86_64
php72-xml-7.2.16-1.11.amzn1.x86_64
php72-odbc-7.2.16-1.11.amzn1.x86_64
php72-embedded-7.2.16-1.11.amzn1.x86_64
php72-pdo-dblib-7.2.16-1.11.amzn1.x86_64
php72-gmp-7.2.16-1.11.amzn1.x86_64
php72-opcache-7.2.16-1.11.amzn1.x86_64
php72-process-7.2.16-1.11.amzn1.x86_64
php72-pspell-7.2.16-1.11.amzn1.x86_64
php72-dbg-7.2.16-1.11.amzn1.x86_64
php72-enchant-7.2.16-1.11.amzn1.x86_64
php72-common-7.2.16-1.11.amzn1.x86_64
php72-xmlrpc-7.2.16-1.11.amzn1.x86_64
php72-json-7.2.16-1.11.amzn1.x86_64
php72-pdo-7.2.16-1.11.amzn1.x86_64
php73-dbg-7.3.4-1.14.amzn1.x86_64
php73-common-7.3.4-1.14.amzn1.x86_64
php73-pspell-7.3.4-1.14.amzn1.x86_64
php73-process-7.3.4-1.14.amzn1.x86_64
php73-intl-7.3.4-1.14.amzn1.x86_64
php73-odbc-7.3.4-1.14.amzn1.x86_64
php73-gd-7.3.4-1.14.amzn1.x86_64
php73-pgsql-7.3.4-1.14.amzn1.x86_64
php73-gmp-7.3.4-1.14.amzn1.x86_64
php73-fpm-7.3.4-1.14.amzn1.x86_64
php73-snmp-7.3.4-1.14.amzn1.x86_64
php73-pdo-7.3.4-1.14.amzn1.x86_64
php73-embedded-7.3.4-1.14.amzn1.x86_64
php73-7.3.4-1.14.amzn1.x86_64
php73-enchant-7.3.4-1.14.amzn1.x86_64
php73-cli-7.3.4-1.14.amzn1.x86_64
php73-tidy-7.3.4-1.14.amzn1.x86_64
php73-opcache-7.3.4-1.14.amzn1.x86_64
php73-imap-7.3.4-1.14.amzn1.x86_64
php73-xmlrpc-7.3.4-1.14.amzn1.x86_64
php73-ldap-7.3.4-1.14.amzn1.x86_64
php73-recode-7.3.4-1.14.amzn1.x86_64
php73-dba-7.3.4-1.14.amzn1.x86_64
php73-xml-7.3.4-1.14.amzn1.x86_64
php73-bcmath-7.3.4-1.14.amzn1.x86_64
php73-mysqlnd-7.3.4-1.14.amzn1.x86_64
php73-devel-7.3.4-1.14.amzn1.x86_64
php73-soap-7.3.4-1.14.amzn1.x86_64
php73-pdo-dblib-7.3.4-1.14.amzn1.x86_64
php73-json-7.3.4-1.14.amzn1.x86_64
php73-debuginfo-7.3.4-1.14.amzn1.x86_64
php73-mbstring-7.3.4-1.14.amzn1.x86_64
Red Hat: CVE-2019-9637, CVE-2019-9640
Mitre: CVE-2019-9637, CVE-2019-9640
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | php71-process | < 7.1.27-1.37.amzn1 | php71-process-7.1.27-1.37.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php71-imap | < 7.1.27-1.37.amzn1 | php71-imap-7.1.27-1.37.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php71-cli | < 7.1.27-1.37.amzn1 | php71-cli-7.1.27-1.37.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php71-dba | < 7.1.27-1.37.amzn1 | php71-dba-7.1.27-1.37.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php71-debuginfo | < 7.1.27-1.37.amzn1 | php71-debuginfo-7.1.27-1.37.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php71-mbstring | < 7.1.27-1.37.amzn1 | php71-mbstring-7.1.27-1.37.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php71-enchant | < 7.1.27-1.37.amzn1 | php71-enchant-7.1.27-1.37.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php71-devel | < 7.1.27-1.37.amzn1 | php71-devel-7.1.27-1.37.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php71-odbc | < 7.1.27-1.37.amzn1 | php71-odbc-7.1.27-1.37.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php71-pgsql | < 7.1.27-1.37.amzn1 | php71-pgsql-7.1.27-1.37.amzn1.i686.rpm |
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.004 Low
EPSS
Percentile
72.6%