-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: rh-php70-php security, bug fix, and enhancement update
Advisory ID:       RHSA-2018:1296-01
Product:           Red Hat Software Collections
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1296
Issue date:        2018-05-03
CVE Names:         CVE-2016-7412 CVE-2016-7413 CVE-2016-7414 
                   CVE-2016-7416 CVE-2016-7417 CVE-2016-7418 
                   CVE-2016-7479 CVE-2016-9933 CVE-2016-9934 
                   CVE-2016-9935 CVE-2016-9936 CVE-2016-10158 
                   CVE-2016-10159 CVE-2016-10160 CVE-2016-10161 
                   CVE-2016-10162 CVE-2016-10167 CVE-2016-10168 
                   CVE-2017-5340 CVE-2017-7890 CVE-2017-9224 
                   CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 
                   CVE-2017-9229 CVE-2017-11143 CVE-2017-11144 
                   CVE-2017-11145 CVE-2017-11147 CVE-2017-11362 
                   CVE-2017-11628 CVE-2017-12932 CVE-2017-12933 
                   CVE-2017-12934 CVE-2017-16642 CVE-2018-5711 
                   CVE-2018-5712 
=====================================================================

1. Summary:

An update for rh-php70-php is now available for Red Hat Software
Collections.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.

The following packages have been upgraded to a later upstream version:
rh-php70-php (7.0.27). (BZ#1518843)

Security Fix(es):

* php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT
field (CVE-2016-7412)

* php: Use after free in wddx_deserialize (CVE-2016-7413)

* php: Out of bounds heap read when verifying signature of zip phar in
phar_parse_zipfile (CVE-2016-7414)

* php: Stack based buffer overflow in msgfmt_format_message (CVE-2016-7416)

* php: Missing type check when unserializing SplArray (CVE-2016-7417)

* php: Null pointer dereference in php_wddx_push_element (CVE-2016-7418)

* php: Use-after-free vulnerability when resizing the 'properties' hash
table of a serialized object (CVE-2016-7479)

* php: Invalid read when wddx decodes empty boolean element (CVE-2016-9935)

* php: Use After Free in unserialize() (CVE-2016-9936)

* php: Wrong calculation in exif_convert_any_to_int function
(CVE-2016-10158)

* php: Integer overflow in phar_parse_pharfile (CVE-2016-10159)

* php: Off-by-one error in phar_parse_pharfile when loading crafted phar
archive (CVE-2016-10160)

* php: Out-of-bounds heap read on unserialize in finish_nested_data()
(CVE-2016-10161)

* php: Null pointer dereference when unserializing PHP object
(CVE-2016-10162)

* gd: DoS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167)

* gd: Integer overflow in gd_io.c (CVE-2016-10168)

* php: Use of uninitialized memory in unserialize() (CVE-2017-5340)

* php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx
function (CVE-2017-7890)

* oniguruma: Out-of-bounds stack read in match_at() during regular
expression searching (CVE-2017-9224)

* oniguruma: Heap buffer overflow in next_state_val() during regular
expression compilation (CVE-2017-9226)

* oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular
expression searching (CVE-2017-9227)

* oniguruma: Out-of-bounds heap write in bitset_set_range() (CVE-2017-9228)

* oniguruma: Invalid pointer dereference in left_adjust_char_head()
(CVE-2017-9229)

* php: Incorrect WDDX deserialization of boolean parameters leads to DoS
(CVE-2017-11143)

* php: Incorrect return value check of OpenSSL sealing function leads to
crash (CVE-2017-11144)

* php: Out-of-bounds read in phar_parse_pharfile (CVE-2017-11147)

* php: Stack-based buffer over-read in msgfmt_parse_message function
(CVE-2017-11362)

* php: Stack based 1-byte buffer over-write in zend_ini_do_op() function
Zend/zend_ini_parser.c (CVE-2017-11628)

* php: heap use after free in ext/standard/var_unserializer.re
(CVE-2017-12932)

* php: heap use after free in ext/standard/var_unserializer.re
(CVE-2017-12934)

* php: reflected XSS in .phar 404 page (CVE-2018-5712)

* php, gd: Stack overflow in gdImageFillToBorder on truecolor images
(CVE-2016-9933)

* php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow
(CVE-2016-9934)

* php: wddx_deserialize() heap out-of-bound read via php_parse_date()
(CVE-2017-11145)

* php: buffer over-read in finish_nested_data function (CVE-2017-12933)

* php: Out-of-bound read in timelib_meridian() (CVE-2017-16642)

* php: Denial of Service (DoS) via infinite loop in libgd
gdImageCreateFromGifCtx function in ext/gd/libgd/gd_gif_in.c
(CVE-2018-5711)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

Additional Changes:

For details, see the Red Hat Software Collections 3.1 Release Notes linked
from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon must be restarted
for the update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1377311 - CVE-2016-7412 php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field
1377314 - CVE-2016-7413 php: Use after free in wddx_deserialize
1377336 - CVE-2016-7414 php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile
1377340 - CVE-2016-7416 php: Stack based buffer overflow in msgfmt_format_message
1377344 - CVE-2016-7417 php: Missing type check when unserializing SplArray
1377352 - CVE-2016-7418 php: Null pointer dereference in php_wddx_push_element
1404723 - CVE-2016-9933 php, gd: Stack overflow in gdImageFillToBorder on truecolor images
1404726 - CVE-2016-9934 php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow
1404731 - CVE-2016-9935 php: Invalid read when wddx decodes empty boolean element
1404735 - CVE-2016-9936 php: Use After Free in unserialize()
1412631 - CVE-2017-5340 php: Use of uninitialized memory in unserialize()
1412686 - CVE-2016-7479 php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object
1418984 - CVE-2016-10167 gd: DoS vulnerability in gdImageCreateFromGd2Ctx()
1418986 - CVE-2016-10168 gd: Integer overflow in gd_io.c
1419010 - CVE-2016-10161 php: Out-of-bounds heap read on unserialize in finish_nested_data()
1419012 - CVE-2016-10162 php: Null pointer dereference when unserializing PHP object
1419015 - CVE-2016-10158 php: Wrong calculation in exif_convert_any_to_int function
1419018 - CVE-2016-10160 php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive
1419020 - CVE-2016-10159 php: Integer overflow in phar_parse_pharfile
1466730 - CVE-2017-9224 oniguruma: Out-of-bounds stack read in match_at() during regular expression searching
1466736 - CVE-2017-9226 oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation
1466739 - CVE-2017-9227 oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching
1466740 - CVE-2017-9228 oniguruma: Out-of-bounds heap write in bitset_set_range()
1466746 - CVE-2017-9229 oniguruma: Invalid pointer dereference in left_adjust_char_head()
1471824 - CVE-2017-11143 php: Incorrect WDDX deserialization of boolean parameters leads to DoS
1471827 - CVE-2017-11144 php: Incorrect return value check of OpenSSL sealing function leads to crash
1471834 - CVE-2017-11145 php: wddx_deserialize() heap out-of-bound read via php_parse_date()
1471842 - CVE-2017-11147 php: Out-of-bounds read in phar_parse_pharfile
1473822 - CVE-2017-7890 php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function
1475373 - CVE-2017-11362 php: Stack-based buffer over-read in msgfmt_parse_message function
1475522 - CVE-2017-11628 php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c
1484837 - CVE-2017-12932 php: heap use after free in ext/standard/var_unserializer.re
1484838 - CVE-2017-12933 php: buffer over-read in finish_nested_data function
1484839 - CVE-2017-12934 php: heap use after free in ext/standard/var_unserializer.re
1512057 - CVE-2017-16642 php: Out-of-bound read in timelib_meridian()
1535246 - CVE-2018-5711 php: Denial of Service (DoS) via infinite loop in libgd gdImageCreateFromGifCtx function in ext/gd/libgd/gd_gif_in.c
1535251 - CVE-2018-5712 php: reflected XSS in .phar 404 page

6. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):

Source:
rh-php70-php-7.0.27-1.el6.src.rpm

x86_64:
rh-php70-php-7.0.27-1.el6.x86_64.rpm
rh-php70-php-bcmath-7.0.27-1.el6.x86_64.rpm
rh-php70-php-cli-7.0.27-1.el6.x86_64.rpm
rh-php70-php-common-7.0.27-1.el6.x86_64.rpm
rh-php70-php-dba-7.0.27-1.el6.x86_64.rpm
rh-php70-php-dbg-7.0.27-1.el6.x86_64.rpm
rh-php70-php-debuginfo-7.0.27-1.el6.x86_64.rpm
rh-php70-php-devel-7.0.27-1.el6.x86_64.rpm
rh-php70-php-embedded-7.0.27-1.el6.x86_64.rpm
rh-php70-php-enchant-7.0.27-1.el6.x86_64.rpm
rh-php70-php-fpm-7.0.27-1.el6.x86_64.rpm
rh-php70-php-gd-7.0.27-1.el6.x86_64.rpm
rh-php70-php-gmp-7.0.27-1.el6.x86_64.rpm
rh-php70-php-imap-7.0.27-1.el6.x86_64.rpm
rh-php70-php-intl-7.0.27-1.el6.x86_64.rpm
rh-php70-php-json-7.0.27-1.el6.x86_64.rpm
rh-php70-php-ldap-7.0.27-1.el6.x86_64.rpm
rh-php70-php-mbstring-7.0.27-1.el6.x86_64.rpm
rh-php70-php-mysqlnd-7.0.27-1.el6.x86_64.rpm
rh-php70-php-odbc-7.0.27-1.el6.x86_64.rpm
rh-php70-php-opcache-7.0.27-1.el6.x86_64.rpm
rh-php70-php-pdo-7.0.27-1.el6.x86_64.rpm
rh-php70-php-pgsql-7.0.27-1.el6.x86_64.rpm
rh-php70-php-process-7.0.27-1.el6.x86_64.rpm
rh-php70-php-pspell-7.0.27-1.el6.x86_64.rpm
rh-php70-php-recode-7.0.27-1.el6.x86_64.rpm
rh-php70-php-snmp-7.0.27-1.el6.x86_64.rpm
rh-php70-php-soap-7.0.27-1.el6.x86_64.rpm
rh-php70-php-tidy-7.0.27-1.el6.x86_64.rpm
rh-php70-php-xml-7.0.27-1.el6.x86_64.rpm
rh-php70-php-xmlrpc-7.0.27-1.el6.x86_64.rpm
rh-php70-php-zip-7.0.27-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):

Source:
rh-php70-php-7.0.27-1.el6.src.rpm

x86_64:
rh-php70-php-7.0.27-1.el6.x86_64.rpm
rh-php70-php-bcmath-7.0.27-1.el6.x86_64.rpm
rh-php70-php-cli-7.0.27-1.el6.x86_64.rpm
rh-php70-php-common-7.0.27-1.el6.x86_64.rpm
rh-php70-php-dba-7.0.27-1.el6.x86_64.rpm
rh-php70-php-dbg-7.0.27-1.el6.x86_64.rpm
rh-php70-php-debuginfo-7.0.27-1.el6.x86_64.rpm
rh-php70-php-devel-7.0.27-1.el6.x86_64.rpm
rh-php70-php-embedded-7.0.27-1.el6.x86_64.rpm
rh-php70-php-enchant-7.0.27-1.el6.x86_64.rpm
rh-php70-php-fpm-7.0.27-1.el6.x86_64.rpm
rh-php70-php-gd-7.0.27-1.el6.x86_64.rpm
rh-php70-php-gmp-7.0.27-1.el6.x86_64.rpm
rh-php70-php-imap-7.0.27-1.el6.x86_64.rpm
rh-php70-php-intl-7.0.27-1.el6.x86_64.rpm
rh-php70-php-json-7.0.27-1.el6.x86_64.rpm
rh-php70-php-ldap-7.0.27-1.el6.x86_64.rpm
rh-php70-php-mbstring-7.0.27-1.el6.x86_64.rpm
rh-php70-php-mysqlnd-7.0.27-1.el6.x86_64.rpm
rh-php70-php-odbc-7.0.27-1.el6.x86_64.rpm
rh-php70-php-opcache-7.0.27-1.el6.x86_64.rpm
rh-php70-php-pdo-7.0.27-1.el6.x86_64.rpm
rh-php70-php-pgsql-7.0.27-1.el6.x86_64.rpm
rh-php70-php-process-7.0.27-1.el6.x86_64.rpm
rh-php70-php-pspell-7.0.27-1.el6.x86_64.rpm
rh-php70-php-recode-7.0.27-1.el6.x86_64.rpm
rh-php70-php-snmp-7.0.27-1.el6.x86_64.rpm
rh-php70-php-soap-7.0.27-1.el6.x86_64.rpm
rh-php70-php-tidy-7.0.27-1.el6.x86_64.rpm
rh-php70-php-xml-7.0.27-1.el6.x86_64.rpm
rh-php70-php-xmlrpc-7.0.27-1.el6.x86_64.rpm
rh-php70-php-zip-7.0.27-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):

Source:
rh-php70-php-7.0.27-1.el6.src.rpm

x86_64:
rh-php70-php-7.0.27-1.el6.x86_64.rpm
rh-php70-php-bcmath-7.0.27-1.el6.x86_64.rpm
rh-php70-php-cli-7.0.27-1.el6.x86_64.rpm
rh-php70-php-common-7.0.27-1.el6.x86_64.rpm
rh-php70-php-dba-7.0.27-1.el6.x86_64.rpm
rh-php70-php-dbg-7.0.27-1.el6.x86_64.rpm
rh-php70-php-debuginfo-7.0.27-1.el6.x86_64.rpm
rh-php70-php-devel-7.0.27-1.el6.x86_64.rpm
rh-php70-php-embedded-7.0.27-1.el6.x86_64.rpm
rh-php70-php-enchant-7.0.27-1.el6.x86_64.rpm
rh-php70-php-fpm-7.0.27-1.el6.x86_64.rpm
rh-php70-php-gd-7.0.27-1.el6.x86_64.rpm
rh-php70-php-gmp-7.0.27-1.el6.x86_64.rpm
rh-php70-php-imap-7.0.27-1.el6.x86_64.rpm
rh-php70-php-intl-7.0.27-1.el6.x86_64.rpm
rh-php70-php-json-7.0.27-1.el6.x86_64.rpm
rh-php70-php-ldap-7.0.27-1.el6.x86_64.rpm
rh-php70-php-mbstring-7.0.27-1.el6.x86_64.rpm
rh-php70-php-mysqlnd-7.0.27-1.el6.x86_64.rpm
rh-php70-php-odbc-7.0.27-1.el6.x86_64.rpm
rh-php70-php-opcache-7.0.27-1.el6.x86_64.rpm
rh-php70-php-pdo-7.0.27-1.el6.x86_64.rpm
rh-php70-php-pgsql-7.0.27-1.el6.x86_64.rpm
rh-php70-php-process-7.0.27-1.el6.x86_64.rpm
rh-php70-php-pspell-7.0.27-1.el6.x86_64.rpm
rh-php70-php-recode-7.0.27-1.el6.x86_64.rpm
rh-php70-php-snmp-7.0.27-1.el6.x86_64.rpm
rh-php70-php-soap-7.0.27-1.el6.x86_64.rpm
rh-php70-php-tidy-7.0.27-1.el6.x86_64.rpm
rh-php70-php-xml-7.0.27-1.el6.x86_64.rpm
rh-php70-php-xmlrpc-7.0.27-1.el6.x86_64.rpm
rh-php70-php-zip-7.0.27-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:
rh-php70-php-7.0.27-1.el7.src.rpm

x86_64:
rh-php70-php-7.0.27-1.el7.x86_64.rpm
rh-php70-php-bcmath-7.0.27-1.el7.x86_64.rpm
rh-php70-php-cli-7.0.27-1.el7.x86_64.rpm
rh-php70-php-common-7.0.27-1.el7.x86_64.rpm
rh-php70-php-dba-7.0.27-1.el7.x86_64.rpm
rh-php70-php-dbg-7.0.27-1.el7.x86_64.rpm
rh-php70-php-debuginfo-7.0.27-1.el7.x86_64.rpm
rh-php70-php-devel-7.0.27-1.el7.x86_64.rpm
rh-php70-php-embedded-7.0.27-1.el7.x86_64.rpm
rh-php70-php-enchant-7.0.27-1.el7.x86_64.rpm
rh-php70-php-fpm-7.0.27-1.el7.x86_64.rpm
rh-php70-php-gd-7.0.27-1.el7.x86_64.rpm
rh-php70-php-gmp-7.0.27-1.el7.x86_64.rpm
rh-php70-php-intl-7.0.27-1.el7.x86_64.rpm
rh-php70-php-json-7.0.27-1.el7.x86_64.rpm
rh-php70-php-ldap-7.0.27-1.el7.x86_64.rpm
rh-php70-php-mbstring-7.0.27-1.el7.x86_64.rpm
rh-php70-php-mysqlnd-7.0.27-1.el7.x86_64.rpm
rh-php70-php-odbc-7.0.27-1.el7.x86_64.rpm
rh-php70-php-opcache-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pdo-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pgsql-7.0.27-1.el7.x86_64.rpm
rh-php70-php-process-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pspell-7.0.27-1.el7.x86_64.rpm
rh-php70-php-recode-7.0.27-1.el7.x86_64.rpm
rh-php70-php-snmp-7.0.27-1.el7.x86_64.rpm
rh-php70-php-soap-7.0.27-1.el7.x86_64.rpm
rh-php70-php-xml-7.0.27-1.el7.x86_64.rpm
rh-php70-php-xmlrpc-7.0.27-1.el7.x86_64.rpm
rh-php70-php-zip-7.0.27-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):

Source:
rh-php70-php-7.0.27-1.el7.src.rpm

x86_64:
rh-php70-php-7.0.27-1.el7.x86_64.rpm
rh-php70-php-bcmath-7.0.27-1.el7.x86_64.rpm
rh-php70-php-cli-7.0.27-1.el7.x86_64.rpm
rh-php70-php-common-7.0.27-1.el7.x86_64.rpm
rh-php70-php-dba-7.0.27-1.el7.x86_64.rpm
rh-php70-php-dbg-7.0.27-1.el7.x86_64.rpm
rh-php70-php-debuginfo-7.0.27-1.el7.x86_64.rpm
rh-php70-php-devel-7.0.27-1.el7.x86_64.rpm
rh-php70-php-embedded-7.0.27-1.el7.x86_64.rpm
rh-php70-php-enchant-7.0.27-1.el7.x86_64.rpm
rh-php70-php-fpm-7.0.27-1.el7.x86_64.rpm
rh-php70-php-gd-7.0.27-1.el7.x86_64.rpm
rh-php70-php-gmp-7.0.27-1.el7.x86_64.rpm
rh-php70-php-intl-7.0.27-1.el7.x86_64.rpm
rh-php70-php-json-7.0.27-1.el7.x86_64.rpm
rh-php70-php-ldap-7.0.27-1.el7.x86_64.rpm
rh-php70-php-mbstring-7.0.27-1.el7.x86_64.rpm
rh-php70-php-mysqlnd-7.0.27-1.el7.x86_64.rpm
rh-php70-php-odbc-7.0.27-1.el7.x86_64.rpm
rh-php70-php-opcache-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pdo-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pgsql-7.0.27-1.el7.x86_64.rpm
rh-php70-php-process-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pspell-7.0.27-1.el7.x86_64.rpm
rh-php70-php-recode-7.0.27-1.el7.x86_64.rpm
rh-php70-php-snmp-7.0.27-1.el7.x86_64.rpm
rh-php70-php-soap-7.0.27-1.el7.x86_64.rpm
rh-php70-php-xml-7.0.27-1.el7.x86_64.rpm
rh-php70-php-xmlrpc-7.0.27-1.el7.x86_64.rpm
rh-php70-php-zip-7.0.27-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):

Source:
rh-php70-php-7.0.27-1.el7.src.rpm

x86_64:
rh-php70-php-7.0.27-1.el7.x86_64.rpm
rh-php70-php-bcmath-7.0.27-1.el7.x86_64.rpm
rh-php70-php-cli-7.0.27-1.el7.x86_64.rpm
rh-php70-php-common-7.0.27-1.el7.x86_64.rpm
rh-php70-php-dba-7.0.27-1.el7.x86_64.rpm
rh-php70-php-dbg-7.0.27-1.el7.x86_64.rpm
rh-php70-php-debuginfo-7.0.27-1.el7.x86_64.rpm
rh-php70-php-devel-7.0.27-1.el7.x86_64.rpm
rh-php70-php-embedded-7.0.27-1.el7.x86_64.rpm
rh-php70-php-enchant-7.0.27-1.el7.x86_64.rpm
rh-php70-php-fpm-7.0.27-1.el7.x86_64.rpm
rh-php70-php-gd-7.0.27-1.el7.x86_64.rpm
rh-php70-php-gmp-7.0.27-1.el7.x86_64.rpm
rh-php70-php-intl-7.0.27-1.el7.x86_64.rpm
rh-php70-php-json-7.0.27-1.el7.x86_64.rpm
rh-php70-php-ldap-7.0.27-1.el7.x86_64.rpm
rh-php70-php-mbstring-7.0.27-1.el7.x86_64.rpm
rh-php70-php-mysqlnd-7.0.27-1.el7.x86_64.rpm
rh-php70-php-odbc-7.0.27-1.el7.x86_64.rpm
rh-php70-php-opcache-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pdo-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pgsql-7.0.27-1.el7.x86_64.rpm
rh-php70-php-process-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pspell-7.0.27-1.el7.x86_64.rpm
rh-php70-php-recode-7.0.27-1.el7.x86_64.rpm
rh-php70-php-snmp-7.0.27-1.el7.x86_64.rpm
rh-php70-php-soap-7.0.27-1.el7.x86_64.rpm
rh-php70-php-xml-7.0.27-1.el7.x86_64.rpm
rh-php70-php-xmlrpc-7.0.27-1.el7.x86_64.rpm
rh-php70-php-zip-7.0.27-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):

Source:
rh-php70-php-7.0.27-1.el7.src.rpm

x86_64:
rh-php70-php-7.0.27-1.el7.x86_64.rpm
rh-php70-php-bcmath-7.0.27-1.el7.x86_64.rpm
rh-php70-php-cli-7.0.27-1.el7.x86_64.rpm
rh-php70-php-common-7.0.27-1.el7.x86_64.rpm
rh-php70-php-dba-7.0.27-1.el7.x86_64.rpm
rh-php70-php-dbg-7.0.27-1.el7.x86_64.rpm
rh-php70-php-debuginfo-7.0.27-1.el7.x86_64.rpm
rh-php70-php-devel-7.0.27-1.el7.x86_64.rpm
rh-php70-php-embedded-7.0.27-1.el7.x86_64.rpm
rh-php70-php-enchant-7.0.27-1.el7.x86_64.rpm
rh-php70-php-fpm-7.0.27-1.el7.x86_64.rpm
rh-php70-php-gd-7.0.27-1.el7.x86_64.rpm
rh-php70-php-gmp-7.0.27-1.el7.x86_64.rpm
rh-php70-php-intl-7.0.27-1.el7.x86_64.rpm
rh-php70-php-json-7.0.27-1.el7.x86_64.rpm
rh-php70-php-ldap-7.0.27-1.el7.x86_64.rpm
rh-php70-php-mbstring-7.0.27-1.el7.x86_64.rpm
rh-php70-php-mysqlnd-7.0.27-1.el7.x86_64.rpm
rh-php70-php-odbc-7.0.27-1.el7.x86_64.rpm
rh-php70-php-opcache-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pdo-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pgsql-7.0.27-1.el7.x86_64.rpm
rh-php70-php-process-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pspell-7.0.27-1.el7.x86_64.rpm
rh-php70-php-recode-7.0.27-1.el7.x86_64.rpm
rh-php70-php-snmp-7.0.27-1.el7.x86_64.rpm
rh-php70-php-soap-7.0.27-1.el7.x86_64.rpm
rh-php70-php-xml-7.0.27-1.el7.x86_64.rpm
rh-php70-php-xmlrpc-7.0.27-1.el7.x86_64.rpm
rh-php70-php-zip-7.0.27-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source:
rh-php70-php-7.0.27-1.el7.src.rpm

x86_64:
rh-php70-php-7.0.27-1.el7.x86_64.rpm
rh-php70-php-bcmath-7.0.27-1.el7.x86_64.rpm
rh-php70-php-cli-7.0.27-1.el7.x86_64.rpm
rh-php70-php-common-7.0.27-1.el7.x86_64.rpm
rh-php70-php-dba-7.0.27-1.el7.x86_64.rpm
rh-php70-php-dbg-7.0.27-1.el7.x86_64.rpm
rh-php70-php-debuginfo-7.0.27-1.el7.x86_64.rpm
rh-php70-php-devel-7.0.27-1.el7.x86_64.rpm
rh-php70-php-embedded-7.0.27-1.el7.x86_64.rpm
rh-php70-php-enchant-7.0.27-1.el7.x86_64.rpm
rh-php70-php-fpm-7.0.27-1.el7.x86_64.rpm
rh-php70-php-gd-7.0.27-1.el7.x86_64.rpm
rh-php70-php-gmp-7.0.27-1.el7.x86_64.rpm
rh-php70-php-intl-7.0.27-1.el7.x86_64.rpm
rh-php70-php-json-7.0.27-1.el7.x86_64.rpm
rh-php70-php-ldap-7.0.27-1.el7.x86_64.rpm
rh-php70-php-mbstring-7.0.27-1.el7.x86_64.rpm
rh-php70-php-mysqlnd-7.0.27-1.el7.x86_64.rpm
rh-php70-php-odbc-7.0.27-1.el7.x86_64.rpm
rh-php70-php-opcache-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pdo-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pgsql-7.0.27-1.el7.x86_64.rpm
rh-php70-php-process-7.0.27-1.el7.x86_64.rpm
rh-php70-php-pspell-7.0.27-1.el7.x86_64.rpm
rh-php70-php-recode-7.0.27-1.el7.x86_64.rpm
rh-php70-php-snmp-7.0.27-1.el7.x86_64.rpm
rh-php70-php-soap-7.0.27-1.el7.x86_64.rpm
rh-php70-php-xml-7.0.27-1.el7.x86_64.rpm
rh-php70-php-xmlrpc-7.0.27-1.el7.x86_64.rpm
rh-php70-php-zip-7.0.27-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2016-7412
https://access.redhat.com/security/cve/CVE-2016-7413
https://access.redhat.com/security/cve/CVE-2016-7414
https://access.redhat.com/security/cve/CVE-2016-7416
https://access.redhat.com/security/cve/CVE-2016-7417
https://access.redhat.com/security/cve/CVE-2016-7418
https://access.redhat.com/security/cve/CVE-2016-7479
https://access.redhat.com/security/cve/CVE-2016-9933
https://access.redhat.com/security/cve/CVE-2016-9934
https://access.redhat.com/security/cve/CVE-2016-9935
https://access.redhat.com/security/cve/CVE-2016-9936
https://access.redhat.com/security/cve/CVE-2016-10158
https://access.redhat.com/security/cve/CVE-2016-10159
https://access.redhat.com/security/cve/CVE-2016-10160
https://access.redhat.com/security/cve/CVE-2016-10161
https://access.redhat.com/security/cve/CVE-2016-10162
https://access.redhat.com/security/cve/CVE-2016-10167
https://access.redhat.com/security/cve/CVE-2016-10168
https://access.redhat.com/security/cve/CVE-2017-5340
https://access.redhat.com/security/cve/CVE-2017-7890
https://access.redhat.com/security/cve/CVE-2017-9224
https://access.redhat.com/security/cve/CVE-2017-9226
https://access.redhat.com/security/cve/CVE-2017-9227
https://access.redhat.com/security/cve/CVE-2017-9228
https://access.redhat.com/security/cve/CVE-2017-9229
https://access.redhat.com/security/cve/CVE-2017-11143
https://access.redhat.com/security/cve/CVE-2017-11144
https://access.redhat.com/security/cve/CVE-2017-11145
https://access.redhat.com/security/cve/CVE-2017-11147
https://access.redhat.com/security/cve/CVE-2017-11362
https://access.redhat.com/security/cve/CVE-2017-11628
https://access.redhat.com/security/cve/CVE-2017-12932
https://access.redhat.com/security/cve/CVE-2017-12933
https://access.redhat.com/security/cve/CVE-2017-12934
https://access.redhat.com/security/cve/CVE-2017-16642
https://access.redhat.com/security/cve/CVE-2018-5711
https://access.redhat.com/security/cve/CVE-2018-5712
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.1_release_notes/chap-rhscl#sect-RHSCL-Changes-php

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFa6pjLXlSAg2UNWIIRAl/4AJ4xZ6FVm1vp0atAm6qH0wRy9BaoXwCeNY7y
Yn2H3QsxbivwF5TiiQJrAgA=
=ZLRk
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce