{"id":"CLSA-2026-1777946242","summary":"php: Fix of 13 CVEs","details":"- CVE-2018-14883: fix int overflow leading to heap overflow in exif_thumbnail_extract\n- CVE-2019-6977: fix imagecolormatch out-of-bounds write on heap in GD\n- CVE-2019-9022: fix memcpy with negative length via crafted DNS response\n- CVE-2019-9640: fix invalid read in exif_process_SOFn\n- CVE-2019-11042: fix heap buffer overflow in exif_process_user_comment\n- CVE-2019-9638, CVE-2019-9639: fix uninitialized read in\n  exif_process_IFD_in_MAKERNOTE (single upstream commit covers both)\n- CVE-2019-9637: safer rename() procedure to avoid permission leak on EXDEV\n  cross-filesystem fallback\n- CVE-2019-19246: fix Oniguruma out-of-bounds read in str_lower_case_match\n- CVE-2019-9024: fix xmlrpc base64 out-of-bounds read via unsigned char cast\n- CVE-2018-20783: fix phar_parse_pharfile buffer over-read via stricter\n  manifest bounds checks\n- CVE-2018-19518: disable rsh/ssh logins in imap_open by default\n  (new no_rsh/no_ssh INI entries)\n- CVE-2018-19935: fix imap_mail NULL pointer dereference on empty message\n  parameter","modified":"2026-05-27T11:34:48.925681287Z","published":"2026-05-05T01:57:28Z","upstream":["CVE-2018-14883","CVE-2018-19518","CVE-2018-19935","CVE-2018-20783","CVE-2019-11042","CVE-2019-19246","CVE-2019-6977","CVE-2019-9022","CVE-2019-9024","CVE-2019-9637","CVE-2019-9638","CVE-2019-9639","CVE-2019-9640"],"references":[{"type":"ADVISORY","url":"https://errata.tuxcare.com/els_os/oraclelinux6els/CLSA-2026-1777946242.html"}],"affected":[{"package":{"name":"php","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/php?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.3.3-50.el6_10.tuxcare.ol.els20"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2026-1777946242.json"}},{"package":{"name":"php-bcmath","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/php-bcmath?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.3.3-50.el6_10.tuxcare.ol.els20"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2026-1777946242.json"}},{"package":{"name":"php-cli","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/php-cli?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.3.3-50.el6_10.tuxcare.ol.els20"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2026-1777946242.json"}},{"package":{"name":"php-common","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/php-common?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.3.3-50.el6_10.tuxcare.ol.els20"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2026-1777946242.json"}},{"package":{"name":"php-dba","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/php-dba?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.3.3-50.el6_10.tuxcare.ol.els20"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2026-1777946242.json"}},{"package":{"name":"php-devel","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/php-devel?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.3.3-50.el6_10.tuxcare.ol.els20"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2026-1777946242.json"}},{"package":{"name":"php-embedded","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/php-embedded?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.3.3-50.el6_10.tuxcare.ol.els20"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2026-1777946242.json"}},{"package":{"name":"php-enchant","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/php-enchant?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.3.3-50.el6_10.tuxcare.ol.els20"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2026-1777946242.json"}},{"package":{"name":"php-fpm","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/php-fpm?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.3.3-50.el6_10.tuxcare.ol.els20"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2026-1777946242.json"}},{"package":{"name":"php-gd","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/php-gd?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.3.3-50.el6_10.tuxcare.ol.els20"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2026-1777946242.json"}},{"package":{"name":"php-imap","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/php-imap?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.3.3-50.el6_10.tuxcare.ol.els20"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2026-1777946242.json"}},{"package":{"name":"php-intl","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/php-intl?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.3.3-50.el6_10.tuxcare.ol.els20"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2026-1777946242.json"}},{"package":{"name":"php-ldap","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/php-ldap?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.3.3-50.el6_10.tuxcare.ol.els20"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2026-1777946242.json"}},{"package":{"name":"php-mbstring","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/php-mbstring?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.3.3-50.el6_10.tuxcare.ol.els20"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2026-1777946242.json"}},{"package":{"name":"php-mysql","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/php-mysql?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.3.3-50.el6_10.tuxcare.ol.els20"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2026-1777946242.json"}},{"package":{"name":"php-odbc","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/php-odbc?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.3.3-50.el6_10.tuxcare.ol.els20"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2026-1777946242.json"}},{"package":{"name":"php-pdo","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/php-pdo?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.3.3-50.el6_10.tuxcare.ol.els20"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2026-1777946242.json"}},{"package":{"name":"php-pgsql","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/php-pgsql?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.3.3-50.el6_10.tuxcare.ol.els20"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2026-1777946242.json"}},{"package":{"name":"php-process","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/php-process?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.3.3-50.el6_10.tuxcare.ol.els20"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2026-1777946242.json"}},{"package":{"name":"php-pspell","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/php-pspell?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.3.3-50.el6_10.tuxcare.ol.els20"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2026-1777946242.json"}},{"package":{"name":"php-recode","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/php-recode?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.3.3-50.el6_10.tuxcare.ol.els20"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2026-1777946242.json"}},{"package":{"name":"php-snmp","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/php-snmp?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.3.3-50.el6_10.tuxcare.ol.els20"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2026-1777946242.json"}},{"package":{"name":"php-soap","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/php-soap?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.3.3-50.el6_10.tuxcare.ol.els20"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2026-1777946242.json"}},{"package":{"name":"php-tidy","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/php-tidy?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.3.3-50.el6_10.tuxcare.ol.els20"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2026-1777946242.json"}},{"package":{"name":"php-xml","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/php-xml?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.3.3-50.el6_10.tuxcare.ol.els20"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2026-1777946242.json"}},{"package":{"name":"php-xmlrpc","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/php-xmlrpc?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.3.3-50.el6_10.tuxcare.ol.els20"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2026-1777946242.json"}},{"package":{"name":"php-zts","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/php-zts?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.3.3-50.el6_10.tuxcare.ol.els20"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2026-1777946242.json"}}],"schema_version":"1.7.5"}