HCE1-SA-2022-0028 Critical HCE 1.1 Security Fix(es): An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data. (CVE-2019-9637) Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call. (CVE-2016-8670) An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the open_basedir check. This could be abused to find files on paths outside of the allowed directories. (CVE-2018-15132) HCE 1.1 php-5.4.16-49.hce1c.x86_64.rpm php-cli-5.4.16-49.hce1c.x86_64.rpm php-common-5.4.16-49.hce1c.x86_64.rpm php-gd-5.4.16-49.hce1c.x86_64.rpm php-ldap-5.4.16-49.hce1c.x86_64.rpm php-mysql-5.4.16-49.hce1c.x86_64.rpm php-odbc-5.4.16-49.hce1c.x86_64.rpm php-pdo-5.4.16-49.hce1c.x86_64.rpm php-pgsql-5.4.16-49.hce1c.x86_64.rpm php-process-5.4.16-49.hce1c.x86_64.rpm php-recode-5.4.16-49.hce1c.x86_64.rpm php-soap-5.4.16-49.hce1c.x86_64.rpm php-xmlrpc-5.4.16-49.hce1c.x86_64.rpm php-xml-5.4.16-49.hce1c.x86_64.rpm