Description of problem:
A vulnerability was found in PHP up to 5.6.35/7.0.29/7.1.16/7.2.4. It has been classified as problematic. Affected is an unknown function of the file ext/iconv/iconv.c of the component iconv Stream Filter. The manipulation with an unknown input leads to a denial of service vulnerability (Loop). CWE is classifying the issue as CWE-835. This is going to have an impact on availability.
The weakness was shared 04/29/2018. The advisory is shared for download at php.net (http://php.net/ChangeLog-5.php). This vulnerability is traded as CVE-2018-10546 since 04/29/2018. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. There are known technical details, but no exploit is available.
Upgrading to version 5.6.36, 7.0.30, 7.1.17 or 7.2.5 eliminates this vulnerability.
Please backport the fix to PHP 5.4 packages on EL 7.
*** This bug has been marked as a duplicate of bug 1578432 ***