MGASA-2020-0119 - Updated php packages fix bugs and security vulnerabilities

Publication date: 06 Mar 2020
URL: https://advisories.mageia.org/MGASA-2020-0119.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-7061,
     CVE-2020-7062,
     CVE-2020-7063

Updated php packages fix bugs and security vulnerabilities:

Core:
- Fixed bug #71876 (Memory corruption htmlspecialchars(): charset `*'
  not supported).
- Fixed bug #79146 (cscript can fail to run on some systems).
- Fixed bug #78323 (Code 0 is returned on invalid options).
- Fixed bug #76047 (Use-after-free when accessing already destructed
  backtrace arguments).
CURL:
- Fixed bug #79078 (Hypothetical use-after-free in curl_multi_add_handle()).
Intl:
- Fixed bug #79212 (NumberFormatter::format() may detect wrong type).
Libxml:
- Fixed bug #79191 (Error in SoapClient ctor disables DOMDocument::save()).
MBString:
- Fixed bug #79154 (mb_convert_encoding() can modify $from_encoding).
MySQLnd:
- Fixed bug #79084 (mysqlnd may fetch wrong column indexes with MYSQLI_BOTH).
OpenSSL:
- Fixed bug #79145 (openssl memory leak).
Phar:
- Fixed bug #79082 (Files added to tar with Phar::buildFromIterator have
  all-access permissions). (CVE-2020-7063)
- Fixed bug #79171 (heap-buffer-overflow in phar_extract_file).
  (CVE-2020-7061)
- Fixed bug #76584 (PharFileInfo::decompress not working).
Reflection:
- Fixed bug #79115 (ReflectionClass::isCloneable call reflected class
  __destruct).
Session:
- Fixed bug #79221 (Null Pointer Dereference in PHP Session Upload
  Progress). (CVE-2020-7062)
SPL:
- Fixed bug #79151 (heap use after free caused by
  spl_dllist_it_helper_move_forward).
Standard:
- Fixed bug #78902 (Memory leak when using stream_filter_append).
XSL:
- Fixed bug #70078 (XSL callbacks with nodes as parameter leak memory).

References:
- https://bugs.mageia.org/show_bug.cgi?id=26234
- https://www.php.net/ChangeLog-7.php#7.3.15
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7061
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7062
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7063

SRPMS:
- 7/core/php-7.3.15-1.mga7

Mageia 2020-0119: php security update

Updated php packages fix bugs and security vulnerabilities: Core: - Fixed bug #71876 (Memory corruption htmlspecialchars(): charset `*' not supported)

Summary

Updated php packages fix bugs and security vulnerabilities:
Core: - Fixed bug #71876 (Memory corruption htmlspecialchars(): charset `*' not supported). - Fixed bug #79146 (cscript can fail to run on some systems). - Fixed bug #78323 (Code 0 is returned on invalid options). - Fixed bug #76047 (Use-after-free when accessing already destructed backtrace arguments).

References

- https://bugs.mageia.org/show_bug.cgi?id=26234

- https://www.php.net/ChangeLog-7.php#7.3.15

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7061

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7062

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7063

Resolution

MGASA-2020-0119 - Updated php packages fix bugs and security vulnerabilities

SRPMS

- 7/core/php-7.3.15-1.mga7

Severity
Publication date: 06 Mar 2020
URL: https://advisories.mageia.org/MGASA-2020-0119.html
Type: security
CVE: CVE-2020-7061, CVE-2020-7062, CVE-2020-7063

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved