|
|
Subscribe / Log in / New account

Mageia alert MGASA-2020-0066 (php)



From:
              Mageia Updates <buildsystem-daemon@mageia.org> 


To:
              updates-announce@ml.mageia.org 


Subject:
              [updates-announce] MGASA-2020-0066: Updated php packages fix security vulnerabilities 


Date:
              Tue, 28 Jan 2020 12:33:52 +0100


Message-ID:
              <20200128113352.BF5CF9F6EB@duvel.mageia.org>


MGASA-2020-0066 - Updated php packages fix security vulnerabilities

Publication date: 28 Jan 2020
URL: https://advisories.mageia.org/MGASA-2020-0066.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-7059,
     CVE-2020-7060

Description:
Updated php packages fix security vulnerabilities:

Two buffer overflows in string and mbstring handling have been found
(CVE-2020-7059, CVE-2020-7060).

Other security fixes have been applied:
- Session: Fixed bug #79091 (heap use-after-free in session_create_id()).
- Date: Fixed bug #79015 (undefined-behavior in php_date.c).

For other fixes in this update, see the referenced chagelog.

References:
- https://bugs.mageia.org/show_bug.cgi?id=26126
- https://www.php.net/ChangeLog-7.php#7.3.14
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7059
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7060

SRPMS:
- 7/core/php-7.3.14-1.mga7
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds