Updated php packages fix security vulnerabilities
Publication date: 28 Jan 2020Type: security
Affected Mageia releases : 7
CVE: CVE-2020-7059 , CVE-2020-7060
Description
Updated php packages fix security vulnerabilities: Two buffer overflows in string and mbstring handling have been found (CVE-2020-7059, CVE-2020-7060). Other security fixes have been applied: - Session: Fixed bug #79091 (heap use-after-free in session_create_id()). - Date: Fixed bug #79015 (undefined-behavior in php_date.c). For other fixes in this update, see the referenced chagelog.
References
SRPMS
7/core
- php-7.3.14-1.mga7