Advisories ยป MGASA-2020-0066

Updated php packages fix security vulnerabilities

Publication date: 28 Jan 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-7059 , CVE-2020-7060

Description

Updated php packages fix security vulnerabilities:

Two buffer overflows in string and mbstring handling have been found
(CVE-2020-7059, CVE-2020-7060).

Other security fixes have been applied:
- Session: Fixed bug #79091 (heap use-after-free in session_create_id()).
- Date: Fixed bug #79015 (undefined-behavior in php_date.c).

For other fixes in this update, see the referenced chagelog.
                

References

SRPMS

7/core