Advisories » MGASA-2020-0066

Updated php packages fix security vulnerabilities

Publication date: 28 Jan 2020
Modification date: 28 Jan 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-7059 , CVE-2020-7060

Description

Updated php packages fix security vulnerabilities:

Two buffer overflows in string and mbstring handling have been found
(CVE-2020-7059, CVE-2020-7060).

Other security fixes have been applied:
- Session: Fixed bug #79091 (heap use-after-free in session_create_id()).
- Date: Fixed bug #79015 (undefined-behavior in php_date.c).

For other fixes in this update, see the referenced chagelog.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=26126
• https://www.php.net/ChangeLog-7.php#7.3.14
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7059
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7060

SRPMS

7/core

• php-7.3.14-1.mga7