Updated php packages fix security vulnerability
Publication date: 01 Apr 2020Modification date: 01 Apr 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-7064 , CVE-2020-7065 , CVE-2020-7066
Description
Critical bugs closed:
- Use-of-uninitialized-value in exif [1]
- mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full [2]
- get_headers() silently truncates after a null byte [3]
Some more bugs closed, as:
- Memory corruption in preg_replace/preg_replace_callback and unicode
- restore_error_handler does not restore previous errors mask
References
SRPMS
7/core
- php-7.3.16-1.mga7