Advisories » MGASA-2020-0178

Updated php packages fix security vulnerability

Publication date: 20 Apr 2020
Modification date: 20 Apr 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-7067

Description

Updated php packages fix security vulnerabilities:
- OOB Read in urldecode() (CVE-2020-7067)
- Integer Overflow in shmop_open()

Noteable changes:
- Opcache chokes and uses 100% CPU on specific script
- curl_copy_handle() memory leak
- ZipArchive::open fails on empty file
                

References

• https://bugs.mageia.org/show_bug.cgi?id=26491
• https://www.php.net/ChangeLog-7.php#7.3.17
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7067

SRPMS

7/core

• php-7.3.17-1.mga7