Mageia Advisory: MGASA-2020-0236 - Updated php packages fix security vulnerability

Updated php packages fix security vulnerability

Publication date: 27 May 2020
Modification date: 27 May 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-11048

Description

Updated php packages fix security vulnerabilities:

- Fixed bug #78875 (Long filenames cause OOM and temp files are
  not cleaned). [1]
- Fixed bug #78876 (Long variables in multipart/form-data cause OOM and
  temp files are not cleaned). [2]
- Fixed bug #79441 (Segfault in mb_chr() if internal encoding is
  unsupported).
- Fixed bug #79491 (Search for .user.iniFixed bug #79468 (SIGSEGV when
  closing stream handle with a stream filter appended). extends up to 
  root dir).

References

https://bugs.mageia.org/show_bug.cgi?id=26617
https://www.php.net/ChangeLog-7.php#7.3.18
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11048

SRPMS

7/core

php-7.3.18-1.mga7

Advisories » MGASA-2020-0236

Updated php packages fix security vulnerability

Description

References

SRPMS

7/core