 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.1.10.2020.0387 |
| Kategorie: | Mageia Linux Local Security Checks |
| Titel: | Mageia: Security Advisory (MGASA-2020-0387) |
| Zusammenfassung: | The remote host is missing an update for the 'php' package(s) announced via the MGASA-2020-0387 advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'php' package(s) announced via the MGASA-2020-0387 advisory. Vulnerability Insight: In PHP versions 7.2.x when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. (CVE-2020-7070) These updated packages also fix several bugs: Core: - realpath() erroneously resolves link to link - Stack use-after-scope in define() - getimagesize function silently truncates after a null byte - Memleak when coercing integers to string via variadic argument Fileinfo: finfo_file crash (FILEINFO_MIME) LDAP: Fixed memory leaks. OPCache: opcache.file_cache causes SIGSEGV when custom opcode handlers changed. Standard: Memory leak in str_replace of empty string Affected Software/OS: 'php' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2020-7070 https://security.netapp.com/advisory/ntap-20201016-0001/ https://www.tenable.com/security/tns-2021-14 Debian Security Information: DSA-4856 (Google Search) https://www.debian.org/security/2021/dsa-4856 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRU57N3OSYZPOMFWPRDNVH7EMYOTSZ66/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7EVDN7D3IB4EAI4D3ZOM2OJKQ5SD7K4E/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2J3ZZDHCSX65T5QWV4AHBN7MOJXBEKG/ https://security.gentoo.org/glsa/202012-16 http://cve.circl.lu/cve/CVE-2020-8184 https://bugs.php.net/bug.php?id=79699 https://hackerone.com/reports/895727 https://www.oracle.com/security-alerts/cpuoct2021.html https://lists.debian.org/debian-lts-announce/2020/10/msg00008.html SuSE Security Announcement: openSUSE-SU-2020:1703 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00045.html SuSE Security Announcement: openSUSE-SU-2020:1767 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00067.html https://usn.ubuntu.com/4583-1/ |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |