 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.1.10.2020.0119 |
| Categoría: | Mageia Linux Local Security Checks |
| Título: | Mageia: Security Advisory (MGASA-2020-0119) |
| Resumen: | The remote host is missing an update for the 'php' package(s) announced via the MGASA-2020-0119 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'php' package(s) announced via the MGASA-2020-0119 advisory. Vulnerability Insight: Updated php packages fix bugs and security vulnerabilities: Core: - Fixed bug #71876 (Memory corruption htmlspecialchars(): charset `*' not supported). - Fixed bug #79146 (cscript can fail to run on some systems). - Fixed bug #78323 (Code 0 is returned on invalid options). - Fixed bug #76047 (Use-after-free when accessing already destructed backtrace arguments). CURL: - Fixed bug #79078 (Hypothetical use-after-free in curl_multi_add_handle()). Intl: - Fixed bug #79212 (NumberFormatter::format() may detect wrong type). Libxml: - Fixed bug #79191 (Error in SoapClient ctor disables DOMDocument::save()). MBString: - Fixed bug #79154 (mb_convert_encoding() can modify $from_encoding). MySQLnd: - Fixed bug #79084 (mysqlnd may fetch wrong column indexes with MYSQLI_BOTH). OpenSSL: - Fixed bug #79145 (openssl memory leak). Phar: - Fixed bug #79082 (Files added to tar with Phar::buildFromIterator have all-access permissions). (CVE-2020-7063) - Fixed bug #79171 (heap-buffer-overflow in phar_extract_file). (CVE-2020-7061) - Fixed bug #76584 (PharFileInfo::decompress not working). Reflection: - Fixed bug #79115 (ReflectionClass::isCloneable call reflected class __destruct). Session: - Fixed bug #79221 (Null Pointer Dereference in PHP Session Upload Progress). (CVE-2020-7062) SPL: - Fixed bug #79151 (heap use after free caused by spl_dllist_it_helper_move_forward). Standard: - Fixed bug #78902 (Memory leak when using stream_filter_append). XSL: - Fixed bug #70078 (XSL callbacks with nodes as parameter leak memory). Affected Software/OS: 'php' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2020-7061 https://security.gentoo.org/glsa/202003-57 https://bugs.php.net/bug.php?id=79171 Common Vulnerability Exposure (CVE) ID: CVE-2020-7062 Debian Security Information: DSA-4717 (Google Search) https://www.debian.org/security/2020/dsa-4717 Debian Security Information: DSA-4719 (Google Search) https://www.debian.org/security/2020/dsa-4719 https://bugs.php.net/bug.php?id=79221 https://lists.debian.org/debian-lts-announce/2020/03/msg00034.html SuSE Security Announcement: openSUSE-SU-2020:0341 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html https://usn.ubuntu.com/4330-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-7063 https://bugs.php.net/bug.php?id=79082 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |