 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.10.2020.0119 |
| Category: | Mageia Linux Local Security Checks |
| Title: | Mageia: Security Advisory (MGASA-2020-0119) |
| Summary: | The remote host is missing an update for the 'php' package(s) announced via the MGASA-2020-0119 advisory. |
| Description: | Summary: The remote host is missing an update for the 'php' package(s) announced via the MGASA-2020-0119 advisory. Vulnerability Insight: Updated php packages fix bugs and security vulnerabilities: Core: - Fixed bug #71876 (Memory corruption htmlspecialchars(): charset `*' not supported). - Fixed bug #79146 (cscript can fail to run on some systems). - Fixed bug #78323 (Code 0 is returned on invalid options). - Fixed bug #76047 (Use-after-free when accessing already destructed backtrace arguments). CURL: - Fixed bug #79078 (Hypothetical use-after-free in curl_multi_add_handle()). Intl: - Fixed bug #79212 (NumberFormatter::format() may detect wrong type). Libxml: - Fixed bug #79191 (Error in SoapClient ctor disables DOMDocument::save()). MBString: - Fixed bug #79154 (mb_convert_encoding() can modify $from_encoding). MySQLnd: - Fixed bug #79084 (mysqlnd may fetch wrong column indexes with MYSQLI_BOTH). OpenSSL: - Fixed bug #79145 (openssl memory leak). Phar: - Fixed bug #79082 (Files added to tar with Phar::buildFromIterator have all-access permissions). (CVE-2020-7063) - Fixed bug #79171 (heap-buffer-overflow in phar_extract_file). (CVE-2020-7061) - Fixed bug #76584 (PharFileInfo::decompress not working). Reflection: - Fixed bug #79115 (ReflectionClass::isCloneable call reflected class __destruct). Session: - Fixed bug #79221 (Null Pointer Dereference in PHP Session Upload Progress). (CVE-2020-7062) SPL: - Fixed bug #79151 (heap use after free caused by spl_dllist_it_helper_move_forward). Standard: - Fixed bug #78902 (Memory leak when using stream_filter_append). XSL: - Fixed bug #70078 (XSL callbacks with nodes as parameter leak memory). Affected Software/OS: 'php' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2020-7061 https://security.gentoo.org/glsa/202003-57 https://bugs.php.net/bug.php?id=79171 Common Vulnerability Exposure (CVE) ID: CVE-2020-7062 Debian Security Information: DSA-4717 (Google Search) https://www.debian.org/security/2020/dsa-4717 Debian Security Information: DSA-4719 (Google Search) https://www.debian.org/security/2020/dsa-4719 https://bugs.php.net/bug.php?id=79221 https://lists.debian.org/debian-lts-announce/2020/03/msg00034.html SuSE Security Announcement: openSUSE-SU-2020:0341 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html https://usn.ubuntu.com/4330-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-7063 https://bugs.php.net/bug.php?id=79082 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |