Lucene search

K
amazonAmazonALAS-2020-1346
HistoryFeb 24, 2020 - 9:41 p.m.

Medium: php72

2020-02-2421:41:00
alas.aws.amazon.com
37

0.004 Low

EPSS

Percentile

73.9%

Issue Overview:

When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash. (CVE-2020-7059)

When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash. (CVE-2020-7060)

Affected Packages:

php72

Issue Correction:
Run yum update php72 to update your system.

New Packages:

i686:  
    php72-xmlrpc-7.2.27-1.20.amzn1.i686  
    php72-process-7.2.27-1.20.amzn1.i686  
    php72-ldap-7.2.27-1.20.amzn1.i686  
    php72-odbc-7.2.27-1.20.amzn1.i686  
    php72-dba-7.2.27-1.20.amzn1.i686  
    php72-mbstring-7.2.27-1.20.amzn1.i686  
    php72-dbg-7.2.27-1.20.amzn1.i686  
    php72-intl-7.2.27-1.20.amzn1.i686  
    php72-tidy-7.2.27-1.20.amzn1.i686  
    php72-pspell-7.2.27-1.20.amzn1.i686  
    php72-bcmath-7.2.27-1.20.amzn1.i686  
    php72-snmp-7.2.27-1.20.amzn1.i686  
    php72-pdo-dblib-7.2.27-1.20.amzn1.i686  
    php72-imap-7.2.27-1.20.amzn1.i686  
    php72-enchant-7.2.27-1.20.amzn1.i686  
    php72-json-7.2.27-1.20.amzn1.i686  
    php72-pdo-7.2.27-1.20.amzn1.i686  
    php72-common-7.2.27-1.20.amzn1.i686  
    php72-mysqlnd-7.2.27-1.20.amzn1.i686  
    php72-devel-7.2.27-1.20.amzn1.i686  
    php72-recode-7.2.27-1.20.amzn1.i686  
    php72-soap-7.2.27-1.20.amzn1.i686  
    php72-opcache-7.2.27-1.20.amzn1.i686  
    php72-gd-7.2.27-1.20.amzn1.i686  
    php72-xml-7.2.27-1.20.amzn1.i686  
    php72-debuginfo-7.2.27-1.20.amzn1.i686  
    php72-embedded-7.2.27-1.20.amzn1.i686  
    php72-cli-7.2.27-1.20.amzn1.i686  
    php72-fpm-7.2.27-1.20.amzn1.i686  
    php72-pgsql-7.2.27-1.20.amzn1.i686  
    php72-gmp-7.2.27-1.20.amzn1.i686  
    php72-7.2.27-1.20.amzn1.i686  
  
src:  
    php72-7.2.27-1.20.amzn1.src  
  
x86_64:  
    php72-7.2.27-1.20.amzn1.x86_64  
    php72-gmp-7.2.27-1.20.amzn1.x86_64  
    php72-debuginfo-7.2.27-1.20.amzn1.x86_64  
    php72-xml-7.2.27-1.20.amzn1.x86_64  
    php72-json-7.2.27-1.20.amzn1.x86_64  
    php72-odbc-7.2.27-1.20.amzn1.x86_64  
    php72-pspell-7.2.27-1.20.amzn1.x86_64  
    php72-pgsql-7.2.27-1.20.amzn1.x86_64  
    php72-bcmath-7.2.27-1.20.amzn1.x86_64  
    php72-enchant-7.2.27-1.20.amzn1.x86_64  
    php72-dbg-7.2.27-1.20.amzn1.x86_64  
    php72-snmp-7.2.27-1.20.amzn1.x86_64  
    php72-tidy-7.2.27-1.20.amzn1.x86_64  
    php72-imap-7.2.27-1.20.amzn1.x86_64  
    php72-gd-7.2.27-1.20.amzn1.x86_64  
    php72-intl-7.2.27-1.20.amzn1.x86_64  
    php72-cli-7.2.27-1.20.amzn1.x86_64  
    php72-ldap-7.2.27-1.20.amzn1.x86_64  
    php72-recode-7.2.27-1.20.amzn1.x86_64  
    php72-pdo-dblib-7.2.27-1.20.amzn1.x86_64  
    php72-pdo-7.2.27-1.20.amzn1.x86_64  
    php72-process-7.2.27-1.20.amzn1.x86_64  
    php72-opcache-7.2.27-1.20.amzn1.x86_64  
    php72-devel-7.2.27-1.20.amzn1.x86_64  
    php72-common-7.2.27-1.20.amzn1.x86_64  
    php72-mysqlnd-7.2.27-1.20.amzn1.x86_64  
    php72-mbstring-7.2.27-1.20.amzn1.x86_64  
    php72-dba-7.2.27-1.20.amzn1.x86_64  
    php72-soap-7.2.27-1.20.amzn1.x86_64  
    php72-embedded-7.2.27-1.20.amzn1.x86_64  
    php72-fpm-7.2.27-1.20.amzn1.x86_64  
    php72-xmlrpc-7.2.27-1.20.amzn1.x86_64  

Additional References

Red Hat: CVE-2020-7059, CVE-2020-7060

Mitre: CVE-2020-7059, CVE-2020-7060