PHP: Multiple vulnerabilities

2020-12-23T00:00:00
ID GLSA-202012-16
Type gentoo
Reporter Gentoo Foundation
Modified 2020-12-23T00:00:00

Description

Background

PHP is an open source general-purpose scripting language that is especially suited for web development.

Description

Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers and change log referenced below for details.

Impact

An attacker could cause a Denial of Service condition or obtain sensitive information.

Workaround

There is no known workaround at this time.

Resolution

All PHP 7.2.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-lang/php-7.2.34-r1:7.2"

All PHP 7.3.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-lang/php-7.3.25:7.3"

All PHP 7.4.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-lang/php-7.4.13:7.4"