135 matches found
MGASA-2021-0312 Updated php packages fix security vulnerabilities
Updated PHP packages fix security vulnerabilities: - Fixed bug 81122: SSRF bypass in FILTERVALIDATEURL. CVE-2021-21705 PDOFirebird: - Fixed bug 76448: Stack buffer overflow in firebirdinfocb. CVE-2021-21704 - Fixed bug 76449: SIGSEGV in firebirdhandledoer. CVE-2021-21704 - Fixed bug 76450: SIGSEG...
MGASA-2021-0076 Updated php packages fix a security vulnerability
The php packages are updated to version 7.3.27 to fix a Null Dereference in SoapClient SOAP. CVE-2021-21702. Note also php packages version 7.4.15-1.mga7 are available in backports/updates...
MGASA-2021-0025 Updated php packages fix security vulnerability
FILTERVALIDATEURL accepts URLs with invalid userinfo CVE-2020-7071. streamgetcontents fails with maxlength=-1 or default. See upstream releasenotes for other changes...
Updated php packages fix security vulnerability
FILTERVALIDATEURL accepts URLs with invalid userinfo CVE-2020-7071. streamgetcontents fails with maxlength=-1 or default. See upstream releasenotes for other changes...
MGASA-2020-0236 Updated php packages fix security vulnerability
Updated php packages fix security vulnerabilities: - Fixed bug 78875 Long filenames cause OOM and temp files are not cleaned. 1 - Fixed bug 78876 Long variables in multipart/form-data cause OOM and temp files are not cleaned. 2 - Fixed bug 79441 Segfault in mbchr if internal encoding is...
EulerOS 2.0 SP8 : php (EulerOS-SA-2020-1586)
According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while parsing EXIF data with exifreaddata function, it is possible fo...
MGASA-2020-0178 Updated php packages fix security vulnerability
Updated php packages fix security vulnerabilities: - OOB Read in urldecode CVE-2020-7067 - Integer Overflow in shmopopen Noteable changes: - Opcache chokes and uses 100% CPU on specific script - curlcopyhandle memory leak - ZipArchive::open fails on empty file...
Updated php packages fix security vulnerability
Critical bugs closed: - Use-of-uninitialized-value in exif 1 - mbstrtolower UTF-32LE: stack-buffer-overflow at phpunicodetolowerfull 2 - getheaders silently truncates after a null byte 3 Some more bugs closed, as: - Memory corruption in pregreplace/pregreplacecallback and unicode -...
MGASA-2020-0148 Updated php packages fix security vulnerability
Critical bugs closed: - Use-of-uninitialized-value in exif 1 - mbstrtolower UTF-32LE: stack-buffer-overflow at phpunicodetolowerfull 2 - getheaders silently truncates after a null byte 3 Some more bugs closed, as: - Memory corruption in pregreplace/pregreplacecallback and unicode -...
MGASA-2020-0119 Updated php packages fix bugs and security vulnerabilities
Updated php packages fix bugs and security vulnerabilities: Core: - Fixed bug 71876 Memory corruption htmlspecialchars: charset ' not supported. - Fixed bug 79146 cscript can fail to run on some systems. - Fixed bug 78323 Code 0 is returned on invalid options. - Fixed bug 76047 Use-after-free whe...
Updated php packages fix bugs and security vulnerabilities
Updated php packages fix bugs and security vulnerabilities: Core: - Fixed bug 71876 Memory corruption htmlspecialchars: charset ' not supported. - Fixed bug 79146 cscript can fail to run on some systems. - Fixed bug 78323 Code 0 is returned on invalid options. - Fixed bug 76047 Use-after-free...
Security update for cacti, cacti-spine (important)
openSUSE Security Update: Security update for cacti, cacti-spine Announcement ID: openSUSE-SU-2020:0284-1 Rating: important References: 1082318 1101024 1101139 1122242 1122243 1122244 1122245 1122535 1158990 1158992 1161297 1163749 Cross-References: CVE-2009-4112 CVE-2018-20723 CVE-2018-20724...
OPENSUSE-SU-2020:0272-1 Security update for cacti, cacti-spine
This update for cacti, cacti-spine fixes the following issues: cacti-spine was updated to version 1.2.9. Security issues fixed: - CVE-2009-4112: Fixed a privilege escalation bsc1122535. - CVE-2018-20723: Fixed a cross-site scripting XSS vulnerability bsc1122245. - CVE-2018-20724: Fixed a cross-si...
MGASA-2020-0066 Updated php packages fix security vulnerabilities
Updated php packages fix security vulnerabilities: Two buffer overflows in string and mbstring handling have been found CVE-2020-7059, CVE-2020-7060. Other security fixes have been applied: - Session: Fixed bug 79091 heap use-after-free in sessioncreateid. - Date: Fixed bug 79015 undefined-behavi...
MGASA-2019-0412 Updated php packages fix security vulnerabilities
Updated php packages fix security vulnerabilities: DirectoryIterator class silently truncates after a null byte CVE-2019-11045. Buffer underflow in bcshiftaddsub. CVE-2019-11046 Heap-buffer-overflow READ in exif. CVE-2019-11047 mail may release string with refcount==1 twice. CVE-2019-11049...
EulerOS 2.0 SP2 : php (EulerOS-SA-2019-1865)
According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An out-of-bounds write flaw was found in the fpmlogwrite logging function of PHP's FastCGI Process Manager service. A remote attacker could...
MGASA-2019-0253 Updated php packages fix security vulnerabilities
Updated php packages fix security vulnerabilities: A use-after-free in onignewdeluxe in regext.c in the bundled Oniguruma allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression CVE-2019-13224. A NULL...
MGASA-2019-0218 Updated php packages fix security vulnerabilities
Updated php packages fixes at least the following security issues: When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause ...
EulerOS Virtualization 2.5.3 : php (EulerOS-SA-2019-1265)
According to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the...
EulerOS 2.0 SP5 : php (EulerOS-SA-2019-1146)
According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an...