SUSE-SU-2021:0125-1 Security update for php72

This update for php72 fixes the following issue: - CVE-2020-7071: Fixed an insufficient filter in parseurl that accepted URLs with invalid userinfo bsc1180706...

SUSE SLES12 Security Update : php72 (SUSE-SU-2020:2943-1)

This update for php72 fixes the following issues : CVE-2020-7069: Fixed an issue when AES-CCM mode was used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV was used bsc1177351. CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to overwrit...

Amazon Linux AMI : php72, php73 (ALAS-2020-1440)

The version of php72 installed on the remote host is prior to 7.2.34-1.26. The version of php73 installed on the remote host is prior to 7.3.23-1.29. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1440 advisory. In PHP versions 7.2.x below 7.2.34, 7.3.x belo...

SUSE-SU-2020:2943-1 Security update for php72

This update for php72 fixes the following issues: - CVE-2020-7069: Fixed an issue when AES-CCM mode was used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV was used bsc1177351. - CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to...

SUSE SLES12 Security Update : php72 (SUSE-SU-2020:2405-1)

This update for php72 fixes the following issues : CVE-2020-7068: Use of freed hash key in the pharparsezipfile function bsc1175223. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically...

SUSE-SU-2020:2405-1 Security update for php72

This update for php72 fixes the following issues: - CVE-2020-7068: Use of freed hash key in the pharparsezipfile function bsc1175223...

FreeBSD : php72 -- use of freed hash key (ee261034-b95e-4479-b947-08b0877e029f)

grigoritchy at gmail dot com reports : The pharparsezipfile function had use-after-free vulnerability because of mishandling of the actualalias variable. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database :...

Amazon Linux AMI : php72, php73 (ALAS-2020-1397)

The version of php72 installed on the remote host is prior to 7.2.31-1.23. The version of php73 installed on the remote host is prior to 7.3.19-1.26. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1397 advisory. In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18...

php72 -- use of freed hash key

grigoritchy at gmail dot com reports: The pharparsezipfile function had use-after-free vulnerability because of mishandling of the actualalias variable...

SUSE SLES12 Security Update : php72 (SUSE-SU-2020:1546-1)

This update for php72 fixes the following issues : CVE-2020-7064: Fixed a one byte read of uninitialized memory in exifreaddata bsc1168326. CVE-2020-7066: Fixed URL truncation getheaders if the URL contains zero \0 character bsc1168352. CVE-2019-11048: Improved the handling of overly long filenam...

SUSE-SU-2020:1546-1 Security update for php72

This update for php72 fixes the following issues: - CVE-2020-7064: Fixed a one byte read of uninitialized memory in exifreaddata bsc1168326. - CVE-2020-7066: Fixed URL truncation getheaders if the URL contains zero \0 character bsc1168352. - CVE-2019-11048: Improved the handling of overly long...

SUSE SLES12 Security Update : php72 (SUSE-SU-2020:0647-1)

This update for php72 fixes the following issues : CVE-2020-7062: Fixed a NULL pointer dereference when using file upload functionality under specific circumstances bsc1165280. CVE-2020-7063: Fixed an issue where adding files change the permissions to default bsc1165289. Note that Tenable Network...

SUSE-SU-2020:0647-1 Security update for php72

This update for php72 fixes the following issues: - CVE-2020-7062: Fixed a null pointer dereference when using file upload functionality under specific circumstances bsc1165280. - CVE-2020-7063: Fixed an issue where adding files change the permissions to default bsc1165289...

Amazon Linux AMI : php72 (ALAS-2020-1346)

The version of php72 installed on the remote host is prior to 7.2.27-1.20. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1346 advisory. When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and...

SUSE SLES12 Security Update : php72 (SUSE-SU-2020:0397-1)

This update for php72 fixes the following issues : Security issues fixed : CVE-2020-7059: Fixed an out-of-bounds read in phpstriptagsex bsc1162629. CVE-2020-7060: Fixed a global buffer-overflow in mbflfiltconvbig5wchar bsc1162632. CVE-2019-20433: Fixed a buffer over-read when processing strings...

SUSE-SU-2020:0397-1 Security update for php72

This update for php72 fixes the following issues: Security issues fixed: - CVE-2020-7059: Fixed an out-of-bounds read in phpstriptagsex bsc1162629. - CVE-2020-7060: Fixed a global buffer-overflow in mbflfiltconvbig5wchar bsc1162632. - CVE-2019-20433: Fixed a buffer over-read when processing strin...

SUSE SLES12 Security Update : php72 (SUSE-SU-2020:0267-1)

This update for php72 fixes the following issues : CVE-2019-11045: Fixed an issue with improper input validation in the filename handling of the DirectoryIterator class bsc1159923. CVE-2019-11046: Fixed an information leak in bcshiftaddsub bsc1159924. CVE-2019-11047, CVE-2019-11050: Fixed multipl...

SUSE-SU-2020:0267-1 Security update for php72

This update for php72 fixes the following issues: - CVE-2019-11045: Fixed an issue with improper input validation in the filename handling of the DirectoryIterator class bsc1159923. - CVE-2019-11046: Fixed an information leak in bcshiftaddsub bsc1159924. - CVE-2019-11047, CVE-2019-11050: Fixed...

SUSE SLES12 Security Update : php72 (SUSE-SU-2019:2909-1)

This update for php72 fixes the following issues : Security issue fixed : CVE-2019-11043: Fixed possible remote code execution via envpathinfo underflow in fpmmain.c bsc1154999. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security...

SUSE-SU-2019:2909-1 Security update for php72

This update for php72 fixes the following issues: Security issue fixed: - CVE-2019-11043: Fixed possible remote code execution via envpathinfo underflow in fpmmain.c bsc1154999...