SUSE SLED15 / SLES15 Security Update : php7 (SUSE-SU-2020:2456-1)

This update for php7 fixes the following issues : CVE-2020-7068: Use of freed hash key in the pharparsezipfile function bsc1175223. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically cle...

SUSE SLED15 / SLES15 Security Update : php7 (SUSE-SU-2020:2455-1)

This update for php7 fixes the following issues : CVE-2020-7068: Use of freed hash key in the pharparsezipfile function bsc1175223. Do not install outdated README.SUSE bsc1174010. Added tmpfiles.d for php-fpm to provide a base for a socket bsc1173786. Note that Tenable Network Security has...

SUSE-SU-2020:2456-1 Security update for php7

This update for php7 fixes the following issues: - CVE-2020-7068: Use of freed hash key in the pharparsezipfile function bsc1175223...

SUSE-SU-2020:2455-1 Security update for php7

This update for php7 fixes the following issues: - CVE-2020-7068: Use of freed hash key in the pharparsezipfile function bsc1175223. - Do not install outdated README.SUSE bsc1174010. - Added tmpfiles.d for php-fpm to provide a base for a socket bsc1173786...

SUSE-SU-2020:2403-1 Security update for php7

This update for php7 fixes the following issues: - fix CVE-2020-7068 bsc1175223: Use of freed hash key in the pharparsezipfile function...

Security fix for the ALT Linux 8 package php7 version 7.2.33-alt1

7.2.33-alt1 built Aug. 12, 2020 Anton Farygin in task 255986 Aug. 7, 2020 Anton Farygin - 7.2.33 Fixes: CVE-2020-7068...

Security fix for the ALT Linux 9 package php7 version 7.3.21-alt1

7.3.21-alt1 built Aug. 11, 2020 Anton Farygin in task 255984 Aug. 7, 2020 Anton Farygin - 7.3.21 Fixes: CVE-2020-7068...

Denial Of Service (DoS)

php7 is vulnerable to denial of service. When HTTP file uploads are allowed, overly long filenames or field names could cause the engine to allocate oversized memory storage and stop further processes when the memory limit is hit. This results in the accumulation of uncleaned temporary files...

Insecure File Permissions

PHP7 uses insecure file permissions. When creating PHAR archives using the PharData::buildFromIterator function, the files are added with default permissions 0666 even if the original files on the filesystem configured with more restrictive permissions, allowing any local user to access the files...

Information Disclosure

php7 is vulnerable to information disclosure. The vulnerability exists while parsing EXIF data with exifreaddata function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory...

NULL Byte Injection

PHP7 is vulnerable to NULL byte injection. While using getheaders with user-supplied URL, if the URL contains null byte \0, the URL will be silently truncated. This causes certain software to make incorrect assumptions about the target of the getheaders and potentially send confidential informati...

openSUSE Security Update : php7 (openSUSE-2020-847)

This update for php7 fixes the following issues : Security issue fixed : - CVE-2019-11048: Improved the handling of overly long filenames or field names in HTTP file uploads bsc1171999. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The...

SUSE SLES15 Security Update : php7 (SUSE-SU-2020:1661-1)

This update for php7 fixes the following issues : Security issue fixed : CVE-2019-11048: Improved the handling of overly long filenames or field names in HTTP file uploads bsc1171999. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security...

SUSE SLED15 / SLES15 Security Update : php7 (SUSE-SU-2020:1661-2)

This update for php7 fixes the following issues : Security issue fixed : CVE-2019-11048: Improved the handling of overly long filenames or field names in HTTP file uploads bsc1171999. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security...

SUSE-SU-2020:1661-2 Security update for php7

This update for php7 fixes the following issues: Security issue fixed: - CVE-2019-11048: Improved the handling of overly long filenames or field names in HTTP file uploads bsc1171999...

openSUSE: Security Advisory for php7 (openSUSE-SU-2020:0847-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2020:0847-1 Security update for php7

This update for php7 fixes the following issues: Security issue fixed: - CVE-2019-11048: Improved the handling of overly long filenames or field names in HTTP file uploads bsc1171999. This update was imported from the SUSE:SLE-15:Update update project...

Security update for php7 (moderate)

openSUSE Security Update: Security update for php7 Announcement ID: openSUSE-SU-2020:0847-1 Rating: moderate References: 1171999 Cross-References: CVE-2019-11048 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for php7 fixes...

SUSE-SU-2020:1661-1 Security update for php7

This update for php7 fixes the following issues: Security issue fixed: - CVE-2019-11048: Improved the handling of overly long filenames or field names in HTTP file uploads bsc1171999...

SUSE SLES12 Security Update : php7 (SUSE-SU-2020:1545-1)

This update for php7 fixes the following issues : Security issue fixed : CVE-2019-11048: Improved the handling of overly long filenames or field names in HTTP file uploads bsc1171999. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security...