Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Gentoo: GLSA-202009-10 Low: PHP Denial Of Service Issue

gentoo
Calendar Grey September 13, 2020
Dist Gentoo Esm H88
The Gentoo GLSA 202103-05 highlights a minor vulnerability related to PHP that could lead to a Denial of Service (DoS). Users of impacted PHP versions are advised to perform updates.
A vulnerabilities in PHP could lead to a Denial of Service condition.

Summary

It was discovered that PHP did not properly handle PHAR files.

Topics%20covered

Topics Covered

security advisory denial of service security issue gentoo php low severity

Resolution

All PHP 7.2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-7.2.33"
All PHP 7.3 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-7.3.21"
All PHP 7.4 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-7.4.9"

References

[ 1 ] CVE-2020-7068 https://nvd.nist.gov/vuln/detail/CVE-2020-7068

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202009-10
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity
low
Lowest
Low
Medium
High
Critical

Severity: Low
Title: PHP: Denial of service
Date: September 13, 2020
Bugs: #736158
ID: 202009-10

Topics%20covered

Topics Covered

security advisory denial of service security issue gentoo php low severity

Synopsis

A vulnerabilities in PHP could lead to a Denial of Service condition.

Background

PHP is an open source general-purpose scripting language that is especially suited for web development.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/php < 7.2.33:7.2 >= 7.2.33:7.2 < 7.3.21:7.3 >= 7.3.21:7.3 < 7.4.9:7.4 >= 7.4.9:7.4

Impact

===== A remote attacker could entice a user to open a specially crafted PHAR file using PHP, possibly allowing attacker to obtain sensitive information or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Related News

Your message here