MGASA-2020-0066 - Updated php packages fix security vulnerabilities

Publication date: 28 Jan 2020
URL: https://advisories.mageia.org/MGASA-2020-0066.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-7059,
     CVE-2020-7060

Updated php packages fix security vulnerabilities:

Two buffer overflows in string and mbstring handling have been found
(CVE-2020-7059, CVE-2020-7060).

Other security fixes have been applied:
- Session: Fixed bug #79091 (heap use-after-free in session_create_id()).
- Date: Fixed bug #79015 (undefined-behavior in php_date.c).

For other fixes in this update, see the referenced chagelog.

References:
- https://bugs.mageia.org/show_bug.cgi?id=26126
- https://www.php.net/ChangeLog-7.php#7.3.14
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7059
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7060

SRPMS:
- 7/core/php-7.3.14-1.mga7