MGASA-2020-0178 - Updated php packages fix security vulnerability

Publication date: 20 Apr 2020
URL: https://advisories.mageia.org/MGASA-2020-0178.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-7067

Updated php packages fix security vulnerabilities:
- OOB Read in urldecode() (CVE-2020-7067)
- Integer Overflow in shmop_open()

Noteable changes:
- Opcache chokes and uses 100% CPU on specific script
- curl_copy_handle() memory leak
- ZipArchive::open fails on empty file

References:
- https://bugs.mageia.org/show_bug.cgi?id=26491
- https://www.php.net/ChangeLog-7.php#7.3.17
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7067

SRPMS:
- 7/core/php-7.3.17-1.mga7