Linux Security
    Linux Security
    Linux Security

    Mageia 2020-0387: php security update

    Date
    61
    Posted By
    In PHP versions 7.2.x when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. (CVE-2020-7070)
    MGASA-2020-0387 - Updated php packages fix a security vulnerability
    
    Publication date: 16 Oct 2020
    URL: https://advisories.mageia.org/MGASA-2020-0387.html
    Type: security
    Affected Mageia releases: 7
    CVE: CVE-2020-7070
    
    In PHP versions 7.2.x when PHP is processing incoming HTTP cookie values, the
    cookie names are url-decoded. This may lead to cookies with prefixes
    like __Host confused with cookies that decode to such prefix, thus leading to
    an attacker being able to forge cookie which is supposed to be secure. 
    (CVE-2020-7070)
    
    These updated packages also fix several bugs:
    Core:
    - realpath() erroneously resolves link to link
    - Stack use-after-scope in define()
    - getimagesize function silently truncates after a null byte
    - Memleak when coercing integers to string via variadic argument
    
    Fileinfo: finfo_file crash (FILEINFO_MIME)
    
    LDAP: Fixed memory leaks.
    
    OPCache: opcache.file_cache causes SIGSEGV when custom opcode handlers changed.
    
    Standard: Memory leak in str_replace of empty string
    
    References:
    - https://bugs.mageia.org/show_bug.cgi?id=27239
    - https://www.php.net/ChangeLog-7.php#PHP_7_3_23
    - https://www.php.net/ChangeLog-7.php#PHP_7_3_22
    - https://www.php.net/ChangeLog-7.php#PHP_7_3_21
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7070
    
    SRPMS:
    - 7/core/php-7.3.23-1.mga7
    

    Advisories

    LinuxSecurity Poll

    Which statement best describes how you feel about the recent Linux 5.9 release?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/40-what-change-are-you-most-excited-about-in-linux-5-9?task=poll.vote&format=json
    40
    radio
    [{"id":"140","title":"Not a game-changer for me.","votes":"1","type":"x","order":"1","pct":16.67,"resources":[]},{"id":"141","title":"I'm happy with the performance improvements it offers.","votes":"5","type":"x","order":"2","pct":83.33,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.