Linux Security
    Linux Security
    Linux Security

    Mageia 2020-0387: php security update

    Date
    73
    Posted By
    In PHP versions 7.2.x when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. (CVE-2020-7070)
    MGASA-2020-0387 - Updated php packages fix a security vulnerability
    
    Publication date: 16 Oct 2020
    URL: https://advisories.mageia.org/MGASA-2020-0387.html
    Type: security
    Affected Mageia releases: 7
    CVE: CVE-2020-7070
    
    In PHP versions 7.2.x when PHP is processing incoming HTTP cookie values, the
    cookie names are url-decoded. This may lead to cookies with prefixes
    like __Host confused with cookies that decode to such prefix, thus leading to
    an attacker being able to forge cookie which is supposed to be secure. 
    (CVE-2020-7070)
    
    These updated packages also fix several bugs:
    Core:
    - realpath() erroneously resolves link to link
    - Stack use-after-scope in define()
    - getimagesize function silently truncates after a null byte
    - Memleak when coercing integers to string via variadic argument
    
    Fileinfo: finfo_file crash (FILEINFO_MIME)
    
    LDAP: Fixed memory leaks.
    
    OPCache: opcache.file_cache causes SIGSEGV when custom opcode handlers changed.
    
    Standard: Memory leak in str_replace of empty string
    
    References:
    - https://bugs.mageia.org/show_bug.cgi?id=27239
    - https://www.php.net/ChangeLog-7.php#PHP_7_3_23
    - https://www.php.net/ChangeLog-7.php#PHP_7_3_22
    - https://www.php.net/ChangeLog-7.php#PHP_7_3_21
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7070
    
    SRPMS:
    - 7/core/php-7.3.23-1.mga7
    

    Advisories

    LinuxSecurity Poll

    Tails is the most secure Linux distro out there.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/41-ubuntu-is-a-more-secure-distro-than-fedora?task=poll.vote&format=json
    41
    radio
    [{"id":"142","title":"Yes - Tails get my vote!","votes":"2","type":"x","order":"1","pct":100,"resources":[]},{"id":"143","title":"Nope - Parrot OS has surpassed Tails in its security and privacy.","votes":"0","type":"x","order":"2","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.