MGASA-2021-0025 - Updated php packages fix security vulnerability Publication date: 14 Jan 2021 URL: https://advisories.mageia.org/MGASA-2021-0025.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-7071 FILTER_VALIDATE_URL accepts URLs with invalid userinfo (CVE-2020-7071). stream_get_contents() fails with maxlength=-1 or default. See upstream releasenotes for other changes. References: - https://bugs.mageia.org/show_bug.cgi?id=28036 - https://www.php.net/ChangeLog-7.php#PHP_7_3_26 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7071 SRPMS: - 7/core/php-7.3.26-1.mga7
Mageia 2021-0025: php security update
FILTER_VALIDATE_URL accepts URLs with invalid userinfo (CVE-2020-7071)
Summary
CVE: CVE-2020-7071
FILTER_VALIDATE_URL accepts URLs with invalid userinfo (CVE-2020-7071).
stream_get_contents() fails with maxlength=-1 or default.
See upstream releasenotes for other changes.
Resolution
MGASA-2021-0025 - Updated php packages fix security vulnerability
References
- https://bugs.mageia.org/show_bug.cgi?id=28036
- https://www.php.net/ChangeLog-7.php#PHP_7_3_26
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7071
Severity
Issued Date: 14 Jan 2021
URL: https://advisories.mageia.org/MGASA-2021-0025.html
Type: security
Affected Mageia releases: 7
News
HOWTOs
Features
Secure Linux Hosting for Businesses
What Is Threat Intelligence?
CloudLinux Simplifies & Enhances Linux Security with its TuxCare Unified Enterprise Support Services
LinuxSecurity, Leading Provider of Linux Security News and Information, Unveils its New Website
Biden’s New Executive Cybersecurity Order Highlights the Power of Open-Source Security
About Us
Powered By
