Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2020:0622-1 Important: php7 Buffer Overflow and DoS Fix

suse
Calendar Grey March 9, 2020
Dist Suse Esm H88
SUSE has rolled out a Security Update for php8, addressing severe vulnerabilities, improving reliability and protection. More information enclosed.
An update that fixes four vulnerabilities is now available

Summary

This update for php7 fixes the following issues: - CVE-2020-7062: Fixed a null pointer dereference when using file upload functionality under specific circumstances (bsc#1165280). - CVE-2020-7063: Fixed an issue where adding files change the permissions to default (bsc#1165289). - CVE-2020-7059: Fixed an out of bounds read in php_strip_tags_ex which may have led to denial of service (bsc#1162629). - CVE-2020-7060: Fixed a global buffer overflow in mbfl_filt_conv_big5_wchar which may have led to memory corruption (bsc#1162632). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15:

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow important suse file upload php7

References

#1162629 #1162632 #1165280 #1165289

Cross- CVE-2020-7059 CVE-2020-7060 CVE-2020-7062

CVE-2020-7063

Affected Products:

SUSE Linux Enterprise Server for SAP 15

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise Module for Web Scripting 15-SP1

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1

SUSE Linux Enterprise High Performance Computing 15-LTSS

SUSE Linux Enterprise High Performance Computing 15-ESPOS

https://www.suse.com/security/cve/CVE-2020-7059.html

https://www.suse.com/security/cve/CVE-2020-7060.html

https://www.suse.com/security/cve/CVE-2020-7062.html

https://www.suse.com/security/cve/CVE-2020-7063.html

https://bugzilla.suse.com/1162629

https://bugzilla.suse.com/1162632

https://bugzilla.suse.com/1165280

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2020:0622-1
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow important suse file upload php7

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here