Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

SUSE: 2020:0647-1 Moderate: php72 File Upload And Permissions Issues

suse
Calendar Grey March 11, 2020
Dist Suse Esm H88
Enhancement for php72 addressing moderate concerns related to file uploads and adjustments in permissions within SUSE Linux Enterprise distributions.
An update that fixes two vulnerabilities is now available

Summary

This update for php72 fixes the following issues: - CVE-2020-7062: Fixed a null pointer dereference when using file upload functionality under specific circumstances (bsc#1165280). - CVE-2020-7063: Fixed an issue where adding files change the permissions to default (bsc#1165289). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-647=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-647=1 - SUSE Linux Enterprise Module for Web Scripting 12:

References

#1165280 #1165289

Cross- CVE-2020-7062 CVE-2020-7063

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP5

SUSE Linux Enterprise Software Development Kit 12-SP4

SUSE Linux Enterprise Module for Web Scripting 12

https://www.suse.com/security/cve/CVE-2020-7062.html

https://www.suse.com/security/cve/CVE-2020-7063.html

https://bugzilla.suse.com/1165280

https://bugzilla.suse.com/1165289

Announcement ID: SUSE-SU-2020:0647-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here