Fedora 30 : php (2020-4ea970ebc6)

critical Nessus Plugin ID 134133

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Fedora host is missing a security update.

Description

**PHP version 7.3.15** (20 Feb 2020)

**Core:**

- Fixed bug php#71876 (Memory corruption htmlspecialchars(): charset `*' not supported). (Nikita)

- Fixed bug #php#79146 (cscript can fail to run on some systems). (clarodeus)

- Fixed bug php#78323 (Code 0 is returned on invalid options). (Ivan Mikheykin)

- Fixed bug php#76047 (Use-after-free when accessing already destructed backtrace arguments). (Nikita)

**CURL:**

- Fixed bug php#79078 (Hypothetical use-after-free in curl_multi_add_handle()). (cmb)

**Intl:**

- Fixed bug php#79212 (NumberFormatter::format() may detect wrong type). (cmb)

**Libxml:**

- Fixed bug php#79191 (Error in SoapClient ctor disables DOMDocument::save()). (Nikita, cmb)

**MBString:**

- Fixed bug php#79154 (mb_convert_encoding() can modify $from_encoding). (cmb)

**MySQLnd:**

- Fixed bug php#79084 (mysqlnd may fetch wrong column indexes with MYSQLI_BOTH). (cmb)

**OpenSSL:**

- Fixed bug php#79145 (openssl memory leak). (cmb, Nikita)

**Phar:**

- Fixed bug php#79082 (Files added to tar with Phar::buildFromIterator have all-access permissions).
(**CVE-2020-7063**) (stas)

- Fixed bug php#79171 (heap-buffer-overflow in phar_extract_file). (**CVE-2020-7061**) (cmb)

- Fixed bug php#76584 (PharFileInfo::decompress not working). (cmb)

**Reflection:**

- Fixed bug php#79115 (ReflectionClass::isCloneable call reflected class __destruct). (Nikita)

**Session:**

- Fixed bug php#79221 (NULL pointer Dereference in PHP Session Upload Progress). (**CVE-2020-7062**) (stas)

**SPL:**

- Fixed bug php#79151 (heap use after free caused by spl_dllist_it_helper_move_forward). (Nikita)

**Standard:**

- Fixed bug php#78902 (Memory leak when using stream_filter_append). (liudaixiao)

**Testing:**

- Fixed bug php#78090 (bug45161.phpt takes forever to finish). (cmb)

**XSL:**

- Fixed bug php#70078 (XSL callbacks with nodes as parameter leak memory). (cmb)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected php package.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2020-4ea970ebc6

Plugin Details

Severity: Critical

ID: 134133

File Name: fedora_2020-4ea970ebc6.nasl

Version: 1.3

Type: local

Agent: unix

Published: 2/28/2020

Updated: 3/6/2020

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 4.7

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:php, cpe:/o:fedoraproject:fedora:30

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 2/27/2020

Vulnerability Publication Date: 2/27/2020

Reference Information

CVE: CVE-2020-7061, CVE-2020-7062, CVE-2020-7063