Fedora 31 : php (2020-8e36afc743)

low Nessus Plugin ID 139680

Language:

Synopsis

The remote Fedora host is missing a security update.

Description

**PHP version 7.3.21** (06 Aug 2020)

**Apache:**

- Fixed bug php#79030 (Upgrade apache2handler's php_apache_sapi_get_request_time to return usec).
(Herbert256)

**Core:**

- Fixed bug php#79877 (getimagesize function silently truncates after a null byte) (cmb)

- Fixed bug php#79778 (Assertion failure if dumping closure with unresolved static variable). (Nikita)

- Fixed bug php#79792 (HT iterators not removed if empty array is destroyed). (Nikita)

**Curl:**

- Fixed bug php#79741 (curl_setopt CURLOPT_POSTFIELDS asserts on object with declared properties). (Nikita)

**Fileinfo:**

- Fixed bug php#79756 (finfo_file crash (FILEINFO_MIME)).
(cmb)

**FTP:**

- Fixed bug php#55857 (ftp_size on large files). (cmb)

**Mbstring:**

- Fixed bug php#79787 (mb_strimwidth does not trim string). (XXiang)

**Phar:**

- Fixed bug php#79797 (Use of freed hash key in the phar_parse_zipfile function). (**CVE-2020-7068**) (cmb)

**Standard:**

- Fixed bug php#70362 (Can't copy() large 'data://' with open_basedir). (cmb)

- Fixed bug php#79817 (str_replace() does not handle INDIRECT elements). (Nikita)

- Fixed bug php#78008 (dns_check_record() always return true on Alpine). (Andy Postnikov)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected php package.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2020-8e36afc743

Plugin Details

Severity: Low

ID: 139680

File Name: fedora_2020-8e36afc743.nasl

Version: 1.7

Type: local

Agent: unix

Published: 8/19/2020

Updated: 9/25/2020

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent

Risk Information

VPR

Risk Factor: Low

Score: 3.3

CVSS v2

Risk Factor: Low

Base Score: 3.3

Temporal Score: 2.4

Vector: AV:L/AC:M/Au:N/C:P/I:N/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2020-7068

CVSS v3

Risk Factor: Low

Base Score: 3.6

Temporal Score: 3.2

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:php, cpe:/o:fedoraproject:fedora:31

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 8/19/2020

Vulnerability Publication Date: 9/9/2020

Reference Information

CVE: CVE-2020-7068

FEDORA: 2020-8e36afc743

IAVA: 2020-A-0373-S