Fedora 32 : php (2020-96124cc236)

low Nessus Plugin ID 139681

Language:

Synopsis

The remote Fedora host is missing a security update.

Description

**PHP version 7.4.9** (06 Aug 2020)

**Apache:**

- Fixed bug php#79030 (Upgrade apache2handler's php_apache_sapi_get_request_time to return usec).
(Herbert256)

**Core:**

- Fixed bug php#79740 (serialize() and unserialize() methods can not be called statically). (Nikita)

- Fixed bug php#79783 (Segfault in php_str_replace_common). (Nikita)

- Fixed bug php#79778 (Assertion failure if dumping closure with unresolved static variable). (Nikita)

- Fixed bug php#79779 (Assertion failure when assigning property of string offset by reference). (Nikita)

- Fixed bug php#79792 (HT iterators not removed if empty array is destroyed). (Nikita)

- Fixed bug php#78598 (Changing array during undef index RW error segfaults). (Nikita)

- Fixed bug php#79784 (Use after free if changing array during undef var during array write fetch). (Nikita)

- Fixed bug php#79793 (Use after free if string used in undefined index warning is changed). (Nikita)

- Fixed bug php#79862 (Public non-static property in child should take priority over private static). (Nikita)

- Fixed bug php#79877 (getimagesize function silently truncates after a null byte) (cmb)

**Fileinfo:**

- Fixed bug php#79756 (finfo_file crash (FILEINFO_MIME)).
(cmb)

**FTP:**

- Fixed bug php#55857 (ftp_size on large files). (cmb)

**Mbstring:**

- Fixed bug php#79787 (mb_strimwidth does not trim string). (XXiang)

**Phar:**

- Fixed bug php#79797 (Use of freed hash key in the phar_parse_zipfile function). (**CVE-2020-7068**) (cmb)

**Reflection:**

- Fixed bug php#79487 (::getStaticProperties() ignores property modifications). (cmb, Nikita)

- Fixed bug php#69804 (::getStaticPropertyValue() throws on protected props). (cmb, Nikita)

- Fixed bug php#79820 (Use after free when type duplicated into ReflectionProperty gets resolved). (Christopher Broadbent)

**Standard:**

- Fixed bug php#70362 (Can't copy() large 'data://' with open_basedir). (cmb)

- Fixed bug php#78008 (dns_check_record() always return true on Alpine). (Andy Postnikov)

- Fixed bug php#79839 (array_walk() does not respect property types). (Nikita)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected php package.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2020-96124cc236

Plugin Details

Severity: Low

ID: 139681

File Name: fedora_2020-96124cc236.nasl

Version: 1.7

Type: local

Agent: unix

Published: 8/19/2020

Updated: 9/25/2020

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent

Risk Information

VPR

Risk Factor: Low

Score: 3.3

CVSS v2

Risk Factor: Low

Base Score: 3.3

Temporal Score: 2.4

Vector: AV:L/AC:M/Au:N/C:P/I:N/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2020-7068

CVSS v3

Risk Factor: Low

Base Score: 3.6

Temporal Score: 3.2

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:php, cpe:/o:fedoraproject:fedora:32

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 8/19/2020

Vulnerability Publication Date: 9/9/2020

Reference Information

CVE: CVE-2020-7068

FEDORA: 2020-96124cc236

IAVA: 2020-A-0373-S