Detections
Analytics
Fedora 32 : php (2020-96124cc236)
low Nessus Plugin ID 139681
Language:
Synopsis
The remote Fedora host is missing a security update.Description
**PHP version 7.4.9** (06 Aug 2020)**Apache:**
- Fixed bug php#79030 (Upgrade apache2handler's php_apache_sapi_get_request_time to return usec).
(Herbert256)
**Core:**
- Fixed bug php#79740 (serialize() and unserialize() methods can not be called statically). (Nikita)
- Fixed bug php#79783 (Segfault in php_str_replace_common). (Nikita)
- Fixed bug php#79778 (Assertion failure if dumping closure with unresolved static variable). (Nikita)
- Fixed bug php#79779 (Assertion failure when assigning property of string offset by reference). (Nikita)
- Fixed bug php#79792 (HT iterators not removed if empty array is destroyed). (Nikita)
- Fixed bug php#78598 (Changing array during undef index RW error segfaults). (Nikita)
- Fixed bug php#79784 (Use after free if changing array during undef var during array write fetch). (Nikita)
- Fixed bug php#79793 (Use after free if string used in undefined index warning is changed). (Nikita)
- Fixed bug php#79862 (Public non-static property in child should take priority over private static). (Nikita)
- Fixed bug php#79877 (getimagesize function silently truncates after a null byte) (cmb)
**Fileinfo:**
- Fixed bug php#79756 (finfo_file crash (FILEINFO_MIME)).
(cmb)
**FTP:**
- Fixed bug php#55857 (ftp_size on large files). (cmb)
**Mbstring:**
- Fixed bug php#79787 (mb_strimwidth does not trim string). (XXiang)
**Phar:**
- Fixed bug php#79797 (Use of freed hash key in the phar_parse_zipfile function). (**CVE-2020-7068**) (cmb)
**Reflection:**
- Fixed bug php#79487 (::getStaticProperties() ignores property modifications). (cmb, Nikita)
- Fixed bug php#69804 (::getStaticPropertyValue() throws on protected props). (cmb, Nikita)
- Fixed bug php#79820 (Use after free when type duplicated into ReflectionProperty gets resolved). (Christopher Broadbent)
**Standard:**
- Fixed bug php#70362 (Can't copy() large 'data://' with open_basedir). (cmb)
- Fixed bug php#78008 (dns_check_record() always return true on Alpine). (Andy Postnikov)
- Fixed bug php#79839 (array_walk() does not respect property types). (Nikita)
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
Update the affected php package.See Also
https://bodhi.fedoraproject.org/updates/FEDORA-2020-96124cc236
Plugin Details
Severity: Low
ID: 139681
File Name: fedora_2020-96124cc236.nasl
Version: 1.8
Type: local
Agent: unix
Family: Fedora Local Security Checks
Published: 8/19/2020
Updated: 2/23/2024
Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.3
CVSS v2
Risk Factor: Low
Base Score: 3.3
Temporal Score: 2.6
Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:P
CVSS Score Source: CVE-2020-7068
CVSS v3
Risk Factor: Low
Base Score: 3.6
Temporal Score: 3.3
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:fedoraproject:fedora:php, cpe:/o:fedoraproject:fedora:32
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 8/19/2020
Vulnerability Publication Date: 9/9/2020
Reference Information
CVE: CVE-2020-7068
FEDORA: 2020-96124cc236
IAVA: 2020-A-0373-S