Описание
Security update for php72
This update for php72 fixes the following issues:
Security issues fixed:
- CVE-2020-7059: Fixed an out-of-bounds read in php_strip_tags_ex (bsc#1162629).
- CVE-2020-7060: Fixed a global buffer-overflow in mbfl_filt_conv_big5_wchar (bsc#1162632).
- CVE-2019-20433: Fixed a buffer over-read when processing strings ending with a single '\0' byte with ucs-2 and ucs-4 encoding (bsc#1161982).
Список пакетов
SUSE Linux Enterprise Module for Web and Scripting 12
SUSE Linux Enterprise Software Development Kit 12 SP4
SUSE Linux Enterprise Software Development Kit 12 SP5
Ссылки
- Link for SUSE-SU-2020:0397-1
- E-Mail link for SUSE-SU-2020:0397-1
- SUSE Security Ratings
- SUSE Bug 1161982
- SUSE Bug 1162629
- SUSE Bug 1162632
- SUSE CVE CVE-2019-20433 page
- SUSE CVE CVE-2020-7059 page
- SUSE CVE CVE-2020-7060 page
Описание
libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable.
Затронутые продукты
Ссылки
- CVE-2019-20433
- SUSE Bug 1161982
Описание
When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.
Затронутые продукты
Ссылки
- CVE-2020-7059
- SUSE Bug 1162629
Описание
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.
Затронутые продукты
Ссылки
- CVE-2020-7060
- SUSE Bug 1162632