Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2020:0647-1

Опубликовано: 11 мар. 2020
Источник: suse-cvrf

Описание

Security update for php72

This update for php72 fixes the following issues:

  • CVE-2020-7062: Fixed a null pointer dereference when using file upload functionality under specific circumstances (bsc#1165280).
  • CVE-2020-7063: Fixed an issue where adding files change the permissions to default (bsc#1165289).

Список пакетов

SUSE Linux Enterprise Module for Web and Scripting 12
apache2-mod_php72-7.2.5-1.40.1
php72-7.2.5-1.40.1
php72-bcmath-7.2.5-1.40.1
php72-bz2-7.2.5-1.40.1
php72-calendar-7.2.5-1.40.1
php72-ctype-7.2.5-1.40.1
php72-curl-7.2.5-1.40.1
php72-dba-7.2.5-1.40.1
php72-dom-7.2.5-1.40.1
php72-enchant-7.2.5-1.40.1
php72-exif-7.2.5-1.40.1
php72-fastcgi-7.2.5-1.40.1
php72-fileinfo-7.2.5-1.40.1
php72-fpm-7.2.5-1.40.1
php72-ftp-7.2.5-1.40.1
php72-gd-7.2.5-1.40.1
php72-gettext-7.2.5-1.40.1
php72-gmp-7.2.5-1.40.1
php72-iconv-7.2.5-1.40.1
php72-imap-7.2.5-1.40.1
php72-intl-7.2.5-1.40.1
php72-json-7.2.5-1.40.1
php72-ldap-7.2.5-1.40.1
php72-mbstring-7.2.5-1.40.1
php72-mysql-7.2.5-1.40.1
php72-odbc-7.2.5-1.40.1
php72-opcache-7.2.5-1.40.1
php72-openssl-7.2.5-1.40.1
php72-pcntl-7.2.5-1.40.1
php72-pdo-7.2.5-1.40.1
php72-pear-7.2.5-1.40.1
php72-pear-Archive_Tar-7.2.5-1.40.1
php72-pgsql-7.2.5-1.40.1
php72-phar-7.2.5-1.40.1
php72-posix-7.2.5-1.40.1
php72-pspell-7.2.5-1.40.1
php72-readline-7.2.5-1.40.1
php72-shmop-7.2.5-1.40.1
php72-snmp-7.2.5-1.40.1
php72-soap-7.2.5-1.40.1
php72-sockets-7.2.5-1.40.1
php72-sodium-7.2.5-1.40.1
php72-sqlite-7.2.5-1.40.1
php72-sysvmsg-7.2.5-1.40.1
php72-sysvsem-7.2.5-1.40.1
php72-sysvshm-7.2.5-1.40.1
php72-tidy-7.2.5-1.40.1
php72-tokenizer-7.2.5-1.40.1
php72-wddx-7.2.5-1.40.1
php72-xmlreader-7.2.5-1.40.1
php72-xmlrpc-7.2.5-1.40.1
php72-xmlwriter-7.2.5-1.40.1
php72-xsl-7.2.5-1.40.1
php72-zip-7.2.5-1.40.1
php72-zlib-7.2.5-1.40.1
SUSE Linux Enterprise Software Development Kit 12 SP4
php72-devel-7.2.5-1.40.1
SUSE Linux Enterprise Software Development Kit 12 SP5
php72-devel-7.2.5-1.40.1

Ссылки

Описание

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php72-7.2.5-1.40.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-7.2.5-1.40.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-bcmath-7.2.5-1.40.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-bz2-7.2.5-1.40.1
Ссылки

Описание

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php72-7.2.5-1.40.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-7.2.5-1.40.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-bcmath-7.2.5-1.40.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-bz2-7.2.5-1.40.1
Ссылки
Уязвимость SUSE-SU-2020:0647-1