Bug 26365

Summary: new security issues on php
Product: Mageia Reporter: Marc Krämer <mageia>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: andrewsfarm, davidwhodgins, herman.viaene, mageia, sysadmin-bugs
Version: 7Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA7-64-OK
Source RPM: php CVE:
Status comment:

Description Marc Krämer 2020-03-20 18:27:25 CET 
CVE-2020-7064, CVE-2020-7065, CVE-2020-7066
Comment 1 Marc Krämer 2020-03-20 18:33:01 CET 
Updated php packages fix security vulnerabilities:

Critical bugs closed:
- Use-of-uninitialized-value in exif [1]
- mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full [2]
- get_headers() silently truncates after a null byte [3]

Some more bugs closed, as:
- Memory corruption in preg_replace/preg_replace_callback and unicode
- restore_error_handler does not restore previous errors mask


References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7064
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7065
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7066
https://www.php.net/ChangeLog-7.php#7.3.16
========================

Updated packages in core/updates_testing:
========================
php-ini-7.3.16-1.mga7
apache-mod_php-7.3.16-1.mga7
php-cli-7.3.16-1.mga7
php-cgi-7.3.16-1.mga7
lib64php_common7-7.3.16-1.mga7
php-devel-7.3.16-1.mga7
php-openssl-7.3.16-1.mga7
php-zlib-7.3.16-1.mga7
php-doc-7.3.16-1.mga7
php-bcmath-7.3.16-1.mga7
php-bz2-7.3.16-1.mga7
php-calendar-7.3.16-1.mga7
php-ctype-7.3.16-1.mga7
php-curl-7.3.16-1.mga7
php-dba-7.3.16-1.mga7
php-dom-7.3.16-1.mga7
php-enchant-7.3.16-1.mga7
php-exif-7.3.16-1.mga7
php-fileinfo-7.3.16-1.mga7
php-filter-7.3.16-1.mga7
php-ftp-7.3.16-1.mga7
php-gd-7.3.16-1.mga7
php-gettext-7.3.16-1.mga7
php-gmp-7.3.16-1.mga7
php-hash-7.3.16-1.mga7
php-iconv-7.3.16-1.mga7
php-imap-7.3.16-1.mga7
php-interbase-7.3.16-1.mga7
php-intl-7.3.16-1.mga7
php-json-7.3.16-1.mga7
php-ldap-7.3.16-1.mga7
php-mbstring-7.3.16-1.mga7
php-mysqli-7.3.16-1.mga7
php-mysqlnd-7.3.16-1.mga7
php-odbc-7.3.16-1.mga7
php-opcache-7.3.16-1.mga7
php-pcntl-7.3.16-1.mga7
php-pdo-7.3.16-1.mga7
php-pdo_dblib-7.3.16-1.mga7
php-pdo_firebird-7.3.16-1.mga7
php-pdo_mysql-7.3.16-1.mga7
php-pdo_odbc-7.3.16-1.mga7
php-pdo_pgsql-7.3.16-1.mga7
php-pdo_sqlite-7.3.16-1.mga7
php-pgsql-7.3.16-1.mga7
php-phar-7.3.16-1.mga7
php-posix-7.3.16-1.mga7
php-readline-7.3.16-1.mga7
php-recode-7.3.16-1.mga7
php-session-7.3.16-1.mga7
php-shmop-7.3.16-1.mga7
php-snmp-7.3.16-1.mga7
php-soap-7.3.16-1.mga7
php-sockets-7.3.16-1.mga7
php-sodium-7.3.16-1.mga7
php-sqlite3-7.3.16-1.mga7
php-sysvmsg-7.3.16-1.mga7
php-sysvsem-7.3.16-1.mga7
php-sysvshm-7.3.16-1.mga7
php-tidy-7.3.16-1.mga7
php-tokenizer-7.3.16-1.mga7
php-xml-7.3.16-1.mga7
php-xmlreader-7.3.16-1.mga7
php-xmlrpc-7.3.16-1.mga7
php-xmlwriter-7.3.16-1.mga7
php-xsl-7.3.16-1.mga7
php-wddx-7.3.16-1.mga7
php-zip-7.3.16-1.mga7
php-fpm-7.3.16-1.mga7
phpdbg-7.3.16-1.mga7
php-debugsource-7.3.16-1.mga7
php-debuginfo-7.3.16-1.mga7
apache-mod_php-debuginfo-7.3.16-1.mga7
php-cli-debuginfo-7.3.16-1.mga7
php-cgi-debuginfo-7.3.16-1.mga7
lib64php_common7-debuginfo-7.3.16-1.mga7
php-openssl-debuginfo-7.3.16-1.mga7
php-zlib-debuginfo-7.3.16-1.mga7
php-bcmath-debuginfo-7.3.16-1.mga7
php-bz2-debuginfo-7.3.16-1.mga7
php-calendar-debuginfo-7.3.16-1.mga7
php-ctype-debuginfo-7.3.16-1.mga7
php-curl-debuginfo-7.3.16-1.mga7
php-dba-debuginfo-7.3.16-1.mga7
php-dom-debuginfo-7.3.16-1.mga7
php-enchant-debuginfo-7.3.16-1.mga7
php-exif-debuginfo-7.3.16-1.mga7
php-fileinfo-debuginfo-7.3.16-1.mga7
php-filter-debuginfo-7.3.16-1.mga7
php-ftp-debuginfo-7.3.16-1.mga7
php-gd-debuginfo-7.3.16-1.mga7
php-gettext-debuginfo-7.3.16-1.mga7
php-gmp-debuginfo-7.3.16-1.mga7
php-hash-debuginfo-7.3.16-1.mga7
php-iconv-debuginfo-7.3.16-1.mga7
php-imap-debuginfo-7.3.16-1.mga7
php-interbase-debuginfo-7.3.16-1.mga7
php-intl-debuginfo-7.3.16-1.mga7
php-json-debuginfo-7.3.16-1.mga7
php-ldap-debuginfo-7.3.16-1.mga7
php-mbstring-debuginfo-7.3.16-1.mga7
php-mysqli-debuginfo-7.3.16-1.mga7
php-mysqlnd-debuginfo-7.3.16-1.mga7
php-odbc-debuginfo-7.3.16-1.mga7
php-opcache-debuginfo-7.3.16-1.mga7
php-pcntl-debuginfo-7.3.16-1.mga7
php-pdo-debuginfo-7.3.16-1.mga7
php-pdo_dblib-debuginfo-7.3.16-1.mga7
php-pdo_firebird-debuginfo-7.3.16-1.mga7
php-pdo_mysql-debuginfo-7.3.16-1.mga7
php-pdo_odbc-debuginfo-7.3.16-1.mga7
php-pdo_pgsql-debuginfo-7.3.16-1.mga7
php-pdo_sqlite-debuginfo-7.3.16-1.mga7
php-pgsql-debuginfo-7.3.16-1.mga7
php-phar-debuginfo-7.3.16-1.mga7
php-posix-debuginfo-7.3.16-1.mga7
php-readline-debuginfo-7.3.16-1.mga7
php-recode-debuginfo-7.3.16-1.mga7
php-session-debuginfo-7.3.16-1.mga7
php-shmop-debuginfo-7.3.16-1.mga7
php-snmp-debuginfo-7.3.16-1.mga7
php-soap-debuginfo-7.3.16-1.mga7
php-sockets-debuginfo-7.3.16-1.mga7
php-sodium-debuginfo-7.3.16-1.mga7
php-sqlite3-debuginfo-7.3.16-1.mga7
php-sysvmsg-debuginfo-7.3.16-1.mga7
php-sysvsem-debuginfo-7.3.16-1.mga7
php-sysvshm-debuginfo-7.3.16-1.mga7
php-tidy-debuginfo-7.3.16-1.mga7
php-tokenizer-debuginfo-7.3.16-1.mga7
php-xml-debuginfo-7.3.16-1.mga7
php-xmlreader-debuginfo-7.3.16-1.mga7
php-xmlrpc-debuginfo-7.3.16-1.mga7
php-xmlwriter-debuginfo-7.3.16-1.mga7
php-xsl-debuginfo-7.3.16-1.mga7
php-wddx-debuginfo-7.3.16-1.mga7
php-zip-debuginfo-7.3.16-1.mga7
php-fpm-debuginfo-7.3.16-1.mga7
phpdbg-debuginfo-7.3.16-1.mga7

SRPM:
php-7.3.16-1.mga7.src.rpm

Assignee: mageia => qa-bugs

Comment 2 Herman Viaene 2020-03-21 12:17:17 CET 
MGA7-64 Plasma on Lenovo B50
No installation issues.
$ php -r 'phpinfo();'
flows over with info
Played around with phpLyAdmin, all sees OK.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA7-64-OK

Comment 3 PC LX 2020-03-22 15:21:10 CET 
Installed and tested without issues.

Tested with various scripts (wordpress, phpmyadmin, roundcubemail, drupal, custom) using HTTP, HTTPS and CLI.


System: Mageia 7, x86_64, Intel CPU.


$ uname -a
Linux marte 5.5.9-desktop-1.mga7 #1 SMP Thu Mar 12 08:02:44 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | grep php.*7.3.16 | sort
apache-mod_php-7.3.16-1.mga7
lib64php_common7-7.3.16-1.mga7
php-bz2-7.3.16-1.mga7
php-cli-7.3.16-1.mga7
php-ctype-7.3.16-1.mga7
php-curl-7.3.16-1.mga7
php-dom-7.3.16-1.mga7
php-exif-7.3.16-1.mga7
php-fileinfo-7.3.16-1.mga7
php-filter-7.3.16-1.mga7
php-ftp-7.3.16-1.mga7
php-gd-7.3.16-1.mga7
php-gettext-7.3.16-1.mga7
php-hash-7.3.16-1.mga7
php-iconv-7.3.16-1.mga7
php-ini-7.3.16-1.mga7
php-intl-7.3.16-1.mga7
php-json-7.3.16-1.mga7
php-ldap-7.3.16-1.mga7
php-mbstring-7.3.16-1.mga7
php-mysqli-7.3.16-1.mga7
php-mysqlnd-7.3.16-1.mga7
php-openssl-7.3.16-1.mga7
php-pdo-7.3.16-1.mga7
php-pdo_mysql-7.3.16-1.mga7
php-pdo_sqlite-7.3.16-1.mga7
php-pgsql-7.3.16-1.mga7
php-posix-7.3.16-1.mga7
php-session-7.3.16-1.mga7
php-sockets-7.3.16-1.mga7
php-sysvsem-7.3.16-1.mga7
php-sysvshm-7.3.16-1.mga7
php-tokenizer-7.3.16-1.mga7
php-xml-7.3.16-1.mga7
php-xmlreader-7.3.16-1.mga7
php-xmlwriter-7.3.16-1.mga7
php-zip-7.3.16-1.mga7
php-zlib-7.3.16-1.mga7

CC: (none) => mageia

Comment 4 Thomas Andrews 2020-03-22 18:54:14 CET 
Thanks, guys. Should be enough, between the two tests. Validating. Advisory information in Comment 1.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2020-03-31 23:28:27 CEST

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 5 Mageia Robot 2020-04-01 03:58:26 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0148.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED