- Memory corruption htmlspecialchars(): charset `*' not supported - openssl memory leak - CVE-2020-7063, CVE-2020-7061, CVE-2020-7062
Updated php packages fix bugs and security vulnerabilities: Core: - Fixed bug #71876 (Memory corruption htmlspecialchars(): charset `*' not supported). - Fixed bug #79146 (cscript can fail to run on some systems). - Fixed bug #78323 (Code 0 is returned on invalid options). - Fixed bug #76047 (Use-after-free when accessing already destructed backtrace arguments). CURL: - Fixed bug #79078 (Hypothetical use-after-free in curl_multi_add_handle()). Intl: - Fixed bug #79212 (NumberFormatter::format() may detect wrong type). Libxml: - Fixed bug #79191 (Error in SoapClient ctor disables DOMDocument::save()). MBString: - Fixed bug #79154 (mb_convert_encoding() can modify $from_encoding). MySQLnd: - Fixed bug #79084 (mysqlnd may fetch wrong column indexes with MYSQLI_BOTH). OpenSSL: - Fixed bug #79145 (openssl memory leak). Phar: - Fixed bug #79082 (Files added to tar with Phar::buildFromIterator have all-access permissions). (CVE-2020-7063) - Fixed bug #79171 (heap-buffer-overflow in phar_extract_file). (CVE-2020-7061) - Fixed bug #76584 (PharFileInfo::decompress not working). Reflection: - Fixed bug #79115 (ReflectionClass::isCloneable call reflected class __destruct). Session: - Fixed bug #79221 (Null Pointer Dereference in PHP Session Upload Progress). (CVE-2020-7062) SPL: - Fixed bug #79151 (heap use after free caused by spl_dllist_it_helper_move_forward). Standard: - Fixed bug #78902 (Memory leak when using stream_filter_append). XSL: - Fixed bug #70078 (XSL callbacks with nodes as parameter leak memory). References: https://www.php.net/ChangeLog-7.php#7.3.15 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7063 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7061 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7062 ======================== Updated packages in core/updates_testing: ======================== php-ini-7.3.15-1.mga7 apache-mod_php-7.3.15-1.mga7 php-cli-7.3.15-1.mga7 php-cgi-7.3.15-1.mga7 libphp_common7-7.3.15-1.mga7 php-devel-7.3.15-1.mga7 php-openssl-7.3.15-1.mga7 php-zlib-7.3.15-1.mga7 php-doc-7.3.15-1.mga7 php-bcmath-7.3.15-1.mga7 php-bz2-7.3.15-1.mga7 php-calendar-7.3.15-1.mga7 php-ctype-7.3.15-1.mga7 php-curl-7.3.15-1.mga7 php-dba-7.3.15-1.mga7 php-dom-7.3.15-1.mga7 php-enchant-7.3.15-1.mga7 php-exif-7.3.15-1.mga7 php-fileinfo-7.3.15-1.mga7 php-filter-7.3.15-1.mga7 php-ftp-7.3.15-1.mga7 php-gd-7.3.15-1.mga7 php-gettext-7.3.15-1.mga7 php-gmp-7.3.15-1.mga7 php-hash-7.3.15-1.mga7 php-iconv-7.3.15-1.mga7 php-imap-7.3.15-1.mga7 php-interbase-7.3.15-1.mga7 php-intl-7.3.15-1.mga7 php-json-7.3.15-1.mga7 php-ldap-7.3.15-1.mga7 php-mbstring-7.3.15-1.mga7 php-mysqli-7.3.15-1.mga7 php-mysqlnd-7.3.15-1.mga7 php-odbc-7.3.15-1.mga7 php-opcache-7.3.15-1.mga7 php-pcntl-7.3.15-1.mga7 php-pdo-7.3.15-1.mga7 php-pdo_dblib-7.3.15-1.mga7 php-pdo_firebird-7.3.15-1.mga7 php-pdo_mysql-7.3.15-1.mga7 php-pdo_odbc-7.3.15-1.mga7 php-pdo_pgsql-7.3.15-1.mga7 php-pdo_sqlite-7.3.15-1.mga7 php-pgsql-7.3.15-1.mga7 php-phar-7.3.15-1.mga7 php-posix-7.3.15-1.mga7 php-readline-7.3.15-1.mga7 php-recode-7.3.15-1.mga7 php-session-7.3.15-1.mga7 php-shmop-7.3.15-1.mga7 php-snmp-7.3.15-1.mga7 php-soap-7.3.15-1.mga7 php-sockets-7.3.15-1.mga7 php-sodium-7.3.15-1.mga7 php-sqlite3-7.3.15-1.mga7 php-sysvmsg-7.3.15-1.mga7 php-sysvsem-7.3.15-1.mga7 php-sysvshm-7.3.15-1.mga7 php-tidy-7.3.15-1.mga7 php-tokenizer-7.3.15-1.mga7 php-xml-7.3.15-1.mga7 php-xmlreader-7.3.15-1.mga7 php-xmlrpc-7.3.15-1.mga7 php-xmlwriter-7.3.15-1.mga7 php-xsl-7.3.15-1.mga7 php-wddx-7.3.15-1.mga7 php-zip-7.3.15-1.mga7 php-fpm-7.3.15-1.mga7 phpdbg-7.3.15-1.mga7 php-debugsource-7.3.15-1.mga7 php-debuginfo-7.3.15-1.mga7 apache-mod_php-debuginfo-7.3.15-1.mga7 php-cli-debuginfo-7.3.15-1.mga7 php-cgi-debuginfo-7.3.15-1.mga7 libphp_common7-debuginfo-7.3.15-1.mga7 php-openssl-debuginfo-7.3.15-1.mga7 php-zlib-debuginfo-7.3.15-1.mga7 php-bcmath-debuginfo-7.3.15-1.mga7 php-bz2-debuginfo-7.3.15-1.mga7 php-calendar-debuginfo-7.3.15-1.mga7 php-ctype-debuginfo-7.3.15-1.mga7 php-curl-debuginfo-7.3.15-1.mga7 php-dba-debuginfo-7.3.15-1.mga7 php-dom-debuginfo-7.3.15-1.mga7 php-enchant-debuginfo-7.3.15-1.mga7 php-exif-debuginfo-7.3.15-1.mga7 php-fileinfo-debuginfo-7.3.15-1.mga7 php-filter-debuginfo-7.3.15-1.mga7 php-ftp-debuginfo-7.3.15-1.mga7 php-gd-debuginfo-7.3.15-1.mga7 php-gettext-debuginfo-7.3.15-1.mga7 php-gmp-debuginfo-7.3.15-1.mga7 php-hash-debuginfo-7.3.15-1.mga7 php-iconv-debuginfo-7.3.15-1.mga7 php-imap-debuginfo-7.3.15-1.mga7 php-interbase-debuginfo-7.3.15-1.mga7 php-intl-debuginfo-7.3.15-1.mga7 php-json-debuginfo-7.3.15-1.mga7 php-ldap-debuginfo-7.3.15-1.mga7 php-mbstring-debuginfo-7.3.15-1.mga7 php-mysqli-debuginfo-7.3.15-1.mga7 php-mysqlnd-debuginfo-7.3.15-1.mga7 php-odbc-debuginfo-7.3.15-1.mga7 php-opcache-debuginfo-7.3.15-1.mga7 php-pcntl-debuginfo-7.3.15-1.mga7 php-pdo-debuginfo-7.3.15-1.mga7 php-pdo_dblib-debuginfo-7.3.15-1.mga7 php-pdo_firebird-debuginfo-7.3.15-1.mga7 php-pdo_mysql-debuginfo-7.3.15-1.mga7 php-pdo_odbc-debuginfo-7.3.15-1.mga7 php-pdo_pgsql-debuginfo-7.3.15-1.mga7 php-pdo_sqlite-debuginfo-7.3.15-1.mga7 php-pgsql-debuginfo-7.3.15-1.mga7 php-phar-debuginfo-7.3.15-1.mga7 php-posix-debuginfo-7.3.15-1.mga7 php-readline-debuginfo-7.3.15-1.mga7 php-recode-debuginfo-7.3.15-1.mga7 php-session-debuginfo-7.3.15-1.mga7 php-shmop-debuginfo-7.3.15-1.mga7 php-snmp-debuginfo-7.3.15-1.mga7 php-soap-debuginfo-7.3.15-1.mga7 php-sockets-debuginfo-7.3.15-1.mga7 php-sodium-debuginfo-7.3.15-1.mga7 php-sqlite3-debuginfo-7.3.15-1.mga7 php-sysvmsg-debuginfo-7.3.15-1.mga7 php-sysvsem-debuginfo-7.3.15-1.mga7 php-sysvshm-debuginfo-7.3.15-1.mga7 php-tidy-debuginfo-7.3.15-1.mga7 php-tokenizer-debuginfo-7.3.15-1.mga7 php-xml-debuginfo-7.3.15-1.mga7 php-xmlreader-debuginfo-7.3.15-1.mga7 php-xmlrpc-debuginfo-7.3.15-1.mga7 php-xmlwriter-debuginfo-7.3.15-1.mga7 php-xsl-debuginfo-7.3.15-1.mga7 php-wddx-debuginfo-7.3.15-1.mga7 php-zip-debuginfo-7.3.15-1.mga7 php-fpm-debuginfo-7.3.15-1.mga7 phpdbg-debuginfo-7.3.15-1.mga7 Source RPMs: php-7.3.15-1.mga7.src.rpm
Assignee: mageia => qa-bugs
Component: RPM Packages => SecurityQA Contact: (none) => security
MGA7-64 Plasma on Lenovo B50 No installation issues Created php folder in my Documents, and in that one the files as from bug 25045 Comment 5 $ php -S localhost:8000 -t php PHP 7.3.15 Development Server started at Sat Feb 22 14:54:58 2020 Listening on http://localhost:8000 Document root is /home/tester7/Documents/php Press Ctrl-C to quit. Point browser to http://localhost:8000, and get: The requested resource / was not found on this server.
CC: (none) => herman.viaene
Installed and tested without issues. Tested with various large scripts (roundcubemail, drupal, wordpress, phpmyadmin, custom) using HTTP(S) and CLI. System: Mageia 7, x86_64, Intel CPU. $ uname -a Linux marte 5.5.4-desktop-1.mga7 #1 SMP Sat Feb 15 08:41:16 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | grep php.*7.3.15 | sort apache-mod_php-7.3.15-1.mga7 lib64php_common7-7.3.15-1.mga7 php-bz2-7.3.15-1.mga7 php-cli-7.3.15-1.mga7 php-ctype-7.3.15-1.mga7 php-curl-7.3.15-1.mga7 php-dom-7.3.15-1.mga7 php-exif-7.3.15-1.mga7 php-fileinfo-7.3.15-1.mga7 php-filter-7.3.15-1.mga7 php-ftp-7.3.15-1.mga7 php-gd-7.3.15-1.mga7 php-gettext-7.3.15-1.mga7 php-hash-7.3.15-1.mga7 php-iconv-7.3.15-1.mga7 php-ini-7.3.15-1.mga7 php-intl-7.3.15-1.mga7 php-json-7.3.15-1.mga7 php-ldap-7.3.15-1.mga7 php-mbstring-7.3.15-1.mga7 php-mysqli-7.3.15-1.mga7 php-mysqlnd-7.3.15-1.mga7 php-openssl-7.3.15-1.mga7 php-pdo-7.3.15-1.mga7 php-pdo_mysql-7.3.15-1.mga7 php-pdo_sqlite-7.3.15-1.mga7 php-pgsql-7.3.15-1.mga7 php-posix-7.3.15-1.mga7 php-session-7.3.15-1.mga7 php-sockets-7.3.15-1.mga7 php-sysvsem-7.3.15-1.mga7 php-sysvshm-7.3.15-1.mga7 php-tokenizer-7.3.15-1.mga7 php-xml-7.3.15-1.mga7 php-xmlreader-7.3.15-1.mga7 php-xmlwriter-7.3.15-1.mga7 php-zip-7.3.15-1.mga7 php-zlib-7.3.15-1.mga7
CC: (none) => mageia
It has been a week of usage without issues. It would be good to have more testing but I'm OKing this for x86_64 to see this move forward. Please unOK it if you think more testing is needed.
Whiteboard: (none) => MGA7-64-OK
Validating. Advisory information in Comment 1.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => tmbKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0119.html
Status: NEW => RESOLVEDResolution: (none) => FIXED