26234 – updated PHP 7.3.15 fixes several CVE's

Bug 26234 - updated PHP 7.3.15 fixes several CVE's

Summary: updated PHP 7.3.15 fixes several CVE's

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	7
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA7-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2020-02-21 12:00 CET by Marc Krämer
Modified:	2020-03-06 17:15 CET (History)
CC List:	5 users (show)

See Also:
Source RPM:	php
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Marc Krämer 2020-02-21 12:00:18 CET

- Memory corruption htmlspecialchars(): charset `*' not supported
- openssl memory leak
- CVE-2020-7063, CVE-2020-7061, CVE-2020-7062

Comment 1 Marc Krämer 2020-02-21 12:09:55 CET

Updated php packages fix bugs and security vulnerabilities:

Core:
 - Fixed bug #71876 (Memory corruption htmlspecialchars(): charset `*' not supported).
 - Fixed bug #79146 (cscript can fail to run on some systems).
 - Fixed bug #78323 (Code 0 is returned on invalid options).
 - Fixed bug #76047 (Use-after-free when accessing already destructed backtrace arguments).
CURL:
 - Fixed bug #79078 (Hypothetical use-after-free in curl_multi_add_handle()).
Intl:
 - Fixed bug #79212 (NumberFormatter::format() may detect wrong type).
Libxml:
 - Fixed bug #79191 (Error in SoapClient ctor disables DOMDocument::save()).
MBString:
 - Fixed bug #79154 (mb_convert_encoding() can modify $from_encoding).
MySQLnd:
 - Fixed bug #79084 (mysqlnd may fetch wrong column indexes with MYSQLI_BOTH).
OpenSSL:
 - Fixed bug #79145 (openssl memory leak).
Phar:
 - Fixed bug #79082 (Files added to tar with Phar::buildFromIterator have all-access permissions). (CVE-2020-7063)
 - Fixed bug #79171 (heap-buffer-overflow in phar_extract_file). (CVE-2020-7061)
 - Fixed bug #76584 (PharFileInfo::decompress not working).
Reflection:
 - Fixed bug #79115 (ReflectionClass::isCloneable call reflected class __destruct).
Session:
 - Fixed bug #79221 (Null Pointer Dereference in PHP Session Upload Progress). (CVE-2020-7062)
SPL:
 - Fixed bug #79151 (heap use after free caused by spl_dllist_it_helper_move_forward).
Standard:
 - Fixed bug #78902 (Memory leak when using stream_filter_append).
XSL:
 - Fixed bug #70078 (XSL callbacks with nodes as parameter leak memory).

References:
https://www.php.net/ChangeLog-7.php#7.3.15
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7062
========================

Updated packages in core/updates_testing:
========================
php-ini-7.3.15-1.mga7
apache-mod_php-7.3.15-1.mga7
php-cli-7.3.15-1.mga7
php-cgi-7.3.15-1.mga7
libphp_common7-7.3.15-1.mga7
php-devel-7.3.15-1.mga7
php-openssl-7.3.15-1.mga7
php-zlib-7.3.15-1.mga7
php-doc-7.3.15-1.mga7
php-bcmath-7.3.15-1.mga7
php-bz2-7.3.15-1.mga7
php-calendar-7.3.15-1.mga7
php-ctype-7.3.15-1.mga7
php-curl-7.3.15-1.mga7
php-dba-7.3.15-1.mga7
php-dom-7.3.15-1.mga7
php-enchant-7.3.15-1.mga7
php-exif-7.3.15-1.mga7
php-fileinfo-7.3.15-1.mga7
php-filter-7.3.15-1.mga7
php-ftp-7.3.15-1.mga7
php-gd-7.3.15-1.mga7
php-gettext-7.3.15-1.mga7
php-gmp-7.3.15-1.mga7
php-hash-7.3.15-1.mga7
php-iconv-7.3.15-1.mga7
php-imap-7.3.15-1.mga7
php-interbase-7.3.15-1.mga7
php-intl-7.3.15-1.mga7
php-json-7.3.15-1.mga7
php-ldap-7.3.15-1.mga7
php-mbstring-7.3.15-1.mga7
php-mysqli-7.3.15-1.mga7
php-mysqlnd-7.3.15-1.mga7
php-odbc-7.3.15-1.mga7
php-opcache-7.3.15-1.mga7
php-pcntl-7.3.15-1.mga7
php-pdo-7.3.15-1.mga7
php-pdo_dblib-7.3.15-1.mga7
php-pdo_firebird-7.3.15-1.mga7
php-pdo_mysql-7.3.15-1.mga7
php-pdo_odbc-7.3.15-1.mga7
php-pdo_pgsql-7.3.15-1.mga7
php-pdo_sqlite-7.3.15-1.mga7
php-pgsql-7.3.15-1.mga7
php-phar-7.3.15-1.mga7
php-posix-7.3.15-1.mga7
php-readline-7.3.15-1.mga7
php-recode-7.3.15-1.mga7
php-session-7.3.15-1.mga7
php-shmop-7.3.15-1.mga7
php-snmp-7.3.15-1.mga7
php-soap-7.3.15-1.mga7
php-sockets-7.3.15-1.mga7
php-sodium-7.3.15-1.mga7
php-sqlite3-7.3.15-1.mga7
php-sysvmsg-7.3.15-1.mga7
php-sysvsem-7.3.15-1.mga7
php-sysvshm-7.3.15-1.mga7
php-tidy-7.3.15-1.mga7
php-tokenizer-7.3.15-1.mga7
php-xml-7.3.15-1.mga7
php-xmlreader-7.3.15-1.mga7
php-xmlrpc-7.3.15-1.mga7
php-xmlwriter-7.3.15-1.mga7
php-xsl-7.3.15-1.mga7
php-wddx-7.3.15-1.mga7
php-zip-7.3.15-1.mga7
php-fpm-7.3.15-1.mga7
phpdbg-7.3.15-1.mga7
php-debugsource-7.3.15-1.mga7
php-debuginfo-7.3.15-1.mga7
apache-mod_php-debuginfo-7.3.15-1.mga7
php-cli-debuginfo-7.3.15-1.mga7
php-cgi-debuginfo-7.3.15-1.mga7
libphp_common7-debuginfo-7.3.15-1.mga7
php-openssl-debuginfo-7.3.15-1.mga7
php-zlib-debuginfo-7.3.15-1.mga7
php-bcmath-debuginfo-7.3.15-1.mga7
php-bz2-debuginfo-7.3.15-1.mga7
php-calendar-debuginfo-7.3.15-1.mga7
php-ctype-debuginfo-7.3.15-1.mga7
php-curl-debuginfo-7.3.15-1.mga7
php-dba-debuginfo-7.3.15-1.mga7
php-dom-debuginfo-7.3.15-1.mga7
php-enchant-debuginfo-7.3.15-1.mga7
php-exif-debuginfo-7.3.15-1.mga7
php-fileinfo-debuginfo-7.3.15-1.mga7
php-filter-debuginfo-7.3.15-1.mga7
php-ftp-debuginfo-7.3.15-1.mga7
php-gd-debuginfo-7.3.15-1.mga7
php-gettext-debuginfo-7.3.15-1.mga7
php-gmp-debuginfo-7.3.15-1.mga7
php-hash-debuginfo-7.3.15-1.mga7
php-iconv-debuginfo-7.3.15-1.mga7
php-imap-debuginfo-7.3.15-1.mga7
php-interbase-debuginfo-7.3.15-1.mga7
php-intl-debuginfo-7.3.15-1.mga7
php-json-debuginfo-7.3.15-1.mga7
php-ldap-debuginfo-7.3.15-1.mga7
php-mbstring-debuginfo-7.3.15-1.mga7
php-mysqli-debuginfo-7.3.15-1.mga7
php-mysqlnd-debuginfo-7.3.15-1.mga7
php-odbc-debuginfo-7.3.15-1.mga7
php-opcache-debuginfo-7.3.15-1.mga7
php-pcntl-debuginfo-7.3.15-1.mga7
php-pdo-debuginfo-7.3.15-1.mga7
php-pdo_dblib-debuginfo-7.3.15-1.mga7
php-pdo_firebird-debuginfo-7.3.15-1.mga7
php-pdo_mysql-debuginfo-7.3.15-1.mga7
php-pdo_odbc-debuginfo-7.3.15-1.mga7
php-pdo_pgsql-debuginfo-7.3.15-1.mga7
php-pdo_sqlite-debuginfo-7.3.15-1.mga7
php-pgsql-debuginfo-7.3.15-1.mga7
php-phar-debuginfo-7.3.15-1.mga7
php-posix-debuginfo-7.3.15-1.mga7
php-readline-debuginfo-7.3.15-1.mga7
php-recode-debuginfo-7.3.15-1.mga7
php-session-debuginfo-7.3.15-1.mga7
php-shmop-debuginfo-7.3.15-1.mga7
php-snmp-debuginfo-7.3.15-1.mga7
php-soap-debuginfo-7.3.15-1.mga7
php-sockets-debuginfo-7.3.15-1.mga7
php-sodium-debuginfo-7.3.15-1.mga7
php-sqlite3-debuginfo-7.3.15-1.mga7
php-sysvmsg-debuginfo-7.3.15-1.mga7
php-sysvsem-debuginfo-7.3.15-1.mga7
php-sysvshm-debuginfo-7.3.15-1.mga7
php-tidy-debuginfo-7.3.15-1.mga7
php-tokenizer-debuginfo-7.3.15-1.mga7
php-xml-debuginfo-7.3.15-1.mga7
php-xmlreader-debuginfo-7.3.15-1.mga7
php-xmlrpc-debuginfo-7.3.15-1.mga7
php-xmlwriter-debuginfo-7.3.15-1.mga7
php-xsl-debuginfo-7.3.15-1.mga7
php-wddx-debuginfo-7.3.15-1.mga7
php-zip-debuginfo-7.3.15-1.mga7
php-fpm-debuginfo-7.3.15-1.mga7
phpdbg-debuginfo-7.3.15-1.mga7

Source RPMs: 
php-7.3.15-1.mga7.src.rpm

Assignee: mageia => qa-bugs

David Walser 2020-02-22 03:17:18 CET

Component: RPM Packages => Security
QA Contact: (none) => security

Comment 2 Herman Viaene 2020-02-22 15:01:01 CET

MGA7-64 Plasma on Lenovo B50
No installation issues
Created php folder in my Documents, and in that one the files as from bug 25045 Comment 5
$ php -S localhost:8000 -t php
PHP 7.3.15 Development Server started at Sat Feb 22 14:54:58 2020
Listening on http://localhost:8000
Document root is /home/tester7/Documents/php
Press Ctrl-C to quit.

Point browser to http://localhost:8000, and get: The requested resource / was not found on this server.

CC: (none) => herman.viaene

Comment 3 PC LX 2020-02-25 13:19:07 CET

Installed and tested without issues.

Tested with various large scripts (roundcubemail, drupal, wordpress, phpmyadmin, custom) using HTTP(S) and CLI.


System: Mageia 7, x86_64, Intel CPU.



$ uname -a
Linux marte 5.5.4-desktop-1.mga7 #1 SMP Sat Feb 15 08:41:16 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | grep php.*7.3.15 | sort
apache-mod_php-7.3.15-1.mga7
lib64php_common7-7.3.15-1.mga7
php-bz2-7.3.15-1.mga7
php-cli-7.3.15-1.mga7
php-ctype-7.3.15-1.mga7
php-curl-7.3.15-1.mga7
php-dom-7.3.15-1.mga7
php-exif-7.3.15-1.mga7
php-fileinfo-7.3.15-1.mga7
php-filter-7.3.15-1.mga7
php-ftp-7.3.15-1.mga7
php-gd-7.3.15-1.mga7
php-gettext-7.3.15-1.mga7
php-hash-7.3.15-1.mga7
php-iconv-7.3.15-1.mga7
php-ini-7.3.15-1.mga7
php-intl-7.3.15-1.mga7
php-json-7.3.15-1.mga7
php-ldap-7.3.15-1.mga7
php-mbstring-7.3.15-1.mga7
php-mysqli-7.3.15-1.mga7
php-mysqlnd-7.3.15-1.mga7
php-openssl-7.3.15-1.mga7
php-pdo-7.3.15-1.mga7
php-pdo_mysql-7.3.15-1.mga7
php-pdo_sqlite-7.3.15-1.mga7
php-pgsql-7.3.15-1.mga7
php-posix-7.3.15-1.mga7
php-session-7.3.15-1.mga7
php-sockets-7.3.15-1.mga7
php-sysvsem-7.3.15-1.mga7
php-sysvshm-7.3.15-1.mga7
php-tokenizer-7.3.15-1.mga7
php-xml-7.3.15-1.mga7
php-xmlreader-7.3.15-1.mga7
php-xmlwriter-7.3.15-1.mga7
php-zip-7.3.15-1.mga7
php-zlib-7.3.15-1.mga7

CC: (none) => mageia

Comment 4 PC LX 2020-03-02 13:51:28 CET

It has been a week of usage without issues. It would be good to have more testing but I'm OKing this for x86_64 to see this move forward. Please unOK it if you think more testing is needed.

Whiteboard: (none) => MGA7-64-OK

Comment 5 Thomas Andrews 2020-03-02 20:26:53 CET

Validating. Advisory information in Comment 1.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Thomas Backlund 2020-03-06 16:14:06 CET

CC: (none) => tmb
Keywords: (none) => advisory

Comment 6 Mageia Robot 2020-03-06 17:15:43 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0119.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.