Fedora 31 : php (2020-0bf228857a)

high Nessus Plugin ID 134919

Language:

Synopsis

The remote Fedora host is missing a security update.

Description

**PHP version 7.3.16** (19 Mar 2020)

**Core:**

- Fixed bug php#63206 (restore_error_handler does not restore previous errors mask). (Mark Plomer)

**DOM:**

- Fixed bug php#77569: (Write Access Violation in DomImplementation). (Nikita, cmb)

- Fixed bug php#79271 (DOMDocumentType::$childNodes is NULL). (cmb)

**Enchant:**

- Fixed bug php#79311 (enchant_dict_suggest() fails on big endian architecture). (cmb)

**EXIF:**

- Fixed bug php#79282 (Use-of-uninitialized-value in exif). (**CVE-2020-7064*) (Nikita)

**MBstring:**

- Fixed bug php#79371 (mb_strtolower (UTF-32LE):
stack-buffer-overflow at php_unicode_tolower_full).
(**CVE-2020-7065**) (cmb)

**MySQLi:**

- Fixed bug php#64032 (mysqli reports different client_version). (cmb)

**PCRE:**

- Fixed bug php#79188 (Memory corruption in preg_replace/preg_replace_callback and unicode).
(Nikita)

**PDO_ODBC:**

- Fixed bug php#79038 (PDOStatement::nextRowset() leaks column values). (cmb)

**Reflection:**

- Fixed bug php#79062 (Property with heredoc default value returns false for getDocComment). (Nikita)

**SQLite3:**

- Fixed bug php#79294 (::columnType() may fail after SQLite3Stmt::reset()). (cmb)

**Standard:**

- Fixed bug php#79329 (get_headers() silently truncates after a null byte). (**CVE-2020-7066**) (cmb)

- Fixed bug php#79254 (getenv() w/o arguments not showing changes). (cmb)

- Fixed bug php#79265 (Improper injection of Host header when using fopen for http requests). (Miguel Xavier Penha Neto)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected php package.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2020-0bf228857a

Plugin Details

Severity: High

ID: 134919

File Name: fedora_2020-0bf228857a.nasl

Version: 1.6

Type: local

Agent: unix

Published: 3/26/2020

Updated: 3/20/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-7065

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:php, cpe:/o:fedoraproject:fedora:31

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/26/2020

Vulnerability Publication Date: 4/1/2020

Reference Information

CVE: CVE-2020-7064, CVE-2020-7065, CVE-2020-7066