Fedora 30 : php (2020-9fa7f4e25c)

medium Nessus Plugin ID 136780

Language:

Synopsis

The remote Fedora host is missing a security update.

Description

**PHP version 7.3.18** (14 May 2020)

**Core:**

- Fixed bug php#78875 (Long filenames cause OOM and temp files are not cleaned). (**CVE-2019-11048**) (cmb)

- Fixed bug php#78876 (Long variables in multipart/form-data cause OOM and temp files are not cleaned). (**CVE-2019-11048**) (cmb)

- Fixed bug php#79434 (PHP 7.3 and PHP-7.4 crash with NULL pointer dereference on !CS constant). (Nikita)

- Fixed bug php#79477 (casting object into array creates references). (Nikita)

- Fixed bug php#79470 (PHP incompatible with 3rd party file system on demand). (cmb)

- Fixed bug php#78784 (Unable to interact with files inside a VFS for Git repository). (cmb)

**DOM:**

- Fixed bug php#78221 (DOMNode::normalize() doesn't remove empty text nodes). (cmb)

**FCGI:**

- Fixed bug php#79491 (Search for .user.ini extends up to root dir). (cmb)

**MBString:**

- Fixed bug php#79441 (Segfault in mb_chr() if internal encoding is unsupported). (Girgias)

**OpenSSL:**

- Fixed bug php#79497 (stream_socket_client() throws an unknown error sometimes with <1s timeout). (Joe Cai)

**Phar:**

- Fix bug php#79503 (Memory leak on duplicate metadata).
(cmb)

**SimpleXML:**

- Fixed bug php#79528 (Different object of the same xml between 7.4.5 and 7.4.4). (cmb)

**Standard:**

- Fixed bug php#79468 (SIGSEGV when closing stream handle with a stream filter appended). (dinosaur)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected php package.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2020-9fa7f4e25c

Plugin Details

Severity: Medium

ID: 136780

File Name: fedora_2020-9fa7f4e25c.nasl

Version: 1.5

Type: local

Agent: unix

Published: 5/22/2020

Updated: 3/12/2024

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2019-11048

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:php, cpe:/o:fedoraproject:fedora:30

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/22/2020

Vulnerability Publication Date: 5/20/2020

Reference Information

CVE: CVE-2019-11048

FEDORA: 2020-9fa7f4e25c

IAVA: 2020-A-0221-S