GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Thu Mar 26, 2020 3:26 pm Post subject: [ glsa 202003-57 ] php |
 |
|
Gentoo Linux Security Advisory
Title: PHP: Multiple vulnerabilities (GLSA 202003-57)
Severity: high
Exploitable: local, remote
Date: 2020-03-26
Bug(s): #671872, #706168, #710304, #713484
ID: 202003-57
Synopsis
Multiple vulnerabilities have been found in PHP, the worst of which
could result in the execution of arbitrary shell commands.
Background
PHP is an open source general-purpose scripting language that is
especially suited for web development.
Affected Packages
Package: dev-lang/php
Vulnerable: < 7.2.29
Vulnerable: < 7.3.16
Vulnerable: < 7.4.4
Unaffected: >= 7.2.29
Unaffected: >= 7.3.16
Unaffected: >= 7.4.4
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in PHP. Please review the
CVE identifiers referenced below for details.
Impact
An attacker could possibly execute arbitrary shell commands, cause a
Denial of Service condition or obtain sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All PHP 7.2.x users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-7.2.29:7.2"
|
All PHP 7.3.x users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-7.3.16:7.3"
|
All PHP 7.4.x users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-7.4.4:7.4"
|
References
CVE-2018-19518
CVE-2020-7059
CVE-2020-7060
CVE-2020-7061
CVE-2020-7062
CVE-2020-7063
CVE-2020-7064
CVE-2020-7065
CVE-2020-7066
Last edited by GLSA on Fri Apr 24, 2020 4:17 am; edited 1 time in total |
|
News & Announcements
