GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Mon Sep 14, 2020 6:26 am Post subject: [ glsa 202009-10 ] php |
 |
|
Gentoo Linux Security Advisory
Title: PHP: Denial of service (GLSA 202009-10)
Severity: low
Exploitable: local, remote
Date: 2020-09-13
Bug(s): #736158
ID: 202009-10
Synopsis
A vulnerabilities in PHP could lead to a Denial of Service
condition.
Background
PHP is an open source general-purpose scripting language that is
especially suited for web development.
Affected Packages
Package: dev-lang/php
Vulnerable: < 7.2.33
Vulnerable: < 7.3.21
Vulnerable: < 7.4.9
Unaffected: >= 7.2.33
Unaffected: >= 7.3.21
Unaffected: >= 7.4.9
Architectures: All supported architectures
Description
It was discovered that PHP did not properly handle PHAR files.
Impact
A remote attacker could entice a user to open a specially crafted PHAR
file using PHP, possibly allowing attacker to obtain sensitive
information or cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All PHP 7.2 users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-7.2.33"
|
All PHP 7.3 users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-7.3.21"
|
All PHP 7.4 users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-7.4.9"
|
References
CVE-2020-7068 |
|
News & Announcements
