GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Thu Dec 24, 2020 3:26 am Post subject: [ glsa 202012-16 ] php |
 |
|
Gentoo Linux Security Advisory
Title: PHP: Multiple vulnerabilities (GLSA 202012-16)
Severity: low
Exploitable: local, remote
Date: 2020-12-23
Bug(s): #711140, #745993, #756775
ID: 202012-16
Synopsis
Multiple vulnerabilities have been found in PHP, the worst of which
could result in a Denial of Service condition.
Background
PHP is an open source general-purpose scripting language that is
especially suited for web development.
Affected Packages
Package: dev-lang/php
Vulnerable: < 8.0.0
Unaffected: >= 7.2.34-r1
Unaffected: >= 7.3.25
Unaffected: >= 7.4.13
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in PHP. Please review the
CVE identifiers and change log referenced below for details.
Impact
An attacker could cause a Denial of Service condition or obtain
sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All PHP 7.2.x users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-7.2.34-r1:7.2"
|
All PHP 7.3.x users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-7.3.25:7.3"
|
All PHP 7.4.x users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-7.4.13:7.4"
|
References
CVE-2020-7069
CVE-2020-7070
PHP 7.4.13 Change
Log
|
|
News & Announcements
