var-202010-1571
Vulnerability from variot

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data. PHP Contains a cryptographic vulnerability.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A buffer error vulnerability exists in PHP versions 7.2.0, 7.3.0 and 7.4.0 due to the fact that the 'mbfl_filt_conv_big5_wchar' function does not check bounds properly. A remote attacker could exploit this vulnerability with specially crafted parameters to execute arbitrary code on the system or cause an application to crash. 8) - aarch64, noarch, ppc64le, s390x, x86_64

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: rh-php73-php security, bug fix, and enhancement update Advisory ID: RHSA-2021:2992-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2021:2992 Issue date: 2021-08-03 CVE Names: CVE-2020-7068 CVE-2020-7069 CVE-2020-7070 CVE-2020-7071 CVE-2021-21702 CVE-2021-21705 ==================================================================== 1. Summary:

An update for rh-php73-php is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

The following packages have been upgraded to a later upstream version: rh-php73-php (7.3.29). (BZ#1977764)

Security Fix(es):

  • php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV (CVE-2020-7069)

  • php: FILTER_VALIDATE_URL accepts URLs with invalid userinfo (CVE-2020-7071)

  • php: SSRF bypass in FILTER_VALIDATE_URL (CVE-2021-21705)

  • php: Use of freed hash key in the phar_parse_zipfile function (CVE-2020-7068)

  • php: URL decoding of cookie names can lead to different interpretation of cookies between browser and server (CVE-2020-7070)

  • php: NULL pointer dereference in SoapClient (CVE-2021-21702)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1868109 - CVE-2020-7068 php: Use of freed hash key in the phar_parse_zipfile function 1885735 - CVE-2020-7069 php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV 1885738 - CVE-2020-7070 php: URL decoding of cookie names can lead to different interpretation of cookies between browser and server 1913846 - CVE-2020-7071 php: FILTER_VALIDATE_URL accepts URLs with invalid userinfo 1925272 - CVE-2021-21702 php: NULL pointer dereference in SoapClient 1977764 - PDO ODBC truncates BLOB records at every 256th byte [rhscl-3.7.z] 1978755 - CVE-2021-21705 php: SSRF bypass in FILTER_VALIDATE_URL

  1. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source: rh-php73-php-7.3.29-1.el7.src.rpm

ppc64le: rh-php73-php-7.3.29-1.el7.ppc64le.rpm rh-php73-php-bcmath-7.3.29-1.el7.ppc64le.rpm rh-php73-php-cli-7.3.29-1.el7.ppc64le.rpm rh-php73-php-common-7.3.29-1.el7.ppc64le.rpm rh-php73-php-dba-7.3.29-1.el7.ppc64le.rpm rh-php73-php-dbg-7.3.29-1.el7.ppc64le.rpm rh-php73-php-debuginfo-7.3.29-1.el7.ppc64le.rpm rh-php73-php-devel-7.3.29-1.el7.ppc64le.rpm rh-php73-php-embedded-7.3.29-1.el7.ppc64le.rpm rh-php73-php-enchant-7.3.29-1.el7.ppc64le.rpm rh-php73-php-fpm-7.3.29-1.el7.ppc64le.rpm rh-php73-php-gd-7.3.29-1.el7.ppc64le.rpm rh-php73-php-gmp-7.3.29-1.el7.ppc64le.rpm rh-php73-php-intl-7.3.29-1.el7.ppc64le.rpm rh-php73-php-json-7.3.29-1.el7.ppc64le.rpm rh-php73-php-ldap-7.3.29-1.el7.ppc64le.rpm rh-php73-php-mbstring-7.3.29-1.el7.ppc64le.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.ppc64le.rpm rh-php73-php-odbc-7.3.29-1.el7.ppc64le.rpm rh-php73-php-opcache-7.3.29-1.el7.ppc64le.rpm rh-php73-php-pdo-7.3.29-1.el7.ppc64le.rpm rh-php73-php-pgsql-7.3.29-1.el7.ppc64le.rpm rh-php73-php-process-7.3.29-1.el7.ppc64le.rpm rh-php73-php-pspell-7.3.29-1.el7.ppc64le.rpm rh-php73-php-recode-7.3.29-1.el7.ppc64le.rpm rh-php73-php-snmp-7.3.29-1.el7.ppc64le.rpm rh-php73-php-soap-7.3.29-1.el7.ppc64le.rpm rh-php73-php-xml-7.3.29-1.el7.ppc64le.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.ppc64le.rpm rh-php73-php-zip-7.3.29-1.el7.ppc64le.rpm

s390x: rh-php73-php-7.3.29-1.el7.s390x.rpm rh-php73-php-bcmath-7.3.29-1.el7.s390x.rpm rh-php73-php-cli-7.3.29-1.el7.s390x.rpm rh-php73-php-common-7.3.29-1.el7.s390x.rpm rh-php73-php-dba-7.3.29-1.el7.s390x.rpm rh-php73-php-dbg-7.3.29-1.el7.s390x.rpm rh-php73-php-debuginfo-7.3.29-1.el7.s390x.rpm rh-php73-php-devel-7.3.29-1.el7.s390x.rpm rh-php73-php-embedded-7.3.29-1.el7.s390x.rpm rh-php73-php-enchant-7.3.29-1.el7.s390x.rpm rh-php73-php-fpm-7.3.29-1.el7.s390x.rpm rh-php73-php-gd-7.3.29-1.el7.s390x.rpm rh-php73-php-gmp-7.3.29-1.el7.s390x.rpm rh-php73-php-intl-7.3.29-1.el7.s390x.rpm rh-php73-php-json-7.3.29-1.el7.s390x.rpm rh-php73-php-ldap-7.3.29-1.el7.s390x.rpm rh-php73-php-mbstring-7.3.29-1.el7.s390x.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.s390x.rpm rh-php73-php-odbc-7.3.29-1.el7.s390x.rpm rh-php73-php-opcache-7.3.29-1.el7.s390x.rpm rh-php73-php-pdo-7.3.29-1.el7.s390x.rpm rh-php73-php-pgsql-7.3.29-1.el7.s390x.rpm rh-php73-php-process-7.3.29-1.el7.s390x.rpm rh-php73-php-pspell-7.3.29-1.el7.s390x.rpm rh-php73-php-recode-7.3.29-1.el7.s390x.rpm rh-php73-php-snmp-7.3.29-1.el7.s390x.rpm rh-php73-php-soap-7.3.29-1.el7.s390x.rpm rh-php73-php-xml-7.3.29-1.el7.s390x.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.s390x.rpm rh-php73-php-zip-7.3.29-1.el7.s390x.rpm

x86_64: rh-php73-php-7.3.29-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.29-1.el7.x86_64.rpm rh-php73-php-cli-7.3.29-1.el7.x86_64.rpm rh-php73-php-common-7.3.29-1.el7.x86_64.rpm rh-php73-php-dba-7.3.29-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.29-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.29-1.el7.x86_64.rpm rh-php73-php-devel-7.3.29-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.29-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.29-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.29-1.el7.x86_64.rpm rh-php73-php-gd-7.3.29-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.29-1.el7.x86_64.rpm rh-php73-php-intl-7.3.29-1.el7.x86_64.rpm rh-php73-php-json-7.3.29-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.29-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.29-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.29-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.29-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.29-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.29-1.el7.x86_64.rpm rh-php73-php-process-7.3.29-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.29-1.el7.x86_64.rpm rh-php73-php-recode-7.3.29-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.29-1.el7.x86_64.rpm rh-php73-php-soap-7.3.29-1.el7.x86_64.rpm rh-php73-php-xml-7.3.29-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.x86_64.rpm rh-php73-php-zip-7.3.29-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):

Source: rh-php73-php-7.3.29-1.el7.src.rpm

ppc64le: rh-php73-php-7.3.29-1.el7.ppc64le.rpm rh-php73-php-bcmath-7.3.29-1.el7.ppc64le.rpm rh-php73-php-cli-7.3.29-1.el7.ppc64le.rpm rh-php73-php-common-7.3.29-1.el7.ppc64le.rpm rh-php73-php-dba-7.3.29-1.el7.ppc64le.rpm rh-php73-php-dbg-7.3.29-1.el7.ppc64le.rpm rh-php73-php-debuginfo-7.3.29-1.el7.ppc64le.rpm rh-php73-php-devel-7.3.29-1.el7.ppc64le.rpm rh-php73-php-embedded-7.3.29-1.el7.ppc64le.rpm rh-php73-php-enchant-7.3.29-1.el7.ppc64le.rpm rh-php73-php-fpm-7.3.29-1.el7.ppc64le.rpm rh-php73-php-gd-7.3.29-1.el7.ppc64le.rpm rh-php73-php-gmp-7.3.29-1.el7.ppc64le.rpm rh-php73-php-intl-7.3.29-1.el7.ppc64le.rpm rh-php73-php-json-7.3.29-1.el7.ppc64le.rpm rh-php73-php-ldap-7.3.29-1.el7.ppc64le.rpm rh-php73-php-mbstring-7.3.29-1.el7.ppc64le.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.ppc64le.rpm rh-php73-php-odbc-7.3.29-1.el7.ppc64le.rpm rh-php73-php-opcache-7.3.29-1.el7.ppc64le.rpm rh-php73-php-pdo-7.3.29-1.el7.ppc64le.rpm rh-php73-php-pgsql-7.3.29-1.el7.ppc64le.rpm rh-php73-php-process-7.3.29-1.el7.ppc64le.rpm rh-php73-php-pspell-7.3.29-1.el7.ppc64le.rpm rh-php73-php-recode-7.3.29-1.el7.ppc64le.rpm rh-php73-php-snmp-7.3.29-1.el7.ppc64le.rpm rh-php73-php-soap-7.3.29-1.el7.ppc64le.rpm rh-php73-php-xml-7.3.29-1.el7.ppc64le.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.ppc64le.rpm rh-php73-php-zip-7.3.29-1.el7.ppc64le.rpm

s390x: rh-php73-php-7.3.29-1.el7.s390x.rpm rh-php73-php-bcmath-7.3.29-1.el7.s390x.rpm rh-php73-php-cli-7.3.29-1.el7.s390x.rpm rh-php73-php-common-7.3.29-1.el7.s390x.rpm rh-php73-php-dba-7.3.29-1.el7.s390x.rpm rh-php73-php-dbg-7.3.29-1.el7.s390x.rpm rh-php73-php-debuginfo-7.3.29-1.el7.s390x.rpm rh-php73-php-devel-7.3.29-1.el7.s390x.rpm rh-php73-php-embedded-7.3.29-1.el7.s390x.rpm rh-php73-php-enchant-7.3.29-1.el7.s390x.rpm rh-php73-php-fpm-7.3.29-1.el7.s390x.rpm rh-php73-php-gd-7.3.29-1.el7.s390x.rpm rh-php73-php-gmp-7.3.29-1.el7.s390x.rpm rh-php73-php-intl-7.3.29-1.el7.s390x.rpm rh-php73-php-json-7.3.29-1.el7.s390x.rpm rh-php73-php-ldap-7.3.29-1.el7.s390x.rpm rh-php73-php-mbstring-7.3.29-1.el7.s390x.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.s390x.rpm rh-php73-php-odbc-7.3.29-1.el7.s390x.rpm rh-php73-php-opcache-7.3.29-1.el7.s390x.rpm rh-php73-php-pdo-7.3.29-1.el7.s390x.rpm rh-php73-php-pgsql-7.3.29-1.el7.s390x.rpm rh-php73-php-process-7.3.29-1.el7.s390x.rpm rh-php73-php-pspell-7.3.29-1.el7.s390x.rpm rh-php73-php-recode-7.3.29-1.el7.s390x.rpm rh-php73-php-snmp-7.3.29-1.el7.s390x.rpm rh-php73-php-soap-7.3.29-1.el7.s390x.rpm rh-php73-php-xml-7.3.29-1.el7.s390x.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.s390x.rpm rh-php73-php-zip-7.3.29-1.el7.s390x.rpm

x86_64: rh-php73-php-7.3.29-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.29-1.el7.x86_64.rpm rh-php73-php-cli-7.3.29-1.el7.x86_64.rpm rh-php73-php-common-7.3.29-1.el7.x86_64.rpm rh-php73-php-dba-7.3.29-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.29-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.29-1.el7.x86_64.rpm rh-php73-php-devel-7.3.29-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.29-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.29-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.29-1.el7.x86_64.rpm rh-php73-php-gd-7.3.29-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.29-1.el7.x86_64.rpm rh-php73-php-intl-7.3.29-1.el7.x86_64.rpm rh-php73-php-json-7.3.29-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.29-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.29-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.29-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.29-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.29-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.29-1.el7.x86_64.rpm rh-php73-php-process-7.3.29-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.29-1.el7.x86_64.rpm rh-php73-php-recode-7.3.29-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.29-1.el7.x86_64.rpm rh-php73-php-soap-7.3.29-1.el7.x86_64.rpm rh-php73-php-xml-7.3.29-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.x86_64.rpm rh-php73-php-zip-7.3.29-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-php73-php-7.3.29-1.el7.src.rpm

x86_64: rh-php73-php-7.3.29-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.29-1.el7.x86_64.rpm rh-php73-php-cli-7.3.29-1.el7.x86_64.rpm rh-php73-php-common-7.3.29-1.el7.x86_64.rpm rh-php73-php-dba-7.3.29-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.29-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.29-1.el7.x86_64.rpm rh-php73-php-devel-7.3.29-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.29-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.29-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.29-1.el7.x86_64.rpm rh-php73-php-gd-7.3.29-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.29-1.el7.x86_64.rpm rh-php73-php-intl-7.3.29-1.el7.x86_64.rpm rh-php73-php-json-7.3.29-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.29-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.29-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.29-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.29-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.29-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.29-1.el7.x86_64.rpm rh-php73-php-process-7.3.29-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.29-1.el7.x86_64.rpm rh-php73-php-recode-7.3.29-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.29-1.el7.x86_64.rpm rh-php73-php-soap-7.3.29-1.el7.x86_64.rpm rh-php73-php-xml-7.3.29-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.x86_64.rpm rh-php73-php-zip-7.3.29-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2020-7068 https://access.redhat.com/security/cve/CVE-2020-7069 https://access.redhat.com/security/cve/CVE-2020-7070 https://access.redhat.com/security/cve/CVE-2020-7071 https://access.redhat.com/security/cve/CVE-2021-21702 https://access.redhat.com/security/cve/CVE-2021-21705 https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBYQkJj9zjgjWX9erEAQgi0w/9HBV5SuB3M7vK1ssSWffk2HuyWHLVm+wV Wy96rIvzD1KrNeLTn3HAByHCIgHew6KD1mnoEawc5DItVY6oRlfW8ldX2P8fsk0C 2xzmNy8jAzA0BjYZeYXfMQROpqiqCQVkPhAfeeWaVxn6jRH28oSwmF2U60HOoqLW tWsNmX+kyzWdUhvDSJ2Z/pmftpvWgR8m2hbQDiNF6j7VTUcBB5Ft1CZ5AH5TFkO2 T/35iXqS3imgf6MVfS4fIZHmK7j59B93xv4XCLbsoFJ+YLrzESu1xouZOsU0REdw AGHnGQX/37DcBm3qdMH3DE0aBltk2AgzKdhwxG+gAREVVA2seeJSS9u6N368FSIW 4Q1mLY0bQtdXc9XjmbTnA5sorQoeMdoM8P5DRxvGPG7armFisdhqqNuymcVTmwvz obgIIpuhM1ZOWrMZ5MyWTMKM1/5YdZk1F5wUgto1/DdTfeBOy/grNR1FKSiFcWYH x85ziJdRZK4nQmTeMIXLQvv9ZsDS4k1eRfil9Sq7WQdPjlm1mwYyhdAay/dNSdtd WCruH54kv/dZlv52jZqC1Fr7IzQY48Y2pvknRmCJgitHum6WaKkjaQC+iKR/N0wq ZzINH2j1osQ381u+uJc4wYPHIFw/oWOosDWiuUYX+4oO7+0lAuEYQltmN5qF3z25 OwqKXJAGJYo=waMi -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202012-16


                                        https://security.gentoo.org/

Severity: Low Title: PHP: Multiple vulnerabilities Date: December 23, 2020 Bugs: #711140, #745993, #756775 ID: 202012-16


Synopsis

Multiple vulnerabilities have been found in PHP, the worst of which could result in a Denial of Service condition.

Background

PHP is an open source general-purpose scripting language that is especially suited for web development.

Affected packages

 -------------------------------------------------------------------
  Package              /     Vulnerable     /            Unaffected
 -------------------------------------------------------------------

1 dev-lang/php < 8.0.0 >= 7.2.34-r1:7.2 >= 7.3.25:7.3 >= 7.4.13:7.4

Description

Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers and change log referenced below for details.

Impact

An attacker could cause a Denial of Service condition or obtain sensitive information.

Workaround

There is no known workaround at this time.

Resolution

All PHP 7.2.x users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-7.2.34-r1:7.2"

All PHP 7.3.x users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-7.3.25:7.3"

All PHP 7.4.x users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-7.4.13:7.4"

References

[ 1 ] CVE-2020-7069 https://nvd.nist.gov/vuln/detail/CVE-2020-7069 [ 2 ] CVE-2020-7070 https://nvd.nist.gov/vuln/detail/CVE-2020-7070 [ 3 ] PHP 7.4.13 Change Log https://www.php.net/ChangeLog-7.php#7.4.13

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202012-16

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================= Ubuntu Security Notice USN-4583-2 October 27, 2020

php7.4 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 20.10

Summary:

Several security issues were fixed in PHP. This update provides the corresponding update for Ubuntu 20.10.

Original advisory details:

It was discovered that PHP incorrectly handled certain encrypt ciphers. (CVE-2020-7069)

It was discorevered that PHP incorrectly handled certain HTTP cookies. An attacker could possibly use this issue to forge cookie which is supposed to be secure. (CVE-2020-7070)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.10: libapache2-mod-php7.4 7.4.9-1ubuntu1.1 php7.4-cgi 7.4.9-1ubuntu1.1 php7.4-cli 7.4.9-1ubuntu1.1 php7.4-curl 7.4.9-1ubuntu1.1 php7.4-fpm 7.4.9-1ubuntu1.1

In general, a standard system update will make all the necessary changes.

For the stable distribution (buster), these problems have been fixed in version 7.3.27-1~deb10u1.

We recommend that you upgrade your php7.3 packages.

For the detailed security status of php7.3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php7.3

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmAtkVwACgkQEMKTtsN8 TjZ41g//e8PiVKbNVmYAbvssLu1ftKMLRmKkzQZZo4EK8GK50i25SKxlEVgGqFef PCbr7AaD3eGrTOTzIE5wqJclhhx664DAWeM68rEJKfn0w5EYznCi/h/vyBiEW4eH DAkBHcckCOMwsXgdvfQk/HAtqA1xoPmC8DZnbpgkd7feXT9/b/YYvv2dQxTMCaT3 AWaX4DBFOQVuk2yyLW9uCNC/cZBkeD3sTZFllV2SsXVr9NKMz3zxMsQAv1UlCTdl 8o8UM7d+zU3a5U5Ua1ENa2QR+RK0jhdRGgkJaXHZbdgZ+uV9rmt/PsV6NFzDseRv /lv44YF+Qs1a5u8SIUORB6BVMhCWECXgXBEQHXsoN+63xc8UcOIpI5tQHq+D4/MY YDyzC9W+fCred/NjVbaPUce6kxoz7k79/dfYbiE/sXj3pvoXqLRj9biRYUM2+/En vzstFBnZqwMv04zSzx+JALpFhkBv5ddg5R03B10o/FxndSJak1dGTUKOsa6M31qR 0pEeKmMizGq7Ws1QmqEvWfbR/uXEd43sEoaC0+OVB6XntUISRmUAj5hkFt/Yy3bd 622nZfXyhdepoPCXTEaDearJd2qdL8wcREG4f+42PMwhjTys/Iw0eVR5LGdKnlmX lbkT1Q1MX3XNbAQTIQpYX0TJJ9oCFU8Wq9HLlV2Eatqb2Hw7AEQ= =9Q7e -----END PGP SIGNATURE-----

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202010-1571",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.2.34"
      },
      {
        "model": "clustered data ontap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "15.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.0"
      },
      {
        "model": "tenable.sc",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "5.19.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "32"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "16.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "20.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "18.04"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.4.11"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "31"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.3.23"
      },
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "15.2"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "33"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.2.0"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.4.0"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.5.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.3.0"
      },
      {
        "model": "php",
        "scope": null,
        "trust": 0.8,
        "vendor": "the php group",
        "version": null
      },
      {
        "model": "ubuntu",
        "scope": null,
        "trust": 0.8,
        "vendor": "canonical",
        "version": null
      },
      {
        "model": "gnu/linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "model": "fedora",
        "scope": null,
        "trust": 0.8,
        "vendor": "fedora",
        "version": null
      },
      {
        "model": "clustered data ontap",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "leap",
        "scope": null,
        "trust": 0.8,
        "vendor": "opensuse",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012092"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7069"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.4.11",
                "versionStartIncluding": "7.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.3.23",
                "versionStartIncluding": "7.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.2.34",
                "versionStartIncluding": "7.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.5.0",
                "versionStartIncluding": "8.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.19.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-7069"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Gentoo",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "160708"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-435"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2020-7069",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.4,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2020-7069",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-185194",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 3.9,
            "impactScore": 2.5,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "security@php.net",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "impactScore": 2.5,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2020-7069",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-7069",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "security@php.net",
            "id": "CVE-2020-7069",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202005-435",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-185194",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-7069",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185194"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7069"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012092"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-435"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7069"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7069"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data. PHP Contains a cryptographic vulnerability.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A buffer error vulnerability exists in PHP versions 7.2.0, 7.3.0 and 7.4.0 due to the fact that the \u0027mbfl_filt_conv_big5_wchar\u0027 function does not check bounds properly. A remote attacker could exploit this vulnerability with specially crafted parameters to execute arbitrary code on the system or cause an application to crash. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.5 Release Notes linked from the References section. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: rh-php73-php security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2021:2992-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:2992\nIssue date:        2021-08-03\nCVE Names:         CVE-2020-7068 CVE-2020-7069 CVE-2020-7070\n                   CVE-2020-7071 CVE-2021-21702 CVE-2021-21705\n====================================================================\n1. Summary:\n\nAn update for rh-php73-php is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. \n\nThe following packages have been upgraded to a later upstream version:\nrh-php73-php (7.3.29). (BZ#1977764)\n\nSecurity Fix(es):\n\n* php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV\n(CVE-2020-7069)\n\n* php: FILTER_VALIDATE_URL accepts URLs with invalid userinfo\n(CVE-2020-7071)\n\n* php: SSRF bypass in FILTER_VALIDATE_URL (CVE-2021-21705)\n\n* php: Use of freed hash key in the phar_parse_zipfile function\n(CVE-2020-7068)\n\n* php: URL decoding of cookie names can lead to different interpretation of\ncookies between browser and server (CVE-2020-7070)\n\n* php: NULL pointer dereference in SoapClient (CVE-2021-21702)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon must be restarted\nfor the update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1868109 - CVE-2020-7068 php: Use of freed hash key in the phar_parse_zipfile function\n1885735 - CVE-2020-7069 php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV\n1885738 - CVE-2020-7070 php: URL decoding of cookie names can lead to different interpretation of cookies between browser and server\n1913846 - CVE-2020-7071 php: FILTER_VALIDATE_URL accepts URLs with invalid userinfo\n1925272 - CVE-2021-21702 php: NULL pointer dereference in SoapClient\n1977764 - PDO ODBC truncates BLOB records at every 256th byte [rhscl-3.7.z]\n1978755 - CVE-2021-21705 php: SSRF bypass in FILTER_VALIDATE_URL\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-php73-php-7.3.29-1.el7.src.rpm\n\nppc64le:\nrh-php73-php-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-bcmath-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-cli-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-common-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-dba-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-dbg-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-debuginfo-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-devel-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-embedded-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-enchant-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-fpm-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-gd-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-gmp-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-intl-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-json-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-ldap-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-mbstring-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-mysqlnd-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-odbc-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-opcache-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-pdo-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-pgsql-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-process-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-pspell-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-recode-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-snmp-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-soap-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-xml-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-xmlrpc-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-zip-7.3.29-1.el7.ppc64le.rpm\n\ns390x:\nrh-php73-php-7.3.29-1.el7.s390x.rpm\nrh-php73-php-bcmath-7.3.29-1.el7.s390x.rpm\nrh-php73-php-cli-7.3.29-1.el7.s390x.rpm\nrh-php73-php-common-7.3.29-1.el7.s390x.rpm\nrh-php73-php-dba-7.3.29-1.el7.s390x.rpm\nrh-php73-php-dbg-7.3.29-1.el7.s390x.rpm\nrh-php73-php-debuginfo-7.3.29-1.el7.s390x.rpm\nrh-php73-php-devel-7.3.29-1.el7.s390x.rpm\nrh-php73-php-embedded-7.3.29-1.el7.s390x.rpm\nrh-php73-php-enchant-7.3.29-1.el7.s390x.rpm\nrh-php73-php-fpm-7.3.29-1.el7.s390x.rpm\nrh-php73-php-gd-7.3.29-1.el7.s390x.rpm\nrh-php73-php-gmp-7.3.29-1.el7.s390x.rpm\nrh-php73-php-intl-7.3.29-1.el7.s390x.rpm\nrh-php73-php-json-7.3.29-1.el7.s390x.rpm\nrh-php73-php-ldap-7.3.29-1.el7.s390x.rpm\nrh-php73-php-mbstring-7.3.29-1.el7.s390x.rpm\nrh-php73-php-mysqlnd-7.3.29-1.el7.s390x.rpm\nrh-php73-php-odbc-7.3.29-1.el7.s390x.rpm\nrh-php73-php-opcache-7.3.29-1.el7.s390x.rpm\nrh-php73-php-pdo-7.3.29-1.el7.s390x.rpm\nrh-php73-php-pgsql-7.3.29-1.el7.s390x.rpm\nrh-php73-php-process-7.3.29-1.el7.s390x.rpm\nrh-php73-php-pspell-7.3.29-1.el7.s390x.rpm\nrh-php73-php-recode-7.3.29-1.el7.s390x.rpm\nrh-php73-php-snmp-7.3.29-1.el7.s390x.rpm\nrh-php73-php-soap-7.3.29-1.el7.s390x.rpm\nrh-php73-php-xml-7.3.29-1.el7.s390x.rpm\nrh-php73-php-xmlrpc-7.3.29-1.el7.s390x.rpm\nrh-php73-php-zip-7.3.29-1.el7.s390x.rpm\n\nx86_64:\nrh-php73-php-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-bcmath-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-cli-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-common-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-dba-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-dbg-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-debuginfo-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-devel-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-embedded-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-enchant-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-fpm-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-gd-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-gmp-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-intl-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-json-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-ldap-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-mbstring-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-mysqlnd-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-odbc-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-opcache-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-pdo-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-pgsql-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-process-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-pspell-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-recode-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-snmp-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-soap-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-xml-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-xmlrpc-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-zip-7.3.29-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-php73-php-7.3.29-1.el7.src.rpm\n\nppc64le:\nrh-php73-php-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-bcmath-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-cli-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-common-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-dba-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-dbg-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-debuginfo-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-devel-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-embedded-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-enchant-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-fpm-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-gd-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-gmp-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-intl-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-json-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-ldap-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-mbstring-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-mysqlnd-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-odbc-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-opcache-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-pdo-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-pgsql-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-process-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-pspell-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-recode-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-snmp-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-soap-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-xml-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-xmlrpc-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-zip-7.3.29-1.el7.ppc64le.rpm\n\ns390x:\nrh-php73-php-7.3.29-1.el7.s390x.rpm\nrh-php73-php-bcmath-7.3.29-1.el7.s390x.rpm\nrh-php73-php-cli-7.3.29-1.el7.s390x.rpm\nrh-php73-php-common-7.3.29-1.el7.s390x.rpm\nrh-php73-php-dba-7.3.29-1.el7.s390x.rpm\nrh-php73-php-dbg-7.3.29-1.el7.s390x.rpm\nrh-php73-php-debuginfo-7.3.29-1.el7.s390x.rpm\nrh-php73-php-devel-7.3.29-1.el7.s390x.rpm\nrh-php73-php-embedded-7.3.29-1.el7.s390x.rpm\nrh-php73-php-enchant-7.3.29-1.el7.s390x.rpm\nrh-php73-php-fpm-7.3.29-1.el7.s390x.rpm\nrh-php73-php-gd-7.3.29-1.el7.s390x.rpm\nrh-php73-php-gmp-7.3.29-1.el7.s390x.rpm\nrh-php73-php-intl-7.3.29-1.el7.s390x.rpm\nrh-php73-php-json-7.3.29-1.el7.s390x.rpm\nrh-php73-php-ldap-7.3.29-1.el7.s390x.rpm\nrh-php73-php-mbstring-7.3.29-1.el7.s390x.rpm\nrh-php73-php-mysqlnd-7.3.29-1.el7.s390x.rpm\nrh-php73-php-odbc-7.3.29-1.el7.s390x.rpm\nrh-php73-php-opcache-7.3.29-1.el7.s390x.rpm\nrh-php73-php-pdo-7.3.29-1.el7.s390x.rpm\nrh-php73-php-pgsql-7.3.29-1.el7.s390x.rpm\nrh-php73-php-process-7.3.29-1.el7.s390x.rpm\nrh-php73-php-pspell-7.3.29-1.el7.s390x.rpm\nrh-php73-php-recode-7.3.29-1.el7.s390x.rpm\nrh-php73-php-snmp-7.3.29-1.el7.s390x.rpm\nrh-php73-php-soap-7.3.29-1.el7.s390x.rpm\nrh-php73-php-xml-7.3.29-1.el7.s390x.rpm\nrh-php73-php-xmlrpc-7.3.29-1.el7.s390x.rpm\nrh-php73-php-zip-7.3.29-1.el7.s390x.rpm\n\nx86_64:\nrh-php73-php-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-bcmath-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-cli-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-common-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-dba-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-dbg-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-debuginfo-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-devel-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-embedded-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-enchant-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-fpm-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-gd-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-gmp-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-intl-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-json-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-ldap-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-mbstring-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-mysqlnd-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-odbc-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-opcache-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-pdo-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-pgsql-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-process-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-pspell-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-recode-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-snmp-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-soap-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-xml-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-xmlrpc-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-zip-7.3.29-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-php73-php-7.3.29-1.el7.src.rpm\n\nx86_64:\nrh-php73-php-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-bcmath-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-cli-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-common-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-dba-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-dbg-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-debuginfo-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-devel-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-embedded-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-enchant-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-fpm-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-gd-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-gmp-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-intl-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-json-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-ldap-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-mbstring-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-mysqlnd-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-odbc-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-opcache-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-pdo-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-pgsql-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-process-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-pspell-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-recode-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-snmp-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-soap-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-xml-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-xmlrpc-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-zip-7.3.29-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-7068\nhttps://access.redhat.com/security/cve/CVE-2020-7069\nhttps://access.redhat.com/security/cve/CVE-2020-7070\nhttps://access.redhat.com/security/cve/CVE-2020-7071\nhttps://access.redhat.com/security/cve/CVE-2021-21702\nhttps://access.redhat.com/security/cve/CVE-2021-21705\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYQkJj9zjgjWX9erEAQgi0w/9HBV5SuB3M7vK1ssSWffk2HuyWHLVm+wV\nWy96rIvzD1KrNeLTn3HAByHCIgHew6KD1mnoEawc5DItVY6oRlfW8ldX2P8fsk0C\n2xzmNy8jAzA0BjYZeYXfMQROpqiqCQVkPhAfeeWaVxn6jRH28oSwmF2U60HOoqLW\ntWsNmX+kyzWdUhvDSJ2Z/pmftpvWgR8m2hbQDiNF6j7VTUcBB5Ft1CZ5AH5TFkO2\nT/35iXqS3imgf6MVfS4fIZHmK7j59B93xv4XCLbsoFJ+YLrzESu1xouZOsU0REdw\nAGHnGQX/37DcBm3qdMH3DE0aBltk2AgzKdhwxG+gAREVVA2seeJSS9u6N368FSIW\n4Q1mLY0bQtdXc9XjmbTnA5sorQoeMdoM8P5DRxvGPG7armFisdhqqNuymcVTmwvz\nobgIIpuhM1ZOWrMZ5MyWTMKM1/5YdZk1F5wUgto1/DdTfeBOy/grNR1FKSiFcWYH\nx85ziJdRZK4nQmTeMIXLQvv9ZsDS4k1eRfil9Sq7WQdPjlm1mwYyhdAay/dNSdtd\nWCruH54kv/dZlv52jZqC1Fr7IzQY48Y2pvknRmCJgitHum6WaKkjaQC+iKR/N0wq\nZzINH2j1osQ381u+uJc4wYPHIFw/oWOosDWiuUYX+4oO7+0lAuEYQltmN5qF3z25\nOwqKXJAGJYo=waMi\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. This issue only affected Ubuntu 18.04 LTS and\nUbuntu 20.04 LTS. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202012-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: Low\n     Title: PHP: Multiple vulnerabilities\n      Date: December 23, 2020\n      Bugs: #711140, #745993, #756775\n        ID: 202012-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in PHP, the worst of which\ncould result in a Denial of Service condition. \n\nBackground\n==========\n\nPHP is an open source general-purpose scripting language that is\nespecially suited for web development. \n\nAffected packages\n=================\n\n     -------------------------------------------------------------------\n      Package              /     Vulnerable     /            Unaffected\n     -------------------------------------------------------------------\n   1  dev-lang/php                 \u003c 8.0.0            \u003e= 7.2.34-r1:7.2\n                                                         \u003e= 7.3.25:7.3\n                                                         \u003e= 7.4.13:7.4\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in PHP. Please review the\nCVE identifiers and change log referenced below for details. \n\nImpact\n======\n\nAn attacker could cause a Denial of Service condition or obtain\nsensitive information. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PHP 7.2.x users should upgrade to the latest version:\n\n   # emerge --sync\n   # emerge --ask --oneshot --verbose \"\u003e=dev-lang/php-7.2.34-r1:7.2\"\n\nAll PHP 7.3.x users should upgrade to the latest version:\n\n   # emerge --sync\n   # emerge --ask --oneshot --verbose \"\u003e=dev-lang/php-7.3.25:7.3\"\n\nAll PHP 7.4.x users should upgrade to the latest version:\n\n   # emerge --sync\n   # emerge --ask --oneshot --verbose \"\u003e=dev-lang/php-7.4.13:7.4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-7069\n       https://nvd.nist.gov/vuln/detail/CVE-2020-7069\n[ 2 ] CVE-2020-7070\n       https://nvd.nist.gov/vuln/detail/CVE-2020-7070\n[ 3 ] PHP 7.4.13 Change Log\n       https://www.php.net/ChangeLog-7.php#7.4.13\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  https://security.gentoo.org/glsa/202012-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. =========================================================================\nUbuntu Security Notice USN-4583-2\nOctober 27, 2020\n\nphp7.4 vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.10\n\nSummary:\n\nSeveral security issues were fixed in PHP. This update provides\nthe corresponding update for Ubuntu 20.10. \n\nOriginal advisory details:\n\n It was discovered that PHP incorrectly handled certain encrypt ciphers. (CVE-2020-7069)\n\n It was discorevered that PHP incorrectly handled certain HTTP cookies. \n An attacker could possibly use this issue to forge cookie which is supposed to\n be secure. (CVE-2020-7070)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.10:\n  libapache2-mod-php7.4           7.4.9-1ubuntu1.1\n  php7.4-cgi                      7.4.9-1ubuntu1.1\n  php7.4-cli                      7.4.9-1ubuntu1.1\n  php7.4-curl                     7.4.9-1ubuntu1.1\n  php7.4-fpm                      7.4.9-1ubuntu1.1\n\nIn general, a standard system update will make all the necessary changes. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 7.3.27-1~deb10u1. \n\nWe recommend that you upgrade your php7.3 packages. \n\nFor the detailed security status of php7.3 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/php7.3\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmAtkVwACgkQEMKTtsN8\nTjZ41g//e8PiVKbNVmYAbvssLu1ftKMLRmKkzQZZo4EK8GK50i25SKxlEVgGqFef\nPCbr7AaD3eGrTOTzIE5wqJclhhx664DAWeM68rEJKfn0w5EYznCi/h/vyBiEW4eH\nDAkBHcckCOMwsXgdvfQk/HAtqA1xoPmC8DZnbpgkd7feXT9/b/YYvv2dQxTMCaT3\nAWaX4DBFOQVuk2yyLW9uCNC/cZBkeD3sTZFllV2SsXVr9NKMz3zxMsQAv1UlCTdl\n8o8UM7d+zU3a5U5Ua1ENa2QR+RK0jhdRGgkJaXHZbdgZ+uV9rmt/PsV6NFzDseRv\n/lv44YF+Qs1a5u8SIUORB6BVMhCWECXgXBEQHXsoN+63xc8UcOIpI5tQHq+D4/MY\nYDyzC9W+fCred/NjVbaPUce6kxoz7k79/dfYbiE/sXj3pvoXqLRj9biRYUM2+/En\nvzstFBnZqwMv04zSzx+JALpFhkBv5ddg5R03B10o/FxndSJak1dGTUKOsa6M31qR\n0pEeKmMizGq7Ws1QmqEvWfbR/uXEd43sEoaC0+OVB6XntUISRmUAj5hkFt/Yy3bd\n622nZfXyhdepoPCXTEaDearJd2qdL8wcREG4f+42PMwhjTys/Iw0eVR5LGdKnlmX\nlbkT1Q1MX3XNbAQTIQpYX0TJJ9oCFU8Wq9HLlV2Eatqb2Hw7AEQ=\n=9Q7e\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-7069"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012092"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULHUB",
        "id": "VHN-185194"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7069"
      },
      {
        "db": "PACKETSTORM",
        "id": "164839"
      },
      {
        "db": "PACKETSTORM",
        "id": "163727"
      },
      {
        "db": "PACKETSTORM",
        "id": "159564"
      },
      {
        "db": "PACKETSTORM",
        "id": "160708"
      },
      {
        "db": "PACKETSTORM",
        "id": "159722"
      },
      {
        "db": "PACKETSTORM",
        "id": "168990"
      }
    ],
    "trust": 2.88
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-7069",
        "trust": 3.2
      },
      {
        "db": "TENABLE",
        "id": "TNS-2021-14",
        "trust": 1.8
      },
      {
        "db": "PACKETSTORM",
        "id": "159722",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "160708",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "164839",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "159564",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012092",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-435",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "163727",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2021080321",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021072292",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.3787",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2608",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0606",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.6055",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3671",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3541",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2515",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3581",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-33149",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-185194",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7069",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168990",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185194"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7069"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012092"
      },
      {
        "db": "PACKETSTORM",
        "id": "164839"
      },
      {
        "db": "PACKETSTORM",
        "id": "163727"
      },
      {
        "db": "PACKETSTORM",
        "id": "159564"
      },
      {
        "db": "PACKETSTORM",
        "id": "160708"
      },
      {
        "db": "PACKETSTORM",
        "id": "159722"
      },
      {
        "db": "PACKETSTORM",
        "id": "168990"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-435"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7069"
      }
    ]
  },
  "id": "VAR-202010-1571",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185194"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-02-12T23:37:29.184000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "openSUSE\u00a0Leap\u00a015.2 The\u00a0PHP\u00a0GroupPHP\u00a0Bugs",
        "trust": 0.8,
        "url": "https://usn.ubuntu.com/4583-1/"
      },
      {
        "title": "PHP Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=118684"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2020-1440",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2020-1440"
      },
      {
        "title": "Debian Security Advisories: DSA-4856-1 php7.3 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=02a4cb271948bb2c8ad70e07948c2253"
      },
      {
        "title": "Tenable Security Advisories: [R1] Tenable.sc 5.19.0 Fixes Multiple Third-party Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2021-14"
      },
      {
        "title": "OpenSSL-CVE-lib",
        "trust": 0.1,
        "url": "https://github.com/chnzzh/openssl-cve-lib "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-7069"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012092"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-435"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-326",
        "trust": 1.1
      },
      {
        "problemtype": "Inadequate encryption strength (CWE-326) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185194"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012092"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7069"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7069"
      },
      {
        "trust": 1.9,
        "url": "https://security.gentoo.org/glsa/202012-16"
      },
      {
        "trust": 1.8,
        "url": "https://security.netapp.com/advisory/ntap-20201016-0001/"
      },
      {
        "trust": 1.8,
        "url": "https://www.tenable.com/security/tns-2021-14"
      },
      {
        "trust": 1.8,
        "url": "https://www.debian.org/security/2021/dsa-4856"
      },
      {
        "trust": 1.8,
        "url": "https://bugs.php.net/bug.php?id=79601"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00045.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00067.html"
      },
      {
        "trust": 1.8,
        "url": "https://usn.ubuntu.com/4583-1/"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rru57n3osyzpomfwprdnvh7emyotsz66/"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7evdn7d3ib4eai4d3zom2ojkq5sd7k4e/"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/p2j3zzdhcsx65t5qwv4ahbn7mojxbekg/"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rru57n3osyzpomfwprdnvh7emyotsz66/"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7evdn7d3ib4eai4d3zom2ojkq5sd7k4e/"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/p2j3zzdhcsx65t5qwv4ahbn7mojxbekg/"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7070"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0606"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2608"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/php-information-disclosure-via-aes-ccm-encryption-33466"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/164839/red-hat-security-advisory-2021-4213-03.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021072292"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/159564/ubuntu-security-notice-usn-4583-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2515"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/163727/red-hat-security-advisory-2021-2992-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/php-buffer-overflow-via-mbfl-filt-conv-big5-wchar-32228"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/160708/gentoo-linux-security-advisory-202012-16.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/159722/ubuntu-security-notice-usn-4583-2.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-php-cve-2020-7069-cve-2020-7059-2/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.3787"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-php-cve-2020-7069-cve-2020-7059/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.6055"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3671/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021080321"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3581/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3541/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7068"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21702"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7071"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-7070"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-7069"
      },
      {
        "trust": 0.2,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-21702"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-7071"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-7068"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://usn.ubuntu.com/4583-1"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/326.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://alas.aws.amazon.com/alas-2020-1440.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:4213"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2992"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21705"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php7.2/7.2.24-0ubuntu0.18.04.7"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php7.0/7.0.33-0ubuntu0.16.04.16"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu2.4"
      },
      {
        "trust": 0.1,
        "url": "https://www.php.net/changelog-7.php#7.4.13"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php7.4/7.4.9-1ubuntu1.1"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/4583-2"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/php7.3"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185194"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7069"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012092"
      },
      {
        "db": "PACKETSTORM",
        "id": "164839"
      },
      {
        "db": "PACKETSTORM",
        "id": "163727"
      },
      {
        "db": "PACKETSTORM",
        "id": "159564"
      },
      {
        "db": "PACKETSTORM",
        "id": "160708"
      },
      {
        "db": "PACKETSTORM",
        "id": "159722"
      },
      {
        "db": "PACKETSTORM",
        "id": "168990"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-435"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7069"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-185194"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7069"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012092"
      },
      {
        "db": "PACKETSTORM",
        "id": "164839"
      },
      {
        "db": "PACKETSTORM",
        "id": "163727"
      },
      {
        "db": "PACKETSTORM",
        "id": "159564"
      },
      {
        "db": "PACKETSTORM",
        "id": "160708"
      },
      {
        "db": "PACKETSTORM",
        "id": "159722"
      },
      {
        "db": "PACKETSTORM",
        "id": "168990"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-435"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7069"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-10-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-185194"
      },
      {
        "date": "2020-10-02T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-7069"
      },
      {
        "date": "2021-04-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-012092"
      },
      {
        "date": "2021-11-10T17:05:06",
        "db": "PACKETSTORM",
        "id": "164839"
      },
      {
        "date": "2021-08-03T14:47:43",
        "db": "PACKETSTORM",
        "id": "163727"
      },
      {
        "date": "2020-10-14T20:14:14",
        "db": "PACKETSTORM",
        "id": "159564"
      },
      {
        "date": "2020-12-24T17:17:47",
        "db": "PACKETSTORM",
        "id": "160708"
      },
      {
        "date": "2020-10-27T14:12:34",
        "db": "PACKETSTORM",
        "id": "159722"
      },
      {
        "date": "2021-02-28T20:12:00",
        "db": "PACKETSTORM",
        "id": "168990"
      },
      {
        "date": "2020-05-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202005-435"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2020-10-02T15:15:12.670000",
        "db": "NVD",
        "id": "CVE-2020-7069"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-12-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-185194"
      },
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-7069"
      },
      {
        "date": "2021-04-23T08:59:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-012092"
      },
      {
        "date": "2022-11-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202005-435"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2023-11-07T03:25:41.900000",
        "db": "NVD",
        "id": "CVE-2020-7069"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-435"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP\u00a0 Vulnerability in cryptography",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012092"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-435"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.