ALT-BU-2020-3673-1
Branch p8 update bulletin.
Closed vulnerabilities
BDU:2021-00097
Уязвимость интерпретатора языка программирования PHP, связанная с неправильным сохранением разрешений, позволяющая нарушителю оказать воздействие на целостность данных
BDU:2021-00098
Уязвимость интерпретатора языка программирования PHP, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-7062
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.
- openSUSE-SU-2020:0341
- openSUSE-SU-2020:0341
- https://bugs.php.net/bug.php?id=79221
- https://bugs.php.net/bug.php?id=79221
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- GLSA-202003-57
- GLSA-202003-57
- USN-4330-1
- USN-4330-1
- DSA-4717
- DSA-4717
- DSA-4719
- DSA-4719
- https://www.tenable.com/security/tns-2021-14
- https://www.tenable.com/security/tns-2021-14
Modified: 2024-11-21
CVE-2020-7063
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.
- openSUSE-SU-2020:0341
- openSUSE-SU-2020:0341
- https://bugs.php.net/bug.php?id=79082
- https://bugs.php.net/bug.php?id=79082
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- GLSA-202003-57
- GLSA-202003-57
- USN-4330-1
- USN-4330-1
- DSA-4717
- DSA-4717
- DSA-4719
- DSA-4719
- https://www.tenable.com/security/tns-2021-14
- https://www.tenable.com/security/tns-2021-14
Closed vulnerabilities
BDU:2021-00097
Уязвимость интерпретатора языка программирования PHP, связанная с неправильным сохранением разрешений, позволяющая нарушителю оказать воздействие на целостность данных
BDU:2021-00098
Уязвимость интерпретатора языка программирования PHP, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-7062
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.
- openSUSE-SU-2020:0341
- openSUSE-SU-2020:0341
- https://bugs.php.net/bug.php?id=79221
- https://bugs.php.net/bug.php?id=79221
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- GLSA-202003-57
- GLSA-202003-57
- USN-4330-1
- USN-4330-1
- DSA-4717
- DSA-4717
- DSA-4719
- DSA-4719
- https://www.tenable.com/security/tns-2021-14
- https://www.tenable.com/security/tns-2021-14
Modified: 2024-11-21
CVE-2020-7063
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.
- openSUSE-SU-2020:0341
- openSUSE-SU-2020:0341
- https://bugs.php.net/bug.php?id=79082
- https://bugs.php.net/bug.php?id=79082
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- GLSA-202003-57
- GLSA-202003-57
- USN-4330-1
- USN-4330-1
- DSA-4717
- DSA-4717
- DSA-4719
- DSA-4719
- https://www.tenable.com/security/tns-2021-14
- https://www.tenable.com/security/tns-2021-14
Package php7-openssl updated to version 7.2.28-alt1.1 for branch p8 in task 246730.
Closed vulnerabilities
BDU:2021-00097
Уязвимость интерпретатора языка программирования PHP, связанная с неправильным сохранением разрешений, позволяющая нарушителю оказать воздействие на целостность данных
BDU:2021-00098
Уязвимость интерпретатора языка программирования PHP, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-7062
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.
- openSUSE-SU-2020:0341
- openSUSE-SU-2020:0341
- https://bugs.php.net/bug.php?id=79221
- https://bugs.php.net/bug.php?id=79221
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- GLSA-202003-57
- GLSA-202003-57
- USN-4330-1
- USN-4330-1
- DSA-4717
- DSA-4717
- DSA-4719
- DSA-4719
- https://www.tenable.com/security/tns-2021-14
- https://www.tenable.com/security/tns-2021-14
Modified: 2024-11-21
CVE-2020-7063
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.
- openSUSE-SU-2020:0341
- openSUSE-SU-2020:0341
- https://bugs.php.net/bug.php?id=79082
- https://bugs.php.net/bug.php?id=79082
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- GLSA-202003-57
- GLSA-202003-57
- USN-4330-1
- USN-4330-1
- DSA-4717
- DSA-4717
- DSA-4719
- DSA-4719
- https://www.tenable.com/security/tns-2021-14
- https://www.tenable.com/security/tns-2021-14
Package php7-pdo_mysql updated to version 7.2.28-alt1 for branch p8 in task 246730.
Closed vulnerabilities
BDU:2021-00097
Уязвимость интерпретатора языка программирования PHP, связанная с неправильным сохранением разрешений, позволяющая нарушителю оказать воздействие на целостность данных
BDU:2021-00098
Уязвимость интерпретатора языка программирования PHP, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-7062
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.
- openSUSE-SU-2020:0341
- openSUSE-SU-2020:0341
- https://bugs.php.net/bug.php?id=79221
- https://bugs.php.net/bug.php?id=79221
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- GLSA-202003-57
- GLSA-202003-57
- USN-4330-1
- USN-4330-1
- DSA-4717
- DSA-4717
- DSA-4719
- DSA-4719
- https://www.tenable.com/security/tns-2021-14
- https://www.tenable.com/security/tns-2021-14
Modified: 2024-11-21
CVE-2020-7063
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.
- openSUSE-SU-2020:0341
- openSUSE-SU-2020:0341
- https://bugs.php.net/bug.php?id=79082
- https://bugs.php.net/bug.php?id=79082
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- GLSA-202003-57
- GLSA-202003-57
- USN-4330-1
- USN-4330-1
- DSA-4717
- DSA-4717
- DSA-4719
- DSA-4719
- https://www.tenable.com/security/tns-2021-14
- https://www.tenable.com/security/tns-2021-14
Package php7-pgsql updated to version 7.2.28-alt1.2 for branch p8 in task 246730.
Closed vulnerabilities
BDU:2021-00097
Уязвимость интерпретатора языка программирования PHP, связанная с неправильным сохранением разрешений, позволяющая нарушителю оказать воздействие на целостность данных
BDU:2021-00098
Уязвимость интерпретатора языка программирования PHP, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-7062
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.
- openSUSE-SU-2020:0341
- openSUSE-SU-2020:0341
- https://bugs.php.net/bug.php?id=79221
- https://bugs.php.net/bug.php?id=79221
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- GLSA-202003-57
- GLSA-202003-57
- USN-4330-1
- USN-4330-1
- DSA-4717
- DSA-4717
- DSA-4719
- DSA-4719
- https://www.tenable.com/security/tns-2021-14
- https://www.tenable.com/security/tns-2021-14
Modified: 2024-11-21
CVE-2020-7063
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.
- openSUSE-SU-2020:0341
- openSUSE-SU-2020:0341
- https://bugs.php.net/bug.php?id=79082
- https://bugs.php.net/bug.php?id=79082
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- GLSA-202003-57
- GLSA-202003-57
- USN-4330-1
- USN-4330-1
- DSA-4717
- DSA-4717
- DSA-4719
- DSA-4719
- https://www.tenable.com/security/tns-2021-14
- https://www.tenable.com/security/tns-2021-14
Closed vulnerabilities
BDU:2021-00097
Уязвимость интерпретатора языка программирования PHP, связанная с неправильным сохранением разрешений, позволяющая нарушителю оказать воздействие на целостность данных
BDU:2021-00098
Уязвимость интерпретатора языка программирования PHP, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-7062
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.
- openSUSE-SU-2020:0341
- openSUSE-SU-2020:0341
- https://bugs.php.net/bug.php?id=79221
- https://bugs.php.net/bug.php?id=79221
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- GLSA-202003-57
- GLSA-202003-57
- USN-4330-1
- USN-4330-1
- DSA-4717
- DSA-4717
- DSA-4719
- DSA-4719
- https://www.tenable.com/security/tns-2021-14
- https://www.tenable.com/security/tns-2021-14
Modified: 2024-11-21
CVE-2020-7063
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.
- openSUSE-SU-2020:0341
- openSUSE-SU-2020:0341
- https://bugs.php.net/bug.php?id=79082
- https://bugs.php.net/bug.php?id=79082
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- GLSA-202003-57
- GLSA-202003-57
- USN-4330-1
- USN-4330-1
- DSA-4717
- DSA-4717
- DSA-4719
- DSA-4719
- https://www.tenable.com/security/tns-2021-14
- https://www.tenable.com/security/tns-2021-14
Closed vulnerabilities
BDU:2021-00097
Уязвимость интерпретатора языка программирования PHP, связанная с неправильным сохранением разрешений, позволяющая нарушителю оказать воздействие на целостность данных
BDU:2021-00098
Уязвимость интерпретатора языка программирования PHP, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-7062
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.
- openSUSE-SU-2020:0341
- openSUSE-SU-2020:0341
- https://bugs.php.net/bug.php?id=79221
- https://bugs.php.net/bug.php?id=79221
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- GLSA-202003-57
- GLSA-202003-57
- USN-4330-1
- USN-4330-1
- DSA-4717
- DSA-4717
- DSA-4719
- DSA-4719
- https://www.tenable.com/security/tns-2021-14
- https://www.tenable.com/security/tns-2021-14
Modified: 2024-11-21
CVE-2020-7063
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.
- openSUSE-SU-2020:0341
- openSUSE-SU-2020:0341
- https://bugs.php.net/bug.php?id=79082
- https://bugs.php.net/bug.php?id=79082
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- GLSA-202003-57
- GLSA-202003-57
- USN-4330-1
- USN-4330-1
- DSA-4717
- DSA-4717
- DSA-4719
- DSA-4719
- https://www.tenable.com/security/tns-2021-14
- https://www.tenable.com/security/tns-2021-14
Closed vulnerabilities
BDU:2021-00097
Уязвимость интерпретатора языка программирования PHP, связанная с неправильным сохранением разрешений, позволяющая нарушителю оказать воздействие на целостность данных
BDU:2021-00098
Уязвимость интерпретатора языка программирования PHP, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-7062
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.
- openSUSE-SU-2020:0341
- openSUSE-SU-2020:0341
- https://bugs.php.net/bug.php?id=79221
- https://bugs.php.net/bug.php?id=79221
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- GLSA-202003-57
- GLSA-202003-57
- USN-4330-1
- USN-4330-1
- DSA-4717
- DSA-4717
- DSA-4719
- DSA-4719
- https://www.tenable.com/security/tns-2021-14
- https://www.tenable.com/security/tns-2021-14
Modified: 2024-11-21
CVE-2020-7063
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.
- openSUSE-SU-2020:0341
- openSUSE-SU-2020:0341
- https://bugs.php.net/bug.php?id=79082
- https://bugs.php.net/bug.php?id=79082
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- GLSA-202003-57
- GLSA-202003-57
- USN-4330-1
- USN-4330-1
- DSA-4717
- DSA-4717
- DSA-4719
- DSA-4719
- https://www.tenable.com/security/tns-2021-14
- https://www.tenable.com/security/tns-2021-14
Package php7-opcache updated to version 7.2.28-alt1.1 for branch p8 in task 246730.
Closed vulnerabilities
BDU:2021-00097
Уязвимость интерпретатора языка программирования PHP, связанная с неправильным сохранением разрешений, позволяющая нарушителю оказать воздействие на целостность данных
BDU:2021-00098
Уязвимость интерпретатора языка программирования PHP, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-7062
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.
- openSUSE-SU-2020:0341
- openSUSE-SU-2020:0341
- https://bugs.php.net/bug.php?id=79221
- https://bugs.php.net/bug.php?id=79221
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- GLSA-202003-57
- GLSA-202003-57
- USN-4330-1
- USN-4330-1
- DSA-4717
- DSA-4717
- DSA-4719
- DSA-4719
- https://www.tenable.com/security/tns-2021-14
- https://www.tenable.com/security/tns-2021-14
Modified: 2024-11-21
CVE-2020-7063
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.
- openSUSE-SU-2020:0341
- openSUSE-SU-2020:0341
- https://bugs.php.net/bug.php?id=79082
- https://bugs.php.net/bug.php?id=79082
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- GLSA-202003-57
- GLSA-202003-57
- USN-4330-1
- USN-4330-1
- DSA-4717
- DSA-4717
- DSA-4719
- DSA-4719
- https://www.tenable.com/security/tns-2021-14
- https://www.tenable.com/security/tns-2021-14
Package php7-xmlrpc updated to version 7.2.28-alt1 for branch p8 in task 246730.
Closed vulnerabilities
BDU:2021-00097
Уязвимость интерпретатора языка программирования PHP, связанная с неправильным сохранением разрешений, позволяющая нарушителю оказать воздействие на целостность данных
BDU:2021-00098
Уязвимость интерпретатора языка программирования PHP, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-7062
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.
- openSUSE-SU-2020:0341
- openSUSE-SU-2020:0341
- https://bugs.php.net/bug.php?id=79221
- https://bugs.php.net/bug.php?id=79221
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- GLSA-202003-57
- GLSA-202003-57
- USN-4330-1
- USN-4330-1
- DSA-4717
- DSA-4717
- DSA-4719
- DSA-4719
- https://www.tenable.com/security/tns-2021-14
- https://www.tenable.com/security/tns-2021-14
Modified: 2024-11-21
CVE-2020-7063
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.
- openSUSE-SU-2020:0341
- openSUSE-SU-2020:0341
- https://bugs.php.net/bug.php?id=79082
- https://bugs.php.net/bug.php?id=79082
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- GLSA-202003-57
- GLSA-202003-57
- USN-4330-1
- USN-4330-1
- DSA-4717
- DSA-4717
- DSA-4719
- DSA-4719
- https://www.tenable.com/security/tns-2021-14
- https://www.tenable.com/security/tns-2021-14
Closed vulnerabilities
BDU:2021-00097
Уязвимость интерпретатора языка программирования PHP, связанная с неправильным сохранением разрешений, позволяющая нарушителю оказать воздействие на целостность данных
BDU:2021-00098
Уязвимость интерпретатора языка программирования PHP, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-7062
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.
- openSUSE-SU-2020:0341
- openSUSE-SU-2020:0341
- https://bugs.php.net/bug.php?id=79221
- https://bugs.php.net/bug.php?id=79221
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- GLSA-202003-57
- GLSA-202003-57
- USN-4330-1
- USN-4330-1
- DSA-4717
- DSA-4717
- DSA-4719
- DSA-4719
- https://www.tenable.com/security/tns-2021-14
- https://www.tenable.com/security/tns-2021-14
Modified: 2024-11-21
CVE-2020-7063
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.
- openSUSE-SU-2020:0341
- openSUSE-SU-2020:0341
- https://bugs.php.net/bug.php?id=79082
- https://bugs.php.net/bug.php?id=79082
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- [debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update
- GLSA-202003-57
- GLSA-202003-57
- USN-4330-1
- USN-4330-1
- DSA-4717
- DSA-4717
- DSA-4719
- DSA-4719
- https://www.tenable.com/security/tns-2021-14
- https://www.tenable.com/security/tns-2021-14
Package kernel-image-std-def updated to version 4.9.214-alt0.M80P.1 for branch p8 in task 246740.
Closed vulnerabilities
BDU:2015-05303
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
BDU:2015-05304
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
BDU:2015-05305
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
BDU:2015-05306
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
BDU:2015-05307
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
BDU:2015-05308
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
BDU:2015-05309
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
BDU:2015-05310
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
BDU:2015-05311
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
BDU:2015-05312
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
BDU:2015-05313
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
BDU:2015-05314
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
BDU:2015-05315
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
BDU:2015-05542
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-05543
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Modified: 2024-11-21
CVE-2013-1798
The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application.
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a2c118bfab8bc6b8bb213abfc35201e441693d55
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a2c118bfab8bc6b8bb213abfc35201e441693d55
- openSUSE-SU-2013:0847
- openSUSE-SU-2013:0847
- openSUSE-SU-2013:0925
- openSUSE-SU-2013:0925
- openSUSE-SU-2013:1187
- openSUSE-SU-2013:1187
- http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html
- http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html
- RHSA-2013:0727
- RHSA-2013:0727
- RHSA-2013:0744
- RHSA-2013:0744
- RHSA-2013:0746
- RHSA-2013:0746
- RHSA-2013:0928
- RHSA-2013:0928
- RHSA-2013:1026
- RHSA-2013:1026
- MDVSA-2013:176
- MDVSA-2013:176
- [oss-security] 20130320 linux kernel: kvm: CVE-2013-179[6..8]
- [oss-security] 20130320 linux kernel: kvm: CVE-2013-179[6..8]
- USN-1809-1
- USN-1809-1
- USN-1812-1
- USN-1812-1
- USN-1813-1
- USN-1813-1
- https://bugzilla.redhat.com/show_bug.cgi?id=917017
- https://bugzilla.redhat.com/show_bug.cgi?id=917017
- https://github.com/torvalds/linux/commit/a2c118bfab8bc6b8bb213abfc35201e441693d55
- https://github.com/torvalds/linux/commit/a2c118bfab8bc6b8bb213abfc35201e441693d55
Package usb-modeswitch updated to version 2.6.0-alt1 for branch p8 in task 246076.
Closed bugs
Обновить до версии >= 2.4 (доступна 2.5)
Package usb-modeswitch-data updated to version 20191128-alt1 for branch p8 in task 246076.
Closed bugs
Обновить до 20170205