{"schema_version":"1.7.2","id":"OESA-2021-1038","modified":"2021-02-10T11:02:37Z","published":"2021-02-10T11:02:37Z","upstream":["CVE-2020-7060"],"summary":"php security update","details":"PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server.\\r\\n\\r\\n\r\nSecurity Fix(es):\\r\\n\\r\\n\r\nWhen using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2020-7060)\\r\\n\\r\\n","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS","name":"php","purl":"pkg:rpm/openEuler/php\u0026distro=openEuler-20.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.2.10-12.oe1"}]}],"ecosystem_specific":{"aarch64":["php-mysqlnd-7.2.10-12.oe1.aarch64.rpm","php-tidy-7.2.10-12.oe1.aarch64.rpm","php-pdo-7.2.10-12.oe1.aarch64.rpm","php-soap-7.2.10-12.oe1.aarch64.rpm","php-bcmath-7.2.10-12.oe1.aarch64.rpm","php-common-7.2.10-12.oe1.aarch64.rpm","php-pgsql-7.2.10-12.oe1.aarch64.rpm","php-mbstring-7.2.10-12.oe1.aarch64.rpm","php-opcache-7.2.10-12.oe1.aarch64.rpm","php-intl-7.2.10-12.oe1.aarch64.rpm","php-odbc-7.2.10-12.oe1.aarch64.rpm","php-cli-7.2.10-12.oe1.aarch64.rpm","php-debuginfo-7.2.10-12.oe1.aarch64.rpm","php-xmlrpc-7.2.10-12.oe1.aarch64.rpm","php-gd-7.2.10-12.oe1.aarch64.rpm","php-ldap-7.2.10-12.oe1.aarch64.rpm","php-recode-7.2.10-12.oe1.aarch64.rpm","php-process-7.2.10-12.oe1.aarch64.rpm","php-xml-7.2.10-12.oe1.aarch64.rpm","php-enchant-7.2.10-12.oe1.aarch64.rpm","php-help-7.2.10-12.oe1.aarch64.rpm","php-json-7.2.10-12.oe1.aarch64.rpm","php-snmp-7.2.10-12.oe1.aarch64.rpm","php-devel-7.2.10-12.oe1.aarch64.rpm","php-fpm-7.2.10-12.oe1.aarch64.rpm","php-debugsource-7.2.10-12.oe1.aarch64.rpm","php-gmp-7.2.10-12.oe1.aarch64.rpm","php-dbg-7.2.10-12.oe1.aarch64.rpm","php-embedded-7.2.10-12.oe1.aarch64.rpm","php-dba-7.2.10-12.oe1.aarch64.rpm","php-7.2.10-12.oe1.aarch64.rpm"],"src":["php-7.2.10-12.oe1.src.rpm"],"x86_64":["php-json-7.2.10-12.oe1.x86_64.rpm","php-odbc-7.2.10-12.oe1.x86_64.rpm","php-opcache-7.2.10-12.oe1.x86_64.rpm","php-soap-7.2.10-12.oe1.x86_64.rpm","php-enchant-7.2.10-12.oe1.x86_64.rpm","php-pgsql-7.2.10-12.oe1.x86_64.rpm","php-dba-7.2.10-12.oe1.x86_64.rpm","php-devel-7.2.10-12.oe1.x86_64.rpm","php-cli-7.2.10-12.oe1.x86_64.rpm","php-xmlrpc-7.2.10-12.oe1.x86_64.rpm","php-debugsource-7.2.10-12.oe1.x86_64.rpm","php-mbstring-7.2.10-12.oe1.x86_64.rpm","php-snmp-7.2.10-12.oe1.x86_64.rpm","php-mysqlnd-7.2.10-12.oe1.x86_64.rpm","php-debuginfo-7.2.10-12.oe1.x86_64.rpm","php-help-7.2.10-12.oe1.x86_64.rpm","php-tidy-7.2.10-12.oe1.x86_64.rpm","php-dbg-7.2.10-12.oe1.x86_64.rpm","php-recode-7.2.10-12.oe1.x86_64.rpm","php-xml-7.2.10-12.oe1.x86_64.rpm","php-ldap-7.2.10-12.oe1.x86_64.rpm","php-pdo-7.2.10-12.oe1.x86_64.rpm","php-common-7.2.10-12.oe1.x86_64.rpm","php-gmp-7.2.10-12.oe1.x86_64.rpm","php-fpm-7.2.10-12.oe1.x86_64.rpm","php-7.2.10-12.oe1.x86_64.rpm","php-process-7.2.10-12.oe1.x86_64.rpm","php-embedded-7.2.10-12.oe1.x86_64.rpm","php-bcmath-7.2.10-12.oe1.x86_64.rpm","php-gd-7.2.10-12.oe1.x86_64.rpm","php-intl-7.2.10-12.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1038"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7060"}],"database_specific":{"severity":"Critical"}}