Bugzilla – Bug 1162632
VUL-0: CVE-2020-7060: php5,php72,php7,php53: Global buffer-overflow in mbfl_filt_conv_big5_wchar function
Last modified: 2020-05-27 15:25:26 UTC
rh#1797779 A flaw was found in php before 7.4.2. A global buffer overflow in mbfl_filt_conv_big5_wchar function may lead to corruption of memory data. Upstream issue: http://bugs.php.net/79037 Patch: https://git.php.net/?p=php-src.git;a=commitdiff;h=2bcbc95f033c31b00595ed39f79c3a99b4ed0501 References: https://bugzilla.redhat.com/show_bug.cgi?id=1797779 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7060
valgrind does not reveal any memory issue for me with the reporter's testcase, nor in the testcase from https://gist.github.com/cmb69/951f7404fda6d71400ac63dcbe3b1463. Using the upstream commit test: <?php var_dump(mb_convert_encoding("\x81\x3a", "UTF-8", "CP950")); ?> BEFORE 15/php7 $ php bug79037.php string(3) "脺" $ PATCH referenced in comment 0 11sp3/php53 output: $ USE_ZEND_ALLOC=0 valgrind -q php bug79037.php string(2) "?:" $ The code not found. Considering not affected. AFTER 15/php7 $ php bug79037.php string(1) "?" $
Will submit for 15/php7, 12/php72.
Also committed to devel:languages:php:php56/php5.
Packages submitted, I believe all fixed.
Submitted also for 12/php5.
SUSE-SU-2020:0397-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1161982,1162629,1162632 CVE References: CVE-2019-20433,CVE-2020-7059,CVE-2020-7060 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): php72-7.2.5-1.37.1 SUSE Linux Enterprise Software Development Kit 12-SP4 (src): php72-7.2.5-1.37.1 SUSE Linux Enterprise Module for Web Scripting 12 (src): php72-7.2.5-1.37.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:0522-1: An update that solves 9 vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1145095,1146360,1154999,1159922,1159923,1159924,1159927,1161982,1162629,1162632 CVE References: CVE-2019-11041,CVE-2019-11042,CVE-2019-11043,CVE-2019-11045,CVE-2019-11046,CVE-2019-11047,CVE-2019-11050,CVE-2020-7059,CVE-2020-7060 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP4 (src): php5-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web Scripting 12 (src): php5-5.5.14-109.68.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:0622-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1162629,1162632,1165280,1165289 CVE References: CVE-2020-7059,CVE-2020-7060,CVE-2020-7062,CVE-2020-7063 Sources used: SUSE Linux Enterprise Server for SAP 15 (src): php7-7.2.5-4.52.4 SUSE Linux Enterprise Server 15-LTSS (src): php7-7.2.5-4.52.4 SUSE Linux Enterprise Module for Web Scripting 15-SP1 (src): php7-7.2.5-4.52.4 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): php7-7.2.5-4.52.4 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): php7-7.2.5-4.52.4 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): php7-7.2.5-4.52.4 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2020:0341-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1162629,1162632,1165280,1165289 CVE References: CVE-2020-7059,CVE-2020-7060,CVE-2020-7062,CVE-2020-7063 Sources used: openSUSE Leap 15.1 (src): php7-7.2.5-lp151.6.22.1, php7-test-7.2.5-lp151.6.22.1
Done.