СloudLinux Blog

Beta: HardenedPHP for EasyApache 4 updated

Written by Inessa Atmachian | Mar 5, 2020 8:16:02 PM

 

New updated HardenedPHP packages for EasyApache4 are now available for download from our updates-testing repository.

ea-php51-php-5.1.6-24.cloudlinux.15

  • Fix a bug #79099: OOB read in php_strip_tags_ex (CVE-2020-7059)

ea-php52-php-5.2.17-27.cloudlinux.23
ea-php53-php-5.3.29-29.cloudlinux.17

  • Fix a bug #79099: OOB read in php_strip_tags_ex (CVE-2020-7059)
  • Fix a bug #79082: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063)

ea-php54-php-5.4.45-66.cloudlinux.3
ea-php55-php-5.5.38-49.cloudlinux.3  
ea-php56-php-5.6.40-11.cloudlinux.3  
ea-php70-php-7.0.33-12.cloudlinux.2

  • Fix a bug #79099: OOB read in php_strip_tags_ex (CVE-2020-7059)
  • Fix a bug #79037: global buffer-overflow in `mbfl_filt_conv_big5_wchar` (CVE-2020-7060)
  • Fix a bug #79082: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063)
  • Fix a bug #79221: Null Pointer Dereference in PHP Session Upload Progress (CVE-2020-7062)

ea-php71-php-7.1.33-4.cloudlinux.2

  • Fix a bug #79099: OOB read in php_strip_tags_ex (CVE-2020-7059)
  • Fix a bug #79037: global buffer-overflow in `mbfl_filt_conv_big5_wchar` (CVE-2020-7060)
  • Fix a bug #79082: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063)
  • Fix a bug #79091: heap use-after-free in session_create_id()
  • Fix a bug #79221: Null Pointer Dereference in PHP Session Upload Progress (CVE-2020-7062)

Update command

yum update ea-php* --enablerepo=cl-ea4-testing