HardenedPHP for EasyApache 4 updated

Mar 12, 2020 8:58:04 PM / by Inessa Atmachian

 

hardened_php1

New updated HardenedPHP packages for EasyApache4 are now available for download from our production repository.

ea-php51-php-5.1.6-24.cloudlinux.15

  • Fix a bug #79099: OOB read in php_strip_tags_ex (CVE-2020-7059)
  • MODLS-735: Delete criu images for a host/user when lsapi_backend_pgrp_max_crashes triggers

ea-php52-php-5.2.17-27.cloudlinux.23
ea-php53-php-5.3.29-29.cloudlinux.17

  • Fix a bug #79099: OOB read in php_strip_tags_ex (CVE-2020-7059)
  • Fix a bug #79082: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063)
  • MODLS-735: Delete criu images for a host/user when lsapi_backend_pgrp_max_crashes triggers

ea-php54-php-5.4.45-66.cloudlinux.3
ea-php55-php-5.5.38-49.cloudlinux.3  
ea-php56-php-5.6.40-11.cloudlinux.3  
ea-php70-php-7.0.33-12.cloudlinux.2

    • Fix a bug #79099: OOB read in php_strip_tags_ex (CVE-2020-7059)
    • Fix a bug #79037: global buffer-overflow in `mbfl_filt_conv_big5_wchar` (CVE-2020-7060)
    • Fix a bug #79082: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063)
    • Fix a bug #79221: Null Pointer Dereference in PHP Session Upload Progress (CVE-2020-7062)
    • MODLS-735: Delete criu images for a host/user when lsapi_backend_pgrp_max_crashes triggers

ea-php71-php-7.1.33-4.cloudlinux.2

      • Fix a bug #79099: OOB read in php_strip_tags_ex (CVE-2020-7059)
      • Fix a bug #79037: global buffer-overflow in `mbfl_filt_conv_big5_wchar` (CVE-2020-7060)
      • Fix a bug #79082: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063)
      • Fix a bug #79091: heap use-after-free in session_create_id()
      • Fix a bug #79221: Null Pointer Dereference in PHP Session Upload Progress (CVE-2020-7062)
      • MODLS-735: Delete criu images for a host/user when lsapi_backend_pgrp_max_crashes triggers

Update command

yum update ea-php*

Topics: HardenedPHP, EasyApache 4, Technical Blog

Inessa Atmachian

Written by Inessa Atmachian

Inessa Atmachian is a Technical Writer. She is responsible for developing technical product documentation for CloudLinux OS, KernelCare, and Imunify360 products. She provides customers with release notes and information on product updates.

    Subscribe to Email Updates

    Recent Posts