SB2021030540 - openEuler 20.03 LTS update for php
Published: March 5, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2020-7070)
The vulnerability allows a remote attacker to perform a spoofing attack.
The vulnerability exists in the way PHP parser handles cookies with percent character (e.g. '%'). A remote attacker can send a crafted HTTP request with a `__%48ost-` or `__%53ecure-` cookie that will be processed before other cookies sent in the same request. As a result, an attacker can set malicious `__Host-` cookie on a subdomain and bypass origin restrictions, imposed by browsers.
Successful exploitation of the vulnerability may allow an attacker to perform a spoofing attack.
2) Cryptographic issues (CVE-ID: CVE-2020-7069)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to the openssl_encrypt() function generates a wrong ciphertext and a wrong tag for AES-CCM for a 12 bytes IV. As a result, a 7-byte nonce is used instead of 12 bytes. A remote attacker can abuse such behavior and decrypt data.
3) Missing support for integrity check (CVE-ID: CVE-2020-8184)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to missing integrity check of secure cookies. A remote attacker can alter the cookies in the requests and bypass implemented security restrictions.
Remediation
Install update from vendor's website.