Vulnerability CVE-2020-7069: Information
Description
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
php7 | p10 | 7.4.11-alt1 | 7.4.33-alt1 | ALT-PU-2020-2960-1 | 259376 | Fixed |
php7 | p9 | 7.3.23-alt1 | 7.3.33-alt1 | ALT-PU-2020-3009-1 | 259362 | Fixed |
php7 | p8 | 7.2.34-alt1 | 7.2.34-alt1 | ALT-PU-2020-3039-1 | 259367 | Fixed |
php7 | c10f1 | 7.4.11-alt1 | 7.4.33-alt1 | ALT-PU-2020-2960-1 | 259376 | Fixed |
php7 | c9f2 | 7.3.31-alt1 | 7.4.33-alt1 | ALT-PU-2021-3079-1 | 287613 | Fixed |
php7-curl | p8 | 7.2.34-alt1 | 7.2.34-alt1 | ALT-PU-2020-3040-1 | 259367 | Fixed |
php7-gd | p8 | 7.2.34-alt1.1 | 7.2.34-alt1.1 | ALT-PU-2020-3041-1 | 259367 | Fixed |
php7-intl | p8 | 7.2.34-alt1 | 7.2.34-alt1 | ALT-PU-2020-3047-1 | 259367 | Fixed |
php7-opcache | p8 | 7.2.34-alt1.1 | 7.2.34-alt1.1 | ALT-PU-2020-3048-1 | 259367 | Fixed |
php7-openssl | p8 | 7.2.34-alt1.1 | 7.2.34-alt1.1 | ALT-PU-2020-3042-1 | 259367 | Fixed |
php7-pdo_mysql | p8 | 7.2.34-alt1 | 7.2.34-alt1 | ALT-PU-2020-3043-1 | 259367 | Fixed |
php7-pgsql | p8 | 7.2.34-alt1.2 | 7.2.34-alt1.2 | ALT-PU-2020-3044-1 | 259367 | Fixed |
php7-tidy | p8 | 7.2.34-alt1 | 7.2.34-alt1 | ALT-PU-2020-3050-1 | 259367 | Fixed |
php7-xmlrpc | p8 | 7.2.34-alt1 | 7.2.34-alt1 | ALT-PU-2020-3049-1 | 259367 | Fixed |
php7-xsl | p8 | 7.2.34-alt1 | 7.2.34-alt1 | ALT-PU-2020-3046-1 | 259367 | Fixed |
php7-zip | p8 | 7.2.34-alt1.1 | 7.2.34-alt1.1 | ALT-PU-2020-3045-1 | 259367 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://bugs.php.net/bug.php?id=79601 |
|
https://security.netapp.com/advisory/ntap-20201016-0001/ |
|
openSUSE-SU-2020:1703 |
|
USN-4583-1 |
|
openSUSE-SU-2020:1767 |
|
GLSA-202012-16 |
|
DSA-4856 |
|
https://www.oracle.com/security-alerts/cpuApr2021.html |
|
https://www.tenable.com/security/tns-2021-14 |
|
https://www.oracle.com/security-alerts/cpuoct2021.html |
|
FEDORA-2020-4573f0e03a | |
FEDORA-2020-4fe6b116e5 | |
FEDORA-2020-94763cb98b |