OPENSUSE-SU-2020:1767-1
Advisory lineage Upstream: 2 Downstream: 0
Upstream
Published: 29 Oct 2020, 17:23
Last modified:04 Feb 2026, 02:57
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
29 Oct 2020, 17:23
Published
Vulnerability first disclosed
04 Feb 2026, 02:57
Last Modified
Vulnerability information updated
Description
Security update for php7 This update for php7 fixes the following issues: - CVE-2020-7069: Fixed an issue when AES-CCM mode was used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV was used (bsc#1177351). - CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to overwrite existing prefixed cookie names (bsc#1177352). - Added tmpfiles.d for php-fpm to provide a base for a socket (bsc#1173786) This update was imported from the SUSE:SLE-15:Update update project.
Affected Systems
- opensuse•php7-test&distro=openSUSE Leap 15.1
< 7.2.5-lp151.6.36.7
- opensuse•php7&distro=openSUSE Leap 15.1
< 7.2.5-lp151.6.36.7
References (6)
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TQG2SBPQEPGAA3GOJALR6TIDULOGA2OE/
- https://bugzilla.suse.com/1173786
- https://bugzilla.suse.com/1177351
- https://bugzilla.suse.com/1177352
- https://www.suse.com/security/cve/CVE-2020-7069
- https://www.suse.com/security/cve/CVE-2020-7070