Advisories

What Are You Looking For?

Popular Tags

MGASA-2021-0330 - Updated php packages fix security vulnerabilities

Publication date: 10 Jul 2021
URL: https://advisories.mageia.org/MGASA-2021-0330.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2021-21704,
     CVE-2021-21705

Updated php packages provides upstream 8.0.8 and fixes the following
security vulnerabilities:

- PDO_Firebird:
  * Fix Stack buffer overflow in firebird_info_cb (CVE-2021-21704).
  * Fix SIGSEGV in firebird_handle_doer (CVE-2021-21704).
  * Fix SIGSEGV in firebird_stmt_execute (CVE-2021-21704).
  * Fix Crash while parsing blob data in firebird_fetch_blob
    (CVE-2021-21704)
- Fix SSRF bypass in FILTER_VALIDATE_URL (CVE-2021-21705).

For other fixes in this update, see the referenced Changelog.

References:
- https://bugs.mageia.org/show_bug.cgi?id=29094
- https://www.php.net/ChangeLog-8.php#8.0.8
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21704
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21705

SRPMS:
- 8/core/php-8.0.8-1.1.mga8

Mageia 2021-0330: php security update

Updated php packages provides upstream 8.0.8 and fixes the following security vulnerabilities: - PDO_Firebird: * Fix Stack buffer overflow in firebird_info_cb (CVE-2021-21704)

Summary

CVE: CVE-2021-21704, CVE-2021-21705 Updated php packages provides upstream 8.0.8 and fixes the following security vulnerabilities:
- PDO_Firebird: * Fix Stack buffer overflow in firebird_info_cb (CVE-2021-21704). * Fix SIGSEGV in firebird_handle_doer (CVE-2021-21704). * Fix SIGSEGV in firebird_stmt_execute (CVE-2021-21704). * Fix Crash while parsing blob data in firebird_fetch_blob (CVE-2021-21704) - Fix SSRF bypass in FILTER_VALIDATE_URL (CVE-2021-21705).
For other fixes in this update, see the referenced Changelog.

Resolution

MGASA-2021-0330 - Updated php packages fix security vulnerabilities

References

- https://bugs.mageia.org/show_bug.cgi?id=29094

- https://www.php.net/ChangeLog-8.php#8.0.8

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21704

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21705

Severity

Issued Date: 10 Jul 2021

URL: https://advisories.mageia.org/MGASA-2021-0330.html

Type: security

Affected Mageia releases: 8

News

Advisories

HOWTOs

About Us

Powered By

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.

Learn More About Our Cookie Policy

Advisories

What Are You Looking For?

Popular Tags

Mageia 2021-0330: php security update

Summary

Resolution

References

News

Advisories

HOWTOs

Features

Leveraging the “Power of the Crowd” to Fight Cybercrime with a Unique, Collaborative Intrusion Prevention System

All You Need To Know About IT Security Audits and Its Importance

Time is running out for CentOS 8

Uptycs Lead Engineer Shares Top Tips for Securing the Enterprise

Anatomy of a Linux Ransomware Attack

About Us

Powered By

Advisories

What Are You Looking For?

Popular Tags

Sign In

Not a Member Yet?

Mageia 2021-0330: php security update

Summary

Resolution

References

News

Advisories

HOWTOs

Features

Leveraging the “Power of the Crowd” to Fight Cybercrime with a Unique, Collaborative Intrusion Prevention System

All You Need To Know About IT Security Audits and Its Importance

Time is running out for CentOS 8

Uptycs Lead Engineer Shares Top Tips for Securing the Enterprise

Anatomy of a Linux Ransomware Attack

About Us

Powered By