Advisories

What Are You Looking For?

Popular Tags

Sign In

Forgot your password?

Not a Member Yet?

Become a full participant in the LinuxSecurity.com community of open source security experts - not just an onlooker.

Contribute

MGASA-2021-0330 - Updated php packages fix security vulnerabilities

Publication date: 10 Jul 2021
URL: https://advisories.mageia.org/MGASA-2021-0330.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2021-21704,
     CVE-2021-21705

Updated php packages provides upstream 8.0.8 and fixes the following
security vulnerabilities:

- PDO_Firebird:
  * Fix Stack buffer overflow in firebird_info_cb (CVE-2021-21704).
  * Fix SIGSEGV in firebird_handle_doer (CVE-2021-21704).
  * Fix SIGSEGV in firebird_stmt_execute (CVE-2021-21704).
  * Fix Crash while parsing blob data in firebird_fetch_blob
    (CVE-2021-21704)
- Fix SSRF bypass in FILTER_VALIDATE_URL (CVE-2021-21705).

For other fixes in this update, see the referenced Changelog.

References:
- https://bugs.mageia.org/show_bug.cgi?id=29094
- https://www.php.net/ChangeLog-8.php#8.0.8
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21704
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21705

SRPMS:
- 8/core/php-8.0.8-1.1.mga8

Mageia 2021-0330: php security update

Updated php packages provides upstream 8.0.8 and fixes the following security vulnerabilities: - PDO_Firebird: * Fix Stack buffer overflow in firebird_info_cb (CVE-2021-21704)

Summary

CVE: CVE-2021-21704, CVE-2021-21705 Updated php packages provides upstream 8.0.8 and fixes the following security vulnerabilities:
- PDO_Firebird: * Fix Stack buffer overflow in firebird_info_cb (CVE-2021-21704). * Fix SIGSEGV in firebird_handle_doer (CVE-2021-21704). * Fix SIGSEGV in firebird_stmt_execute (CVE-2021-21704). * Fix Crash while parsing blob data in firebird_fetch_blob (CVE-2021-21704) - Fix SSRF bypass in FILTER_VALIDATE_URL (CVE-2021-21705).
For other fixes in this update, see the referenced Changelog.

Resolution

MGASA-2021-0330 - Updated php packages fix security vulnerabilities

References

- https://bugs.mageia.org/show_bug.cgi?id=29094

- https://www.php.net/ChangeLog-8.php#8.0.8

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21704

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21705

Severity

Issued Date: 10 Jul 2021

URL: https://advisories.mageia.org/MGASA-2021-0330.html

Type: security

Affected Mageia releases: 8

News

Advisories

HOWTOs

About Us

Powered By

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.

Learn More

Advisories

What Are You Looking For?

Popular Tags

Mageia 2021-0330: php security update

Summary

Resolution

References

News

Advisories

HOWTOs

Features

CrowdSec v1.1.x Is Out! Here's What's New & How To Get Started

Open Source is Revolutionizing Careers in Cybersecurity - What You Need to Know

Black Hat USA & DEFCON 2021 Coverage on LinuxSecurity: What You Need to Know

TLS Email Encryption Explained - How To Encrypt Email with TLS

Keeping Your System Secure is Easier than Ever with LinuxSecurity Customized Advisories!

About Us

Powered By