Mageia 2021-0330: php security update
Summary
Updated php packages provides upstream 8.0.8 and fixes the following
security vulnerabilities:
- PDO_Firebird:
* Fix Stack buffer overflow in firebird_info_cb (CVE-2021-21704).
* Fix SIGSEGV in firebird_handle_doer (CVE-2021-21704).
* Fix SIGSEGV in firebird_stmt_execute (CVE-2021-21704).
* Fix Crash while parsing blob data in firebird_fetch_blob
(CVE-2021-21704)
- Fix SSRF bypass in FILTER_VALIDATE_URL (CVE-2021-21705).
For other fixes in this update, see the referenced Changelog.
References
- https://bugs.mageia.org/show_bug.cgi?id=29094
- https://www.php.net/ChangeLog-8.php#8.0.8
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21704
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21705
Resolution
MGASA-2021-0330 - Updated php packages fix security vulnerabilities
SRPMS
- 8/core/php-8.0.8-1.1.mga8