MGASA-2021-0330 - Updated php packages fix security vulnerabilities Publication date: 10 Jul 2021 URL: https://advisories.mageia.org/MGASA-2021-0330.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-21704, CVE-2021-21705 Updated php packages provides upstream 8.0.8 and fixes the following security vulnerabilities: - PDO_Firebird: * Fix Stack buffer overflow in firebird_info_cb (CVE-2021-21704). * Fix SIGSEGV in firebird_handle_doer (CVE-2021-21704). * Fix SIGSEGV in firebird_stmt_execute (CVE-2021-21704). * Fix Crash while parsing blob data in firebird_fetch_blob (CVE-2021-21704) - Fix SSRF bypass in FILTER_VALIDATE_URL (CVE-2021-21705). For other fixes in this update, see the referenced Changelog. References: - https://bugs.mageia.org/show_bug.cgi?id=29094 - https://www.php.net/ChangeLog-8.php#8.0.8 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21704 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21705 SRPMS: - 8/core/php-8.0.8-1.1.mga8