Advisories » MGASA-2021-0312

Updated php packages fix security vulnerabilities

Publication date: 04 Jul 2021
Modification date: 04 Jul 2021
Type: security
Affected Mageia releases : 7
CVE: CVE-2021-21704 , CVE-2021-21705

Description

Updated PHP packages fix security vulnerabilities:
- Fixed bug #81122: SSRF bypass in FILTER_VALIDATE_URL. (CVE-2021-21705)

PDO_Firebird:
- Fixed bug #76448: Stack buffer overflow in firebird_info_cb.
  (CVE-2021-21704)
- Fixed bug #76449: SIGSEGV in firebird_handle_doer. (CVE-2021-21704)
- Fixed bug #76450: SIGSEGV in firebird_stmt_execute. (CVE-2021-21704)
- Fixed bug #76452: Crash while parsing blob data in firebird_fetch_blob.
  (CVE-2021-21704)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=29197
• https://www.php.net/ChangeLog-7.php#7.3.29
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21704
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21705

SRPMS

7/core

• php-7.3.29-1.mga7