Advisories ยป MGASA-2021-0330

Updated php packages fix security vulnerabilities

Publication date: 10 Jul 2021
Type: security
Affected Mageia releases : 8
CVE: CVE-2021-21704 , CVE-2021-21705

Description

Updated php packages provides upstream 8.0.8 and fixes the following
security vulnerabilities:

- PDO_Firebird:
  * Fix Stack buffer overflow in firebird_info_cb (CVE-2021-21704).
  * Fix SIGSEGV in firebird_handle_doer (CVE-2021-21704).
  * Fix SIGSEGV in firebird_stmt_execute (CVE-2021-21704).
  * Fix Crash while parsing blob data in firebird_fetch_blob
    (CVE-2021-21704)
- Fix SSRF bypass in FILTER_VALIDATE_URL (CVE-2021-21705).

For other fixes in this update, see the referenced Changelog.
                

References

SRPMS

8/core