|
|
Log in / Subscribe / Register

Mageia alert MGASA-2021-0312 (php)



From:
              Mageia Updates <buildsystem-daemon@mageia.org>


To:
              updates-announce@ml.mageia.org


Subject:
              [updates-announce] MGASA-2021-0312: Updated php packages fix security vulnerabilities


Date:
              Sun, 04 Jul 2021 04:15:04 +0200


Message-ID:
              <20210704021504.223E1A013F@duvel.mageia.org>


Archive-link:
              Article


MGASA-2021-0312 - Updated php packages fix security vulnerabilities

Publication date: 04 Jul 2021
URL: https://advisories.mageia.org/MGASA-2021-0312.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2021-21704,
     CVE-2021-21705

Description:
Updated PHP packages fix security vulnerabilities:
- Fixed bug #81122: SSRF bypass in FILTER_VALIDATE_URL. (CVE-2021-21705)

PDO_Firebird:
- Fixed bug #76448: Stack buffer overflow in firebird_info_cb.
  (CVE-2021-21704)
- Fixed bug #76449: SIGSEGV in firebird_handle_doer. (CVE-2021-21704)
- Fixed bug #76450: SIGSEGV in firebird_stmt_execute. (CVE-2021-21704)
- Fixed bug #76452: Crash while parsing blob data in firebird_fetch_blob.
  (CVE-2021-21704)

References:
- https://bugs.mageia.org/show_bug.cgi?id=29197
- https://www.php.net/ChangeLog-7.php#7.3.29
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2...

SRPMS:
- 7/core/php-7.3.29-1.mga7
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds