Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2022:7628

Опубликовано: 08 нояб. 2022
Источник: rocky
Оценка: Moderate

Описание

Moderate: php:7.4 security, bug fix, and enhancement update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

The following packages have been upgraded to a later upstream version: php (7.4.30), php-pear (1.10.13). (BZ#2055422)

Security Fix(es):

  • php: Special character breaks path in xml parsing (CVE-2021-21707)

  • php: Use after free due to php_filter_float() failing for ints (CVE-2021-21708)

  • php-pear: Directory traversal vulnerability (CVE-2021-32610)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
apcu-panelnoarch1.module+el8.6.0+789+2130c178apcu-panel-5.1.18-1.module+el8.6.0+789+2130c178.noarch.rpm
libzipx86_641.module+el8.6.0+789+2130c178libzip-1.6.1-1.module+el8.6.0+789+2130c178.x86_64.rpm
libzip-develx86_641.module+el8.6.0+789+2130c178libzip-devel-1.6.1-1.module+el8.6.0+789+2130c178.x86_64.rpm
libzip-toolsx86_641.module+el8.6.0+789+2130c178libzip-tools-1.6.1-1.module+el8.6.0+789+2130c178.x86_64.rpm
phpx86_641.module+el8.7.0+1067+0a7071ccphp-7.4.30-1.module+el8.7.0+1067+0a7071cc.x86_64.rpm
php-bcmathx86_641.module+el8.7.0+1067+0a7071ccphp-bcmath-7.4.30-1.module+el8.7.0+1067+0a7071cc.x86_64.rpm
php-clix86_641.module+el8.7.0+1067+0a7071ccphp-cli-7.4.30-1.module+el8.7.0+1067+0a7071cc.x86_64.rpm
php-commonx86_641.module+el8.7.0+1067+0a7071ccphp-common-7.4.30-1.module+el8.7.0+1067+0a7071cc.x86_64.rpm
php-dbax86_641.module+el8.7.0+1067+0a7071ccphp-dba-7.4.30-1.module+el8.7.0+1067+0a7071cc.x86_64.rpm
php-dbgx86_641.module+el8.7.0+1067+0a7071ccphp-dbg-7.4.30-1.module+el8.7.0+1067+0a7071cc.x86_64.rpm

Показывать по

Связанные CVE

CVE-2021-21707
CVE-2021-21708
CVE-2021-32610

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2022-7628

oracle-oval
больше 2 лет назад

ELSA-2022-7628: php:7.4 security, bug fix, and enhancement update (MODERATE)

ubuntu логотип

CVE-2021-21707

CVSS3: 5.3
ubuntu
больше 3 лет назад

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.

redhat логотип

CVE-2021-21707

CVSS3: 5.3
redhat
больше 3 лет назад

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.

nvd логотип

CVE-2021-21707

CVSS3: 5.3
nvd
больше 3 лет назад

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.

debian логотип

CVE-2021-21707

CVSS3: 5.3
debian
больше 3 лет назад

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below ...