Package "php7.4-gd"
Name: |
php7.4-gd
|
Description: |
GD module for PHP
|
Latest version: |
7.4.3-4ubuntu2.20 |
Release: |
focal (20.04) |
Level: |
security |
Repository: |
main |
Head package: |
php7.4 |
Homepage: |
http://www.php.net/ |
Links
Download "php7.4-gd"
Other versions of "php7.4-gd" in Focal
Changelog
php7.4 (7.4.3-4ubuntu2.12) focal-security; urgency=medium
* SECURITY UPDATE: RCE via Uninitialized array in pg_query_params()
- debian/patches/CVE-2022-31625.patch: don't free parameters which
haven't initialized yet in ext/pgsql/pgsql.c,
ext/pgsql/tests/bug81720.phpt.
- CVE-2022-31625
* SECURITY UPDATE: RCE via mysqlnd/pdo password buffer overflow
- debian/patches/CVE-20022-31626.patch: properly calculate size in
ext/mysqlnd/mysqlnd_wireprotocol.c.
- CVE-2022-31626
-- Marc Deslauriers <email address hidden> Mon, 13 Jun 2022 09:43:30 -0400
|
Source diff to previous version |
php7.4 (7.4.3-4ubuntu2.10) focal-security; urgency=medium
* SECURITY UPDATE: DoS in zend_string_extend function
- debian/patches/CVE-2017-8923.patch: fix integer Overflow when
concatenating strings in Zend/zend_vm_def.h, Zend/zend_vm_execute.h.
- CVE-2017-8923
* SECURITY UPDATE: out of bounds access in php_pcre_replace_impl
- debian/patches/CVE-2017-9118-pre1.patch: fix heap buffer overflow via
str_repeat in Zend/zend_operators.c, Zend/zend_string.h.
- debian/patches/CVE-2017-9118-pre2.patch: fix memory corruption in
preg_replace/preg_replace_callback in ext/pcre/php_pcre.c,
ext/pcre/tests/bug79188.phpt.
- debian/patches/CVE-2017-9118-pre3.patch: fix too much memory is
allocated for preg_replace() in ext/pcre/php_pcre.c,
ext/pcre/tests/bug81243.phpt.
- debian/patches/CVE-2017-9118.patch: fix out of bounds in
php_pcre_replace_impl in Zend/zend_string.h, ext/pcre/php_pcre.c.
- CVE-2017-9118
* SECURITY UPDATE: DoS via memory consumption in i_zval_ptr_dtor
- debian/patches/CVE-2017-9119.patch: handle memory limit error during
string reallocation correctly in Zend/zend_string.h.
- CVE-2017-9119
* SECURITY UPDATE: DoS via integer overflow in mysqli_real_escape_string
- debian/patches/CVE-2017-9120.patch: fix overflow in
ext/mysqli/mysqli_api.c.
- CVE-2017-9120
* SECURITY UPDATE: filename truncation issue in XML parsing functions
- debian/patches/CVE-2021-21707.patch: special character is breaking
the path in xml function in ext/dom/domimplementation.c,
ext/dom/tests/bug79971_2.phpt, ext/libxml/libxml.c,
ext/simplexml/tests/bug79971_1.phpt,
ext/simplexml/tests/bug79971_1.xml.
- CVE-2021-21707
-- Marc Deslauriers <email address hidden> Wed, 02 Mar 2022 10:36:52 -0500
|
Source diff to previous version |
CVE-2017-8923 |
The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative lengt |
CVE-2017-9118 |
PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call. |
CVE-2017-9119 |
The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application |
CVE-2017-9120 |
PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other |
CVE-2021-21707 |
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode |
|
php7.4 (7.4.3-4ubuntu2.9) focal-security; urgency=medium
* SECURITY UPDATE: Use after free
- debian/patches/CVE-2021-21708.patch: change the call to
zval_ptr_dtor in ext/filter/logical_filters.c to be done
after a validation is succeeded, and add a test for this
case in ext/filter/tests/bug81708.phpt
- CVE-2021-21708
-- Rodrigo Figueiredo Zaiden <email address hidden> Thu, 24 Feb 2022 11:55:48 -0300
|
Source diff to previous version |
php7.4 (7.4.3-4ubuntu2.7) focal-security; urgency=medium
* SECURITY UPDATE: Out of bounds read/write
- debian/patches/CVE-2021-21703.patch: The main change is to
store scoreboard procs directly to the variable sized
array rather than indirectly through the pointer in
sapi/fpm/fpm/fpm_children.c, sapi/fpm/fpm/fpm_request.c,
sapi/fpm/fpm/fpm_scoreboard.c, sapi/fpm/fpm/fpm_scoreboard.h,
sapi/fpm/fpm/fpm_status.c, sapi/fpm/fpm/fpm_worker_pool.c.
- CVE-2021-21703
-- Leonidas Da Silva Barbosa <email address hidden> Mon, 25 Oct 2021 15:20:54 -0300
|
Source diff to previous version |
CVE-2021-21703 |
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process r |
|
php7.4 (7.4.3-4ubuntu2.5) focal-security; urgency=medium
* SECURITY UPDATE: crash or info disclosure via PHAR zip file
- debian/patches/CVE-2020-7068.patch: fix use after free in
ext/phar/zip.c.
- CVE-2020-7068
* SECURITY UPDATE: incorrect URL validation
- debian/patches/CVE-2020-7071-1.patch: make sure userinfo is valid
according to RFC 3986 in ext/filter/tests/bug77423.phpt,
ext/standard/url.c.
- debian/patches/CVE-2020-7071-2.patch: revert previous fix and use a
better one in ext/filter/logical_filters.c,
ext/filter/tests/bug77423.phpt, ext/standard/url.c.
- debian/patches/CVE-2020-7071-3.patch: remove unneeded function in
ext/standard/url.c.
- CVE-2020-7071
* SECURITY UPDATE: crash via malformed XML data in SOAP extension
- debian/patches/CVE-2021-21702-1.patch: check strings in
ext/soap/php_sdl.c, ext/soap/php_xml.c, ext/soap/tests/bug80672.phpt,
ext/soap/tests/bug80672.xml.
- debian/patches/CVE-2021-21702-2.patch: fix compiler warning in
ext/soap/php_sdl.c.
- CVE-2021-21702
* SECURITY UPDATE: multiple issues in the pdo_firebase module
- debian/patches/CVE-2021-21704-1.patch: prevent overflow in
ext/pdo_firebird/firebird_statement.c.
- debian/patches/CVE-2021-21704-2.patch: verify result_size in
ext/pdo_firebird/firebird_statement.c.
- debian/patches/CVE-2021-21704-3.patch: verify result_size in
ext/pdo_firebird/firebird_driver.c.
- debian/patches/CVE-2021-21704-4.patch: don't overflow stack in
ext/pdo_firebird/firebird_driver.c.
- CVE-2021-21704
* SECURITY UPDATE: SSRF bypass
- debian/patches/CVE-2021-21705.patch: check password in
ext/filter/logical_filters.c, ext/filter/tests/bug81122.phpt.
- debian/patches/CVE-2021-21705-2.patch: fix compiler warning in
ext/filter/logical_filters.c.
- CVE-2021-21705
-- Marc Deslauriers <email address hidden> Mon, 05 Jul 2021 11:13:35 -0400
|
CVE-2020-7068 |
In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile co |
CVE-2020-7071 |
In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP |
CVE-2021-21702 |
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP |
CVE-2021-21704 |
PHP: firebird issues |
CVE-2021-21705 |
PHP: SSRF bypass in FILTER_VALIDATE_URL |
|
About
-
Send Feedback to @ubuntu_updates