UbuntuUpdates.org

Package "php7.4"

Name: php7.4

Description:

server-side, HTML-embedded scripting language (metapackage)

Latest version: 7.4.16-1ubuntu2.2
Release: hirsute (21.04)
Level: security
Repository: main
Homepage: http://www.php.net/

Links


Download "php7.4"


Other versions of "php7.4" in Hirsute

Repository Area Version
base main 7.4.16-1ubuntu2
base universe 7.4.16-1ubuntu2
security universe 7.4.16-1ubuntu2.2
updates main 7.4.16-1ubuntu2.2
updates universe 7.4.16-1ubuntu2.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 7.4.16-1ubuntu2.2 2021-10-28 00:06:28 UTC

  php7.4 (7.4.16-1ubuntu2.2) hirsute-security; urgency=medium

  * SECURITY UPDATE: Out of bounds read/write
    - debian/patches/CVE-2021-21703.patch: The main change is to
      store scoreboard procs directly to the variable sized
      array rather than indirectly through the pointer in
      sapi/fpm/fpm/fpm_children.c, sapi/fpm/fpm/fpm_request.c,
      sapi/fpm/fpm/fpm_scoreboard.c, sapi/fpm/fpm/fpm_scoreboard.h,
      sapi/fpm/fpm/fpm_status.c, sapi/fpm/fpm/fpm_worker_pool.c.
    - CVE-2021-21703

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 26 Oct 2021 13:46:20 -0300

Source diff to previous version
CVE-2021-21703 In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process r

Version: 7.4.16-1ubuntu2.1 2021-07-07 14:06:31 UTC

  php7.4 (7.4.16-1ubuntu2.1) hirsute-security; urgency=medium

  * SECURITY UPDATE: multiple issues in the pdo_firebase module
    - debian/patches/CVE-2021-21704-1.patch: prevent overflow in
      ext/pdo_firebird/firebird_statement.c.
    - debian/patches/CVE-2021-21704-2.patch: verify result_size in
      ext/pdo_firebird/firebird_statement.c.
    - debian/patches/CVE-2021-21704-3.patch: verify result_size in
      ext/pdo_firebird/firebird_driver.c.
    - debian/patches/CVE-2021-21704-4.patch: don't overflow stack in
      ext/pdo_firebird/firebird_driver.c.
    - CVE-2021-21704
  * SECURITY UPDATE: SSRF bypass
    - debian/patches/CVE-2021-21705.patch: check password in
      ext/filter/logical_filters.c, ext/filter/tests/bug81122.phpt.
    - debian/patches/CVE-2021-21705-2.patch: fix compiler warning in
      ext/filter/logical_filters.c.
    - CVE-2021-21705

 -- Marc Deslauriers <email address hidden> Mon, 05 Jul 2021 09:04:38 -0400

CVE-2021-21704 PHP: firebird issues
CVE-2021-21705 PHP: SSRF bypass in FILTER_VALIDATE_URL



About   -   Send Feedback to @ubuntu_updates