UbuntuUpdates.org

Package "php8.0-opcache"

Name: php8.0-opcache

Description:

Zend OpCache module for PHP
Latest version: 8.0.8-1ubuntu0.3
Release: impish (21.10)
Level: security
Repository: main
Head package: php8.0
Homepage: http://www.php.net/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "php8.0-opcache"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "php8.0-opcache" in Impish

Repository Area Version
updates main 8.0.8-1ubuntu0.3

Changelog

Version: 8.0.8-1ubuntu0.3 2022-03-07 14:06:28 UTC

  php8.0 (8.0.8-1ubuntu0.3) impish-security; urgency=medium

  * SECURITY UPDATE: DoS in zend_string_extend function
    - debian/patches/CVE-2017-8923.patch: fix integer Overflow when
      concatenating strings in Zend/zend_vm_def.h, Zend/zend_vm_execute.h.
    - CVE-2017-8923
  * SECURITY UPDATE: out of bounds access in php_pcre_replace_impl
    - debian/patches/CVE-2017-9118-pre1.patch: fix heap buffer overflow via
      str_repeat in Zend/zend_operators.c, Zend/zend_string.h.
    - debian/patches/CVE-2017-9118-pre3.patch: fix too much memory is
      allocated for preg_replace() in ext/pcre/php_pcre.c,
      ext/pcre/tests/bug81243.phpt.
    - debian/patches/CVE-2017-9118.patch: fix out of bounds in
      php_pcre_replace_impl in Zend/zend_string.h, ext/pcre/php_pcre.c.
    - CVE-2017-9118
  * SECURITY UPDATE: DoS via integer overflow in mysqli_real_escape_string
    - debian/patches/CVE-2017-9120.patch: fix overflow in
      ext/mysqli/mysqli_api.c.
    - CVE-2017-9120
  * SECURITY UPDATE: filename truncation issue in XML parsing functions
    - debian/patches/CVE-2021-21707.patch: special character is breaking
      the path in xml function in ext/dom/domimplementation.c,
      ext/dom/tests/bug79971_2.phpt, ext/libxml/libxml.c,
      ext/simplexml/tests/bug79971_1.phpt,
      ext/simplexml/tests/bug79971_1.xml.
    - CVE-2021-21707

 -- Marc Deslauriers <email address hidden> Thu, 03 Mar 2022 09:51:53 -0500
Source diff to previous version
CVE-2017-8923 The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative lengt
CVE-2017-9118 PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.
CVE-2017-9120 PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other
CVE-2021-21707 In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode

Version: 8.0.8-1ubuntu0.2 2022-02-28 14:07:17 UTC

  php8.0 (8.0.8-1ubuntu0.2) impish-security; urgency=medium

  * SECURITY UPDATE: Use after free
    - debian/patches/CVE-2021-21708.patch: change the call to
      zval_ptr_dtor in ext/filter/logical_filters.c to be done
      after a validation is succeeded, and add a test for this
      case in ext/filter/tests/bug81708.phpt
    - CVE-2021-21708

 -- Rodrigo Figueiredo Zaiden <email address hidden> Thu, 24 Feb 2022 12:03:09 -0300
Source diff to previous version

Version: 8.0.8-1ubuntu0.1 2021-10-28 00:06:31 UTC

  php8.0 (8.0.8-1ubuntu0.1) impish-security; urgency=medium

  * SECURITY UPDATE: Out of bounds read/write
    - debian/patches/CVE-2021-21703.patch: The main change is to
      store scoreboard procs directly to the variable sized
      array rather than indirectly through the pointer in
      sapi/fpm/fpm/fpm_children.c, sapi/fpm/fpm/fpm_request.c,
      sapi/fpm/fpm/fpm_scoreboard.c, sapi/fpm/fpm/fpm_scoreboard.h,
      sapi/fpm/fpm/fpm_status.c, sapi/fpm/fpm/fpm_worker_pool.c.
    - CVE-2021-21703

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 26 Oct 2021 08:42:42 -0300
CVE-2021-21703 In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process r


About   -   Send Feedback to @ubuntu_updates