ALSA-2021:4213
- Source
- https://errata.almalinux.org/8/ALSA-2021-4213.html
- Import Source
- https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4213.json
- JSON Data
- https://api.osv.dev/v1/vulns/ALSA-2021:4213
- Related
- Published
- 2021-11-09T08:42:20Z
- Modified
- 2021-11-09T12:52:36Z
- Summary
- Moderate: php:7.4 security, bug fix, and enhancement update
- Details
-
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
The following packages have been upgraded to a later upstream version: php (7.4.19). (BZ#1944110)
Security Fix(es):
php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV (CVE-2020-7069)
php: FILTERVALIDATEURL accepts URLs with invalid userinfo (CVE-2020-7071)
php: Use of freed hash key in the pharparsezipfile function (CVE-2020-7068)
php: URL decoding of cookie names can lead to different interpretation of cookies between browser and server (CVE-2020-7070)
php: NULL pointer dereference in SoapClient (CVE-2021-21702)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
- References
Affected packages
AlmaLinux:8 / apcu-panel
Package
- Name
- apcu-panel
AlmaLinux:8 / libzip
Package
- Name
- libzip
AlmaLinux:8 / libzip-devel
Package
- Name
- libzip-devel
AlmaLinux:8 / libzip-tools
Package
- Name
- libzip-tools
AlmaLinux:8 / php
Package
- Name
- php
AlmaLinux:8 / php-bcmath
Package
- Name
- php-bcmath
AlmaLinux:8 / php-cli
Package
- Name
- php-cli
AlmaLinux:8 / php-common
Package
- Name
- php-common
AlmaLinux:8 / php-dba
Package
- Name
- php-dba
AlmaLinux:8 / php-dbg
Package
- Name
- php-dbg
AlmaLinux:8 / php-devel
Package
- Name
- php-devel
AlmaLinux:8 / php-embedded
Package
- Name
- php-embedded
AlmaLinux:8 / php-enchant
Package
- Name
- php-enchant
AlmaLinux:8 / php-ffi
Package
- Name
- php-ffi
AlmaLinux:8 / php-fpm
Package
- Name
- php-fpm
AlmaLinux:8 / php-gd
Package
- Name
- php-gd
AlmaLinux:8 / php-gmp
Package
- Name
- php-gmp
AlmaLinux:8 / php-intl
Package
- Name
- php-intl
AlmaLinux:8 / php-json
Package
- Name
- php-json
AlmaLinux:8 / php-ldap
Package
- Name
- php-ldap
AlmaLinux:8 / php-mbstring
Package
- Name
- php-mbstring
AlmaLinux:8 / php-mysqlnd
Package
- Name
- php-mysqlnd
AlmaLinux:8 / php-odbc
Package
- Name
- php-odbc
AlmaLinux:8 / php-opcache
Package
- Name
- php-opcache
AlmaLinux:8 / php-pdo
Package
- Name
- php-pdo
AlmaLinux:8 / php-pear
Package
- Name
- php-pear
AlmaLinux:8 / php-pecl-apcu
Package
- Name
- php-pecl-apcu
AlmaLinux:8 / php-pecl-apcu-devel
Package
- Name
- php-pecl-apcu-devel
AlmaLinux:8 / php-pecl-rrd
Package
- Name
- php-pecl-rrd
AlmaLinux:8 / php-pecl-rrd
Package
- Name
- php-pecl-rrd
AlmaLinux:8 / php-pecl-rrd
Package
- Name
- php-pecl-rrd
AlmaLinux:8 / php-pecl-xdebug
Package
- Name
- php-pecl-xdebug
AlmaLinux:8 / php-pecl-zip
Package
- Name
- php-pecl-zip
AlmaLinux:8 / php-pgsql
Package
- Name
- php-pgsql
AlmaLinux:8 / php-process
Package
- Name
- php-process
AlmaLinux:8 / php-snmp
Package
- Name
- php-snmp
AlmaLinux:8 / php-soap
Package
- Name
- php-soap
AlmaLinux:8 / php-xml
Package
- Name
- php-xml