Release Info

Advisory: CLSA-2021:1639681846

OS: Ubuntu 16.04 ELS

Public date: 2021-12-16 00:00:00

Project: php

Version: 7.0.33-0ubuntu0.16.04.17

Errata link: https://errata.cloudlinux.com/ubuntu16-els/CLSA-2021-1639681846.html

Changelog

* SECURITY UPDATE: Process crash and information disclosure - debian/patches/CVE-2020-7068.patch: fix access-after-free for actual_alias pointer - CVE-2020-7068 * SECURITY UPDATE: logic error due to invalid input validation - debian/patches/CVE-2020-7071.patch: add validation fo url->user field - CVE-2020-7071 * SECURITY UPDATE: program crash due to null pointer dereference - debian/patches/CVE-2021-21702.patch: pass empty string instead for NULL pointers to soap_error1(). Check NULL pointer in attr_is_equal_ex() and node_is_equal_ex() - CVE-2021-21702 * SECURITY UPDATE: integer overflow and subsequent incorrect buffer allocation - debian/patches/CVE-2021-21704.patch: add checks that prevent the overflow, replace strcat() with more secure strlcat() - CVE-2021-21704 * SECURITY UPDATE: logic error due to incorrect input validation - debian/patches/CVE-2021-21705.patch: fix validation of url password with FILTER_VALIDATE_URL parameter, - CVE-2021-21705 * SECURITY UPDATE: priv escalation due to shared memory between worker processes - debian/patches/CVE-2021-21703.patch: change scoreboard->proc type to array of structs and use scoreboard->nprocs only in child processes - CVE-2021-21703

Update

Packages list

libapache2-mod-php7.0_7.0.33-0ubuntu0.16.04.17_amd64.deb libphp7.0-embed_7.0.33-0ubuntu0.16.04.17_amd64.deb php7.0_7.0.33-0ubuntu0.16.04.17_all.deb php7.0-bcmath_7.0.33-0ubuntu0.16.04.17_amd64.deb php7.0-bz2_7.0.33-0ubuntu0.16.04.17_amd64.deb php7.0-cgi_7.0.33-0ubuntu0.16.04.17_amd64.deb php7.0-cli_7.0.33-0ubuntu0.16.04.17_amd64.deb php7.0-common_7.0.33-0ubuntu0.16.04.17_amd64.deb php7.0-curl_7.0.33-0ubuntu0.16.04.17_amd64.deb php7.0-dba_7.0.33-0ubuntu0.16.04.17_amd64.deb php7.0-dev_7.0.33-0ubuntu0.16.04.17_amd64.deb php7.0-enchant_7.0.33-0ubuntu0.16.04.17_amd64.deb php7.0-fpm_7.0.33-0ubuntu0.16.04.17_amd64.deb php7.0-gd_7.0.33-0ubuntu0.16.04.17_amd64.deb php7.0-gmp_7.0.33-0ubuntu0.16.04.17_amd64.deb php7.0-imap_7.0.33-0ubuntu0.16.04.17_amd64.deb php7.0-interbase_7.0.33-0ubuntu0.16.04.17_amd64.deb php7.0-intl_7.0.33-0ubuntu0.16.04.17_amd64.deb php7.0-json_7.0.33-0ubuntu0.16.04.17_amd64.deb php7.0-ldap_7.0.33-0ubuntu0.16.04.17_amd64.deb php7.0-mbstring_7.0.33-0ubuntu0.16.04.17_amd64.deb php7.0-mcrypt_7.0.33-0ubuntu0.16.04.17_amd64.deb php7.0-mysql_7.0.33-0ubuntu0.16.04.17_amd64.deb php7.0-odbc_7.0.33-0ubuntu0.16.04.17_amd64.deb php7.0-opcache_7.0.33-0ubuntu0.16.04.17_amd64.deb php7.0-pgsql_7.0.33-0ubuntu0.16.04.17_amd64.deb php7.0-phpdbg_7.0.33-0ubuntu0.16.04.17_amd64.deb php7.0-pspell_7.0.33-0ubuntu0.16.04.17_amd64.deb php7.0-readline_7.0.33-0ubuntu0.16.04.17_amd64.deb php7.0-recode_7.0.33-0ubuntu0.16.04.17_amd64.deb php7.0-snmp_7.0.33-0ubuntu0.16.04.17_amd64.deb php7.0-soap_7.0.33-0ubuntu0.16.04.17_amd64.deb php7.0-sqlite3_7.0.33-0ubuntu0.16.04.17_amd64.deb php7.0-sybase_7.0.33-0ubuntu0.16.04.17_amd64.deb php7.0-tidy_7.0.33-0ubuntu0.16.04.17_amd64.deb php7.0-xml_7.0.33-0ubuntu0.16.04.17_amd64.deb php7.0-xmlrpc_7.0.33-0ubuntu0.16.04.17_amd64.deb php7.0-xsl_7.0.33-0ubuntu0.16.04.17_all.deb php7.0-zip_7.0.33-0ubuntu0.16.04.17_amd64.deb

CVEs

CVE-2021-21702
CVE-2020-7068
CVE-2021-21705
CVE-2020-7071
CVE-2021-21703
CVE-2021-21704