Advisory: CLSA-2022:1646085834
OS: Ubuntu 16.04 ELS
Public date: 2022-02-28 00:00:00
Project: php
Version: 7.0.33-0ubuntu0.16.04.17+tuxcare.els2
Errata link: https://errata.cloudlinux.com/ubuntu16-els/CLSA-2022-1646085834.html
* SECURITY UPDATE: Denial of service - debian/patches/CVE-2015-9253-pre1.patch: include .inc files used in fpm tests in sapi/fpm/tests/ alogin with other .phpt test scripts. - debian/patches/CVE-2015-9253-pre2.patch: close the listening socket on sapi/fpm/fpm/fpm_signals.c and added tests in sapi/fpm/tests/bug77934-reload-process-control.phpt. - debian/patches/CVE-2015-9253.patch: directly listen on socket, instead of dumping it to STDIN in sapi/fpm/fpm/fpm_children.c, sapi/fpm/fpm_stdio.c, and added tests in sapi/fpm/tests/bug73342-nonblocking-stdio.phpt. - CVE-2015-9253 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2017-8923-pre.patch: added ZSTR_MAX_LEN macro in Zend/zend_string.h and make use of it in Zend/zend_operators.c instead of using SIZE_MAX. - debian/patches/CVE-2017-8923.patch: added a length check before calling zend_string_realloc method in Zend/zend_vm_def.h and Zend/zend_vm_execute.h. - CVE-2017-8923 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2017-9118.patch: added ZSTR_MAX_OVERHEAD macro in Zend/zend_string.h that has the the maximal overhead of a zend_string and uses it in ext/pcre/php_pcre.c to assign a zend_string length value. - CVE-2017-9118 * SECURITY UPDATE: Use after free - debian/patches/CVE-2017-9119.patch: changed the decrement of refcount to be made once the string allocation has succeeded in Zend/zend_string.h. - CVE-2017-9119 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2017-9120.patch: changed the string allocation from zend_string_alloc to zend_string_safe_alloc in ext/mysqli/mysqli_api.c. - CVE-2017-9120 * SECURITY UDPATE: Improper handling of special characters - debian/patches/CVE-2021-21707.patch: added a string validation to check for improper characters in ext/dom/domimplementation.c and in ext/libxml/libxml.c and added tests in ext/simplexml/tests/bug79971_1.phpt and ext/dom/tests/bug79971_2.phpt. - CVE-2021-21707
Update command: apt-get update apt-get --only-upgrade install php*
libapache2-mod-php7.0_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb libphp7.0-embed_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb php7.0_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_all.deb php7.0-bcmath_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb php7.0-bz2_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb php7.0-cgi_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb php7.0-cli_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb php7.0-common_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb php7.0-curl_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb php7.0-dba_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb php7.0-dev_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb php7.0-enchant_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb php7.0-fpm_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb php7.0-gd_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb php7.0-gmp_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb php7.0-imap_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb php7.0-interbase_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb php7.0-intl_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb php7.0-json_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb php7.0-ldap_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb php7.0-mbstring_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb php7.0-mcrypt_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb php7.0-mysql_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb php7.0-odbc_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb php7.0-opcache_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb php7.0-pgsql_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb php7.0-phpdbg_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb php7.0-pspell_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb php7.0-readline_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb php7.0-recode_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb php7.0-snmp_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb php7.0-soap_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb php7.0-sqlite3_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb php7.0-sybase_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb php7.0-tidy_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb php7.0-xml_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb php7.0-xmlrpc_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb php7.0-xsl_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_all.deb php7.0-zip_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb