[ubuntu/focal-security] php7.4 7.4.3-4ubuntu2.10 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Thu Mar 3 13:53:18 UTC 2022


php7.4 (7.4.3-4ubuntu2.10) focal-security; urgency=medium

  * SECURITY UPDATE: DoS in zend_string_extend function
    - debian/patches/CVE-2017-8923.patch: fix integer Overflow when
      concatenating strings in Zend/zend_vm_def.h, Zend/zend_vm_execute.h.
    - CVE-2017-8923
  * SECURITY UPDATE: out of bounds access in php_pcre_replace_impl
    - debian/patches/CVE-2017-9118-pre1.patch: fix heap buffer overflow via
      str_repeat in Zend/zend_operators.c, Zend/zend_string.h.
    - debian/patches/CVE-2017-9118-pre2.patch: fix memory corruption in
      preg_replace/preg_replace_callback in ext/pcre/php_pcre.c,
      ext/pcre/tests/bug79188.phpt.
    - debian/patches/CVE-2017-9118-pre3.patch: fix too much memory is
      allocated for preg_replace() in ext/pcre/php_pcre.c,
      ext/pcre/tests/bug81243.phpt.
    - debian/patches/CVE-2017-9118.patch: fix out of bounds in
      php_pcre_replace_impl in Zend/zend_string.h, ext/pcre/php_pcre.c.
    - CVE-2017-9118
  * SECURITY UPDATE: DoS via memory consumption in i_zval_ptr_dtor
    - debian/patches/CVE-2017-9119.patch: handle memory limit error during
      string reallocation correctly in Zend/zend_string.h.
    - CVE-2017-9119
  * SECURITY UPDATE: DoS via integer overflow in mysqli_real_escape_string
    - debian/patches/CVE-2017-9120.patch: fix overflow in
      ext/mysqli/mysqli_api.c.
    - CVE-2017-9120
  * SECURITY UPDATE: filename truncation issue in XML parsing functions
    - debian/patches/CVE-2021-21707.patch: special character is breaking
      the path in xml function in ext/dom/domimplementation.c,
      ext/dom/tests/bug79971_2.phpt, ext/libxml/libxml.c,
      ext/simplexml/tests/bug79971_1.phpt,
      ext/simplexml/tests/bug79971_1.xml.
    - CVE-2021-21707

Date: 2022-03-02 19:30:10.378805+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu2.10
-------------- next part --------------
Sorry, changesfile not available.


More information about the Focal-changes mailing list