[ubuntu/focal-security] php7.4 7.4.3-4ubuntu2.10 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Thu Mar 3 13:53:18 UTC 2022
php7.4 (7.4.3-4ubuntu2.10) focal-security; urgency=medium
* SECURITY UPDATE: DoS in zend_string_extend function
- debian/patches/CVE-2017-8923.patch: fix integer Overflow when
concatenating strings in Zend/zend_vm_def.h, Zend/zend_vm_execute.h.
- CVE-2017-8923
* SECURITY UPDATE: out of bounds access in php_pcre_replace_impl
- debian/patches/CVE-2017-9118-pre1.patch: fix heap buffer overflow via
str_repeat in Zend/zend_operators.c, Zend/zend_string.h.
- debian/patches/CVE-2017-9118-pre2.patch: fix memory corruption in
preg_replace/preg_replace_callback in ext/pcre/php_pcre.c,
ext/pcre/tests/bug79188.phpt.
- debian/patches/CVE-2017-9118-pre3.patch: fix too much memory is
allocated for preg_replace() in ext/pcre/php_pcre.c,
ext/pcre/tests/bug81243.phpt.
- debian/patches/CVE-2017-9118.patch: fix out of bounds in
php_pcre_replace_impl in Zend/zend_string.h, ext/pcre/php_pcre.c.
- CVE-2017-9118
* SECURITY UPDATE: DoS via memory consumption in i_zval_ptr_dtor
- debian/patches/CVE-2017-9119.patch: handle memory limit error during
string reallocation correctly in Zend/zend_string.h.
- CVE-2017-9119
* SECURITY UPDATE: DoS via integer overflow in mysqli_real_escape_string
- debian/patches/CVE-2017-9120.patch: fix overflow in
ext/mysqli/mysqli_api.c.
- CVE-2017-9120
* SECURITY UPDATE: filename truncation issue in XML parsing functions
- debian/patches/CVE-2021-21707.patch: special character is breaking
the path in xml function in ext/dom/domimplementation.c,
ext/dom/tests/bug79971_2.phpt, ext/libxml/libxml.c,
ext/simplexml/tests/bug79971_1.phpt,
ext/simplexml/tests/bug79971_1.xml.
- CVE-2021-21707
Date: 2022-03-02 19:30:10.378805+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu2.10
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list