[CLSA-2022:1646085834] Fix CVE(s): CVE-2017-9118, CVE-2017-9119, CVE-2017-9120, CVE-2021-21707, CVE-2017-8923, CVE-2015-9253
Type:
security
Severity:
moderate
Release date:
2022-02-28 22:03:54 UTC
Description:
* SECURITY UPDATE: Denial of service - debian/patches/CVE-2015-9253-pre1.patch: include .inc files used in fpm tests in sapi/fpm/tests/ alogin with other .phpt test scripts. - debian/patches/CVE-2015-9253-pre2.patch: close the listening socket on sapi/fpm/fpm/fpm_signals.c and added tests in sapi/fpm/tests/bug77934-reload-process-control.phpt. - debian/patches/CVE-2015-9253.patch: directly listen on socket, instead of dumping it to STDIN in sapi/fpm/fpm/fpm_children.c, sapi/fpm/fpm_stdio.c, and added tests in sapi/fpm/tests/bug73342-nonblocking-stdio.phpt. - CVE-2015-9253 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2017-8923-pre.patch: added ZSTR_MAX_LEN macro in Zend/zend_string.h and make use of it in Zend/zend_operators.c instead of using SIZE_MAX. - debian/patches/CVE-2017-8923.patch: added a length check before calling zend_string_realloc method in Zend/zend_vm_def.h and Zend/zend_vm_execute.h. - CVE-2017-8923 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2017-9118.patch: added ZSTR_MAX_OVERHEAD macro in Zend/zend_string.h that has the the maximal overhead of a zend_string and uses it in ext/pcre/php_pcre.c to assign a zend_string length value. - CVE-2017-9118 * SECURITY UPDATE: Use after free - debian/patches/CVE-2017-9119.patch: changed the decrement of refcount to be made once the string allocation has succeeded in Zend/zend_string.h. - CVE-2017-9119 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2017-9120.patch: changed the string allocation from zend_string_alloc to zend_string_safe_alloc in ext/mysqli/mysqli_api.c. - CVE-2017-9120 * SECURITY UDPATE: Improper handling of special characters - debian/patches/CVE-2021-21707.patch: added a string validation to check for improper characters in ext/dom/domimplementation.c and in ext/libxml/libxml.c and added tests in ext/simplexml/tests/bug79971_1.phpt and ext/dom/tests/bug79971_2.phpt. - CVE-2021-21707
Updated packages:
  • libapache2-mod-php7.0_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb
    sha:9f697e2e417b0f17f31098f2b080703d33bb3063
  • libphp7.0-embed_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb
    sha:6b28b0ae73d0a441f834ec03dde4839f1e6761f0
  • php7.0_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_all.deb
    sha:602cdecbe052cb246643497489e10e434fc1635f
  • php7.0-bcmath_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb
    sha:1bdaf7d2056391be7177ba9856e366d0ac78d9a9
  • php7.0-bz2_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb
    sha:9828527d6e9d86c65f9111cf9130d91b9bb34f71
  • php7.0-cgi_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb
    sha:1e7616078cfce3e3520e6d608726d95c995b7065
  • php7.0-cli_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb
    sha:992043429db7036a191431d6d3a0d3631e8972f5
  • php7.0-common_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb
    sha:89428768e6cf4df5457a1ccb2fbca34ad4a240b5
  • php7.0-curl_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb
    sha:0e29d95f0e1c677b250933f9fcf7321277aaa9f3
  • php7.0-dba_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb
    sha:dd1d0a7eb6615caad0bc18fafe04cba515d3fd90
  • php7.0-dev_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb
    sha:0b373b2124d37269e141b428ca536ae2f4319da0
  • php7.0-enchant_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb
    sha:97cbaf869992ad1d45d06e61d995873f48dc37cd
  • php7.0-fpm_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb
    sha:2b07699f1d0fa1af69180c3291146d218153c2d6
  • php7.0-gd_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb
    sha:876e2ccfbb8cfb2f77c01844cd68ba61ef53f432
  • php7.0-gmp_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb
    sha:ec2cd7b2bac890aa3963195e59376570bdc2e201
  • php7.0-imap_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb
    sha:5fd132b3efa35a3f842ed172d4fe41a1e3637396
  • php7.0-interbase_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb
    sha:19b27c2655bcd0c969e9320231d45825e84e73cc
  • php7.0-intl_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb
    sha:6e641fba874f73c659d3be8c6cad576cc43ddce3
  • php7.0-json_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb
    sha:10b65ac61eaedb1e8d0386963163916b31907fee
  • php7.0-ldap_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb
    sha:b835c41dd56ffbd047df52c87ad5759a301fe11b
  • php7.0-mbstring_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb
    sha:859061dd7c7ad64b7faa45ad06e0690de9af1fdf
  • php7.0-mcrypt_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb
    sha:2fdebd8a8ef880f1a28c32f18cc1f44d3fcfb8bc
  • php7.0-mysql_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb
    sha:54ece0f53de3148f23ffcefc93a7d472ca4c9cf5
  • php7.0-odbc_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb
    sha:d621b525473d36497cd1dd2d96bb8afdfcc66b43
  • php7.0-opcache_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb
    sha:e0fc04bb5f17549696791fbf075bc0d649cac48a
  • php7.0-pgsql_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb
    sha:7732e0f45b25b4ba9395d43ec26bac11ecb35dec
  • php7.0-phpdbg_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb
    sha:667578bed09c66793596e7a29e175725776fad7e
  • php7.0-pspell_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb
    sha:5469822a1231bd39313089efe71db45c1b76067d
  • php7.0-readline_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb
    sha:e7cd2b1cb4d33f972c1acf13e5076250eb748d96
  • php7.0-recode_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb
    sha:c629169b306feca7bde4915a27efd7ea3caf2a97
  • php7.0-snmp_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb
    sha:184f718067f1634f69c33b88c5dc23b483d2d316
  • php7.0-soap_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb
    sha:eab04bbc953afefc6e8b2756b69501bafc55b81f
  • php7.0-sqlite3_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb
    sha:e25daf6bb4b554a6f4a7d5110d8955752894c2bc
  • php7.0-sybase_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb
    sha:e1f87c5bfed1753d4857faad737268cda3174b99
  • php7.0-tidy_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb
    sha:8788460e67e98a96ba60f724372dbd3ad14010e4
  • php7.0-xml_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb
    sha:a8bed7aee0b4571b299f07f124bc064c88198e77
  • php7.0-xmlrpc_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb
    sha:557ab48bec07b236d971d06925c7c0215147112c
  • php7.0-xsl_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_all.deb
    sha:9a54096575832589605c3713ed7948c422229532
  • php7.0-zip_7.0.33-0ubuntu0.16.04.17+tuxcare.els2_amd64.deb
    sha:0ac77edbe967a1811ae8734f76648bc5d69e066e
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.