Monday, July 12, 2021

Ubuntu: USN-5006-1 (CVE-2021-21705): PHP vulnerabilities

Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.From USN-5006-1:It was discovered that PHP incorrectly handled certain PHAR files. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-7068)It was discovered that PHP incorrectly handled parsing URLs with passwords. A remote attacker could possibly use this issue to cause PHP to mis-parse the URL and produce wrong data. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2020-7071)It was discovered that PHP incorrectly handled certain malformed XML data when being parsed by the SOAP extension. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2021-21702)It was discovered that PHP incorrectly handled the pdo_firebase module. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2021-21704)It was discovered that PHP incorrectly handled the FILTER_VALIDATE_URL check. A remote attacker could possibly use this issue to perform a server- side request forgery attack. (CVE-2021-21705)
Solution(s)
  • ubuntu-upgrade-libapache2-mod-php7-2
  • ubuntu-upgrade-libapache2-mod-php7-4
  • ubuntu-upgrade-php7-2-cgi
  • ubuntu-upgrade-php7-2-cli
  • ubuntu-upgrade-php7-2-fpm
  • ubuntu-upgrade-php7-4-cgi
  • ubuntu-upgrade-php7-4-cli
  • ubuntu-upgrade-php7-4-fpm


  • References
  • USN-5006-1
  • CVE-2021-21705




  •  

    Copyright © 2020 Cyber Details - Vulnerability Database™

    Thanks for everything Templateism - You should have written the code a little more complicated