Univention Bugzilla – Bug 53990
php7.3: Multiple issues (5.0)
Last modified: 2021-10-28 18:02:54 CEST
New Debian php7.3 7.3.31-1~deb10u1 fixes: This update addresses the following issue: * Local privilege escalation via PHP-FPM (CVE-2021-21703)
--- mirror/ftp/pool/main/p/php7.3/php7.3_7.3.29-1~deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-0/source/php7.3_7.3.31-1~deb10u1.dsc @@ -1,3 +1,12 @@ +7.3.31-1~deb10u1 [Sun, 24 Oct 2021 17:18:08 +0200] Ondřej Surý <ondrej@debian.org>: + + * New upstream version 7.3.31 + + CVE-2021-21706: ZipArchive::extractTo extracts outside of + destination. + * Backported from 7.4.25 + + CVE-2021-21703: PHP-FPM oob R/W in root process leading to privilege + escalation. + 7.3.29-1~deb10u1 [Fri, 02 Jul 2021 06:04:33 +0200] Ondřej Surý <ondrej@debian.org>: * New upstream version 7.3.29 <http://piuparts.knut.univention.de/5.0-0/#9052518499939289583>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-0] e7bc1eb1a5 Bug #53990: php7.3 7.3.31-1~deb10u1 doc/errata/staging/php7.3.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x133>