{"schema_version":"1.7.2","id":"OESA-2021-1389","modified":"2021-10-15T11:03:16Z","published":"2021-10-15T11:03:16Z","upstream":["CVE-2021-21705","CVE-2021-21704"],"summary":"php security update","details":"PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server.\r\n\r\nSecurity Fix(es):\r\n\r\nIn PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.(CVE-2021-21705)\r\n\r\nIn PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.(CVE-2021-21704)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"php","purl":"pkg:rpm/openEuler/php\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.2.10-15.oe1"}]}],"ecosystem_specific":{"aarch64":["php-intl-7.2.10-15.oe1.aarch64.rpm","php-dbg-7.2.10-15.oe1.aarch64.rpm","php-gd-7.2.10-15.oe1.aarch64.rpm","php-cli-7.2.10-15.oe1.aarch64.rpm","php-gmp-7.2.10-15.oe1.aarch64.rpm","php-enchant-7.2.10-15.oe1.aarch64.rpm","php-process-7.2.10-15.oe1.aarch64.rpm","php-mbstring-7.2.10-15.oe1.aarch64.rpm","php-ldap-7.2.10-15.oe1.aarch64.rpm","php-mysqlnd-7.2.10-15.oe1.aarch64.rpm","php-xml-7.2.10-15.oe1.aarch64.rpm","php-pgsql-7.2.10-15.oe1.aarch64.rpm","php-tidy-7.2.10-15.oe1.aarch64.rpm","php-snmp-7.2.10-15.oe1.aarch64.rpm","php-odbc-7.2.10-15.oe1.aarch64.rpm","php-devel-7.2.10-15.oe1.aarch64.rpm","php-soap-7.2.10-15.oe1.aarch64.rpm","php-recode-7.2.10-15.oe1.aarch64.rpm","php-7.2.10-15.oe1.aarch64.rpm","php-debugsource-7.2.10-15.oe1.aarch64.rpm","php-fpm-7.2.10-15.oe1.aarch64.rpm","php-embedded-7.2.10-15.oe1.aarch64.rpm","php-json-7.2.10-15.oe1.aarch64.rpm","php-dba-7.2.10-15.oe1.aarch64.rpm","php-debuginfo-7.2.10-15.oe1.aarch64.rpm","php-opcache-7.2.10-15.oe1.aarch64.rpm","php-common-7.2.10-15.oe1.aarch64.rpm","php-xmlrpc-7.2.10-15.oe1.aarch64.rpm","php-help-7.2.10-15.oe1.aarch64.rpm","php-pdo-7.2.10-15.oe1.aarch64.rpm","php-bcmath-7.2.10-15.oe1.aarch64.rpm"],"src":["php-7.2.10-15.oe1.src.rpm"],"x86_64":["php-xml-7.2.10-15.oe1.x86_64.rpm","php-fpm-7.2.10-15.oe1.x86_64.rpm","php-embedded-7.2.10-15.oe1.x86_64.rpm","php-devel-7.2.10-15.oe1.x86_64.rpm","php-pdo-7.2.10-15.oe1.x86_64.rpm","php-dba-7.2.10-15.oe1.x86_64.rpm","php-bcmath-7.2.10-15.oe1.x86_64.rpm","php-enchant-7.2.10-15.oe1.x86_64.rpm","php-mbstring-7.2.10-15.oe1.x86_64.rpm","php-pgsql-7.2.10-15.oe1.x86_64.rpm","php-tidy-7.2.10-15.oe1.x86_64.rpm","php-gmp-7.2.10-15.oe1.x86_64.rpm","php-recode-7.2.10-15.oe1.x86_64.rpm","php-odbc-7.2.10-15.oe1.x86_64.rpm","php-help-7.2.10-15.oe1.x86_64.rpm","php-gd-7.2.10-15.oe1.x86_64.rpm","php-cli-7.2.10-15.oe1.x86_64.rpm","php-mysqlnd-7.2.10-15.oe1.x86_64.rpm","php-xmlrpc-7.2.10-15.oe1.x86_64.rpm","php-snmp-7.2.10-15.oe1.x86_64.rpm","php-soap-7.2.10-15.oe1.x86_64.rpm","php-debugsource-7.2.10-15.oe1.x86_64.rpm","php-ldap-7.2.10-15.oe1.x86_64.rpm","php-dbg-7.2.10-15.oe1.x86_64.rpm","php-intl-7.2.10-15.oe1.x86_64.rpm","php-7.2.10-15.oe1.x86_64.rpm","php-opcache-7.2.10-15.oe1.x86_64.rpm","php-json-7.2.10-15.oe1.x86_64.rpm","php-common-7.2.10-15.oe1.x86_64.rpm","php-debuginfo-7.2.10-15.oe1.x86_64.rpm","php-process-7.2.10-15.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP2","name":"php","purl":"pkg:rpm/openEuler/php\u0026distro=openEuler-20.03-LTS-SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.0.0-4.oe1"}]}],"ecosystem_specific":{"aarch64":["php-tidy-8.0.0-4.oe1.aarch64.rpm","php-process-8.0.0-4.oe1.aarch64.rpm","php-intl-8.0.0-4.oe1.aarch64.rpm","php-mysqlnd-8.0.0-4.oe1.aarch64.rpm","php-opcache-8.0.0-4.oe1.aarch64.rpm","php-bcmath-8.0.0-4.oe1.aarch64.rpm","php-enchant-8.0.0-4.oe1.aarch64.rpm","php-embedded-8.0.0-4.oe1.aarch64.rpm","php-gmp-8.0.0-4.oe1.aarch64.rpm","php-ldap-8.0.0-4.oe1.aarch64.rpm","php-dba-8.0.0-4.oe1.aarch64.rpm","php-common-8.0.0-4.oe1.aarch64.rpm","php-ffi-8.0.0-4.oe1.aarch64.rpm","php-dbg-8.0.0-4.oe1.aarch64.rpm","php-odbc-8.0.0-4.oe1.aarch64.rpm","php-soap-8.0.0-4.oe1.aarch64.rpm","php-devel-8.0.0-4.oe1.aarch64.rpm","php-debugsource-8.0.0-4.oe1.aarch64.rpm","php-pdo-8.0.0-4.oe1.aarch64.rpm","php-xml-8.0.0-4.oe1.aarch64.rpm","php-snmp-8.0.0-4.oe1.aarch64.rpm","php-help-8.0.0-4.oe1.aarch64.rpm","php-mbstring-8.0.0-4.oe1.aarch64.rpm","php-cli-8.0.0-4.oe1.aarch64.rpm","php-gd-8.0.0-4.oe1.aarch64.rpm","php-8.0.0-4.oe1.aarch64.rpm","php-fpm-8.0.0-4.oe1.aarch64.rpm","php-debuginfo-8.0.0-4.oe1.aarch64.rpm","php-pgsql-8.0.0-4.oe1.aarch64.rpm"],"src":["php-8.0.0-4.oe1.src.rpm"],"x86_64":["php-dba-8.0.0-4.oe1.x86_64.rpm","php-bcmath-8.0.0-4.oe1.x86_64.rpm","php-enchant-8.0.0-4.oe1.x86_64.rpm","php-embedded-8.0.0-4.oe1.x86_64.rpm","php-gd-8.0.0-4.oe1.x86_64.rpm","php-odbc-8.0.0-4.oe1.x86_64.rpm","php-gmp-8.0.0-4.oe1.x86_64.rpm","php-mbstring-8.0.0-4.oe1.x86_64.rpm","php-mysqlnd-8.0.0-4.oe1.x86_64.rpm","php-common-8.0.0-4.oe1.x86_64.rpm","php-debugsource-8.0.0-4.oe1.x86_64.rpm","php-help-8.0.0-4.oe1.x86_64.rpm","php-cli-8.0.0-4.oe1.x86_64.rpm","php-fpm-8.0.0-4.oe1.x86_64.rpm","php-tidy-8.0.0-4.oe1.x86_64.rpm","php-opcache-8.0.0-4.oe1.x86_64.rpm","php-xml-8.0.0-4.oe1.x86_64.rpm","php-snmp-8.0.0-4.oe1.x86_64.rpm","php-8.0.0-4.oe1.x86_64.rpm","php-pgsql-8.0.0-4.oe1.x86_64.rpm","php-devel-8.0.0-4.oe1.x86_64.rpm","php-ldap-8.0.0-4.oe1.x86_64.rpm","php-debuginfo-8.0.0-4.oe1.x86_64.rpm","php-intl-8.0.0-4.oe1.x86_64.rpm","php-ffi-8.0.0-4.oe1.x86_64.rpm","php-process-8.0.0-4.oe1.x86_64.rpm","php-soap-8.0.0-4.oe1.x86_64.rpm","php-pdo-8.0.0-4.oe1.x86_64.rpm","php-dbg-8.0.0-4.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1389"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21705"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21704"}],"database_specific":{"severity":"Medium"}}