Amazon Linux 1 Security Advisory: ALAS-2021-1532
Advisory Release Date: 2021-09-02 22:54 Pacific
Advisory Updated Date: 2021-09-08 19:28 Pacific
Severity:
Medium
Issue Overview:
Several flaws has been found in php. The pdo_firebase module does not check the length of the server version string in a response packet causing a stack buffer overflow, does not verify the data and uses the wrong type to cast length leading to a crash, and does not validate the response before calculation of the exec procedure leading to a crash. The highest threat from this vulnerability is to system availability. (CVE-2021-21704)
A security issue was found in PHP in the way it allows to bypass the FILTER_VALIDATE_URL check via a crafted URL which may lead to SSRF. (CVE-2021-21705)
Affected Packages:
php73
Issue Correction:
Run yum update php73 to update your system.
New Packages:
i686:
php73-fpm-7.3.29-1.30.amzn1.i686
php73-7.3.29-1.30.amzn1.i686
php73-imap-7.3.29-1.30.amzn1.i686
php73-pdo-7.3.29-1.30.amzn1.i686
php73-odbc-7.3.29-1.30.amzn1.i686
php73-mysqlnd-7.3.29-1.30.amzn1.i686
php73-ldap-7.3.29-1.30.amzn1.i686
php73-opcache-7.3.29-1.30.amzn1.i686
php73-dbg-7.3.29-1.30.amzn1.i686
php73-snmp-7.3.29-1.30.amzn1.i686
php73-common-7.3.29-1.30.amzn1.i686
php73-pdo-dblib-7.3.29-1.30.amzn1.i686
php73-dba-7.3.29-1.30.amzn1.i686
php73-embedded-7.3.29-1.30.amzn1.i686
php73-recode-7.3.29-1.30.amzn1.i686
php73-devel-7.3.29-1.30.amzn1.i686
php73-process-7.3.29-1.30.amzn1.i686
php73-pspell-7.3.29-1.30.amzn1.i686
php73-gd-7.3.29-1.30.amzn1.i686
php73-json-7.3.29-1.30.amzn1.i686
php73-tidy-7.3.29-1.30.amzn1.i686
php73-debuginfo-7.3.29-1.30.amzn1.i686
php73-xml-7.3.29-1.30.amzn1.i686
php73-intl-7.3.29-1.30.amzn1.i686
php73-soap-7.3.29-1.30.amzn1.i686
php73-pgsql-7.3.29-1.30.amzn1.i686
php73-mbstring-7.3.29-1.30.amzn1.i686
php73-xmlrpc-7.3.29-1.30.amzn1.i686
php73-gmp-7.3.29-1.30.amzn1.i686
php73-bcmath-7.3.29-1.30.amzn1.i686
php73-cli-7.3.29-1.30.amzn1.i686
php73-enchant-7.3.29-1.30.amzn1.i686
src:
php73-7.3.29-1.30.amzn1.src
x86_64:
php73-enchant-7.3.29-1.30.amzn1.x86_64
php73-process-7.3.29-1.30.amzn1.x86_64
php73-7.3.29-1.30.amzn1.x86_64
php73-embedded-7.3.29-1.30.amzn1.x86_64
php73-cli-7.3.29-1.30.amzn1.x86_64
php73-pspell-7.3.29-1.30.amzn1.x86_64
php73-debuginfo-7.3.29-1.30.amzn1.x86_64
php73-gmp-7.3.29-1.30.amzn1.x86_64
php73-fpm-7.3.29-1.30.amzn1.x86_64
php73-recode-7.3.29-1.30.amzn1.x86_64
php73-opcache-7.3.29-1.30.amzn1.x86_64
php73-mysqlnd-7.3.29-1.30.amzn1.x86_64
php73-dbg-7.3.29-1.30.amzn1.x86_64
php73-dba-7.3.29-1.30.amzn1.x86_64
php73-snmp-7.3.29-1.30.amzn1.x86_64
php73-ldap-7.3.29-1.30.amzn1.x86_64
php73-pgsql-7.3.29-1.30.amzn1.x86_64
php73-tidy-7.3.29-1.30.amzn1.x86_64
php73-json-7.3.29-1.30.amzn1.x86_64
php73-imap-7.3.29-1.30.amzn1.x86_64
php73-mbstring-7.3.29-1.30.amzn1.x86_64
php73-bcmath-7.3.29-1.30.amzn1.x86_64
php73-pdo-dblib-7.3.29-1.30.amzn1.x86_64
php73-pdo-7.3.29-1.30.amzn1.x86_64
php73-soap-7.3.29-1.30.amzn1.x86_64
php73-devel-7.3.29-1.30.amzn1.x86_64
php73-odbc-7.3.29-1.30.amzn1.x86_64
php73-xmlrpc-7.3.29-1.30.amzn1.x86_64
php73-gd-7.3.29-1.30.amzn1.x86_64
php73-intl-7.3.29-1.30.amzn1.x86_64
php73-common-7.3.29-1.30.amzn1.x86_64
php73-xml-7.3.29-1.30.amzn1.x86_64