USN-5006-2: PHP vulnerabilities

USN-5006-2: PHP vulnerabilities

USN-5006-1 fixed several vulnerabilities in PHP. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that PHP incorrectly handled certain PHAR files. A remote
attacker could possibly use this issue to cause PHP to crash, resulting in
a denial of service, or possibly obtain sensitive information. (CVE-2020-7068)

It was discovered that PHP incorrectly handled parsing URLs with passwords.
A remote attacker could possibly use this issue to cause PHP to mis-parse
the URL and produce wrong data. (CVE-2020-7071)

It was discovered that PHP incorrectly handled certain malformed XML data
when being parsed by the SOAP extension. A remote attacker could possibly
use this issue to cause PHP to crash, resulting in a denial of service.
(CVE-2021-21702)

It was discovered that PHP incorrectly handled the pdo_firebase module. A
remote attacker could possibly use this issue to cause PHP to crash,
resulting in a denial of service. (CVE-2021-21704)

It was discovered that PHP incorrectly handled the FILTER_VALIDATE_URL
check. A remote attacker could possibly use this issue to perform a server-
side request forgery attack. (CVE-2021-21705)
Source: USN-5006-2: PHP vulnerabilities

About KENNETH 19694 Articles
지락문화예술공작단

Be the first to comment

Leave a Reply

Your email address will not be published.


*


이 사이트는 스팸을 줄이는 아키스밋을 사용합니다. 댓글이 어떻게 처리되는지 알아보십시오.