Lucene search

K
almalinuxAlmaLinuxALSA-2022:1935
HistoryMay 10, 2022 - 12:00 a.m.

Moderate: php:7.4 security update

2022-05-1000:00:00
errata.almalinux.org
32

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

51.1%

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
Security Fix(es):

  • php: Local privilege escalation via PHP-FPM (CVE-2021-21703)
  • php: SSRF bypass in FILTER_VALIDATE_URL (CVE-2021-21705)
    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    Additional Changes:
    For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

51.1%