[SECURITY] [DSA 4935-1] php7.3 security update

2021-07-0518:27:28

lists.debian.org

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

39.0%

JSON

Debian Security Advisory DSA-4935-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
July 05, 2021 https://www.debian.org/security/faq

Package : php7.3
CVE ID : CVE-2021-21704 CVE-2021-21705

Multiple security issues were found in PHP, a widely-used open source
general purpose scripting language which could result an SSRF bypass
of the FILTER_VALIDATE_URL check and denial of service or potentially
the execution of arbitrary code in the Firebird PDO.

For the stable distribution (buster), these problems have been fixed in
version 7.3.29-1~deb10u1.

We recommend that you upgrade your php7.3 packages.

For the detailed security status of php7.3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php7.3

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian10ppc64ellibphp7.3-embed< 7.3.29-1~deb10u1libphp7.3-embed_7.3.29-1~deb10u1_ppc64el.deb
Debian10s390xphp7.3-gmp< 7.3.29-1~deb10u1php7.3-gmp_7.3.29-1~deb10u1_s390x.deb
Debian10mipsphp7.3-enchant< 7.3.29-1~deb10u1php7.3-enchant_7.3.29-1~deb10u1_mips.deb
Debian10mipselphp7.3-pgsql-dbgsym< 7.3.29-1~deb10u1php7.3-pgsql-dbgsym_7.3.29-1~deb10u1_mipsel.deb
Debian10ppc64elphp7.3-bz2< 7.3.29-1~deb10u1php7.3-bz2_7.3.29-1~deb10u1_ppc64el.deb
Debian10ppc64elphp7.3-mbstring-dbgsym< 7.3.29-1~deb10u1php7.3-mbstring-dbgsym_7.3.29-1~deb10u1_ppc64el.deb
Debian10i386php7.3-mysql-dbgsym< 7.3.29-1~deb10u1php7.3-mysql-dbgsym_7.3.29-1~deb10u1_i386.deb
Debian9amd64php7.0-imap< 7.0.33-0+deb9u11php7.0-imap_7.0.33-0+deb9u11_amd64.deb
Debian10i386php7.3-imap-dbgsym< 7.3.29-1~deb10u1php7.3-imap-dbgsym_7.3.29-1~deb10u1_i386.deb
Debian10mips64elphp7.3-imap< 7.3.29-1~deb10u1php7.3-imap_7.3.29-1~deb10u1_mips64el.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	ppc64el	libphp7.3-embed	< 7.3.29-1~deb10u1	libphp7.3-embed_7.3.29-1~deb10u1_ppc64el.deb
Debian	10	s390x	php7.3-gmp	< 7.3.29-1~deb10u1	php7.3-gmp_7.3.29-1~deb10u1_s390x.deb
Debian	10	mips	php7.3-enchant	< 7.3.29-1~deb10u1	php7.3-enchant_7.3.29-1~deb10u1_mips.deb
Debian	10	mipsel	php7.3-pgsql-dbgsym	< 7.3.29-1~deb10u1	php7.3-pgsql-dbgsym_7.3.29-1~deb10u1_mipsel.deb
Debian	10	ppc64el	php7.3-bz2	< 7.3.29-1~deb10u1	php7.3-bz2_7.3.29-1~deb10u1_ppc64el.deb
Debian	10	ppc64el	php7.3-mbstring-dbgsym	< 7.3.29-1~deb10u1	php7.3-mbstring-dbgsym_7.3.29-1~deb10u1_ppc64el.deb
Debian	10	i386	php7.3-mysql-dbgsym	< 7.3.29-1~deb10u1	php7.3-mysql-dbgsym_7.3.29-1~deb10u1_i386.deb
Debian	9	amd64	php7.0-imap	< 7.0.33-0+deb9u11	php7.0-imap_7.0.33-0+deb9u11_amd64.deb
Debian	10	i386	php7.3-imap-dbgsym	< 7.3.29-1~deb10u1	php7.3-imap-dbgsym_7.3.29-1~deb10u1_i386.deb
Debian	10	mips64el	php7.3-imap	< 7.3.29-1~deb10u1	php7.3-imap_7.3.29-1~deb10u1_mips64el.deb