RHSA-2021:2992MediumCVSS 7.5
Red Hat Security Advisory: rh-php73-php security, bug fix, and enhancement update
🔗 CVE IDs covered (6)
📋 Description
CVE-2020-7068 — php: Use of freed hash key in the phar_parse_zipfile function CVE-2020-7069 — php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV CVE-2020-7070 — php: URL decoding of cookie names can lead to different interpretation of cookies between browser and server CVE-2020-7071 — php: FILTER_VALIDATE_URL accepts URLs with invalid userinfo CVE-2021-21702 — php: NULL pointer dereference in SoapClient CVE-2021-21705 — php: SSRF bypass in FILTER_VALIDATE_URL
🔗 References (10)
- selfhttps://access.redhat.com/errata/RHSA-2021:2992
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1868109
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1885735
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1885738
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1913846
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1925272
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1977764
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1978755
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2992.json