Lucene search

DebianDEBIAN:DLA-2794-1:A7F5F

HistoryOct 27, 2021 - 10:46 a.m.

[SECURITY] [DLA 2794-1] php7.0 security update

2021-10-2710:46:54

lists.debian.org

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

51.0%

JSON

Debian LTS Advisory DLA-2794-1 [email protected]
https://www.debian.org/lts/security/ Sylvain Beucler
October 27, 2021 https://wiki.debian.org/LTS

Package : php7.0
Version : 7.0.33-0+deb9u12
CVE ID : CVE-2021-21703
Debian Bug : 997003

An out-of-bounds read and write flaw was discovered in the PHP-FPM code,
which could result in escalation of privileges from local unprivileged
user to the root user.

For Debian 9 stretch, this problem has been fixed in version
7.0.33-0+deb9u12.

We recommend that you upgrade your php7.0 packages.

For the detailed security status of php7.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php7.0

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian9arm64php7.0-mysql< 7.0.33-0+deb9u12php7.0-mysql_7.0.33-0+deb9u12_arm64.deb
Debian9armhfphp7.0-ldap< 7.0.33-0+deb9u12php7.0-ldap_7.0.33-0+deb9u12_armhf.deb
Debian10amd64php7.3-opcache< 7.3.31-1~deb10u1php7.3-opcache_7.3.31-1~deb10u1_amd64.deb
Debian10armelphp7.3-fpm-dbgsym< 7.3.31-1~deb10u1php7.3-fpm-dbgsym_7.3.31-1~deb10u1_armel.deb
Debian11s390xphp7.4-odbc-dbgsym< 7.4.25-1+deb11u1php7.4-odbc-dbgsym_7.4.25-1+deb11u1_s390x.deb
Debian9amd64php7.0-common< 7.0.33-0+deb9u12php7.0-common_7.0.33-0+deb9u12_amd64.deb
Debian11i386php7.4-bz2< 7.4.25-1+deb11u1php7.4-bz2_7.4.25-1+deb11u1_i386.deb
Debian10i386php7.3-gmp-dbgsym< 7.3.31-1~deb10u1php7.3-gmp-dbgsym_7.3.31-1~deb10u1_i386.deb
Debian11s390xphp7.4-snmp< 7.4.25-1+deb11u1php7.4-snmp_7.4.25-1+deb11u1_s390x.deb
Debian10amd64php7.3-xml-dbgsym< 7.3.31-1~deb10u1php7.3-xml-dbgsym_7.3.31-1~deb10u1_amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	arm64	php7.0-mysql	< 7.0.33-0+deb9u12	php7.0-mysql_7.0.33-0+deb9u12_arm64.deb
Debian	9	armhf	php7.0-ldap	< 7.0.33-0+deb9u12	php7.0-ldap_7.0.33-0+deb9u12_armhf.deb
Debian	10	amd64	php7.3-opcache	< 7.3.31-1~deb10u1	php7.3-opcache_7.3.31-1~deb10u1_amd64.deb
Debian	10	armel	php7.3-fpm-dbgsym	< 7.3.31-1~deb10u1	php7.3-fpm-dbgsym_7.3.31-1~deb10u1_armel.deb
Debian	11	s390x	php7.4-odbc-dbgsym	< 7.4.25-1+deb11u1	php7.4-odbc-dbgsym_7.4.25-1+deb11u1_s390x.deb
Debian	9	amd64	php7.0-common	< 7.0.33-0+deb9u12	php7.0-common_7.0.33-0+deb9u12_amd64.deb
Debian	11	i386	php7.4-bz2	< 7.4.25-1+deb11u1	php7.4-bz2_7.4.25-1+deb11u1_i386.deb
Debian	10	i386	php7.3-gmp-dbgsym	< 7.3.31-1~deb10u1	php7.3-gmp-dbgsym_7.3.31-1~deb10u1_i386.deb
Debian	11	s390x	php7.4-snmp	< 7.4.25-1+deb11u1	php7.4-snmp_7.4.25-1+deb11u1_s390x.deb
Debian	10	amd64	php7.3-xml-dbgsym	< 7.3.31-1~deb10u1	php7.3-xml-dbgsym_7.3.31-1~deb10u1_amd64.deb