Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2022-048-02
HistoryFeb 18, 2022 - 5:43 a.m.

[slackware-security] php

2022-02-1805:43:10
Slackware Linux Project
www.slackware.com
36
slackware
php
security fix
upgrade
cve-2021-21708
apache

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

71.2%

JSON

New php packages are available for Slackware 15.0 and -current to fix a
security issue.

Here are the details from the Slackware 15.0 ChangeLog:

patches/packages/php-7.4.28-i586-1_slack15.0.txz: Upgraded.
This update fixes bugs and a security issue:
UAF due to php_filter_float() failing for ints.
For more information, see:
https://vulners.com/cve/CVE-2021-21708
(* Security fix )
extra/php80/php80-8.0.16-i586-1_slack15.0.txz: Upgraded.
This update fixes bugs and a security issue:
UAF due to php_filter_float() failing for ints.
For more information, see:
https://vulners.com/cve/CVE-2021-21708
( Security fix )
extra/php81/php81-8.1.3-i586-1_slack15.0.txz: Upgraded.
This update fixes bugs and a security issue:
UAF due to php_filter_float() failing for ints.
For more information, see:
https://vulners.com/cve/CVE-2021-21708
( Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/php-7.4.28-i586-1_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/extra/php80/php80-8.0.16-i586-1_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/extra/php81/php81-8.1.3-i586-1_slack15.0.txz

Updated packages for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/php-7.4.28-x86_64-1_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/extra/php80/php80-8.0.16-x86_64-1_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/extra/php81/php81-8.1.3-x86_64-1_slack15.0.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-7.4.28-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/extra/php80/php80-8.0.16-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/extra/php81/php81-8.1.3-i586-1.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-7.4.28-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/extra/php80/php80-8.0.16-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/extra/php81/php81-8.1.3-x86_64-1.txz

MD5 signatures:

Slackware 15.0 packages:
98b8f7f4ebbd6684a3848d3c5fd98055 php-7.4.28-i586-1_slack15.0.txz
a115e52291633e73dfcdd4ad729c786c php80-8.0.16-i586-1_slack15.0.txz
8511217f7944165c345c9f099eaf33bd php81-8.1.3-i586-1_slack15.0.txz

Slackware x86_64 15.0 packages:
10963a9a08721f68338f97df230b778c php-7.4.28-x86_64-1_slack15.0.txz
6746f1fc9b31eaebddcea38b954af482 php80-8.0.16-x86_64-1_slack15.0.txz
1661420f6c46ad4464772416432c10aa php81-8.1.3-x86_64-1_slack15.0.txz

Slackware -current packages:
a3d1dbb0a3b731eb4d40c154325df74e n/php-7.4.28-i586-1.txz
f3e9091b589d9d34ca4881a3c8302487 php80-8.0.16-i586-1.txz
96163e2df98e2464f5a1a3f7c7a8b21e php81-8.1.3-i586-1.txz

Slackware x86_64 -current packages:
ee1badc38b5d903a7791b5aae57b3f78 n/php-7.4.28-x86_64-1.txz
f1a9a36b149fdd7fc62b0439bb4ec456 php80-8.0.16-x86_64-1.txz
6f2b29644cc6cced2ce3c95ab84a8caa php81-8.1.3-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg php-7.4.28-i586-1_slack15.0.txz

Then, restart Apache httpd:
> /etc/rc.d/rc.httpd stop
> /etc/rc.d/rc.httpd start

Related

openvas 13
osv 12
altlinux 4
ubuntu 1
cve 1
veracode 1
f5 1
fedora 2
nvd 1
cbl_mariner 1
prion 1
nessus 29
redhatcve 1
cvelist 1
debiancve 1
ubuntucve 1
alpinelinux 1
suse 1
oraclelinux 3
redhat 3
rocky 3
debian 1
almalinux 3
ibm 1
gentoo 1
redos 1
oracle 2
openvas
openvas
Slackware: Security Advisory (SSA:2022-048-02)
2022-04-21 00:00:00
Ubuntu: Security Advisory (USN-5303-1)
2022-03-01 00:00:00
PHP < 7.4.28, 8.0.x < 8.0.16, 8.1.x < 8.1.3 Security Update (Feb 2022) - Linux
2022-02-18 00:00:00
osv
osv
CVE-2021-21708
2022-02-27 08:15:06
php8-8.1.3-1.1 on GA media
2024-06-15 00:00:00
BIT-php-2021-21708
2024-03-06 11:04:32
altlinux
altlinux
Security fix for the ALT Linux 10 package php8.1 version 8.1.3-alt1
2022-02-28 00:00:00
Security fix for the ALT Linux 10 package php7 version 7.4.28-alt1
2022-03-01 00:00:00
Security fix for the ALT Linux 10 package php8.0 version 8.0.16-alt1
2022-02-28 00:00:00
ubuntu
ubuntu
PHP vulnerability
2022-02-28 00:00:00
cve
cve
CVE-2021-21708
2022-02-27 08:15:06
veracode
veracode
Denial Of Service (DoS)
2022-02-18 16:08:38
f5
f5
K14492558 : PHP vulnerability CVE-2021-21708
2022-03-23 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: php-7.4.28-1.fc34
2022-02-23 16:15:14
[SECURITY] Fedora 35 Update: php-8.0.16-1.fc35
2022-02-22 19:12:07
nvd
nvd
CVE-2021-21708
2022-02-27 08:15:06
cbl_mariner
cbl_mariner
CVE-2021-21708 affecting package php 7.4.14-3
2024-10-01 09:12:11
prion
prion
Memory corruption
2022-02-27 08:15:00
nessus
nessus
Ubuntu 20.04 LTS : PHP vulnerability (USN-5303-1)
2022-02-28 00:00:00
SUSE SLES15 Security Update : php7 (SUSE-SU-2022:0847-1)
2022-03-16 00:00:00
Slackware Linux 15.0 / current php Multiple Vulnerabilities (SSA:2022-048-02)
2022-02-18 00:00:00
redhatcve
redhatcve
CVE-2021-21708
2022-02-17 21:21:43
cvelist
cvelist
CVE-2021-21708 UAF due to php_filter_float() failing
2022-02-27 08:00:12
debiancve
debiancve
CVE-2021-21708
2022-02-27 08:15:06
ubuntucve
ubuntucve
CVE-2021-21708
2021-12-31 00:00:00
alpinelinux
alpinelinux
CVE-2021-21708
2022-02-27 08:15:06
suse
suse
Security update for php7 (important)
2022-03-15 00:00:00
oraclelinux
oraclelinux
php:8.0 security, bug fix, and enhancement update
2022-11-15 00:00:00
php security, bug fix, and enhancement update
2022-11-22 00:00:00
php:7.4 security, bug fix, and enhancement update
2022-11-15 00:00:00
redhat
redhat
(RHSA-2022:8197) Moderate: php security, bug fix, and enhancement update
2022-11-15 06:18:21
(RHSA-2022:7624) Moderate: php:8.0 security, bug fix, and enhancement update
2022-11-08 06:24:57
(RHSA-2022:7628) Moderate: php:7.4 security, bug fix, and enhancement update
2022-11-08 06:25:00
rocky
rocky
php security, bug fix, and enhancement update
2022-11-15 06:18:21
php:8.0 security, bug fix, and enhancement update
2022-11-08 06:24:57
php:7.4 security, bug fix, and enhancement update
2022-11-08 06:25:00
debian
debian
[SECURITY] [DSA 5082-1] php7.4 security update
2022-02-18 19:09:20
almalinux
almalinux
Moderate: php:8.0 security, bug fix, and enhancement update
2022-11-08 00:00:00
Moderate: php security, bug fix, and enhancement update
2022-11-15 00:00:00
Moderate: php:7.4 security, bug fix, and enhancement update
2022-11-08 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in PHP may affect IBM Spectrum Sentinel Anomaly Scan Engine (CVE-2021-21703, CVE-2021-21708, CVE-2021-21707, CVE-2022-31629, CVE-2022-31628)
2022-12-16 17:01:05
gentoo
gentoo
PHP: Multiple Vulnerabilities
2022-09-29 00:00:00
redos
redos
ROS-20220826-01
2022-08-26 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

71.2%

JSON
Related for SSA-2022-048-02
openvas13osv12altlinux4ubuntu1cve1veracode1f51fedora2nvd1cbl_mariner1prion1nessus29redhatcve1cvelist1debiancve1ubuntucve1alpinelinux1suse1oraclelinux3redhat3rocky3debian1almalinux3ibm1gentoo1redos1oracle2