CLSA-2022-1646085834

SECURITY UPDATE: Denial of service
- debian/patches/CVE-2015-9253-pre1.patch: include .inc files used in fpm tests in sapi/fpm/tests/ alogin with other .phpt test scripts.
- debian/patches/CVE-2015-9253-pre2.patch: close the listening socket on sapi/fpm/fpm/fpm_signals.c and added tests in sapi/fpm/tests/bug77934-reload-process-control.phpt.
- debian/patches/CVE-2015-9253.patch: directly listen on socket, instead of dumping it to STDIN in sapi/fpm/fpm/fpmchildren.c, sapi/fpm/fpmstdio.c, and added tests in sapi/fpm/tests/bug73342-nonblocking-stdio.phpt.
- CVE-2015-9253
SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2017-8923-pre.patch: added ZSTRMAXLEN macro in Zend/zendstring.h and make use of it in Zend/zendoperators.c instead of using SIZE_MAX.
- debian/patches/CVE-2017-8923.patch: added a length check before calling zendstringrealloc method in Zend/zendvmdef.h and Zend/zendvmexecute.h.
- CVE-2017-8923
SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2017-9118.patch: added ZSTRMAXOVERHEAD macro in Zend/zendstring.h that has the the maximal overhead of a zendstring and uses it in ext/pcre/phppcre.c to assign a zendstring length value.
- CVE-2017-9118
SECURITY UPDATE: Use after free
- debian/patches/CVE-2017-9119.patch: changed the decrement of refcount to be made once the string allocation has succeeded in Zend/zend_string.h.
- CVE-2017-9119
SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2017-9120.patch: changed the string allocation from zendstringalloc to zendstringsafealloc in ext/mysqli/mysqliapi.c.
- CVE-2017-9120
SECURITY UDPATE: Improper handling of special characters
- debian/patches/CVE-2021-21707.patch: added a string validation to check for improper characters in ext/dom/domimplementation.c and in ext/libxml/libxml.c and added tests in ext/simplexml/tests/bug799711.phpt and ext/dom/tests/bug799712.phpt.
- CVE-2021-21707

References

https://errata.cloudlinux.com/ubuntu16_04/CLSA-2022-1646085834

Affected packages

TuxCare:Ubuntu:16.04

libapache2-mod-php7.0

Package

Name: libapache2-mod-php7.0
Purl: pkg:deb/tuxcare/libapache2-mod-php7.0?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

libphp7.0-embed

Package

Name: libphp7.0-embed
Purl: pkg:deb/tuxcare/libphp7.0-embed?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

php7.0

Package

Name: php7.0
Purl: pkg:deb/tuxcare/php7.0?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

php7.0-bcmath

Package

Name: php7.0-bcmath
Purl: pkg:deb/tuxcare/php7.0-bcmath?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

php7.0-bz2

Package

Name: php7.0-bz2
Purl: pkg:deb/tuxcare/php7.0-bz2?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

php7.0-cgi

Package

Name: php7.0-cgi
Purl: pkg:deb/tuxcare/php7.0-cgi?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

php7.0-cli

Package

Name: php7.0-cli
Purl: pkg:deb/tuxcare/php7.0-cli?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

php7.0-common

Package

Name: php7.0-common
Purl: pkg:deb/tuxcare/php7.0-common?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

php7.0-curl

Package

Name: php7.0-curl
Purl: pkg:deb/tuxcare/php7.0-curl?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

php7.0-dba

Package

Name: php7.0-dba
Purl: pkg:deb/tuxcare/php7.0-dba?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

php7.0-dev

Package

Name: php7.0-dev
Purl: pkg:deb/tuxcare/php7.0-dev?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

php7.0-enchant

Package

Name: php7.0-enchant
Purl: pkg:deb/tuxcare/php7.0-enchant?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

php7.0-fpm

Package

Name: php7.0-fpm
Purl: pkg:deb/tuxcare/php7.0-fpm?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

php7.0-gd

Package

Name: php7.0-gd
Purl: pkg:deb/tuxcare/php7.0-gd?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

php7.0-gmp

Package

Name: php7.0-gmp
Purl: pkg:deb/tuxcare/php7.0-gmp?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

php7.0-imap

Package

Name: php7.0-imap
Purl: pkg:deb/tuxcare/php7.0-imap?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

php7.0-interbase

Package

Name: php7.0-interbase
Purl: pkg:deb/tuxcare/php7.0-interbase?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

php7.0-intl

Package

Name: php7.0-intl
Purl: pkg:deb/tuxcare/php7.0-intl?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

php7.0-json

Package

Name: php7.0-json
Purl: pkg:deb/tuxcare/php7.0-json?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

php7.0-ldap

Package

Name: php7.0-ldap
Purl: pkg:deb/tuxcare/php7.0-ldap?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

php7.0-mbstring

Package

Name: php7.0-mbstring
Purl: pkg:deb/tuxcare/php7.0-mbstring?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

php7.0-mcrypt

Package

Name: php7.0-mcrypt
Purl: pkg:deb/tuxcare/php7.0-mcrypt?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

php7.0-mysql

Package

Name: php7.0-mysql
Purl: pkg:deb/tuxcare/php7.0-mysql?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

php7.0-odbc

Package

Name: php7.0-odbc
Purl: pkg:deb/tuxcare/php7.0-odbc?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

php7.0-opcache

Package

Name: php7.0-opcache
Purl: pkg:deb/tuxcare/php7.0-opcache?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

php7.0-pgsql

Package

Name: php7.0-pgsql
Purl: pkg:deb/tuxcare/php7.0-pgsql?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

php7.0-phpdbg

Package

Name: php7.0-phpdbg
Purl: pkg:deb/tuxcare/php7.0-phpdbg?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

php7.0-pspell

Package

Name: php7.0-pspell
Purl: pkg:deb/tuxcare/php7.0-pspell?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

php7.0-readline

Package

Name: php7.0-readline
Purl: pkg:deb/tuxcare/php7.0-readline?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

php7.0-recode

Package

Name: php7.0-recode
Purl: pkg:deb/tuxcare/php7.0-recode?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

php7.0-snmp

Package

Name: php7.0-snmp
Purl: pkg:deb/tuxcare/php7.0-snmp?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

php7.0-soap

Package

Name: php7.0-soap
Purl: pkg:deb/tuxcare/php7.0-soap?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

php7.0-sqlite3

Package

Name: php7.0-sqlite3
Purl: pkg:deb/tuxcare/php7.0-sqlite3?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

php7.0-sybase

Package

Name: php7.0-sybase
Purl: pkg:deb/tuxcare/php7.0-sybase?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

php7.0-tidy

Package

Name: php7.0-tidy
Purl: pkg:deb/tuxcare/php7.0-tidy?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

php7.0-xml

Package

Name: php7.0-xml
Purl: pkg:deb/tuxcare/php7.0-xml?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

php7.0-xmlrpc

Package

Name: php7.0-xmlrpc
Purl: pkg:deb/tuxcare/php7.0-xmlrpc?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

php7.0-xsl

Package

Name: php7.0-xsl
Purl: pkg:deb/tuxcare/php7.0-xsl?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"

php7.0-zip

Package

Name: php7.0-zip
Purl: pkg:deb/tuxcare/php7.0-zip?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.17+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1646085834.json"