Bug 29094

Summary:	PHP: update to version 8.0.8
Product:	Mageia	Reporter:	Marc Krämer <mageia>
Component:	Security	Assignee:	QA Team <qa-bugs>
Status:	RESOLVED FIXED	QA Contact:	Sec team <security>
Severity:	normal
Priority:	Normal	CC:	andrewsfarm, sysadmin-bugs
Version:	8	Keywords:	advisory, validated_update
Target Milestone:	---
Hardware:	All
OS:	Linux
Whiteboard:	MGA8-64-OK
Source RPM:	php	CVE:	CVE-2021-21704, CVE-2021-21705
Status comment:

Description Marc Krämer 2021-06-08 20:53:51 CEST

regular bugfix release 8.0.7 available.

Comment 1 Marc Krämer 2021-06-08 21:33:32 CEST

Updated php package to the latest version 8.0.7

This is a regular php update to fix errors.

References:
https://www.php.net/ChangeLog-8.php#8.0.7
========================

Updated packages in core/updates_testing:
========================
php-fpm-debuginfo-8.0.7-1.1.mga8
phpdbg-debuginfo-8.0.7-1.1.mga8
php-cli-debuginfo-8.0.7-1.1.mga8
php-cgi-debuginfo-8.0.7-1.1.mga8
php-debugsource-8.0.7-1.1.mga8
php-fpm-8.0.7-1.1.mga8
phpdbg-8.0.7-1.1.mga8
php-cli-8.0.7-1.1.mga8
php-cgi-8.0.7-1.1.mga8
php-opcache-debuginfo-8.0.7-1.1.mga8
apache-mod_php-debuginfo-8.0.7-1.1.mga8
apache-mod_php-8.0.7-1.1.mga8
php-fileinfo-8.0.7-1.1.mga8
php-soap-debuginfo-8.0.7-1.1.mga8
php-opcache-8.0.7-1.1.mga8
php-intl-debuginfo-8.0.7-1.1.mga8
php-mbstring-8.0.7-1.1.mga8
php-mbstring-debuginfo-8.0.7-1.1.mga8
php-debuginfo-8.0.7-1.1.mga8
php-phar-debuginfo-8.0.7-1.1.mga8
php-mysqlnd-debuginfo-8.0.7-1.1.mga8
php-openssl-debuginfo-8.0.7-1.1.mga8
php-dom-debuginfo-8.0.7-1.1.mga8
php-pgsql-debuginfo-8.0.7-1.1.mga8
php-intl-8.0.7-1.1.mga8
php-fileinfo-debuginfo-8.0.7-1.1.mga8
php-mysqli-debuginfo-8.0.7-1.1.mga8
php-curl-debuginfo-8.0.7-1.1.mga8
php-pdo-debuginfo-8.0.7-1.1.mga8
php-ini-8.0.7-1.1.mga8
php-sockets-debuginfo-8.0.7-1.1.mga8
php-session-debuginfo-8.0.7-1.1.mga8
php-soap-8.0.7-1.1.mga8
php-phar-8.0.7-1.1.mga8
php-imap-debuginfo-8.0.7-1.1.mga8
php-mysqlnd-8.0.7-1.1.mga8
php-gmp-debuginfo-8.0.7-1.1.mga8
php-gd-debuginfo-8.0.7-1.1.mga8
php-ldap-debuginfo-8.0.7-1.1.mga8
php-exif-debuginfo-8.0.7-1.1.mga8
php-zip-debuginfo-8.0.7-1.1.mga8
php-ftp-debuginfo-8.0.7-1.1.mga8
php-sodium-debuginfo-8.0.7-1.1.mga8
php-dba-debuginfo-8.0.7-1.1.mga8
php-openssl-8.0.7-1.1.mga8
php-snmp-debuginfo-8.0.7-1.1.mga8
php-dom-8.0.7-1.1.mga8
php-tidy-debuginfo-8.0.7-1.1.mga8
php-bcmath-debuginfo-8.0.7-1.1.mga8
php-doc-8.0.7-1.1.mga8.noarch.rpm
php-filter-debuginfo-8.0.7-1.1.mga8
php-sqlite3-debuginfo-8.0.7-1.1.mga8
php-iconv-debuginfo-8.0.7-1.1.mga8
php-mysqli-8.0.7-1.1.mga8
php-odbc-debuginfo-8.0.7-1.1.mga8
php-pgsql-8.0.7-1.1.mga8
php-zlib-debuginfo-8.0.7-1.1.mga8
php-posix-debuginfo-8.0.7-1.1.mga8
php-pdo-8.0.7-1.1.mga8
php-pdo_pgsql-debuginfo-8.0.7-1.1.mga8
php-session-8.0.7-1.1.mga8
php-curl-8.0.7-1.1.mga8
php-gd-8.0.7-1.1.mga8
php-pdo_mysql-debuginfo-8.0.7-1.1.mga8
php-pdo_firebird-debuginfo-8.0.7-1.1.mga8
php-sockets-8.0.7-1.1.mga8
php-xsl-debuginfo-8.0.7-1.1.mga8
php-imap-8.0.7-1.1.mga8
php-pdo_sqlite-debuginfo-8.0.7-1.1.mga8
php-xmlwriter-debuginfo-8.0.7-1.1.mga8
php-tokenizer-debuginfo-8.0.7-1.1.mga8
php-xmlreader-debuginfo-8.0.7-1.1.mga8
php-calendar-debuginfo-8.0.7-1.1.mga8
php-sodium-8.0.7-1.1.mga8
php-readline-debuginfo-8.0.7-1.1.mga8
php-pdo_dblib-debuginfo-8.0.7-1.1.mga8
php-pcntl-debuginfo-8.0.7-1.1.mga8
php-ldap-8.0.7-1.1.mga8
php-exif-8.0.7-1.1.mga8
php-ftp-8.0.7-1.1.mga8
php-gmp-8.0.7-1.1.mga8
php-zip-8.0.7-1.1.mga8
php-dba-8.0.7-1.1.mga8
php-odbc-8.0.7-1.1.mga8
php-pdo_odbc-debuginfo-8.0.7-1.1.mga8
php-sqlite3-8.0.7-1.1.mga8
php-tidy-8.0.7-1.1.mga8
php-bz2-debuginfo-8.0.7-1.1.mga8
php-snmp-8.0.7-1.1.mga8
php-zlib-8.0.7-1.1.mga8
php-enchant-debuginfo-8.0.7-1.1.mga8
php-pdo_pgsql-8.0.7-1.1.mga8
php-filter-8.0.7-1.1.mga8
php-iconv-8.0.7-1.1.mga8
php-bcmath-8.0.7-1.1.mga8
php-xmlwriter-8.0.7-1.1.mga8
php-ctype-debuginfo-8.0.7-1.1.mga8
php-posix-8.0.7-1.1.mga8
php-sysvmsg-debuginfo-8.0.7-1.1.mga8
php-gettext-debuginfo-8.0.7-1.1.mga8
php-pdo_firebird-8.0.7-1.1.mga8
php-xmlreader-8.0.7-1.1.mga8
php-pcntl-8.0.7-1.1.mga8
php-pdo_sqlite-8.0.7-1.1.mga8
php-xsl-8.0.7-1.1.mga8
php-readline-8.0.7-1.1.mga8
php-pdo_mysql-8.0.7-1.1.mga8
php-calendar-8.0.7-1.1.mga8
php-sysvshm-debuginfo-8.0.7-1.1.mga8
php-pdo_dblib-8.0.7-1.1.mga8
php-bz2-8.0.7-1.1.mga8
php-tokenizer-8.0.7-1.1.mga8
php-enchant-8.0.7-1.1.mga8
php-sysvsem-debuginfo-8.0.7-1.1.mga8
php-shmop-debuginfo-8.0.7-1.1.mga8
php-sysvshm-8.0.7-1.1.mga8
php-sysvmsg-8.0.7-1.1.mga8
php-pdo_odbc-8.0.7-1.1.mga8
php-sysvsem-8.0.7-1.1.mga8
php-shmop-8.0.7-1.1.mga8
php-gettext-8.0.7-1.1.mga8
php-fpm-nginx-8.0.7-1.1.mga8
php-fpm-apache-8.0.7-1.1.mga8
php-ctype-8.0.7-1.1.mga8
php-devel-8.0.7-1.1.mga8


SRPM:
php-8.0.7-1.1.mga8.src.rpm

Assignee: mageia => qa-bugs

Comment 2 David Walser 2021-06-29 18:29:04 CEST

Don't forget to make a bug for PHP 7.3.29.  Thanks.

Marc Krämer 2021-06-29 18:30:22 CEST

Assignee: qa-bugs => mageia

Marc Krämer 2021-06-29 18:30:33 CEST

Summary: PHP: update to version 8.0.7 => PHP: update to version 8.0.8

Comment 3 Marc Krämer 2021-06-29 18:31:32 CEST

next release is scheduled for thursday - build already done - waiting for the detailed changelog...

Comment 4 Marc Krämer 2021-07-01 17:10:43 CEST

Updated php package to the latest version 8.0.8

- Fixed bug #81122 (SSRF bypass in FILTER_VALIDATE_URL). (CVE-2021-21705)
- Fixed bug #81048 (phpinfo(INFO_VARIABLES) "Array to string conversion").
- MySQLnd: Fixed bug #80761 (PDO uses too much memory).
- PDO_Firebird:
Fixed bug #76448 (Stack buffer overflow in firebird_info_cb). (CVE-2021-21704)
Fixed bug #76449 (SIGSEGV in firebird_handle_doer). (CVE-2021-21704)
Fixed bug #76450 (SIGSEGV in firebird_stmt_execute). (CVE-2021-21704)
Fixed bug #76452 (Crash while parsing blob data in firebird_fetch_blob). (CVE-2021-21704)

References:
https://www.php.net/ChangeLog-8.php#8.0.8
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21704
========================

Updated packages in core/updates_testing:
========================
php-fpm-8.0.8-1.1.mga8.x86_64.rpm
phpdbg-8.0.8-1.1.mga8.x86_64.rpm
php-cli-8.0.8-1.1.mga8.x86_64.rpm
php-cgi-8.0.8-1.1.mga8.x86_64.rpm
php-cli-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-cgi-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
apache-mod_php-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-fpm-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-intl-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-soap-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-opcache-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-opcache-8.0.8-1.1.mga8.x86_64.rpm
phpdbg-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-mbstring-8.0.8-1.1.mga8.x86_64.rpm
php-mbstring-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-mysqlnd-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-phar-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-openssl-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-dom-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-pgsql-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-intl-8.0.8-1.1.mga8.x86_64.rpm
php-fileinfo-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-mysqli-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-curl-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-ini-8.0.8-1.1.mga8.x86_64.rpm
apache-mod_php-8.0.8-1.1.mga8.x86_64.rpm
php-pdo-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-sockets-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-phar-8.0.8-1.1.mga8.x86_64.rpm
php-session-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-soap-8.0.8-1.1.mga8.x86_64.rpm
php-mysqlnd-8.0.8-1.1.mga8.x86_64.rpm
php-ldap-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-gmp-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-imap-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-gd-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-exif-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-zip-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-sodium-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-dba-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-ftp-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-snmp-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-dom-8.0.8-1.1.mga8.x86_64.rpm
php-openssl-8.0.8-1.1.mga8.x86_64.rpm
php-tidy-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-bcmath-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-doc-8.0.8-1.1.mga8.noarch.rpm
php-filter-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-iconv-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-sqlite3-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-pgsql-8.0.8-1.1.mga8.x86_64.rpm
php-mysqli-8.0.8-1.1.mga8.x86_64.rpm
php-odbc-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-zlib-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-pdo-8.0.8-1.1.mga8.x86_64.rpm
php-posix-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-session-8.0.8-1.1.mga8.x86_64.rpm
php-pdo_pgsql-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-pdo_firebird-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-gd-8.0.8-1.1.mga8.x86_64.rpm
php-curl-8.0.8-1.1.mga8.x86_64.rpm
php-pdo_mysql-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-sockets-8.0.8-1.1.mga8.x86_64.rpm
php-pdo_sqlite-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-imap-8.0.8-1.1.mga8.x86_64.rpm
php-xsl-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-tokenizer-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-xmlwriter-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-calendar-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-xmlreader-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-sodium-8.0.8-1.1.mga8.x86_64.rpm
php-exif-8.0.8-1.1.mga8.x86_64.rpm
php-pdo_dblib-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-ldap-8.0.8-1.1.mga8.x86_64.rpm
php-readline-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-zip-8.0.8-1.1.mga8.x86_64.rpm
php-gmp-8.0.8-1.1.mga8.x86_64.rpm
php-pcntl-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-fileinfo-8.0.8-1.1.mga8.x86_64.rpm
php-pdo_odbc-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-ftp-8.0.8-1.1.mga8.x86_64.rpm
php-odbc-8.0.8-1.1.mga8.x86_64.rpm
php-sqlite3-8.0.8-1.1.mga8.x86_64.rpm
php-dba-8.0.8-1.1.mga8.x86_64.rpm
php-bz2-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-zlib-8.0.8-1.1.mga8.x86_64.rpm
php-tidy-8.0.8-1.1.mga8.x86_64.rpm
php-pdo_pgsql-8.0.8-1.1.mga8.x86_64.rpm
php-iconv-8.0.8-1.1.mga8.x86_64.rpm
php-filter-8.0.8-1.1.mga8.x86_64.rpm
php-snmp-8.0.8-1.1.mga8.x86_64.rpm
php-enchant-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-bcmath-8.0.8-1.1.mga8.x86_64.rpm
php-xmlwriter-8.0.8-1.1.mga8.x86_64.rpm
php-sysvmsg-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-ctype-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-pcntl-8.0.8-1.1.mga8.x86_64.rpm
php-pdo_firebird-8.0.8-1.1.mga8.x86_64.rpm
php-posix-8.0.8-1.1.mga8.x86_64.rpm
php-gettext-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-pdo_sqlite-8.0.8-1.1.mga8.x86_64.rpm
php-xsl-8.0.8-1.1.mga8.x86_64.rpm
php-xmlreader-8.0.8-1.1.mga8.x86_64.rpm
php-sysvshm-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-readline-8.0.8-1.1.mga8.x86_64.rpm
php-bz2-8.0.8-1.1.mga8.x86_64.rpm
php-pdo_mysql-8.0.8-1.1.mga8.x86_64.rpm
php-shmop-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-pdo_dblib-8.0.8-1.1.mga8.x86_64.rpm
php-tokenizer-8.0.8-1.1.mga8.x86_64.rpm
php-calendar-8.0.8-1.1.mga8.x86_64.rpm
php-shmop-8.0.8-1.1.mga8.x86_64.rpm
php-enchant-8.0.8-1.1.mga8.x86_64.rpm
php-pdo_odbc-8.0.8-1.1.mga8.x86_64.rpm
php-sysvmsg-8.0.8-1.1.mga8.x86_64.rpm
php-sysvsem-debuginfo-8.0.8-1.1.mga8.x86_64.rpm
php-sysvshm-8.0.8-1.1.mga8.x86_64.rpm
php-ctype-8.0.8-1.1.mga8.x86_64.rpm
php-sysvsem-8.0.8-1.1.mga8.x86_64.rpm
php-gettext-8.0.8-1.1.mga8.x86_64.rpm
php-fpm-apache-8.0.8-1.1.mga8.x86_64.rpm
php-fpm-nginx-8.0.8-1.1.mga8.x86_64.rpm
php-debugsource-8.0.8-1.1.mga8.x86_64.rpm
php-devel-8.0.8-1.1.mga8.x86_64.rpm

SRPM:
php-8.0.8-1.1.mga8.src.rpm

Assignee: mageia => qa-bugs

Comment 5 David Walser 2021-07-09 00:12:03 CEST

Please remember to remove the subrel for the next update.

Ran my usual battery of PHP test cases and they worked fine.

Whiteboard: (none) => MGA8-64-OK

Comment 6 Thomas Andrews 2021-07-09 03:16:54 CEST

Thanks, David. Validating. Advisory in Comment 4.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Thomas Backlund 2021-07-10 12:59:21 CEST

QA Contact: (none) => security
Component: RPM Packages => Security
Keywords: (none) => advisory
CVE: (none) => CVE-2021-21704, CVE-2021-21705

Comment 7 Mageia Robot 2021-07-10 14:58:37 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0330.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED