-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0606
                          php7.3 security update
                             18 February 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           php7.3
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Overwrite Arbitrary Files -- Remote/Unauthenticated
                   Denial of Service         -- Remote/Unauthenticated
                   Reduced Security          -- Remote/Unauthenticated
                   Access Confidential Data  -- Existing Account      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-21702 CVE-2020-7071 CVE-2020-7070
                   CVE-2020-7069 CVE-2020-7068 

Reference:         ESB-2020.3671
                   ESB-2020.3546
                   ESB-2020.3509

Original Bulletin: 
   http://www.debian.org/security/2021/dsa-4856

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4856-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
February 17, 2021                     https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : php7.3
CVE ID         : CVE-2020-7068 CVE-2020-7069 CVE-2020-7070 CVE-2020-7071 
                 CVE-2021-21702

Multiple security issues were found in PHP, a widely-used open source
general purpose scripting language which could result in denial of
service, information disclosure, cookie forgery or incorrect encryption.

For the stable distribution (buster), these problems have been fixed in
version 7.3.27-1~deb10u1.

We recommend that you upgrade your php7.3 packages.

For the detailed security status of php7.3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php7.3

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmAtkVwACgkQEMKTtsN8
TjZ41g//e8PiVKbNVmYAbvssLu1ftKMLRmKkzQZZo4EK8GK50i25SKxlEVgGqFef
PCbr7AaD3eGrTOTzIE5wqJclhhx664DAWeM68rEJKfn0w5EYznCi/h/vyBiEW4eH
DAkBHcckCOMwsXgdvfQk/HAtqA1xoPmC8DZnbpgkd7feXT9/b/YYvv2dQxTMCaT3
AWaX4DBFOQVuk2yyLW9uCNC/cZBkeD3sTZFllV2SsXVr9NKMz3zxMsQAv1UlCTdl
8o8UM7d+zU3a5U5Ua1ENa2QR+RK0jhdRGgkJaXHZbdgZ+uV9rmt/PsV6NFzDseRv
/lv44YF+Qs1a5u8SIUORB6BVMhCWECXgXBEQHXsoN+63xc8UcOIpI5tQHq+D4/MY
YDyzC9W+fCred/NjVbaPUce6kxoz7k79/dfYbiE/sXj3pvoXqLRj9biRYUM2+/En
vzstFBnZqwMv04zSzx+JALpFhkBv5ddg5R03B10o/FxndSJak1dGTUKOsa6M31qR
0pEeKmMizGq7Ws1QmqEvWfbR/uXEd43sEoaC0+OVB6XntUISRmUAj5hkFt/Yy3bd
622nZfXyhdepoPCXTEaDearJd2qdL8wcREG4f+42PMwhjTys/Iw0eVR5LGdKnlmX
lbkT1Q1MX3XNbAQTIQpYX0TJJ9oCFU8Wq9HLlV2Eatqb2Hw7AEQ=
=9Q7e
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYC37seNLKJtyKPYoAQjNyw/+N+dhT9dAZKDe+k4VdjxAQBKOnhkwmcQe
dCYMmQXTqtUJICydt2H/qKRkBfoZCBAHE4ac5dnf6VQb3Od3llqAAzxomS/Fn3bQ
YMU7Y0xyoKbLL1kZJC6BHsWYWOBcotRyi2OrbMpIkGCKNvp7zw3XyF2A+qLQieUI
jsjNpYW+vcyTOeyizAjJiw4FjH+eVASHIv5DkRVF7Q91yVvXUJMfj2LkFSz0JTuQ
en5O0F+Sgi/NlVo/s2oiSe7I2m3v+pLCGl8pPkO3fNK8NaKNPJZ9dBCqmWV1nvLm
3UjFA82E3U6H0DnyrhgbP0KMX+vQmgYxJr9MA8mrtgw4hjuvU4v4K4ePeaEO7Z9w
Rm+H0B/J1NB71blgvm/IzmxmvXHRYfk8gMtBFwg2jc+n0G/VytvQfNFR+llvxf6N
mnvkRkQ05yC+CAFcK7I3t1XLqUdCvq9KbLOsMoWEc5qFr2PEs89yu/cwokgFdljd
QC+FSpPz0+cJRh4WmVhOJvaEo7GXKbmc+QfZtcpVm7N4iHHpXDXFR+IJfdgSDw2h
M30Rx1Sg1goOxv758M2Pdf2Q+ZbepswCjCBQ/exKmER0QMNE2yVP2W7JpqTcGJqa
sjg4yJSxYdkCGnWUSLpHH/2BkbPh92ifnTwOS4Yyn5t4GkXrEpXY1RIkjW2kc04B
RTOqdn3ZHU8=
=n9QP
-----END PGP SIGNATURE-----