Zend Server 2021.3.5 | Zend by Perforce

June 2024

Contains only PHP security fixes and updated apache, lighttpd, curl, openssl components. No changes in Zend Server

Backported PHP CVE fixes

PHP version 7.1.33.23, 7.2.34.19, 7.3.33.11, 7.4.33.6 CVE fixes
- CGI
  - Fixed bug GHSA-3qgc-jrrr-25jv: Bypass of CVE-2012-1823, Argument Injection in PHP-CGI (CVE-2024-4577)
- Filter
  - Fixed bug GHSA-w8qr-v226-r27w: Filter bypass in filter_var FILTER_VALIDATE_URL (CVE-2024-5458)
PHP version 7.4.33.6 CVE fix
- Standard
  - Fixed bug GHSA-9fcc-425m-g385: Bypass of CVE-2024-1874 (CVE-2024-5585)

Known issues

RHEL 8 upgrade may fail with the message:

Problem: cannot install the best update candidate for package liboci8-zend-11.2.0.4-8.x86_64

This problem is related to RHEL RPM package dependency resolving, and cannot be fixed in Zend Server packaging. Dependency package libaio from RHEL repository does not install for unknown reasons.

Solution: Enter the following command when this error message has been displayed, and then retry the upgrade.

sudo yum install libaio-0.3.112-1.el8.i686 liboci8-zend