php-5.4.16-48.0.1.el7.AXS7

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for
developers to write dynamically generated web pages. PHP also offers built-in
database integration for several commercial and non-commercial database
management systems, so writing a database-enabled webpage with PHP is fairly
simple. The most common use of PHP coding is probably as a replacement for CGI
scripts.

The php package contains the module (often referred to as mod_php) which adds
support for the PHP language to Apache HTTP Server.

Security Fix(es):

* CVE-2020-7071: fix URL validation with functions like filter_var($url,
FILTER_VALIDATE_URL)
* CVE-2021-21705: fix URL validation functionality via filter_var() function
with FILTER_VALIDATE_URL parameter when an URL with invalid password field can
be accepted as valid

CVE(s):
CVE-2020-7071
In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.
CVE-2021-21705
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.