Critical PHP-FPM Vulnerability
A 'new' (from may this year) privilege escalation exploit in PHP-FPM has been found by a security firm. More information about CVE-2021-21703:
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.
DirectAdmin has already patches out it seems, just update with the standard way via custombuild.
For debian, please track the progress here: https://security-tracker.debian.org/tracker/CVE-2021-21703
The PHP team also announced that since PHP7.3 is close to being end of life, they will probably not be updating it and they will rely on third-party repomasters (like Ondrey) for keeping <php7.3 up to date.
Update asap people!