php-5.3.3-50.AXS4

エラータID: AXSA:2019-4373:01

Release date: 
Thursday, October 31, 2019 - 21:00
Subject: 
php-5.3.3-50.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

Security Fix(es):

* php: underflow in env_path_info in fpm_main.c (CVE-2019-11043)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-11043
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

Solution: 

Update packages.

CVEs: 
CVE-2019-11043
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
Additional Info: 

N/A

Download: 

SRPMS
  1. php-5.3.3-50.AXS4.src.rpm
    MD5: 6de255f4140e6b7d4e386ffdd6118856
    SHA-256: 8098759114eea88c43638d535bab307d7a3e46e63ba1134d04ec55f42e253577
    Size: 10.41 MB

Asianux Server 4 for x86
  1. php-5.3.3-50.AXS4.i686.rpm
    MD5: d03c7bf4b383da1c8770290be19fadb5
    SHA-256: bea7accacdb10c37215f8c440176a0542a3a0c0be728f55b8f2f3ae83f3cf7f4
    Size: 1.12 MB
  2. php-bcmath-5.3.3-50.AXS4.i686.rpm
    MD5: 31acce14e7331b3a21409cdeec83a7f7
    SHA-256: 8ebec6a42ffcfc39c7e9c41f67c75e4caf364363d726124713964d2f5f657910
    Size: 39.06 kB
  3. php-cli-5.3.3-50.AXS4.i686.rpm
    MD5: d3d0f802ee4f5328c637afba19930926
    SHA-256: 41043d267b9be16d096bc3a2933f9be716576a920626c317c395a6af0f2858c7
    Size: 2.23 MB
  4. php-common-5.3.3-50.AXS4.i686.rpm
    MD5: aa61cb858a54314a8e706984df86b56e
    SHA-256: 069b0d23da9423b46d9c28e52afb3fedcca9c835658cae4e7aaf42d1d22fa672
    Size: 530.46 kB
  5. php-gd-5.3.3-50.AXS4.i686.rpm
    MD5: 8e8d2af426fe06c4272081aa71946514
    SHA-256: 5b4e4537732e757aff6cada803fde6858e87bc8c099341177b9a2963218b82c6
    Size: 109.38 kB
  6. php-ldap-5.3.3-50.AXS4.i686.rpm
    MD5: 09a5d260ea8ea7543e6aef5d4264fab0
    SHA-256: 1f22d103aac7cabaa7f1e555bceb5b43feabee79c7c9e4c2a60d75d1cb3d4591
    Size: 42.06 kB
  7. php-mbstring-5.3.3-50.AXS4.i686.rpm
    MD5: e3854256358daa8c95a1c932e0b262f6
    SHA-256: 3cfd05c3ab790807aaad676368af12894c301c4cc99ab2a0a86a4aaff6c0ad54
    Size: 459.49 kB
  8. php-mysql-5.3.3-50.AXS4.i686.rpm
    MD5: 73d82b6c29eccefbdadbcc37be5d24e2
    SHA-256: 4743acfbbca6f1a0a241b9af53330c152ce7cd2b3161b4f223dc7a95437e6b7d
    Size: 83.36 kB
  9. php-odbc-5.3.3-50.AXS4.i686.rpm
    MD5: 2da8798afea8174d976ce3fca89576ca
    SHA-256: c6d24cde4d02f889984f1266cdb443fb6823fa58ace20dbfdfd2c7188edbb9db
    Size: 54.62 kB
  10. php-pdo-5.3.3-50.AXS4.i686.rpm
    MD5: c3a2757cb40f0440f773cc20a858479a
    SHA-256: 0626b9e053edaf4336536e2674eda3c38fa7152e909fe957d6f66326663af32e
    Size: 78.61 kB
  11. php-pgsql-5.3.3-50.AXS4.i686.rpm
    MD5: 4987247975434de636ce7e825aa2258e
    SHA-256: 3cff435ac4d1cd58f946408fb7261146790107577f3606b57a2fcf45f64f2f9e
    Size: 73.66 kB
  12. php-soap-5.3.3-50.AXS4.i686.rpm
    MD5: 725a75b8c34498555a0d291e7316195a
    SHA-256: 75fe9e34920cf00cd1c1a333658736d5c9d3a7f83a1b397b35a9833ac963f546
    Size: 145.96 kB
  13. php-xml-5.3.3-50.AXS4.i686.rpm
    MD5: de208b9393f2b6a5263c44aca2396944
    SHA-256: 117938cf5aa9446b63e7e3d6db881681565846a20b313467f480c0c4592d1a28
    Size: 105.88 kB
  14. php-xmlrpc-5.3.3-50.AXS4.i686.rpm
    MD5: afc8e04439778a1f4ad9261d1fddc4eb
    SHA-256: 63b1aa6b359658006afdc89902a07e8bc8b8a5716101400b456f20af144593b1
    Size: 57.79 kB

Asianux Server 4 for x86_64
  1. php-5.3.3-50.AXS4.x86_64.rpm
    MD5: a545bc92f33ffff6dcf3240e3c851fbe
    SHA-256: c70b1f0df2b124789743667543717b4539b039f053ffc5adff448369db1d6191
    Size: 1.13 MB
  2. php-bcmath-5.3.3-50.AXS4.x86_64.rpm
    MD5: 42e00af303a82b9399b7765acf461801
    SHA-256: 8d1151eca508c4b233111ab2b83f8f4307606b1dca04716db80ad29a25480095
    Size: 38.79 kB
  3. php-cli-5.3.3-50.AXS4.x86_64.rpm
    MD5: 75a81b01fbc44bbc868d2a06f6823756
    SHA-256: 5473500929676aca74ff2b007a4ccca5f721e7dd64159bb25d778b0df32eedfc
    Size: 2.19 MB
  4. php-common-5.3.3-50.AXS4.x86_64.rpm
    MD5: dd5dcafc6a42e941e7f116c5ca055abb
    SHA-256: 136fdfb3356abc4cbf33da4062975363a9043d0d9d77f6a0e4baa3d2652c69af
    Size: 529.04 kB
  5. php-gd-5.3.3-50.AXS4.x86_64.rpm
    MD5: 9137943d28ec89b854c6ab76d54a2598
    SHA-256: 7e878283a09ae02bbc47ce4fd7802854045faa050f42f39e051eb78b9e1e4552
    Size: 110.68 kB
  6. php-ldap-5.3.3-50.AXS4.x86_64.rpm
    MD5: e986acb534e4cff0250c3faec808b5f1
    SHA-256: d28c6ad2926ad157fcae6ceb65e4b90fd91b48640c81d0c418f85a5da7971ad0
    Size: 42.42 kB
  7. php-mbstring-5.3.3-50.AXS4.x86_64.rpm
    MD5: 0d9c7b7b84e6c1c04cd0eb22062dc75f
    SHA-256: 8919471a80a9b87f800be3d6181ad50314681bfb7522e90557a9bc37d1b09577
    Size: 459.41 kB
  8. php-mysql-5.3.3-50.AXS4.x86_64.rpm
    MD5: aebcb166d7297f33d84927977149245e
    SHA-256: 2bae276722dabc1aeaafe60cf6fed49bb2de58d26ab7506bd41cd5f0461dc962
    Size: 85.55 kB
  9. php-odbc-5.3.3-50.AXS4.x86_64.rpm
    MD5: 80030e4a3f372b9e3478b245631db467
    SHA-256: 576b386d39eaf3736fde2c5cf042f6861304f843e1b048779f3b3335aa85d92e
    Size: 54.95 kB
  10. php-pdo-5.3.3-50.AXS4.x86_64.rpm
    MD5: 344249be9cf72309a0720d013aaf1216
    SHA-256: 58f9b8789dd5d8afeb2bfb69adcf02e1607cbb535691b07665b87714132a5b3f
    Size: 79.32 kB
  11. php-pgsql-5.3.3-50.AXS4.x86_64.rpm
    MD5: 68912f229b888db4a204a30aa6601ac8
    SHA-256: d6c3794659143e30c64219e903b359fa310cdef909404a75ffc8ebd41a09815d
    Size: 74.35 kB
  12. php-soap-5.3.3-50.AXS4.x86_64.rpm
    MD5: eb2d2cfddad123e0fb45cb406b532239
    SHA-256: c97c584a9d14e19a28111e4f0b362fd73fcedbc93bc69cac437f3ab15556ff05
    Size: 144.58 kB
  13. php-xml-5.3.3-50.AXS4.x86_64.rpm
    MD5: 03d61c502f532558090762b55cc779b6
    SHA-256: 6ab23da817f7ccc784188de9a00d4d1bfebd2798d915815b3bb880a8a099bb2d
    Size: 107.37 kB
  14. php-xmlrpc-5.3.3-50.AXS4.x86_64.rpm
    MD5: e684dae7ca5c8bc894aa0b8b84bb5536
    SHA-256: 58d62f0a0e6ec2827e5fc032897060dde3820ac30bb70b6938002d95c96d129e
    Size: 56.76 kB