php:7.2 security, bug fix, and enhancement update

エラータID: AXSA:2020-845:01

Release date: 
Sunday, November 1, 2020 - 04:22
Subject: 
php:7.2 security, bug fix, and enhancement update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Server.

The following packages have been upgraded to a later upstream version: php
(7.2.24). (BZ#1726981)

Security Fix(es):
php: Invalid memory access in function xmlrpc_decode() (CVE-2019-9020)
php: File rename across filesystems may allow unwanted access during
processing (CVE-2019-9637)
php: Uninitialized read in exif_process_IFD_in_MAKERNOTE (CVE-2019-9638)
php: Uninitialized read in exif_process_IFD_in_MAKERNOTE (CVE-2019-9639)
php: Invalid read in exif_process_SOFn() (CVE-2019-9640)
php: Out-of-bounds read due to integer overflow in
iconv_mime_decode_headers() (CVE-2019-11039)
php: Buffer over-read in exif_read_data() (CVE-2019-11040)
php: Buffer over-read in PHAR reading functions (CVE-2018-20783)
php: Heap-based buffer over-read in PHAR reading functions (CVE-2019-9021)
php: memcpy with negative length via crafted DNS response (CVE-2019-9022)
php: Heap-based buffer over-read in mbstring regular expression functions
(CVE-2019-9023)
php: Out-of-bounds read in base64_decode_xmlrpc in
ext/xmlrpc/libxmlrpc/base64.c (CVE-2019-9024)
php: Heap buffer overflow in function exif_process_IFD_TAG()
(CVE-2019-11034)
php: Heap buffer overflow in function exif_iif_add_value() (CVE-2019-11035)
php: Buffer over-read in exif_process_IFD_TAG() leading to information
disclosure (CVE-2019-11036)
php: Heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041)
php: Heap buffer over-read in exif_process_user_comment() (CVE-2019-11042)

CVE(s):
CVE-2018-20783
CVE-2019-9020
CVE-2019-9021
CVE-2019-9022
CVE-2019-9023
CVE-2019-9024
CVE-2019-9637
CVE-2019-9638
CVE-2019-9639
CVE-2019-9640
CVE-2019-11034
CVE-2019-11035
CVE-2019-11036
CVE-2019-11039
CVE-2019-11040
CVE-2019-11041
CVE-2019-11042

Additional info:
https://access.redhat.com/errata/RHSA-2020:1624
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20783
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9021
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9024
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9637
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9638
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9639
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9640
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11034
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11035
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11036
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11042

Modularity name: php
Stream name: 7.2

Solution: 

Update packages.

CVEs: 
CVE-2018-20783
In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in ext/phar/phar.c.
CVE-2019-11034
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
CVE-2019-11035
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.
CVE-2019-11036
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
CVE-2019-11039
Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.
CVE-2019-11040
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
CVE-2019-11041
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
CVE-2019-11042
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
CVE-2019-9020
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c.
CVE-2019-9021
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c.
CVE-2019-9022
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries.
CVE-2019-9023
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences.
CVE-2019-9024
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.
CVE-2019-9637
An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data.
CVE-2019-9638
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.
CVE-2019-9639
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.
CVE-2019-9640
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.
Additional Info: 

N/A

Download: 

SRPMS
  1. libzip-1.5.1-2.module+el8+133+be47dfb6.src.rpm
    MD5: f1686b388e838655af7920699aef7adb
    SHA-256: 7fd596fde906a34d0c51e559211b930d224a9775671d9d4549b7712cd0836e0a
    Size: 717.60 kB
  2. php-pear-1.10.5-9.module+el8+133+be47dfb6.src.rpm
    MD5: eb1affdc36e1b600b98d44d16975335a
    SHA-256: a0c4f4dc59a6263e2750f6d9d0e15c7ff0e0c7feca6ce9f80e03837ccd2f3f60
    Size: 376.53 kB
  3. php-pecl-apcu-5.1.12-2.module+el8+133+be47dfb6.src.rpm
    MD5: 397c1fda4612179829e757e65e8439f6
    SHA-256: 1ceb491f3ac8b99df0efc0eb9a204bcb1f4a57983016b6337f2ae1d140acb3f8
    Size: 118.19 kB
  4. php-pecl-zip-1.15.3-1.module+el8+133+be47dfb6.src.rpm
    MD5: 758e3a20b476e5bb5bb7ba6d497b3e0a
    SHA-256: b7339f35bdf90b14de81ce2ba3d24520f8346eba908cbef5273b1edfa30b1c29
    Size: 274.34 kB
  5. php-7.2.24-1.module+el8+133+be47dfb6.src.rpm
    MD5: 5ff5f85e70e58a65be2eab048778ed16
    SHA-256: 13168b93015578e05b637203cc3489c9191a29418aef630746bce75a1c4a4f20
    Size: 11.86 MB

Asianux Server 8 for x86_64
  1. libzip-1.5.1-2.module+el8+133+be47dfb6.x86_64.rpm
    MD5: 3ec0eb023256cf288b836cbed34f6848
    SHA-256: 6c25055c67f044eff85e8378819b63d180b848dd34c122b0b202f41c0c6ce318
    Size: 61.11 kB
  2. libzip-devel-1.5.1-2.module+el8+133+be47dfb6.x86_64.rpm
    MD5: df40163e705ab25a5b2ddb54892f1ff8
    SHA-256: bc3b2d364aecfc138ac42131216effaf951cefb17159a1bdf84fd382cdb15b51
    Size: 178.13 kB
  3. libzip-tools-1.5.1-2.module+el8+133+be47dfb6.x86_64.rpm
    MD5: 9e581cc3f3cd5c18a7eb59fd21a02c76
    SHA-256: 1604d3c864f893a3b68d2a9deca6c2a360e68bdbd18916a86de0e8416562a0e0
    Size: 42.54 kB
  4. php-pear-1.10.5-9.module+el8+133+be47dfb6.noarch.rpm
    MD5: d2869673a2172a2288fa996a4574dffe
    SHA-256: 641d44d493ecbed7b19954773d0ac4865001c3d125373fff16eedae91af9ab5d
    Size: 356.45 kB
  5. apcu-panel-5.1.12-2.module+el8+133+be47dfb6.noarch.rpm
    MD5: e88a53761902652b21024dddca5acf60
    SHA-256: b042b3eaf6079f199a84735e4ee64436dae8abe31b3e548937c411ad0c0d194c
    Size: 22.21 kB
  6. php-pecl-apcu-5.1.12-2.module+el8+133+be47dfb6.x86_64.rpm
    MD5: 5867ba46012bb50aed8d33c398d63c59
    SHA-256: 0cb15d712593fcf460582386d4ded2b32403e0ba8d0ab50487a6d7029f8ae7a4
    Size: 63.96 kB
  7. php-pecl-apcu-devel-5.1.12-2.module+el8+133+be47dfb6.x86_64.rpm
    MD5: 2a4ca4aa819851c839c503d011098d95
    SHA-256: 0ad0b256ad0752420bc6db5639f97fc86bc67c76b529cf6a51978fdd95a3e37c
    Size: 44.64 kB
  8. php-pecl-zip-1.15.3-1.module+el8+133+be47dfb6.x86_64.rpm
    MD5: 4532c55a5a286820d68ab91762eb6c41
    SHA-256: 5aa57181eda400aa9a7c567433cbed2d63af9bb6ce8c00f09619330dcbec9e1c
    Size: 49.34 kB
  9. php-7.2.24-1.module+el8+133+be47dfb6.x86_64.rpm
    MD5: 1154e368fe44ce6150dd2d038c5e2d05
    SHA-256: c5f11c7988a8887db58c71c6998dad69e6b43fe29a73c204a4145adb45e4f72f
    Size: 1.53 MB
  10. php-bcmath-7.2.24-1.module+el8+133+be47dfb6.x86_64.rpm
    MD5: 8611ce89c61ac37df4e68bf6ac211f24
    SHA-256: 5038274aab6c7e083fc33323a8eb5601f0a4b33f94e7586c35159debbebef96a
    Size: 77.92 kB
  11. php-cli-7.2.24-1.module+el8+133+be47dfb6.x86_64.rpm
    MD5: 9fa2940dfa5b470c4d39e4d6999174cc
    SHA-256: 30812c27be688f82d30a9962149fadaffc27887d646899f2b2f47b0a09d76c05
    Size: 3.10 MB
  12. php-common-7.2.24-1.module+el8+133+be47dfb6.x86_64.rpm
    MD5: 7cc30a7b9521f801db35acdd63a0f085
    SHA-256: 349b26552d8f97f1cf155cd1ef283f9af81b2f93e68a961099c043615f214297
    Size: 659.34 kB
  13. php-dba-7.2.24-1.module+el8+133+be47dfb6.x86_64.rpm
    MD5: eaab632b65811241e2904e79f5703bfe
    SHA-256: 00cb9f6a09130e0dff572d332c628f6f0a438ad15c124cfd3e819cecf6904cd9
    Size: 76.51 kB
  14. php-dbg-7.2.24-1.module+el8+133+be47dfb6.x86_64.rpm
    MD5: faea053f2638dc0b1e9b087d7f30c46f
    SHA-256: b5ec5421ada5bc69592388bed3d22b75677437de2791b624b63d357c51a7fcab
    Size: 1.64 MB
  15. php-devel-7.2.24-1.module+el8+133+be47dfb6.x86_64.rpm
    MD5: 0e9ea8f8b6c7ddb8cfd3517d7d396aa0
    SHA-256: 8be3fb7e6d61bd7f20cacf1e9e5a88c9f54113922be6ec6a0a159d07c8364d58
    Size: 710.53 kB
  16. php-embedded-7.2.24-1.module+el8+133+be47dfb6.x86_64.rpm
    MD5: 8673a32a1eccf245a1dd81fc1b8c9f20
    SHA-256: 527a8255e9bfa884c0918cdbae33966b02ed5a917e6de4244444bf33b30eb832
    Size: 1.52 MB
  17. php-enchant-7.2.24-1.module+el8+133+be47dfb6.x86_64.rpm
    MD5: ef56ec1bdb0eeff92d63f74e74a85b40
    SHA-256: 500d1218dadae864ce681cd56ddfd202163488baff626c95fec4eecd329c40c3
    Size: 62.31 kB
  18. php-fpm-7.2.24-1.module+el8+133+be47dfb6.x86_64.rpm
    MD5: 01e0fdcab93cccd33ac05602082a3281
    SHA-256: d4316c2661dc7ab22d37a4ea436d78141ad59eb41cd775c90e906a7968fa9718
    Size: 1.60 MB
  19. php-gd-7.2.24-1.module+el8+133+be47dfb6.x86_64.rpm
    MD5: fa6991a3ade95cb8053a9e09f2105b70
    SHA-256: 5006f0b0be6664d3da3af1a5d5173860ef578a1dff82a61264fe273e88c7085d
    Size: 82.39 kB
  20. php-gmp-7.2.24-1.module+el8+133+be47dfb6.x86_64.rpm
    MD5: 5364d87f9c4cbfd96b9e026ea1739a62
    SHA-256: ec30405b5559ad6bdc9a4b35ee5ac7b6284b692e7ac1162217cef3f0a361d523
    Size: 74.04 kB
  21. php-intl-7.2.24-1.module+el8+133+be47dfb6.x86_64.rpm
    MD5: 1bb90013fc9d76500e3b8a834049cecf
    SHA-256: 03e032c5b09b7900c9300226c2c5f25e18d2a67d87103a288a4d8fa7f95f2972
    Size: 190.75 kB
  22. php-json-7.2.24-1.module+el8+133+be47dfb6.x86_64.rpm
    MD5: e6912758b36314b59fb5b6b4901ff9d9
    SHA-256: 9dfdfabe10df5ce29ecfb259fff627d3445dfee0b3885daf9b1796c38637e306
    Size: 72.22 kB
  23. php-ldap-7.2.24-1.module+el8+133+be47dfb6.x86_64.rpm
    MD5: 8e972d5551cbad0c9db8dbc2597fd9c3
    SHA-256: fa12e3cc0309067078039ae2eb45968bca6fd504b621e06d96929241ab33566a
    Size: 77.68 kB
  24. php-mbstring-7.2.24-1.module+el8+133+be47dfb6.x86_64.rpm
    MD5: 2270b1939a2ba896d10577d3da0556e6
    SHA-256: 1bdb2d88ceece1971c3be9e679404e87e9524fa83061dbcfd472b55c2f54a26a
    Size: 578.67 kB
  25. php-mysqlnd-7.2.24-1.module+el8+133+be47dfb6.x86_64.rpm
    MD5: 8c2a1abc653d0aebcbb481fa115f9640
    SHA-256: 9a9592af672ef748ef2260d2481dee88ea97de6f42e69b11d32f72383dcccc19
    Size: 188.95 kB
  26. php-odbc-7.2.24-1.module+el8+133+be47dfb6.x86_64.rpm
    MD5: 59c350ec8e716a9385f76df90fb5fbd3
    SHA-256: 9dcb7ad21ca2aad6717f6406869868cf9c68360bba7d7351feb1dd025329741e
    Size: 87.00 kB
  27. php-opcache-7.2.24-1.module+el8+133+be47dfb6.x86_64.rpm
    MD5: 91cd51dddf04077b66fe41167d55dc0b
    SHA-256: f1c1bc0d3495b71a2b2d96f4ababa16e5f5ff0b02c44fa68e6f6cb31a3bd2b6e
    Size: 229.86 kB
  28. php-pdo-7.2.24-1.module+el8+133+be47dfb6.x86_64.rpm
    MD5: 6ea54165c56959aaa6dd091983fc1026
    SHA-256: 0eeed638d54b05eb14f254354c8446d9b5324fe2dafa97ce1f9f151c52bea0bf
    Size: 121.22 kB
  29. php-pgsql-7.2.24-1.module+el8+133+be47dfb6.x86_64.rpm
    MD5: 00610ac6c140ed588500c0086e29e781
    SHA-256: c507f81246cf7efd5363c2f9c3d1c9bb8dd5873e3eaa4c8a73b727250a2c02a9
    Size: 116.20 kB
  30. php-process-7.2.24-1.module+el8+133+be47dfb6.x86_64.rpm
    MD5: 100f2e510f66d1328b7009046149ac0e
    SHA-256: 8a44acfcbefddfcc9da1ee7f27f4528076b7de25df99a7dbaf4361d4acbf263c
    Size: 82.60 kB
  31. php-recode-7.2.24-1.module+el8+133+be47dfb6.x86_64.rpm
    MD5: d9d79fc8a5608f1555cd92ea23d64823
    SHA-256: 7e01aed01980247ffe9972be71e74b8fd4e8b42d0ac03581a0698373f5b61633
    Size: 58.14 kB
  32. php-snmp-7.2.24-1.module+el8+133+be47dfb6.x86_64.rpm
    MD5: c06d029e5b64b564d42a2a60a2f110a0
    SHA-256: b15b3089bed1ae93fbcfa23ec3d82e2c807bbf2618faff136ed619e0d16eb90c
    Size: 72.72 kB
  33. php-soap-7.2.24-1.module+el8+133+be47dfb6.x86_64.rpm
    MD5: f2f98d01542a0d838ed90117cc50098d
    SHA-256: 65fb4ad5fc84a4ade0268420586279c489315afcac46df7039860941e4dbc696
    Size: 175.57 kB
  34. php-xml-7.2.24-1.module+el8+133+be47dfb6.x86_64.rpm
    MD5: 49a155f85f872494fdec9488bbe359cf
    SHA-256: 0e8c15dfb2b37544564a7dc7cee18f817d83b659c940a9a89550f7027dd15e32
    Size: 186.57 kB
  35. php-xmlrpc-7.2.24-1.module+el8+133+be47dfb6.x86_64.rpm
    MD5: ab94bbfd6147507501d66dcd050d5a66
    SHA-256: 329548961b2d0e4d8bfe64de0ed606c2a0620c99df829efa8fe6de16a292e964
    Size: 87.72 kB