php:7.4 security, bug fix, and enhancement update

エラータID: AXSA:2022-2972:01

Release date: 
Monday, January 17, 2022 - 07:25
Subject: 
php:7.4 security, bug fix, and enhancement update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

The following packages have been upgraded to a later upstream version: php (7.4.19).

Security Fix(es):

* php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV (CVE-2020-7069)
* php: FILTER_VALIDATE_URL accepts URLs with invalid userinfo (CVE-2020-7071)
* php: Use of freed hash key in the phar_parse_zipfile function (CVE-2020-7068)
* php: URL decoding of cookie names can lead to different interpretation of cookies between browser and server (CVE-2020-7070)
* php: NULL pointer dereference in SoapClient (CVE-2021-21702)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

CVE-2020-7068
In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.
CVE-2020-7069
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.
CVE-2020-7070
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.
CVE-2020-7071
In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.
CVE-2021-21702
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.

Modularity name: php
Stream name: 7.4

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. libzip-1.6.1-1.module+el8+1339+1f6c31b6.src.rpm
    MD5: 70f5f962e3251d243e323897f8f64bae
    SHA-256: 6aacf2c5213a932852844862897d49ac966b3bd2ef4096f0a463f728e54f9fb0
    Size: 732.68 kB
  2. php-pear-1.10.12-1.module+el8+1339+1f6c31b6.src.rpm
    MD5: ad152f83718b5494a0d2784b0d0ce5bd
    SHA-256: 38b9f27c9c3a7a3006b211cea963d9e0f4728ea681f502d742050f9d29b72cde
    Size: 379.35 kB
  3. php-pecl-apcu-5.1.18-1.module+el8+1339+1f6c31b6.src.rpm
    MD5: 73209604156355ad74b494871e4c30f0
    SHA-256: cbadddba8e21989797d282659089168695dda10d43767784a37d3ef5a6dc6c5e
    Size: 107.52 kB
  4. php-pecl-rrd-2.0.1-1.module+el8+1339+1f6c31b6.src.rpm
    MD5: 5fb85e9656386bfae0528149175718e3
    SHA-256: 7df181b7558eef627cd09da4a0d7ab6789d04d8994468930547231bc380c8438
    Size: 33.13 kB
  5. php-pecl-xdebug-2.9.5-1.module+el8+1339+1f6c31b6.src.rpm
    MD5: 8fb8d9b7f1092760c71270a36e5251e7
    SHA-256: 3786a4b78cdb77e22ad4d77b0af7d20fb9ad9594e433d5cf7487ee50585f6c26
    Size: 442.83 kB
  6. php-pecl-zip-1.18.2-1.module+el8+1339+1f6c31b6.src.rpm
    MD5: 364ab2f8a24731d68be3e79dee81c0e9
    SHA-256: a813f896076ff4649c97f8671cb5aeff1cabfd744fa136b5eda98e582084bea5
    Size: 307.83 kB
  7. php-7.4.19-1.module+el8+1339+1f6c31b6.src.rpm
    MD5: b2b5685a7ac1031b9a3d99f0d0cdf941
    SHA-256: 6cd51b3eceaec42bd34e205c6990c326500065674f7ac90bbd7c69a8d6b77ed3
    Size: 10.00 MB

Asianux Server 8 for x86_64
  1. libzip-1.6.1-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: 22cc6941ce22307953dc04a06ebb6c7f
    SHA-256: e6093121e3e5edb6e5bac631396260f89846546b2087f3179be32e5a1576da91
    Size: 63.25 kB
  2. libzip-debugsource-1.6.1-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: c7a39d1da22f6bbd419be77c66f9d117
    SHA-256: d4b41a24d0fa9862aea311233dd7c726066bc3ff2d09bfed9e767e171308e583
    Size: 100.35 kB
  3. libzip-devel-1.6.1-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: ced8200ef9e428a002f692ded5d8e043
    SHA-256: 0de28b1fb57256355e2602b7e1d093e37dd944f3ad427b4443e1f12f8895e7dc
    Size: 180.04 kB
  4. libzip-tools-1.6.1-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: 9712909b7402174f3832262933629ce1
    SHA-256: cf7b4dbb5294aa14e1bbbc370a13e88245aeb4d8bb3b21441de827dc72465e46
    Size: 42.93 kB
  5. php-pear-1.10.12-1.module+el8+1339+1f6c31b6.noarch.rpm
    MD5: e9c87ac6c0fbc1de555c3a2caf762104
    SHA-256: daea1de59393a2380c529fec76f0bca1a9d84c8f36f7f605df49e168f73c78ab
    Size: 359.61 kB
  6. apcu-panel-5.1.18-1.module+el8+1339+1f6c31b6.noarch.rpm
    MD5: b8986399493bcb5c9d56b904335ed357
    SHA-256: 130bf57d33ccd7d31dae691fd009a8045d936ea0df02dd041f729d22c8a09e39
    Size: 22.30 kB
  7. php-pecl-apcu-5.1.18-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: 2a4dfb05280c895e4aaa15f0b98a647d
    SHA-256: de47bbe97bf8609c31dfded8da2647ef7915de77799a7e9eac92760bc7536aa5
    Size: 62.81 kB
  8. php-pecl-apcu-debugsource-5.1.18-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: afc77ea5a3d4862d7288c446882582fd
    SHA-256: f0665c3b75348fba270f277f8150fdda038ba267572002351a6fa1d4f318131e
    Size: 49.53 kB
  9. php-pecl-apcu-devel-5.1.18-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: c8503aa754ef33bb99988f90ce72b3eb
    SHA-256: 072eb8ecc5dbc3fcaf64e827bade89d458c4bbb327333e99c4cadf1a3910d4e9
    Size: 46.17 kB
  10. php-pecl-rrd-2.0.1-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: c50cfc0f952332692d853fb31de99394
    SHA-256: a9d382c2eb2a5ab63ec92e6c99ef76ca472c88c9e6665ef8ccb5a4ac1333d2f9
    Size: 30.50 kB
  11. php-pecl-rrd-debugsource-2.0.1-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: 082d0553baf00a2681e064bb9b5b8a49
    SHA-256: 763d879f67f87010ce1d1d90c797e6ba573de8c52cfa511af2d9b44c39609881
    Size: 22.39 kB
  12. php-pecl-xdebug-2.9.5-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: b0c054a8dac402e4ab35392bf6470661
    SHA-256: d26ffe55c10c921b63e5c4bfdca230f5b9343f87e7dabc2e59cde177438d8056
    Size: 176.17 kB
  13. php-pecl-xdebug-debugsource-2.9.5-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: aeb937dc979cb9b4cefa626e1a54aa86
    SHA-256: d8aa3478a4eab5dee49beb5af3d5f8507967e6c10a165bd5a3c1e5c84d4a87d2
    Size: 134.24 kB
  14. php-pecl-zip-1.18.2-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: 6a5ffeed4ba8fc296600e1bda270e5b0
    SHA-256: 5bc89a955bb41a191333020f92c47725291aed6f25ca111785efb79d9396497b
    Size: 53.55 kB
  15. php-pecl-zip-debugsource-1.18.2-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: 51f99c7f796fe488b263c613dc55842e
    SHA-256: b82c5d51ec03be1bd25c8ab2dba922875e8881a0665d370847c13a66b2b02ef9
    Size: 31.20 kB
  16. php-7.4.19-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: 9453257475fac5b2df1afa02520814c1
    SHA-256: 6fe92959792dce3e4ac5974cdc957029a53189b8ed747a8dd906dc959d20aebd
    Size: 1.52 MB
  17. php-bcmath-7.4.19-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: 90cd6eba163be4df287ddc49fcc25f21
    SHA-256: f8675ae419f64a416560ea68803283478ecb4b89b7819f9a294ea20a4f12fadd
    Size: 78.54 kB
  18. php-cli-7.4.19-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: db45d05b85d994ccf820c9ab842dade3
    SHA-256: 662302309d993f01874d25c3efe84b2a23353d24a10bc08310e319ca18ebe4e5
    Size: 3.07 MB
  19. php-common-7.4.19-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: 6d89207597002fa8bcafd332a6c965ff
    SHA-256: 24a64c069bbd92409e2080f445751f5f32a85d3bfbc8c2b1ddb870a7bf538297
    Size: 701.03 kB
  20. php-dba-7.4.19-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: 5c7ff0f0c054d3d6886c43399926ae9a
    SHA-256: 3704c3d55039c0a9142b7d5a6380598399cb72117c342ee1ca64e90d4aa77c21
    Size: 77.35 kB
  21. php-dbg-7.4.19-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: 3ff6eccf50fecccb5309a79c29294143
    SHA-256: 1918a3ed6f92734e4218cc559679494701b8044d25e594011766f562f57725c7
    Size: 1.63 MB
  22. php-debugsource-7.4.19-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: 8721facd02a12ab21dab554c9029224c
    SHA-256: b5bb59d00ad2118db68c60fe46d6dd17e01518ad107005227af50dc6174aa82c
    Size: 4.11 MB
  23. php-devel-7.4.19-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: 3990f43c5a63b872c15d48f432117814
    SHA-256: c8a77a86c21c03e98ab1550ebaccb2f3dc64e22cfb227e5f2c857e0d78e3484f
    Size: 726.87 kB
  24. php-embedded-7.4.19-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: 06f8386d247252eed6f9db7a29b26851
    SHA-256: 99a5da8b076e139f1977fdf7699eb4439bd55c7467bbf33ac136706616d42615
    Size: 1.51 MB
  25. php-enchant-7.4.19-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: 9510133857448e50703351ef12a72ab4
    SHA-256: 5dcabb53ac482ecd8f255885a4f97b141736a247f8dfc89435c7f09e2b4b8bc7
    Size: 63.36 kB
  26. php-ffi-7.4.19-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: ad04c4ce84ef088d6b38936502fa3e56
    SHA-256: 50af6c033d6796d467253537b57f15ca316610fe0e8d0423b79dc05974c0d196
    Size: 115.59 kB
  27. php-fpm-7.4.19-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: 214be17caff29a0d92d08d422c2c3f36
    SHA-256: bc7a0500c6d9f896770daa854958a976872e1f2d926e2abeff2aba56ef763a29
    Size: 1.60 MB
  28. php-gd-7.4.19-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: 4e317a3b38aa8b9515f4053f4a70cc49
    SHA-256: 18ef82b5f53e48ca0d0619103dca5177f9ae3db7cdc8dd117fd55108fc56090a
    Size: 83.58 kB
  29. php-gmp-7.4.19-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: 4ef2a460e5863ae68fd944d54c8d11d7
    SHA-256: 1f6ef0864bc0e598b914a31c872222cc7565c2629bce94e0d01cfe76ffd5b898
    Size: 75.32 kB
  30. php-intl-7.4.19-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: 07eb8a6cc96a002775eb4dfce6f66c19
    SHA-256: 896c474ca9482331348b4f3098181a8e26d49326fed31cabca68b4fcac9d57e8
    Size: 191.56 kB
  31. php-json-7.4.19-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: 44b4eb5ad63ccd285854c91a5338f08c
    SHA-256: d9b53f53d5633a177fceea7caae7c05e38109ba97dff2309ae0eb6f62524c523
    Size: 72.90 kB
  32. php-ldap-7.4.19-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: 07d182cbe1a4f3434abe4440cfd7311d
    SHA-256: 793385440132792470a514d4b4045b9ee4ff3e14299d82b27a7fc76e8179c20b
    Size: 84.70 kB
  33. php-mbstring-7.4.19-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: c0ac319188571c4155d0d6f36a16a701
    SHA-256: ecac210f9cb70bc68a4eb1ebe837162d7605b60ad5ed60b0b21d7a568a448e53
    Size: 482.44 kB
  34. php-mysqlnd-7.4.19-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: 30574aea58d92e7ad98dc4dcc142d27f
    SHA-256: b4b4ba61873b41e16049d1a8cdc9bb5efd5e2bc46abead648a71eabcee90dfc5
    Size: 191.53 kB
  35. php-odbc-7.4.19-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: c9c67c25892ddeaee9ae7ebf87441dcc
    SHA-256: b078b3001b028f9ffb7cb6c679c758357c157df19b2ee9c891f79b993541bbda
    Size: 88.48 kB
  36. php-opcache-7.4.19-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: fe6e635aea343563b1080bef519f27d3
    SHA-256: 8584ccd6fddf11e9c95511d7a57ecf6ed8732a9a205965de142e0afcd3635103
    Size: 265.95 kB
  37. php-pdo-7.4.19-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: 78bf1a29a5222aea942e49de3a5c01ba
    SHA-256: a77dae1065393c95b7da03342bb733cd4d299db36285e77745d82e3cb5444d4f
    Size: 121.80 kB
  38. php-pgsql-7.4.19-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: e1348b0b9dcc19a8bc98cce0cddf53ec
    SHA-256: 1963f41c74a7afad8cd4d37c6d49634ab673094b6640d7bb7d2b092352bdc60c
    Size: 117.00 kB
  39. php-process-7.4.19-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: ba4d47e600c1e1e16dc7b1472695bd39
    SHA-256: f4c3a3661cec8a90d193b4a0938447bd10d4f43885ba68f845475b00d6661a05
    Size: 83.90 kB
  40. php-snmp-7.4.19-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: 8486d740526f5ac60843f23f5dcede0b
    SHA-256: f8954e0bf549753f0e1998db86357268f5799813b1f7707de99e851622732bbf
    Size: 73.17 kB
  41. php-soap-7.4.19-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: 503c73f3b4c5a13b8ee2f7ddff7dad95
    SHA-256: 4bd7c61da1ab3596e6fae38829b5908bebdd39032ab2e89e00e3fc2725f68fbe
    Size: 175.11 kB
  42. php-xml-7.4.19-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: 2d50d8055bb6287de92f6c642408ff11
    SHA-256: 3de15494736165e2c2568c86dc69992bb084d88a5c664af1d39d7ccf0175c0f8
    Size: 172.34 kB
  43. php-xmlrpc-7.4.19-1.module+el8+1339+1f6c31b6.x86_64.rpm
    MD5: 160ce8f882b2a0fa8af66a3cb9753260
    SHA-256: 83ce6c6c086e3e91b406cb5ff752bef48f5251b8426fe248ba0c70c5b40c47aa
    Size: 88.53 kB