php:7.4 security update

エラータID: AXSA:2022-3573:01

Release date: 
Wednesday, July 20, 2022 - 08:21
Subject: 
php:7.4 security update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

Security Fix(es):

* php: Local privilege escalation via PHP-FPM (CVE-2021-21703)
* php: SSRF bypass in FILTER_VALIDATE_URL (CVE-2021-21705)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

CVE-2021-21703
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.
CVE-2021-21705
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.

Modularity name: php
Stream name: 7.4

Solution: 

Update packages.

CVEs: 
CVE-2021-21703
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.
CVE-2021-21705
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.
Additional Info: 

N/A

Download: 

SRPMS
  1. libzip-1.6.1-1.module+el8+1491+38681c8a.src.rpm
    MD5: a002985c2a2b8de264a4dc85aad0cac2
    SHA-256: 8a541fe0874781a5c41249e28dbb34c96e590b5f488b7aba65033f8ea0cf0b2a
    Size: 732.66 kB
  2. php-pear-1.10.12-1.module+el8+1491+38681c8a.src.rpm
    MD5: db9ad5371d41e3b6690ef3cfcc3f37cb
    SHA-256: ca3ad050f84387b88e2d439b134d8701434361be281a804c1bbcafcc65652ddc
    Size: 379.33 kB
  3. php-pecl-apcu-5.1.18-1.module+el8+1491+38681c8a.src.rpm
    MD5: 64f1d3e4f56db9b5f910402ce852536f
    SHA-256: f36f4abc9676fab33d2d7d7caaff064efa64a28974db6cfcc5586e162449982a
    Size: 107.49 kB
  4. php-pecl-rrd-2.0.1-1.module+el8+1491+38681c8a.src.rpm
    MD5: 51380b5abe139511b1b9057d64d4f548
    SHA-256: 8b70494c77d3c7bcafbffbb3b59a94c4a4ddb9671c48c86b9527dbaac19dd5f2
    Size: 33.12 kB
  5. php-pecl-xdebug-2.9.5-1.module+el8+1491+38681c8a.src.rpm
    MD5: de958ac8dadf06fe3edb666624a56026
    SHA-256: d1d0e1c64d55f9355e24cb548c500a6e3aa7076eafa12923071f9a7bae5379b3
    Size: 442.81 kB
  6. php-pecl-zip-1.18.2-1.module+el8+1491+38681c8a.src.rpm
    MD5: c2e93ff08d035e9acd7ed0c43f61e476
    SHA-256: 3760ca56f39cdb08d9a77dbdae424f539196efa3d104de5367631a37abf4002f
    Size: 307.81 kB
  7. php-7.4.19-2.module+el8+1491+38681c8a.src.rpm
    MD5: ceecca9286974a8eaff4ee90678ec059
    SHA-256: 0e7c8882b27c33d9cd4e262957e8284b75efeae479f6eb15ae441233cf12cb3b
    Size: 10.01 MB

Asianux Server 8 for x86_64
  1. libzip-1.6.1-1.module+el8+1491+38681c8a.x86_64.rpm
    MD5: bf582e28b779d294b0c4f2e791eec4bb
    SHA-256: 95d5da4674b24e31b1becb732e40237e285e0fac1d279fa5187875972bd222a9
    Size: 63.24 kB
  2. libzip-debugsource-1.6.1-1.module+el8+1491+38681c8a.x86_64.rpm
    MD5: 72e2bd1d79c5db404cd38eb45a41f92f
    SHA-256: d0932eafc641499cf6c5c277b37ecee28b54257b3f00ee68fcc88aa196b2a067
    Size: 100.33 kB
  3. libzip-devel-1.6.1-1.module+el8+1491+38681c8a.x86_64.rpm
    MD5: 069bfab16432d2ca739675ee1a8076e6
    SHA-256: 5bfca99462aec16dfba7406be2912b5fa2d8c9ae12a5e0cd09d0a3d647e6495b
    Size: 180.02 kB
  4. libzip-tools-1.6.1-1.module+el8+1491+38681c8a.x86_64.rpm
    MD5: ce124d7bbedf21123506e01b6cbcb6c6
    SHA-256: 15780883bcb50c65e0d43fc63cde48623a26c7ed0e6510399cdecc691b462449
    Size: 42.90 kB
  5. php-pear-1.10.12-1.module+el8+1491+38681c8a.noarch.rpm
    MD5: dfe3786363e78e777e067b769d766076
    SHA-256: 2ce0f8ee98095d3e3d88adbf277ea0f94c987a989a9522e7db6d8a75795474ff
    Size: 359.61 kB
  6. apcu-panel-5.1.18-1.module+el8+1491+38681c8a.noarch.rpm
    MD5: ef53f7512cbef84b88a2836fabd2e282
    SHA-256: 378d512bc3ec6d413de3800a4ccf7e12fdd27ab27adf4466fdadc900045f4c00
    Size: 22.29 kB
  7. php-pecl-apcu-5.1.18-1.module+el8+1491+38681c8a.x86_64.rpm
    MD5: 223ef4cf6410193ed1ec56de68e853cd
    SHA-256: 08bad40a08fc55110243e4e68acb672efeb6a59b4e0ecc8b6832a40120857aca
    Size: 62.82 kB
  8. php-pecl-apcu-debugsource-5.1.18-1.module+el8+1491+38681c8a.x86_64.rpm
    MD5: bd81d8843e3deed38a252731fc7cf95b
    SHA-256: 8afb7c4dd00fc22e9ff37cf4a51219debba0c78caf9c2806441e002d0856cc43
    Size: 49.52 kB
  9. php-pecl-apcu-devel-5.1.18-1.module+el8+1491+38681c8a.x86_64.rpm
    MD5: 2731436f2990e522752d2e437847ab20
    SHA-256: 5db23aa8eb40c4b0833b405166fe95257df4c552298e464119d608cb0637104b
    Size: 46.16 kB
  10. php-pecl-rrd-2.0.1-1.module+el8+1491+38681c8a.x86_64.rpm
    MD5: d6333e2cf442cf843386cb622e7137b6
    SHA-256: fb816b3e8744216b868c5a50ece36e45538240d388d20f8b8dd6c6189ca9a0c4
    Size: 30.52 kB
  11. php-pecl-rrd-debugsource-2.0.1-1.module+el8+1491+38681c8a.x86_64.rpm
    MD5: 86cffe75997a38e04bed7ce8eb214d73
    SHA-256: 67f9a8d1123aa267c9869d7c4ec4463ebdc0e024c2c5d37d6585f08291e00b93
    Size: 22.38 kB
  12. php-pecl-xdebug-2.9.5-1.module+el8+1491+38681c8a.x86_64.rpm
    MD5: b064ee21ce8152857bcb9df2f39cbee8
    SHA-256: 8468860195ef2c061c9c9654ab6a0d5f8621ce81b3a52aedf6e54915d2c85a10
    Size: 176.17 kB
  13. php-pecl-xdebug-debugsource-2.9.5-1.module+el8+1491+38681c8a.x86_64.rpm
    MD5: c942341f2b1b9eec68d6bb5a8c6b4e31
    SHA-256: f1fc59d2ae9c857885358ba1eee3523071a72a75866d6b611cab6287cc03cf32
    Size: 134.23 kB
  14. php-pecl-zip-1.18.2-1.module+el8+1491+38681c8a.x86_64.rpm
    MD5: 4ff32baa179648359a97780b59369e55
    SHA-256: 85004d2732a9134bb73221dcc678a164930b0ae7cd7ab073ece1cbb443eebc6b
    Size: 53.58 kB
  15. php-pecl-zip-debugsource-1.18.2-1.module+el8+1491+38681c8a.x86_64.rpm
    MD5: 8e3877952cd35c9fb69265f7ef69e764
    SHA-256: 61a35c70115557e3392480d27a39f6eb471b44c32b901ddfbf22e41d67a60e98
    Size: 31.19 kB
  16. php-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
    MD5: 803175531f56251d19ce7c2e5c7355e6
    SHA-256: 6456b8a483efd951f8ff866decfcb66d3e4e674adcaa5674c7c77d386119a3ab
    Size: 1.52 MB
  17. php-bcmath-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
    MD5: a80a499990531cb0a246355b3e61529d
    SHA-256: 9f4c8274398dde4be02ab4d525c0e17cc5533dd5770d41f2565c84722c8e8767
    Size: 78.79 kB
  18. php-cli-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
    MD5: 5c00467f2c6c5c5ea9df9ed674bddd98
    SHA-256: 5a9e7608bf4ee8caae3bf40d74b360fba771ed15494a8a6c53f69aee4deaf9cd
    Size: 3.07 MB
  19. php-common-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
    MD5: 828b9d9c2acf1826f427e8cbec7c4f26
    SHA-256: b442e75cb145abe3fa63d680cd2071822a92c9630fa1198128b0ab72e3810a46
    Size: 700.97 kB
  20. php-dba-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
    MD5: 9dc1e3e0b65c95aeb512e7f05e15c7eb
    SHA-256: 0c2a279a6bdc5b2f2bf1e1193ea68aa4a818fcc1017d37ebbb9bf7eea5143391
    Size: 77.59 kB
  21. php-dbg-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
    MD5: 001d09a39ef5b47f28333381fef35921
    SHA-256: 97ec3e9df8434d52546bd0b33a203b5eb1969d8e0920c0d5de5e9841d1958aff
    Size: 1.63 MB
  22. php-debugsource-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
    MD5: 1511522bf1a68f5ab5d8907ca8dce3a3
    SHA-256: 9d48d1d2b0cd2662e063ab127e566637a3ccdec2ed317eab82e23b676553e311
    Size: 4.11 MB
  23. php-devel-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
    MD5: be5221b11e75a5ef609bd7bdb6a12df8
    SHA-256: 9280b79d6f5301c09f065962063072adf714448e132934e8153cfa369f81e24f
    Size: 727.02 kB
  24. php-embedded-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
    MD5: 9a62ff1bbe55ea30a78c52bc9ad234cf
    SHA-256: ed31eb361fe5b27535fbfb8bed0b59d0001a033feb01048c5822f533a900cac9
    Size: 1.51 MB
  25. php-enchant-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
    MD5: 629b0ac4b58decd9fe01c7f2549a97a0
    SHA-256: ed3504d9913bfcdf11e0ef58a66f75b261220e29ae77b10edd349d24d765db08
    Size: 63.52 kB
  26. php-ffi-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
    MD5: 74882c7c627ae8ff159a28a258fb6591
    SHA-256: dd18f6e3711bb13fffa1110a79a73ea1275523dac4e23fa26ff631c826af2d40
    Size: 115.68 kB
  27. php-fpm-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
    MD5: 291f8b432be58d3cbb4cdac8a3f8dad4
    SHA-256: d145c59382ddc60e5c50fe569c4da3e23fd96dcefc489ff4b27f23b74a3033e0
    Size: 1.60 MB
  28. php-gd-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
    MD5: a034d79aad48bc52e49846f5019055f6
    SHA-256: d36037e62c66a2544f8f6689821b82ebb015a56399757dfef00500e70916b7a2
    Size: 83.75 kB
  29. php-gmp-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
    MD5: 763f451f36e02ae8eee1e342a81fb087
    SHA-256: 25083a9372999f3fead27c30aabc81722b11001d13d94362589cfe89e803f02a
    Size: 75.57 kB
  30. php-intl-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
    MD5: 45f6b5d51bc9bd3c56cd486b51069ef6
    SHA-256: e2fd1caacd9c594a419b945d763da44678a91f3e25d8c8df137b6fc4310a2350
    Size: 191.68 kB
  31. php-json-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
    MD5: 2e37c050f9a71d00e90a8daa59e5e2c2
    SHA-256: 419be35f248b7645575f68e9a53b057e0d0b8691a5c97cd543c4860786024f91
    Size: 73.05 kB
  32. php-ldap-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
    MD5: 9d3002f598f80c3efd1bf3ebb6f06691
    SHA-256: 10a25b2addcc57499f03e0e187814d101b0b413a9940b73b3a3817f9372ddfc1
    Size: 84.87 kB
  33. php-mbstring-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
    MD5: 15a9bb86dc048af1534805167e3b2df3
    SHA-256: bdcccadd9581423c4d91687835a8a0631cabc5d5587eebc4aed85625726dc648
    Size: 482.51 kB
  34. php-mysqlnd-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
    MD5: dc45959ea1b86ac797c13b336af7da79
    SHA-256: 7c069a24989e24a64c37c7180afb3826abde2187b9f9510d983260c56a0c9549
    Size: 191.71 kB
  35. php-odbc-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
    MD5: 58b400509f63d40ec4aa53ba0648324a
    SHA-256: 22c22a3ca44ef7f583125f7ef08a9d0463dfafeeab927818b8c7999e6f64a0c9
    Size: 88.65 kB
  36. php-opcache-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
    MD5: 562bbaad85dd05c97f93ea41d19779e8
    SHA-256: 433e4547d980b3667a3ec7804b807ece838a3875d563cb6930530ba74ba4a8d6
    Size: 266.09 kB
  37. php-pdo-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
    MD5: 40b0a3a47c7295adac152671d118bf9e
    SHA-256: 09425e9c53ee6756e7cc67a33b5784485ab5eb6081d460e4b5d8d5e3a0b8d064
    Size: 121.94 kB
  38. php-pgsql-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
    MD5: faca2c4f0c3592a1bef730f84b3d5fc3
    SHA-256: 0f79109ee576e66c283c51b4adb5e6bcb4c08e2c0fb8393de2711094ced3dea1
    Size: 117.13 kB
  39. php-process-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
    MD5: 4e7faca706db53c1074bb6c027d677df
    SHA-256: 2c590efc92e08c562dd73c2d8a0317a04bbf090c904658c2bfec12a6664cc34a
    Size: 83.96 kB
  40. php-snmp-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
    MD5: 8aa7e2966e52b076ea8d4d075556afa1
    SHA-256: a03035ed2d858b8527e88abc3353e451fcb7b726bffc21b1e153e07bf7b8d8fa
    Size: 73.32 kB
  41. php-soap-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
    MD5: a313b8493424d7e9e62f186c1620dff6
    SHA-256: ff5617197ee98dd85cdc16aad531d81dfbc25bf2839c43ec2cd4558104eb8583
    Size: 175.30 kB
  42. php-xml-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
    MD5: a49ff46f8ae29e1c60e2c7a249129f11
    SHA-256: 258b92f0733986633c37317362795b7d9b2365122f640f03a543e8d222f9858c
    Size: 172.49 kB
  43. php-xmlrpc-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
    MD5: 2d04973f0ab7cd6841da506c0c29f022
    SHA-256: b9424a15719b2cd33f1b09d41f51740eb06f923dcda3de4486004ebb9f0208eb
    Size: 88.70 kB