php:8.0 security, bug fix, and enhancement update

エラータID: AXSA:2022-4405:01

Release date: 
Tuesday, December 13, 2022 - 07:03
Subject: 
php:8.0 security, bug fix, and enhancement update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

The following packages have been upgraded to a later upstream version: php (8.0.20).

Security Fix(es):

* php: Use after free due to php_filter_float() failing for ints (CVE-2021-21708)
* php: Uninitialized array in pg_query_params() leading to RCE (CVE-2022-31625)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-21708
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
CVE-2022-31625
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.

Modularity name: php
Stream name: 8.0

Solution: 

Update packages.

CVEs: 
CVE-2021-21708
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
CVE-2022-31625
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.
Additional Info: 

N/A

Download: 

SRPMS
  1. libzip-1.7.3-1.module+el8+1549+0810209f.src.rpm
    MD5: 0aec71ac695f4d8af1bd8f8167de2b1d
    SHA-256: 6dfc87f0fd5ce300844774d45d4cf3a287d730a04ebc933f3229fd05baed3ada
    Size: 746.88 kB
  2. php-pear-1.10.13-1.module+el8+1549+0810209f.src.rpm
    MD5: 7d2d8f20e441e890d34616d9ca81cc92
    SHA-256: 2845611f6ed28e29853d556990ffbe37aa9c3366d2f057226f97cac1aca7c21f
    Size: 380.40 kB
  3. php-pecl-apcu-5.1.20-1.module+el8+1549+0810209f.src.rpm
    MD5: 752a1b31b6b0e7d281d7107d48794844
    SHA-256: 1b13fadb52d0e20367e55ce47767dc318ed5168b8f9f5edef6859d11286f4214
    Size: 109.60 kB
  4. php-pecl-rrd-2.0.3-1.module+el8+1549+0810209f.src.rpm
    MD5: 88b177528e86bdcb427145b7a4529faa
    SHA-256: f14052355f6a9062a646fbf52b65e6d2b49fd2e66461c38f2065ce84900c996d
    Size: 33.67 kB
  5. php-pecl-xdebug3-3.1.2-1.module+el8+1549+0810209f.src.rpm
    MD5: 3f0e1a5c9644ff54e87aac898993b760
    SHA-256: 592db79f023a96d8f42e0fb0186ffcf0d4e47547d4ea60335c1292ffff3de248
    Size: 481.11 kB
  6. php-pecl-zip-1.19.2-1.module+el8+1549+0810209f.src.rpm
    MD5: 7bbe33d6e7a2e2d9ea7be947affac133
    SHA-256: 86d9c2443eb8b64bb55b16ecc0a856f8da6de1c82ec32831c229990075559dc2
    Size: 331.42 kB
  7. php-8.0.20-2.module+el8+1549+0810209f.src.rpm
    MD5: 4f104839b137a43bab133e312cafcc5e
    SHA-256: 3c22aa3fe36cac6739c1fce6b8cbcb55b591896c5c11a9fd6bf6950e8c58de7a
    Size: 10.53 MB

Asianux Server 8 for x86_64
  1. libzip-1.7.3-1.module+el8+1549+0810209f.x86_64.rpm
    MD5: a4e8b0e3a232213556bed8085f5d0f21
    SHA-256: 1867f0a8fe7b9f7af1e7273ec359565db2bd356139256c9334e40cc301edaa0f
    Size: 66.00 kB
  2. libzip-debugsource-1.7.3-1.module+el8+1549+0810209f.x86_64.rpm
    MD5: d635d774501a42aca30cf21c95e21787
    SHA-256: 9073fd938fadbbe314ae271cf4bb370c750047bee91bf73e733d7e3e5955dd5c
    Size: 104.78 kB
  3. libzip-devel-1.7.3-1.module+el8+1549+0810209f.x86_64.rpm
    MD5: 8f749b4200da8f53df74a74002b099a6
    SHA-256: e993b3bfb9a8e087a4b61ffb36f8b18fb04b43fe334b7a8b5276068fb242b24b
    Size: 188.54 kB
  4. libzip-tools-1.7.3-1.module+el8+1549+0810209f.x86_64.rpm
    MD5: cb4c1f240b4a0afac282e6e0f659236c
    SHA-256: 64403a90006d8bf941eb21a3aac81706fc58b07c21b7d62949be67c79982db9f
    Size: 43.13 kB
  5. php-pear-1.10.13-1.module+el8+1549+0810209f.noarch.rpm
    MD5: 10ae6a1d2919264fe865f087b23f58e7
    SHA-256: f9f06909f17a8641fb3a4d7b5dc8031c9c2bedc61f294224294e671d41439850
    Size: 360.49 kB
  6. apcu-panel-5.1.20-1.module+el8+1549+0810209f.noarch.rpm
    MD5: f2f5ecf1326519f2a214f07cdbc1656a
    SHA-256: 0130f8590735665e77580701cd43d4a77520626a78bfe4f3c116f086113de74f
    Size: 22.34 kB
  7. php-pecl-apcu-5.1.20-1.module+el8+1549+0810209f.x86_64.rpm
    MD5: a38967866676846c092ab905f12e73bc
    SHA-256: a4ea5dd5504c760aa31488d8d9e759cafa2bc07ecbb6d03b007c612c10ecc592
    Size: 64.08 kB
  8. php-pecl-apcu-debugsource-5.1.20-1.module+el8+1549+0810209f.x86_64.rpm
    MD5: dc8a95bfe30e5c4ae5a837abfe816142
    SHA-256: d0f4cd7f6442e3fd6ed8ed73dc51131c3d25874d28c09dc028d50801bab2535f
    Size: 50.23 kB
  9. php-pecl-apcu-devel-5.1.20-1.module+el8+1549+0810209f.x86_64.rpm
    MD5: 16ad20e1e63fa3a9ce556c11928f9e3b
    SHA-256: f941883d48d2e17ad0436f85a3fb9284447d31f0f2a97b3be6ae35b6efda3b33
    Size: 47.52 kB
  10. php-pecl-rrd-2.0.3-1.module+el8+1549+0810209f.x86_64.rpm
    MD5: f8806224edba9a74319c162560924fb3
    SHA-256: 9c8ad800e7f7ed1c343a3608a4b442d2e5f17c32301221114bec30d5a1851a8f
    Size: 30.64 kB
  11. php-pecl-rrd-debugsource-2.0.3-1.module+el8+1549+0810209f.x86_64.rpm
    MD5: 4bfc346eeb79f038b70f568b4f333ed6
    SHA-256: bf62addce5ae4b86782c9f0d5fb5f25c5e59cda0da48661c08570051b56fbd5e
    Size: 22.49 kB
  12. php-pecl-xdebug3-3.1.2-1.module+el8+1549+0810209f.x86_64.rpm
    MD5: 3316f68d65e23408d206fb5d7b1faec1
    SHA-256: b03f40c9108fbba628104a163a9a96dc3a194a58207a5c1ead8177a9c2ba4ab3
    Size: 202.67 kB
  13. php-pecl-xdebug3-debugsource-3.1.2-1.module+el8+1549+0810209f.x86_64.rpm
    MD5: b1142cdc652e6b5460c28eff1ae031cb
    SHA-256: a5617c84f767308a69142cf45c7fc056724102c5d43e197e3f06e7ac2c24d101
    Size: 155.90 kB
  14. php-pecl-zip-1.19.2-1.module+el8+1549+0810209f.x86_64.rpm
    MD5: 68246fdc88d9f20cf25c6b42710fd8e7
    SHA-256: c9ca73d9a6d70c63023e8ec3a1976678faa54b596e1c17cb83b80b3cdd65bbbb
    Size: 55.30 kB
  15. php-pecl-zip-debugsource-1.19.2-1.module+el8+1549+0810209f.x86_64.rpm
    MD5: 2aa266e73be3f656b12c61f83f9ca9eb
    SHA-256: 077846dda01abb060dc155f3008561f82e061c8d9e64e01b72410a2cbdb55a2f
    Size: 31.52 kB
  16. php-8.0.20-2.module+el8+1549+0810209f.x86_64.rpm
    MD5: b295b1032fffdbf9965ea111d20c628e
    SHA-256: 5a8eab0c2e130c8aeea743f249db879c299e7017dc4110fe40e8da3b9a362ee7
    Size: 1.55 MB
  17. php-bcmath-8.0.20-2.module+el8+1549+0810209f.x86_64.rpm
    MD5: dd804138b6c5c5320061d3f4e31020b8
    SHA-256: f468438bf4fdd11110ad646c83a92f5d5ff50f539c3c9b943a0f165eb222f67e
    Size: 79.56 kB
  18. php-cli-8.0.20-2.module+el8+1549+0810209f.x86_64.rpm
    MD5: d95a9f1019b4aa45a8b767c44d06c409
    SHA-256: 9cb37f1268691703c0e539a57fa85524ecd81d5207a2fd0993bdb2cda33d9f40
    Size: 3.14 MB
  19. php-common-8.0.20-2.module+el8+1549+0810209f.x86_64.rpm
    MD5: e2ef7e88fa698ce6e1ad84666a8ad2d3
    SHA-256: a198f9d939767a8c0789b087c5e331cb1df70ab372b772e15abb95b08b6d3e72
    Size: 721.87 kB
  20. php-dba-8.0.20-2.module+el8+1549+0810209f.x86_64.rpm
    MD5: 6a8a444d25c89c725c2b4ba1286d09ee
    SHA-256: 72d3c4054474e0d854e609747d22ba13ec01bf7c4520e4f19f115a735cbf7493
    Size: 78.01 kB
  21. php-dbg-8.0.20-2.module+el8+1549+0810209f.x86_64.rpm
    MD5: beb5724380dfa28bb200842278842975
    SHA-256: 944a15f05ef5d9528ee950dec0ad2869ea60b7dc9596e07be469b4f98da4eddb
    Size: 1.65 MB
  22. php-debugsource-8.0.20-2.module+el8+1549+0810209f.x86_64.rpm
    MD5: f20f06a7cea39a99064efd2036742959
    SHA-256: 6d99b93a88352cd84f0f90a1765f7d8469c41210a4f3cce9ea4c7c67e111aafc
    Size: 4.29 MB
  23. php-devel-8.0.20-2.module+el8+1549+0810209f.x86_64.rpm
    MD5: e79fba25a84643adee7abe20e981c73f
    SHA-256: d45a3e2b5553d8df6c5a2b4c0896707fa0b5a5762f076936f601509a8f054be6
    Size: 772.55 kB
  24. php-embedded-8.0.20-2.module+el8+1549+0810209f.x86_64.rpm
    MD5: 581f19d5f4c702022c60f286158416a8
    SHA-256: 2e1625e8c0dc897eeebdc6fea476db5f31c3f2b9a5783c608ea92baf1a91009d
    Size: 1.54 MB
  25. php-enchant-8.0.20-2.module+el8+1549+0810209f.x86_64.rpm
    MD5: e00960468afed1aa3254ed8c44a73387
    SHA-256: 63996a8064aaf7b05795b5a1456f029a5eda470d6559d4a0b0f96f9493ec32d2
    Size: 64.16 kB
  26. php-ffi-8.0.20-2.module+el8+1549+0810209f.x86_64.rpm
    MD5: ab4f8d864708ae93bffa7eb6a77c47b2
    SHA-256: 3c370c8226bbc540966c5b03da25cd64bb78517402de7d38621136abad56ef14
    Size: 116.28 kB
  27. php-fpm-8.0.20-2.module+el8+1549+0810209f.x86_64.rpm
    MD5: 22b7bc18a5e0b967a4e71ae62b0dba4f
    SHA-256: bc313e1234aac20c71f42b4433fafe128df67501e5def0c30b5f949ab727ab0a
    Size: 1.63 MB
  28. php-gd-8.0.20-2.module+el8+1549+0810209f.x86_64.rpm
    MD5: c4171b1455036bd7a7b506248d40c1b9
    SHA-256: 16d3a14239de64e201bf4beaa0597439498f82e55a14141e3861de89669c17ea
    Size: 84.35 kB
  29. php-gmp-8.0.20-2.module+el8+1549+0810209f.x86_64.rpm
    MD5: 6768eb830a8d4356ffd788376b767856
    SHA-256: 2975dec9362d7c748d130b4e0d5562dbdba238b2f38050412afe6d331f1a9a50
    Size: 77.18 kB
  30. php-intl-8.0.20-2.module+el8+1549+0810209f.x86_64.rpm
    MD5: 6356f62750e3bb4897a7173c33c88a12
    SHA-256: 7152e6be59a79f199856d060436c1953d187fef447ff0850893eb031c6aea690
    Size: 190.43 kB
  31. php-ldap-8.0.20-2.module+el8+1549+0810209f.x86_64.rpm
    MD5: f830b1ba5c01e95bf657891566633218
    SHA-256: c75413fbe4fc973d8436bcef57a7cb7768009229fa5a9a4cc764a34c9eff66e9
    Size: 84.35 kB
  32. php-mbstring-8.0.20-2.module+el8+1549+0810209f.x86_64.rpm
    MD5: 524d35f0c04b3f14ec204bc95104c708
    SHA-256: aa0835d5a4dbc96e8c98494b4c214705349e8a38798bdffdd13b1c4f48b121ca
    Size: 481.06 kB
  33. php-mysqlnd-8.0.20-2.module+el8+1549+0810209f.x86_64.rpm
    MD5: f909ce598cca99c8955b4c52f19e6715
    SHA-256: ac36ba0150462e9be3ca0508c29042aa9aac84ff8e7c0a9b04f3c28061d10b75
    Size: 191.84 kB
  34. php-odbc-8.0.20-2.module+el8+1549+0810209f.x86_64.rpm
    MD5: fd6f1010228007bf5a6b28ebe2c21ab9
    SHA-256: cbbf1e7fcdbdf743409175d39d0c89ee326e6c0fefef95ffefd282c6eac57047
    Size: 88.81 kB
  35. php-opcache-8.0.20-2.module+el8+1549+0810209f.x86_64.rpm
    MD5: d50c7255cc6f7cb188270f1bad39c51b
    SHA-256: 8b79d5668ea3b11deff8df8a7009f33af9d18a38f4047a3e58aaac4e05416cda
    Size: 547.43 kB
  36. php-pdo-8.0.20-2.module+el8+1549+0810209f.x86_64.rpm
    MD5: 35d4ebf73896f49921647a850954bbac
    SHA-256: 2a28bd2126065d88cec6694dff93a4bda03feee8eb3aef16ac972f1c3397f048
    Size: 125.81 kB
  37. php-pgsql-8.0.20-2.module+el8+1549+0810209f.x86_64.rpm
    MD5: 192e7bcbd8ea56ffbe8e9528d400368c
    SHA-256: c20c16504c017a6696ae1836b9e5bf4599a883c953c9f575713f8d11f2c915f1
    Size: 117.50 kB
  38. php-process-8.0.20-2.module+el8+1549+0810209f.x86_64.rpm
    MD5: 01bdc22eb714df09875af7d6f74a8284
    SHA-256: 49933c800210eadedecc999eb75cc56bd101fe262f5b96ad038187a2a3d90601
    Size: 85.88 kB
  39. php-snmp-8.0.20-2.module+el8+1549+0810209f.x86_64.rpm
    MD5: d0432a7ae33f7ec5fd55a0f3d090728e
    SHA-256: cacc9d07e76a888091b781a32a013bd5450c57b7be9dffc87830857698e2e661
    Size: 75.50 kB
  40. php-soap-8.0.20-2.module+el8+1549+0810209f.x86_64.rpm
    MD5: c6cf57b4ce52a5835af3259513ef031a
    SHA-256: 2ad96a4dcc63ec73f4e565d7dfd61d9ee01d6c5f2d0008e97ac7348ec0a4ea4c
    Size: 176.12 kB
  41. php-xml-8.0.20-2.module+el8+1549+0810209f.x86_64.rpm
    MD5: 752872b3be64fb2d6cb2159c1a32653d
    SHA-256: 0153b9296f7cbd13a9f87abd8e7b320a50a6fb76735a1a5b83ff28b390f5301d
    Size: 174.72 kB