php:8.0 security update

エラータID: AXSA:2023-5146:01

Release date: 
Wednesday, February 22, 2023 - 04:57
Subject: 
php:8.0 security update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

The following packages have been upgraded to a later upstream version: php (8.0).

Security Fix(es):

* XKCP: buffer overflow in the SHA-3 reference implementation (CVE-2022-37454)
* php: standard insecure cookie could be treated as a `__Host-` or `__Secure-` cookie by PHP applications (CVE-2022-31629)
* php: OOB read due to insufficient input validation in imageloadfont() (CVE-2022-31630)
* php: Due to an integer overflow PDO::quote() may return unquoted string (CVE-2022-31631)
* php: phar wrapper can occur dos when using quine gzip file (CVE-2022-31628)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-31628
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
CVE-2022-31629
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
CVE-2022-31630
In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
CVE-2022-31631
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-37454
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.

Modularity name: php
Stream name: 8.0

Solution: 

Update packages.

CVEs: 
CVE-2022-31628
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
CVE-2022-31629
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
CVE-2022-31630
In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
CVE-2022-31631
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-37454
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
Additional Info: 

N/A

Download: 

SRPMS
  1. libzip-1.7.3-1.module+el8+1587+e1c88df9.src.rpm
    MD5: a9590182c9793a68dd15b52b33a3800d
    SHA-256: 92b1e6117f28a1a3332a161430aea5ff8252b38b26785356eded142b3c7ec11f
    Size: 746.88 kB
  2. php-pear-1.10.13-1.module+el8+1587+e1c88df9.src.rpm
    MD5: 9c321920c18fcc627c4c347dc521ccfc
    SHA-256: f25293a706c6d1d91d43758f536ae3d0bd7bfc404e534a8c2adbb89d479abde0
    Size: 380.40 kB
  3. php-pecl-apcu-5.1.20-1.module+el8+1587+e1c88df9.src.rpm
    MD5: 3de3bd25435173378e38dfa1aa96c8c2
    SHA-256: 439ebcf4f1290c60de556f614ee2c1b50fe92086df0c8f1675c276ee853a0ac4
    Size: 109.60 kB
  4. php-pecl-rrd-2.0.3-1.module+el8+1587+e1c88df9.src.rpm
    MD5: a55e84546c4b1dc7c9fac3a68411c426
    SHA-256: d1d87aed0d9acbcac5b1fec6419ccce2f43c30c2de6a32f689da045e286e1b95
    Size: 33.67 kB
  5. php-pecl-xdebug3-3.1.2-1.module+el8+1587+e1c88df9.src.rpm
    MD5: eea8ea82b269f57da76ca012dabfd6f4
    SHA-256: a198cf8253596ede1131680881805af1dbc3091801492a2261ec76839822b1b8
    Size: 481.11 kB
  6. php-pecl-zip-1.19.2-1.module+el8+1587+e1c88df9.src.rpm
    MD5: 4eda1003f91f08167bc114d034af10a1
    SHA-256: 6dddbd1080f8df3f9ae583a2f3714c59b9d7d2cead5c729bbce96d29c89d35ab
    Size: 331.43 kB
  7. php-8.0.27-1.module+el8+1587+e1c88df9.src.rpm
    MD5: ad8b64baca6a57ff5afde0b6a38952b0
    SHA-256: cae17c1ddaf978c0c4b3438881c8c7eb388025bc3741c7929422f56e0016f972
    Size: 10.47 MB

Asianux Server 8 for x86_64
  1. apcu-panel-5.1.20-1.module+el8+1587+e1c88df9.noarch.rpm
    MD5: f34ded4c23191d88b9db87b17c5b1b1d
    SHA-256: 7bedc8f961eb549dad3fcac12b82f3f7b0f774250994887e836ece475e40bd37
    Size: 22.34 kB
  2. libzip-1.7.3-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: 605739683e2faeea7b1930461fef2f46
    SHA-256: 710f44e6290d373602558f818f75b6d1b2c8a111e7eea0758a04b30a5150bf6e
    Size: 66.00 kB
  3. libzip-debugsource-1.7.3-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: 459751593f80f70a4d1750e39b67c9ae
    SHA-256: 6e9cbdfb056781b4bbc47991bc1dfda443d01f7e09004903a53e12756d53a50a
    Size: 104.79 kB
  4. libzip-devel-1.7.3-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: bcce257c55c88e213a1501620e77a1c0
    SHA-256: 1d7bcccdba6a63adf239d2fe1e22938aab617c85e51d14e684a55e027e5020fb
    Size: 188.53 kB
  5. libzip-tools-1.7.3-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: e808d6a4cdcb994a767d5973cc7c9093
    SHA-256: a121feb5cf04e844eda8e6c7836260d01c65ce297b1e67024c96566e4574d8fd
    Size: 43.15 kB
  6. php-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: fedb1573a8318609719cd39b80acae26
    SHA-256: 9ca2bd76998440d8749fda2eb77078a70db362e4397ea0eadbab87c077403a62
    Size: 1.55 MB
  7. php-bcmath-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: abe46e857d3faaa50956b0e6fd6d903a
    SHA-256: 722bd7e432cf15f6d9795f551b7fdb7a0aa04dac9806b2295e970f269c58caf6
    Size: 79.62 kB
  8. php-cli-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: 34a486bd82e4402166d9867dcb22e203
    SHA-256: 07a0d53d87c65b1478fa20549ba8750c9b12327f4a47ecbcecac2a5aa594484b
    Size: 3.14 MB
  9. php-common-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: 356bb65751ff4983034a8ec1e975997d
    SHA-256: b55b3830a6fc21ddc26a938444a511f3583e55b00da92ab28675712b92696f89
    Size: 724.42 kB
  10. php-dba-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: 876fa4ea08ea8cdff7bbe10ac8278c1a
    SHA-256: 79462164155c15b721bd79020fbdfccadfc40c2c047a7dfb83b8bdf41093384d
    Size: 78.17 kB
  11. php-dbg-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: 1db2291fa180b00f198322764e09ffb3
    SHA-256: 567e4991df74314d9d42551e2374e80de00932d9a08c04457d60c2e13e936105
    Size: 1.66 MB
  12. php-debugsource-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: 68b30c4f52c3a0d5f302e5b0e2d16cad
    SHA-256: 1b17407e489536a822a437aa9e3375da7025469626e832f9417a3973982ceffa
    Size: 4.29 MB
  13. php-devel-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: cb848b38838c2f3b39da6e538bb9d608
    SHA-256: 0c4060df928bc8e5248568028fdeec1048fd292b482989543092dd494272d96e
    Size: 772.83 kB
  14. php-embedded-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: 8b2d84c8a16b50174916194a91aab103
    SHA-256: 5f17d8aef951b40f19e92b2ea8b63b286118e2659b901e35c2f287cf52e95c27
    Size: 1.54 MB
  15. php-enchant-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: bffd40341c928da34123189b6b10a2b7
    SHA-256: 86006b0cc77221b4c97bf8952c3bab2a08ea3f73988b8553e92e0d79d0ec88a2
    Size: 64.22 kB
  16. php-ffi-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: 5925822dd7c649fec209fbb57d1ad387
    SHA-256: 57f68906b3b322f47e5cf258fb627868b18fe6ef6c92e7b96c31f16fad7333b2
    Size: 116.26 kB
  17. php-fpm-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: c2fa6e3f72e9085ab8f9507bc4074e21
    SHA-256: 0c00eb11890ae32ba2dfad9474420179f49ba5743256cf9d804da5fc8324314a
    Size: 1.64 MB
  18. php-gd-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: 4996d78820f955e13e042494c774522d
    SHA-256: a4d79fe58d1e325de0e63316f9ff6d6b81cd9014f12bfae2c170d161498bba82
    Size: 84.45 kB
  19. php-gmp-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: a0a728b145e4115603829da33d8130cc
    SHA-256: 49e2bbff47c88ba363963662281eaeb131ce704b7417f5d2b16e60ae24b7f730
    Size: 77.52 kB
  20. php-intl-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: 1a81d706325dbaf52957fae56db9622f
    SHA-256: fa5a68bb1bd43a6d864d4772cdc65409293d23ba9cc796477bf7e626eb2efb94
    Size: 190.94 kB
  21. php-ldap-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: 2b297d03ffafe3bfd969dc5f84ae88e6
    SHA-256: 63cadeed63a2129b6cbfef868784418547c1a538cf77f28bc8047ef93385826d
    Size: 84.41 kB
  22. php-mbstring-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: 9864746721619f26f789d20b76c8699f
    SHA-256: 5181091f76385c00f8e2e18b114dba8d1e2e8b28903dbb927566c841b7752d2d
    Size: 481.15 kB
  23. php-mysqlnd-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: 8aa37e87174fc72ba2ae6ad90af89272
    SHA-256: 64f64d6e6a2b316dd1259be7cf90ed6729792ae32c6c1660f72a11dbfd2628ac
    Size: 192.02 kB
  24. php-odbc-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: 85bca8f704473b37d8f2e8fe0e76644e
    SHA-256: ca554fec8a34ed842033c629d5772860c5c656ee0af26b1b8547c3f355866864
    Size: 88.88 kB
  25. php-opcache-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: b230c8d8afbea68fc6c20b55b1202db3
    SHA-256: b6d2f239afe4c4124d506e7333ca89fdb7aecccc684a5d398b091d8e57978144
    Size: 547.89 kB
  26. php-pdo-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: 297ce32257cab5627864fc808eb7bf3a
    SHA-256: 17d930c16ddf79bd80b08655bab4a3bc79c36e7e6d5d0a8e45a50a1a290acdde
    Size: 125.96 kB
  27. php-pear-1.10.13-1.module+el8+1587+e1c88df9.noarch.rpm
    MD5: 4cfe58f66609900d7c28880dc510b0aa
    SHA-256: 59d8bb3e6b3fa33ed8ac24b494d8b5c69395184f48449b6076dd44ce6d559a3d
    Size: 360.49 kB
  28. php-pecl-apcu-5.1.20-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: 0e61dfd0615759a664653939133adf8a
    SHA-256: 8323b96eb442325afea4847a51dfb763f0fc548f692fafdbfe5b48adab971592
    Size: 64.07 kB
  29. php-pecl-apcu-debugsource-5.1.20-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: 58595416fb53b5f57cd572221d6aa701
    SHA-256: 10a6447d89dd35e1eb3858cf90c3626749e2b44a09ff3fafd70765f76ad9b35b
    Size: 50.23 kB
  30. php-pecl-apcu-devel-5.1.20-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: dc824f3f02de6a48c50489d0ba068a2f
    SHA-256: b322f277b1a1cf0e46e2d7a42763cfd2efa5018b7518a6e2128f8dcb8e495eb3
    Size: 47.51 kB
  31. php-pecl-rrd-2.0.3-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: eb722fe6355e12c6891f7a427023c37d
    SHA-256: c3c6acb4de91b745cfbd180cd4220f7279b69a394067f610d0afd90e02157048
    Size: 30.65 kB
  32. php-pecl-rrd-debugsource-2.0.3-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: 8bbe57eb69a62367c2039b2156f2b2f0
    SHA-256: a34913da8b428b1253c428bc8cd082cc22881f29f4f2a44ade54a922ebe38bbb
    Size: 22.49 kB
  33. php-pecl-xdebug3-3.1.2-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: c08d652b67bace62de7e307f2aa4edcf
    SHA-256: 6aa795291cb368798eec78e822a1684e1557b558468b2bd1278287d7d6fac96c
    Size: 202.67 kB
  34. php-pecl-xdebug3-debugsource-3.1.2-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: ae1bd7d71e44bc627af8e3411dfbaf3b
    SHA-256: 6acd42bc75ae7ecd1f485a5bb9dd9d44d10db2b497ed422aca8742a2e5ce6049
    Size: 155.90 kB
  35. php-pecl-zip-1.19.2-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: e5a4404d0bc9e2a364f729714f1863bd
    SHA-256: da344bd49c2bcbd3657357f0450bbabcf4a5295879387ce8f211c81a0ec1d6db
    Size: 55.29 kB
  36. php-pecl-zip-debugsource-1.19.2-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: aa442dc7c679c43e2bee0aeb324c83c0
    SHA-256: 8e85adb513811ae1f822cd8178fa33c3677d036cc0314ba815ad2e759237acde
    Size: 31.52 kB
  37. php-pgsql-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: cbff270909434974678f37bb5f9df0bc
    SHA-256: 537604fdf9aedb2043b474d3d01af8186fe9de37bfbc8efe914d24921bea2955
    Size: 118.13 kB
  38. php-process-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: d35e5490253f17ddfc16d36f0c21d105
    SHA-256: a15306a4e6d532be80bf05074d931833c2d7c6311cb19377be2ad388df728253
    Size: 86.06 kB
  39. php-snmp-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: 51ec1e33f32233e00b0f7c3658902c59
    SHA-256: d18deea98f64b6b29b806fdb0beadfa44ef59eb78138e5a8e8e483b19deee334
    Size: 75.58 kB
  40. php-soap-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: f5ad7d80b1ee0a5f186d04a485a493dc
    SHA-256: 48ec44a79549a3a4a5a9e61b950e8fa0b3b098271b8d0cdf25a43ae8085348ff
    Size: 176.07 kB
  41. php-xml-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
    MD5: abdb9f428d002fede27ca77716e698f8
    SHA-256: 93fc4a216afd43a806845b452a45b3f6a23ca92e7cedc1ec14e29e0321b94b11
    Size: 174.79 kB