php-8.0.27-1.el9
エラータID: AXSA:2023-5186:02
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
The following packages have been upgraded to a later upstream version: php (8.0.27).
Security Fix(es):
* XKCP: buffer overflow in the SHA-3 reference implementation (CVE-2022-37454)
* php: standard insecure cookie could be treated as a `__Host-` or `__Secure-` cookie by PHP applications (CVE-2022-31629)
* php: OOB read due to insufficient input validation in imageloadfont() (CVE-2022-31630)
* php: Due to an integer overflow PDO::quote() may return unquoted string (CVE-2022-31631)
* php: phar wrapper can occur dos when using quine gzip file (CVE-2022-31628)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2022-31628
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
CVE-2022-31629
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
CVE-2022-31630
In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
CVE-2022-31631
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-37454
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
Update packages.
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
N/A
SRPMS
- php-8.0.27-1.el9.src.rpm
MD5: 4b54b36245df82cd9e0ad21b9fa96e3b
SHA-256: 9531802828aae5fbb47b50cf2802665269c93c2dfab691824b2d2956af08531d
Size: 10.47 MB
Asianux Server 9 for x86_64
- php-8.0.27-1.el9.x86_64.rpm
MD5: e501a5e1103066bdcd714d8c46eb8b0b
SHA-256: 6038f0d571063fb783c0a94dd0769d0cd505e7249e7dad01161bb9c6ef01cf30
Size: 10.15 kB - php-bcmath-8.0.27-1.el9.x86_64.rpm
MD5: fac1890ea8f82ba4816ea74f015cc4c8
SHA-256: 803e1a4401eabc56eb3b788efeabe8d8b3f9928a3266ea28246c92483d8e4f0a
Size: 35.33 kB - php-cli-8.0.27-1.el9.x86_64.rpm
MD5: c505edf2962f82bb8d1480b89809ef2a
SHA-256: 34ff49589d1022430db632ebc29e8f600c363992098de8bd72401462cf999926
Size: 3.09 MB - php-common-8.0.27-1.el9.x86_64.rpm
MD5: c762d02b1a5a5e2350a1b5ca10dac9db
SHA-256: 474d7095f65a58c0897cbb6acc1bfccc8ac38ce77823f2b4a64d50b63ded94c2
Size: 666.46 kB - php-dba-8.0.27-1.el9.x86_64.rpm
MD5: d6d7882a9c89f583d53dae4a0692e184
SHA-256: 6239ae9a3d64c769a93816f231f24ff7b60d7e7f61e76690713c141c9e495f1d
Size: 34.75 kB - php-dbg-8.0.27-1.el9.x86_64.rpm
MD5: 12b3527acfe8b82fbb1376128474cd5b
SHA-256: bdf2f301e0cfeab1260977c079b16d805131a2469df68ac26e88968d50d8e8c4
Size: 1.63 MB - php-devel-8.0.27-1.el9.x86_64.rpm
MD5: 668493d823bb5b788dc4ee3e60256fe5
SHA-256: 30cfceb793c991c7c10601799c086c044d6b56b351e8d9f7d1ce584cb9bb6fba
Size: 656.75 kB - php-embedded-8.0.27-1.el9.x86_64.rpm
MD5: 915178e5fd08c4236f03c43f7c102cfe
SHA-256: f61c92f2248ae3cf5ef57e6b1ddb2efc989e7091798ef3096720d882ef59a8c5
Size: 1.52 MB - php-enchant-8.0.27-1.el9.x86_64.rpm
MD5: 07f81bfa2c33bf6e6afcb6927b02be6c
SHA-256: 338c439e56de3a3ae55e3a0caac2f278eb031fe4357a79fc5d9ee735621df3a7
Size: 19.82 kB - php-ffi-8.0.27-1.el9.x86_64.rpm
MD5: ac83eeee2cf47684e869ae770ad0e24b
SHA-256: e475ea6c40e8e21a36c71a3d7f199673666ace2367bf1cff5d8ff8e3e09d77eb
Size: 74.76 kB - php-fpm-8.0.27-1.el9.x86_64.rpm
MD5: 4b4d0c40e7f9c58a2ef318edb1ab329e
SHA-256: e385999b405e50c1f6c285a5ec2a2527594c4d77d258d4aec687d93aa30c3e07
Size: 1.59 MB - php-gd-8.0.27-1.el9.x86_64.rpm
MD5: 46d657b8ed4fb6b10cc40039bd96f699
SHA-256: 648489a602ef9063fa67fb996074fee6c93fdb15a4a6ac7ed4a5411bf7f85447
Size: 41.32 kB - php-gmp-8.0.27-1.el9.x86_64.rpm
MD5: 0471d1057aef8b82937b379574f5057e
SHA-256: 3fcf485f207a49d3f61bf285503e07e4239eaafdb63c363c5f31985d161f173a
Size: 31.79 kB - php-intl-8.0.27-1.el9.x86_64.rpm
MD5: fc3e5923fd625b5f41e58c51bbb5b0e5
SHA-256: 1eb40fc9d5bf66092e8abd442df324c891326df833f9a705f9e52c8be6a6ecb7
Size: 149.41 kB - php-ldap-8.0.27-1.el9.x86_64.rpm
MD5: 32c76438cbfcd9f5359b5db0677c89a6
SHA-256: e4b4420150b9e633e55976ff32d43e4377fe5153abbd4043375f676e55ebb9a4
Size: 40.90 kB - php-mbstring-8.0.27-1.el9.x86_64.rpm
MD5: 9e40a069bd557ecd7f233684b99d682f
SHA-256: 64488d86fcb7ed150d93d983fcb27e691da3f024baea1ad09809c5b53c2d0514
Size: 469.95 kB - php-mysqlnd-8.0.27-1.el9.x86_64.rpm
MD5: 1111a21ce929422904fc5bb08e88fa0f
SHA-256: 1d07ec8b525daaeb5aba56c4008a3d3c6069a0a06817d021d8b84ad1b9d846c2
Size: 150.48 kB - php-odbc-8.0.27-1.el9.x86_64.rpm
MD5: 6bb7907ee15ce728f4080e56684baec7
SHA-256: d4089431336377ea1a51ff6fd24326b19edc58e7d46a1c0cceb14877f828a0a4
Size: 45.22 kB - php-opcache-8.0.27-1.el9.x86_64.rpm
MD5: df1c98771a3204c45c8c92200824f1c8
SHA-256: af4928d6292806b45a44c444a4d06a9cd92f53a02a4d14eb5f3a1a51e3aaeb42
Size: 511.73 kB - php-pdo-8.0.27-1.el9.x86_64.rpm
MD5: 752195e2d907fc2587632869d9dfef90
SHA-256: 0214df2897c08086ecf482c0c9efa6e50d09f768d3651e5222a6d0e9c38e6f68
Size: 82.96 kB - php-pgsql-8.0.27-1.el9.x86_64.rpm
MD5: 3ff7f6fc8b126a8a592316a5ea0ecc03
SHA-256: a9e8365ce05edaade13b7713aaf2938aa57f2082f7688697641482c6d1f80e15
Size: 73.53 kB - php-process-8.0.27-1.el9.x86_64.rpm
MD5: eb346a5a77a79ab57c6622a721d3faac
SHA-256: b5b748dd7c81d3c26ee9ab4857cbcc3eed20485cae83e52ed637d117a84ae141
Size: 42.09 kB - php-snmp-8.0.27-1.el9.x86_64.rpm
MD5: 0411194081f760733f476dec7a74eadb
SHA-256: dcb20c82b6070f8ae326c8ebe727bfe9304eb6f3714642b4b31d4cc0fe8e665e
Size: 31.85 kB - php-soap-8.0.27-1.el9.x86_64.rpm
MD5: cbde515da1c7fb4bb18da997a156623f
SHA-256: 9bd90abffd4465bc75716b6f3cca895aa0e286451b0963c0357668dafe923cb1
Size: 135.03 kB - php-xml-8.0.27-1.el9.x86_64.rpm
MD5: 6dd39dc802a46c2cde026da3b019ffc7
SHA-256: 27b6cbdbeb6d0052f3576d696dc23910cde373e9075d81ac883e99abf4d6bf34
Size: 131.51 kB
日本語