php:8.1 security update

エラータID: AXSA:2023-5806:01

Release date:

Monday, June 5, 2023 - 07:47

Subject:

Affected Channels:

MIRACLE LINUX 9 for x86_64

Severity:

Moderate

Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP
Server.

The following packages have been upgraded to a later upstream version: php
(8.1.14).

Security Fix(es):

* XKCP: buffer overflow in the SHA-3 reference implementation (CVE-2022-37454)
* php: standard insecure cookie could be treated as a '__Host-' or '__Secure-'
cookie by PHP applications (CVE-2022-31629)
* php: OOB read due to insufficient input validation in imageloadfont()
(CVE-2022-31630)
* php: PDO::quote() may return unquoted string due to an integer overflow
(CVE-2022-31631)
* php: phar: infinite loop when decompressing quine gzip file (CVE-2022-31628)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2022-31628
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code
would recursively uncompress "quines" gzip files, resulting in an infinite loop.
CVE-2022-31629
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables
network and same-site attackers to set a standard insecure cookie in the
victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP
applications.
CVE-2022-31630
In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont()
function in gd extension, it is possible to supply a specially crafted font
file, such as if the loaded font is used with imagechar() function, the read
outside allocated buffer will be used. This can lead to crashes or disclosure of
confidential information.
CVE-2022-31631
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2022-37454
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer
overflow and resultant buffer overflow that allows attackers to execute
arbitrary code or eliminate expected cryptographic properties. This occurs in
the sponge function interface.

Modularity name: php
Stream name: 8.1

Solution:

Update packages.

CVEs:

CVE-2022-31628
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.

CVE-2022-31629
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.

CVE-2022-31630
In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.

CVE-2022-31631
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

CVE-2022-37454
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.

Additional Info:

N/A

Download:

SRPMS

php-pecl-apcu-5.1.21-1.module+el9+1008+29511cc9.src.rpm
MD5: ce92f60d8e6f3b5084454567761c951a
SHA-256: 4fe87e9fd7c2bf177ffb90ef35db232e6c6950343de03ba59373a56ab3165935
Size: 102.56 kB
php-pecl-rrd-2.0.3-4.module+el9+1008+29511cc9.src.rpm
MD5: 4576532e36aa7b245251f2836d995328
SHA-256: 75aa15a143b8a91ff559a36fb16c7933808cd20d2166df03bb279dc48914cd6a
Size: 29.67 kB
php-pecl-xdebug3-3.1.4-1.module+el9+1008+29511cc9.src.rpm
MD5: 4cf2c10c5e9c7bb8c01968dcefc1f78c
SHA-256: 985f6a28ff68e9029e5642eca7949f2f19fa6a2a106061bddcd0153abb8d782b
Size: 434.61 kB
php-pecl-zip-1.20.1-1.module+el9+1008+29511cc9.src.rpm
MD5: 1ad2ebb274cd215acdc94e2f294fd754
SHA-256: f488c64dfe32c1cca262fdd588011bfb84ee7ffe5147e5a12587fb8782e05596
Size: 353.14 kB
php-8.1.14-1.module+el9+1008+29511cc9.src.rpm
MD5: 4e35cbd21a397f554acae3ce89187b77
SHA-256: 610ceaf8404c6aed729440737fe6e234f003165b33ab153d1b8b21982fd1513f
Size: 11.33 MB

Asianux Server 9 for x86_64

apcu-panel-5.1.21-1.module+el9+1008+29511cc9.noarch.rpm
MD5: ed70d5a5dba81aba035887b3d623d859
SHA-256: f41b74297205377d91b8d1c0657e892478ad83c44f8bfd941c7d33fdc6c7d9d8
Size: 18.69 kB
php-8.1.14-1.module+el9+1008+29511cc9.x86_64.rpm
MD5: f499ea47df86159290c74d7d10c6ceee
SHA-256: 5f676e117f23f5d09b76a8e008e31ba0261183cf5fdab2aaef11081a5b1cc2ed
Size: 10.27 kB
php-bcmath-8.1.14-1.module+el9+1008+29511cc9.x86_64.rpm
MD5: 1f9289100a11618d1ad8cfc428d731a9
SHA-256: 2ef584a6e1f3329b32bd6396186d0b4d083665d48d2fbe38b20ab369c4179697
Size: 35.38 kB
php-cli-8.1.14-1.module+el9+1008+29511cc9.x86_64.rpm
MD5: 8e32c8d94562e9c6c198eedd5f581af8
SHA-256: 57f102ad87989988263487e9a0d5e210630f1a245a251070d70d88d49ac82f7c
Size: 3.48 MB
php-common-8.1.14-1.module+el9+1008+29511cc9.x86_64.rpm
MD5: 13ebb0b29579956f7bda714c6cf7e548
SHA-256: 1316a5ce33376f1d2f1279e091171fc23166f04350caa7a24b95aeb0e84a65ac
Size: 667.82 kB
php-dba-8.1.14-1.module+el9+1008+29511cc9.x86_64.rpm
MD5: b579462f5f93d196548604a15b97df22
SHA-256: ac2585b846048bc2d2ed6520c5f1855f86f984b58373795669a7b1c6fd1b5823
Size: 34.79 kB
php-dbg-8.1.14-1.module+el9+1008+29511cc9.x86_64.rpm
MD5: bc1e3d4c4c491a54839e2cf723ac5093
SHA-256: 935dce3c79146407a15521291bb9a04da4513c9337c0b0aa57cedaf319d1696c
Size: 1.80 MB
php-debugsource-8.1.14-1.module+el9+1008+29511cc9.x86_64.rpm
MD5: c236a76e8517381cdd1b0aadadb94d71
SHA-256: a13185efa34ce928bca7f6b12de05b1ffa8ac5dcead4371377d3c46ae923ae3a
Size: 3.86 MB
php-devel-8.1.14-1.module+el9+1008+29511cc9.x86_64.rpm
MD5: b6e19a3d1e39fa14802fff42663dda2d
SHA-256: 4e5fc5333e60ed587ff2a7783d2693b7806b0a943d8fa5419d06bceb0be8aca7
Size: 681.37 kB
php-embedded-8.1.14-1.module+el9+1008+29511cc9.x86_64.rpm
MD5: 971dafcb6142f70135b70a1fa103da69
SHA-256: c2289337e421a10dbc01fe909368cb2bcfb1a1cc55e0b618770200c042f606fa
Size: 1.72 MB
php-enchant-8.1.14-1.module+el9+1008+29511cc9.x86_64.rpm
MD5: 4e28c86c071e705fe9d532ac70fa9674
SHA-256: a0a134f798dd31718fe2d8558e50439281e131c8e278f59861c4342839db0a04
Size: 19.86 kB
php-ffi-8.1.14-1.module+el9+1008+29511cc9.x86_64.rpm
MD5: 1ceda9d54c51ae3758101cc32fb2cf78
SHA-256: 519a46f2692b98b85ff380f2096d3674dc1967b154ceadd4ceaa8118aad88f3f
Size: 77.26 kB
php-fpm-8.1.14-1.module+el9+1008+29511cc9.x86_64.rpm
MD5: 77138401d7660b20f3d4c528f6f5e02e
SHA-256: b5ec3f9fa5f3e9857c060b7721fcc7bf209f98cae84e39e3c33ecf36d733c9d4
Size: 1.79 MB
php-gd-8.1.14-1.module+el9+1008+29511cc9.x86_64.rpm
MD5: 4c36447ff702fc06e5a20458fe53202e
SHA-256: 4ccff709c4352bb8229ffa6ce51b82162b3dcca69812cb3e2bcc3d9b7947e415
Size: 42.45 kB
php-gmp-8.1.14-1.module+el9+1008+29511cc9.x86_64.rpm
MD5: 97973cd040ea93f01c8bc01d0010717f
SHA-256: 7f4c470d85c51e42104ea7ab5d74a711dc644bc74b0f110420837c32505cf84c
Size: 32.51 kB
php-intl-8.1.14-1.module+el9+1008+29511cc9.x86_64.rpm
MD5: 02077915d18d983fa99a0e733a971784
SHA-256: 1b3e6a9a3e37ae6b4e2c787055b3973017ac8f694188675d3de0b9ec8927fa5e
Size: 153.27 kB
php-ldap-8.1.14-1.module+el9+1008+29511cc9.x86_64.rpm
MD5: f4c0c9aa34637f3d027abb7555efc38e
SHA-256: 980088b70e4a42d74ddc5280c8a16fb2f31303f75533334ecf557c2ba90a088b
Size: 43.26 kB
php-mbstring-8.1.14-1.module+el9+1008+29511cc9.x86_64.rpm
MD5: 4d433793c38ac97fd68e012a5b4bf17b
SHA-256: 03467a1843bc4062bc1cb39415ea3c9c94b18e39fdebb9293a6dc7bf061632e3
Size: 473.18 kB
php-mysqlnd-8.1.14-1.module+el9+1008+29511cc9.x86_64.rpm
MD5: 558d25bb5cf818c1d952667eef52f244
SHA-256: 1d60d874e12141ecea6141b39eccc7b09a3f0cd438c994e04567d7ebfa610136
Size: 144.93 kB
php-odbc-8.1.14-1.module+el9+1008+29511cc9.x86_64.rpm
MD5: 35215ad03bf75f1d9062a94aa46f69db
SHA-256: c04645b529156b56326acc640528ed1106883100a8c20d2fbb349f0681481bf0
Size: 46.11 kB
php-opcache-8.1.14-1.module+el9+1008+29511cc9.x86_64.rpm
MD5: 15ea6924a5b9c1c77a0e99bf754c56a5
SHA-256: cfc3e05a324b9a12005c18eb2ed5b473f2ad0ad8f5564d9e38ae2653e9e1605b
Size: 375.96 kB
php-pdo-8.1.14-1.module+el9+1008+29511cc9.x86_64.rpm
MD5: 7426eb9186f11a12b9a057a3c5dd3b6f
SHA-256: 754cdfaccd07883ba19ee612db48a470e86f5f502f41028d0cc0bc044473bd82
Size: 83.62 kB
php-pecl-apcu-5.1.21-1.module+el9+1008+29511cc9.x86_64.rpm
MD5: 40c1f3fd18dee4c0905fa38f7654ac86
SHA-256: ba9cbf9b0450456fdf04814e53015ba84362e5dc0ad51fbc39a7741d56a8f11d
Size: 58.11 kB
php-pecl-apcu-debugsource-5.1.21-1.module+el9+1008+29511cc9.x86_64.rpm
MD5: 653edb6495524be5bcc42a2620f27a28
SHA-256: f46d8979386833040823bf7daa42009780d88f1cf27acd5b1a6245fe3367d577
Size: 44.80 kB
php-pecl-apcu-devel-5.1.21-1.module+el9+1008+29511cc9.x86_64.rpm
MD5: ae44d6b6117c41128a7b42b5b47e18d0
SHA-256: 18eed40fe68edcdf371ebe94dc699d2ed694a8fdbbf57275727ad13e9dc1d7ce
Size: 44.23 kB
php-pecl-rrd-2.0.3-4.module+el9+1008+29511cc9.x86_64.rpm
MD5: 60a2a1df07f5a44f008da5f03a0c7851
SHA-256: 527591652a529136153c2c072342fccbfbc544872bfd1d0e81823c97b8a08e42
Size: 26.48 kB
php-pecl-rrd-debugsource-2.0.3-4.module+el9+1008+29511cc9.x86_64.rpm
MD5: b7849942ccf6bd9d05907c27887da922
SHA-256: 52f54cfa818c3a6f6c56ff73cbb102f510922bf425faf5bfd055a4df8b1ed891
Size: 17.68 kB
php-pecl-xdebug3-3.1.4-1.module+el9+1008+29511cc9.x86_64.rpm
MD5: e2003b31a37a9fe6a6b3a16d0c8eb97e
SHA-256: 5e2742e7ef3c7743beb53e24595416d584b7b3d86351c75163c97332af39bd0e
Size: 195.67 kB
php-pecl-xdebug3-debugsource-3.1.4-1.module+el9+1008+29511cc9.x86_64.rpm
MD5: d72bb8908cfbde18b6c2523a5138d46c
SHA-256: 85148b8cfc1cfd4debb927f34e51d82e3fb0b822165c4b599c0ea4502c180187
Size: 134.89 kB
php-pecl-zip-1.20.1-1.module+el9+1008+29511cc9.x86_64.rpm
MD5: 4fb89184e52553ae9c36fda9d2427b6f
SHA-256: 7535dc60971eb4d013318f5003c44fe6c2736b9784c7ce3ea159b30f00988b99
Size: 54.84 kB
php-pecl-zip-debugsource-1.20.1-1.module+el9+1008+29511cc9.x86_64.rpm
MD5: f5257a39d76893318bf50ae1c280e3d5
SHA-256: fce907e9f5fc645e4e268ccc1314a965e43f426ff92f32d6f04d069a0961e8ad
Size: 27.98 kB
php-pgsql-8.1.14-1.module+el9+1008+29511cc9.x86_64.rpm
MD5: 35079996120266aa3b1365ac9a058923
SHA-256: 30599170041343e907b05212c88aea502ed257427b10d5817df43ecdc2417086
Size: 75.38 kB
php-process-8.1.14-1.module+el9+1008+29511cc9.x86_64.rpm
MD5: 5aaccc221b3df55ea9980bdf45dec36c
SHA-256: 098165ee5a2e8f8bee4aac0f0c60624b984575969f12e15e6617c8bbc67d4da9
Size: 42.20 kB
php-snmp-8.1.14-1.module+el9+1008+29511cc9.x86_64.rpm
MD5: c7793d169162ce15e9e81b3e9acadabb
SHA-256: c8ef638e2461a108d8891559db7a319d5e1c2a0429abd6f63c3ff7148b9d5150
Size: 33.17 kB
php-soap-8.1.14-1.module+el9+1008+29511cc9.x86_64.rpm
MD5: a1e6df4741cb3488bb1bff4b3c32e4c6
SHA-256: 76d8cef297644a3f69ab7804a9925f8b046df64a77186f00b063cab6dc496007
Size: 140.29 kB
php-xml-8.1.14-1.module+el9+1008+29511cc9.x86_64.rpm
MD5: 1d17559cf84e40b94e2c73525f0e88e9
SHA-256: 4a0a1b9140b5a74175d7791a56cf743d147f106570c6a66ce981cccf08457c25
Size: 139.95 kB

日本語

Main menu

You are here

php:8.1 security update