php:7.4 security update
エラータID: AXSA:2023-5958:01
Release date:
Friday, June 9, 2023 - 08:35
Subject:
php:7.4 security update
Affected Channels:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
The following packages have been upgraded to a later upstream version: php (7.4.33).
Security Fix(es):
* XKCP: buffer overflow in the SHA-3 reference implementation (CVE-2022-37454)
* php: standard insecure cookie could be treated as a '__Host-' or '__Secure-' cookie by PHP applications (CVE-2022-31629)
* php: OOB read due to insufficient input validation in imageloadfont() (CVE-2022-31630)
* php: PDO::quote() may return unquoted string due to an integer overflow (CVE-2022-31631)
* php: phar: infinite loop when decompressing quine gzip file (CVE-2022-31628)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2022-31628
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
CVE-2022-31629
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
CVE-2022-31630
In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
CVE-2022-31631
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-37454
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
Modularity name: php
Stream name: 7.4
Solution:
Update packages.
CVEs:
CVE-2022-31628
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
CVE-2022-31629
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
CVE-2022-31630
In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
CVE-2022-31631
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-37454
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
Additional Info:
N/A
Download:
SRPMS
- libzip-1.6.1-1.module+el8+1610+fab2023c.src.rpm
MD5: bc87f27349469c464af13aafe4d203c3
SHA-256: 59dc0049e1b38bf7c9278dfb75105de0416b24bff57adc1b10c088655306019f
Size: 732.66 kB - php-pear-1.10.13-1.module+el8+1610+fab2023c.src.rpm
MD5: fb6762e9e4286fa7eaaa12e21f9bd771
SHA-256: 00774e8630fb9c235c44d772bc271d9786713e6c947b5a0c3c164890290925f5
Size: 380.40 kB - php-pecl-apcu-5.1.18-1.module+el8+1610+fab2023c.src.rpm
MD5: aaf08a6341ad9f9f2bb434515b4440b2
SHA-256: c7bff128b8c68b142f3a10a13cca653649796ae1cc2e3d25aad6a4fd1fb6e4bd
Size: 107.49 kB - php-pecl-rrd-2.0.1-1.module+el8+1610+fab2023c.src.rpm
MD5: d0e3d52e3ebb69a37bd4c27f03e8e15f
SHA-256: 70f1ed46f377b35712ea61dd0f3c706a41650c0c0292807de22a99e2af4cc5b6
Size: 33.12 kB - php-pecl-xdebug-2.9.5-1.module+el8+1610+fab2023c.src.rpm
MD5: eee4c19b449bf5639509672c33b3b35e
SHA-256: c8d65f74b517842516b0c7910fbb6e378061e7dac382652b39fabfa128a83ce2
Size: 442.81 kB - php-pecl-zip-1.18.2-1.module+el8+1610+fab2023c.src.rpm
MD5: d1a5721ad21aca8dd3a47b08228b4f71
SHA-256: b44ca7b9a584b16bd9984752aadea9db0daa296dcad9e77b38b92e5bc7e61970
Size: 307.81 kB - php-7.4.33-1.module+el8+1610+fab2023c.src.rpm
MD5: fb8d4f7f94975679f29054b581570627
SHA-256: 363d752a1eb60f7026b2e1a07cb6ddda31d9cda1b23e8d101cf9e2685f90961a
Size: 10.08 MB
Asianux Server 8 for x86_64
- apcu-panel-5.1.18-1.module+el8+1610+fab2023c.noarch.rpm
MD5: e1c3410ce5049f0518682484921e81c3
SHA-256: 1dbb5725d4f91f5a02e3e967c1e17df66bff189a5a850c490f5b5be630baf370
Size: 22.29 kB - libzip-1.6.1-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: 4bc6f74ac7c926022e9b9cbc2c0df603
SHA-256: b50b335e8e66a42429f8af727687345249d2303350fee4c0b3f35707e080f185
Size: 63.24 kB - libzip-debugsource-1.6.1-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: d60bf581cc6ec8a8615064ec26bb197a
SHA-256: 225f64095fbce5c1a2dca24de06e59518b4f445c3d013eff9254754a5dd5c531
Size: 100.33 kB - libzip-devel-1.6.1-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: aef8798bbdb02b7c1f5681fb5c89fe15
SHA-256: 3b519fd77671d22465acbd97a0895d7084f9e0024e3fe2549d92ae39beac3b40
Size: 180.02 kB - libzip-tools-1.6.1-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: 5cd428d7dc01520a49730ac40e079de5
SHA-256: 37f1cb61362b86367e96845cb25d728a5ce76eb883fb9d0fa729d2a92be815ed
Size: 42.90 kB - php-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: 3b52ff0a37314b59f5169351daffe676
SHA-256: 3d99f9410b0422cd45eac81364fd0115bffa96485972e43d1266554818d438b9
Size: 1.52 MB - php-bcmath-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: 3a3d210db173b262fc0344ccce98ec8f
SHA-256: 8912efd340dc0c76170b98db75a62f771d0f1094a09f01536dd88c8841f436b1
Size: 79.21 kB - php-cli-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: a9e48a26a45e45dccd62738d34d48601
SHA-256: e370dbc46cc5d6e6192205bfecd5c3d51ef4ca726865c7d97f672266343b0a28
Size: 3.07 MB - php-common-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: e14595797abafb35a0351d07c7bf08d5
SHA-256: 984ed51e353ab994cfcc663c37e25ae205daa1d481717de805c77bdcf7a51e4d
Size: 704.79 kB - php-dba-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: 22c45812ac3d6b3e87066d7c56ed562b
SHA-256: baca767dbdf0bce5910db9608ecfa54947ef2a73a9efe2ba159829435557d2d3
Size: 77.98 kB - php-dbg-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: fb7d5f1fbdb874536a4db166a286638b
SHA-256: e06be804974ad79a6b6491277d0d33e23e4bf3476d60202f316a9385c4f8d393
Size: 1.63 MB - php-debugsource-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: 480cd00207fef1c5a6237e672b5ced2d
SHA-256: fb47d6c0db3f4b077565addf3113b057ba403c20f66c7c61962070fb1093529c
Size: 4.11 MB - php-devel-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: 8216dc57603440a19031973e2ea2cd1d
SHA-256: e1508c5e96776e85f3b047b65a702d131466a574f76258798727b36b60c4dcd2
Size: 728.48 kB - php-embedded-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: 963dad8ae856d8cbb4d978ba486760c5
SHA-256: 2c6e1638bf3801b18d2b1c312f0f83dd5b1481d8d10cba3c95651dd46442c780
Size: 1.51 MB - php-enchant-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: 70e94ca832a03c7433bd45f98ddc7300
SHA-256: 46fdc35a02fd5bf76ced98f2c1a207522e2ed3a004b46fc8b6133091e7fa2d53
Size: 63.90 kB - php-ffi-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: 4874569b256e3d0f68da3adf8aea7618
SHA-256: f104aa7a91b57643eca96260b6a0f98ecd17cdf33917adbcff825fc7f596b92f
Size: 116.16 kB - php-fpm-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: c8f63fef1ceadeb99b21ed3a6012108b
SHA-256: 1bb261104fc0128b67ddf5b825d207829bb1aade5787264e8f0b6e97ecc26ba2
Size: 1.60 MB - php-gd-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: 936d5ec7b434740524de12f48ae2eec1
SHA-256: fe82c38994c7517d889912945febdd3bde22a2aa0d511293d8913b23209a7173
Size: 84.13 kB - php-gmp-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: 36b111b6b5f1e4dddbb3c878775a90af
SHA-256: 6f6daf1587b8545b19c1b4b4b9bd2d1015ad69fab0af5606f66ee8b3eb4eb53c
Size: 75.85 kB - php-intl-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: 3ab3c7e1794fcf808d20dcd1d46906c7
SHA-256: 5cbfaefbbbc66dc451e9377cae59f30b57f13fa5b4792c3dcf4ff881c69300b3
Size: 192.05 kB - php-json-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: 70c3bde6d97d7e91be9e484acdd464f6
SHA-256: 4b249279d2af0d84648c6f5deba43cfc64bbd3bddde6a725091ffcf0638a895b
Size: 73.42 kB - php-ldap-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: 6bcac2c48bdbc0e42553b3b6b2483ca9
SHA-256: 3d1a00aabee389ca0fc5914b6023a92f400d5791cda89fc9d155c6a5124263ae
Size: 85.30 kB - php-mbstring-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: 86cc0e76cde2bb9b8738f32fd237dbe9
SHA-256: 64a95b25b34cf8a2f3fbf9b77e54db926296677c6c8e623cd395a51a926650ad
Size: 482.88 kB - php-mysqlnd-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: 31d6dbcb21dcec21a3cda5225856f1f0
SHA-256: d69824f801343000f2bcedb5ed6bee8d24417ebba69a4e468b800e700efe6f25
Size: 191.92 kB - php-odbc-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: fbcb853b2ea50dcd26903f72eb34aca7
SHA-256: 9237eb729a9b36852d2070bae56ed7b530bbc40813728b69ac236892b97ff50c
Size: 89.20 kB - php-opcache-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: 6542073ca648b853199f403a86bd85c2
SHA-256: 6f482e6087cba90940084fafb1832b11ec612d0114d204263b83be9e2e290bdb
Size: 266.39 kB - php-pdo-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: 7c9c7d7151c85accb28a089e707bee79
SHA-256: 69c601cd62a11f308345117357bf9dae75117e0ba5e22e6fc5938c618c68ef2c
Size: 122.30 kB - php-pear-1.10.13-1.module+el8+1610+fab2023c.noarch.rpm
MD5: ce92c9cc948017806fd0656d6265fb9a
SHA-256: 358f7e0c19090be8c0a0c8f50d41104a6c7957380f17463f5002baa493708a92
Size: 360.49 kB - php-pecl-apcu-5.1.18-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: 67dcb6154464787d4a94dc8c87b71c8e
SHA-256: e9f6992b19ab07c44295daa56c517540c4a42c903b91a820795c622fa1a7b333
Size: 62.81 kB - php-pecl-apcu-debugsource-5.1.18-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: ed219b4cac385f0d829f8614d3182bbf
SHA-256: e58604d2cabef93b33b3054ccc181dd09153dcca5c8e170cad506cd93a75b669
Size: 49.52 kB - php-pecl-apcu-devel-5.1.18-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: ecf6f9bf63a4e2d2203aaddf7c8d49be
SHA-256: 50d49a152e83fd368f9ad1e8db0ac3f89d70afb28225319a4cfc7baf8454bb98
Size: 46.16 kB - php-pecl-rrd-2.0.1-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: ddb260a60ea7cae7b7702ac4265b90ba
SHA-256: e8603108b7e4af83038314e0523ba33e975eda1ef95de34d825c39639ace4b69
Size: 30.51 kB - php-pecl-rrd-debugsource-2.0.1-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: f3dabdf8e6b60a2b1380d603c25aee23
SHA-256: a6b382d6747bd372444eec4c4324e4ace99ab4336943f6f0edf3c58d814b0f58
Size: 22.38 kB - php-pecl-xdebug-2.9.5-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: 1c947dcd8c0d6fccec9d32860267b8e1
SHA-256: 281662f09725a36b979ddf8d611deeac21adbda130a666e8604990cb5612326f
Size: 176.27 kB - php-pecl-xdebug-debugsource-2.9.5-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: f583a6d163c029845d665080aca53b6c
SHA-256: 391ec963ddf3f88359a5defd412cc9de90d6d835a789676438ffdca4c5509a47
Size: 134.23 kB - php-pecl-zip-1.18.2-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: 51cce5b7c1be6265aa64eebeb27e78f2
SHA-256: 6eb044026dff09edb39e9fe45185047911f7326b2fb43bf7e1a9bd4cf4ab371c
Size: 53.56 kB - php-pecl-zip-debugsource-1.18.2-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: 4292b86531e1e7d14307f1f0f9931d66
SHA-256: b8ddb3b02b03683230f8509b5849b19def582b54bca539ab41760953d648c879
Size: 31.19 kB - php-pgsql-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: cd017ccb1a29910447049bfb8a16dd01
SHA-256: 222c242cef17ab2adb286835e8f349ca8c27a597c5d09293a6d9c24d6b6d606d
Size: 117.46 kB - php-process-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: a7e0dc5f9df4178cfef3d7dc7b645e26
SHA-256: 6583297fcf62f57b7aa06e519eb2ce03396f202b032e4d050750f31e8cefe0f2
Size: 84.45 kB - php-snmp-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: 7adc8b205b3ab13fc53ceca5aa84ed16
SHA-256: 6ea72f7531d1c02895d73ebc4c4017d7e6e9128ec83fec70be0c107173939221
Size: 73.69 kB - php-soap-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: bb36bf36bc25dc43f33a52daeedc2fbd
SHA-256: 36a8b616e8df7903862f51350bd70814012e7c67404c46f10d09c51cb4aee359
Size: 175.65 kB - php-xml-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: 689dc6bcac0fa545eaed1a3c09f16612
SHA-256: 290f2d89609c54273127e0152d5f85a940b17e15b5c3b3fe5958039b9f699391
Size: 173.35 kB - php-xmlrpc-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
MD5: 8c02753ce67caf641a8c9087e2323c6b
SHA-256: 62b2bbb71f75a322411c9a35497469eec51506f7e80c1d28e6483b126a112e90
Size: 88.96 kB
日本語