php-5.4.16-46.1.0.1.el7.AXS7
エラータID: AXSA:2019-4396:02
リリース日:
2019/12/06 Friday - 17:45
題名:
php-5.4.16-46.1.0.1.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- PHPには、FPM が特定の設定で構成されているとき、FPMモジュールが
予約済みスペースへ過去の確保済みバッファの書き込みができるため、
リモートコード実行が可能な脆弱性があります。(CVE-2019-11043)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2019-11043
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
追加情報:
N/A
ダウンロード:
SRPMS
- php-5.4.16-46.1.0.1.el7.AXS7.src.rpm
MD5: bc0ec1e83ce0b627afb164292562e2ba
SHA-256: 59534790eae918d303e1b72db732ec44482e803f07f4ac98b07ed990d558e71d
Size: 11.41 MB
Asianux Server 7 for x86_64
- php-5.4.16-46.1.0.1.el7.AXS7.x86_64.rpm
MD5: 358515251726a353a7a9f44a86637d35
SHA-256: c86fde2eee9d2ad044934e456a093ff082755460ebbd5f42f4fe3585f1977bd7
Size: 1.35 MB - php-bcmath-5.4.16-46.1.0.1.el7.AXS7.x86_64.rpm
MD5: 6a4d445df429e5cfa86808158f839091
SHA-256: 738f60dd0e7ffe9a1dca66dd7356c49537497c64ca948fb31ae1f44116c3e12d
Size: 57.13 kB - php-cli-5.4.16-46.1.0.1.el7.AXS7.x86_64.rpm
MD5: d45156ee75efe77b2de9f7607239e7fa
SHA-256: 35963adbaf7a16cf6e393e728a27bbcdfaa2e24b3fc9d0f387ba86eed2c906f4
Size: 2.75 MB - php-common-5.4.16-46.1.0.1.el7.AXS7.x86_64.rpm
MD5: bbe79210e46d5ebc7e05afc936776411
SHA-256: 1ba94b65c762ec045f26c4c5f48061a76520546c3a22e82211cf8e841b4a5188
Size: 564.41 kB - php-gd-5.4.16-46.1.0.1.el7.AXS7.x86_64.rpm
MD5: 423f4a113e2e3f02342e43ec7354ab9b
SHA-256: 897ee4d34ef4c7a4b67ce7f116fa47e1cb6bd7b974231d7a74da606a9e430a0d
Size: 126.97 kB - php-ldap-5.4.16-46.1.0.1.el7.AXS7.x86_64.rpm
MD5: 0ee1ecba53ec08eba70a7670b4ceefdc
SHA-256: 3bd74daec7d1834271752ee764f52e68b2c02b8b713013f70cd746ad550624d6
Size: 52.10 kB - php-mbstring-5.4.16-46.1.0.1.el7.AXS7.x86_64.rpm
MD5: 30a63ffa262797b0c35324b8236fe989
SHA-256: 0730d898f2a0d3305869ff6b614bb686c8471f2c0e91f2782e1a5c32acbb6884
Size: 504.57 kB - php-mysql-5.4.16-46.1.0.1.el7.AXS7.x86_64.rpm
MD5: a4c76fbe64b23820e8a2a31b687e8f9c
SHA-256: 2645e5705d7a8254740240e028c185dac31db2de0b7d609e20ef604bd0cc5f1d
Size: 100.73 kB - php-odbc-5.4.16-46.1.0.1.el7.AXS7.x86_64.rpm
MD5: cf73da9cf555ee638ba451f58a19a391
SHA-256: ab7427a98f9b2f22ba70f3e3f8106a64bbd4b595ca690a205a8445e31337ffff
Size: 65.00 kB - php-pdo-5.4.16-46.1.0.1.el7.AXS7.x86_64.rpm
MD5: 52ca122ff1c6d1a294e9206afeb20ce2
SHA-256: 3d9ca22d966b8ccfc387f669127a2758d55bf2d99cc4b58dfe4c80a419770ef3
Size: 98.33 kB - php-pgsql-5.4.16-46.1.0.1.el7.AXS7.x86_64.rpm
MD5: ec07be99ff2b0c5ab3af8e0efdf317a8
SHA-256: abf244a82121d8b0e8e7532020e8720779b794922d6049ac5817a4eb156a9a7d
Size: 85.69 kB - php-process-5.4.16-46.1.0.1.el7.AXS7.x86_64.rpm
MD5: eebfc12ccd755ccaa1263f53a427269e
SHA-256: adccf114ce2ca87a2a2bfe3aef0acddca9856e9bbc2453b1bcac02c4a5b90529
Size: 55.41 kB - php-recode-5.4.16-46.1.0.1.el7.AXS7.x86_64.rpm
MD5: 8f68a1752c27f6a63911b191cafdde3b
SHA-256: 0580888184659a130f35dcd455aa89ef7f09cb6ffceb83af69f06f60beec56dd
Size: 38.04 kB - php-soap-5.4.16-46.1.0.1.el7.AXS7.x86_64.rpm
MD5: 3bd256cc03fa914191d39757a39dd89b
SHA-256: 47ba562b9889dabba0f47aca3e1d8bbea5cc6eeb45619a803bb9dce7056925fe
Size: 158.19 kB - php-xml-5.4.16-46.1.0.1.el7.AXS7.x86_64.rpm
MD5: 6b08b3f54854802ed668a41839336c4b
SHA-256: 89d1f8710249c77eb735dce6dc8d6c482f80ff30fa8348cdd5b34c1c886b3f3b
Size: 125.25 kB - php-xmlrpc-5.4.16-46.1.0.1.el7.AXS7.x86_64.rpm
MD5: ff86925bbadb6d6f5e3c1a639a195cc1
SHA-256: f424c59cab62e7884addb79f5136f3f5adbd8441fbb0743b0b07d9c47f5ef216
Size: 67.59 kB