php:7.4 security update
エラータID: AXSA:2022-3573:01
リリース日:
2022/07/20 Wednesday - 08:21
題名:
php:7.4 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- php には、root ユーザーとして稼働する PHP-FPM デーモンで
PHP FPM SAPI が実行され、かつ非特権ユーザーとしてワーカー
プロセスが実行されている場合、ワーカープロセスが共有メモリへの
書き込みを行うことで PHP-FPM デーモンプロセスに無効な
メモリへの読み書きを行わせ、特権昇格を可能とする脆弱性が
あります。(CVE-2021-21703)
- PHP には、FILTER_VALIDATE_URL オプションを指定して
filter_var() 関数の URL 検証機能を利用した場合、無効なパスワード
フィールドを持つ URL を有効なものと評価される問題があり、
不正なサーバーへ接続される、もしくは誤ったアクセス判定がされる
脆弱性があります。(CVE-2021-21705)
Modularity name: php
Stream name: 7.4
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2021-21703
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.
CVE-2021-21705
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.
追加情報:
N/A
ダウンロード:
SRPMS
- libzip-1.6.1-1.module+el8+1491+38681c8a.src.rpm
MD5: a002985c2a2b8de264a4dc85aad0cac2
SHA-256: 8a541fe0874781a5c41249e28dbb34c96e590b5f488b7aba65033f8ea0cf0b2a
Size: 732.66 kB - php-pear-1.10.12-1.module+el8+1491+38681c8a.src.rpm
MD5: db9ad5371d41e3b6690ef3cfcc3f37cb
SHA-256: ca3ad050f84387b88e2d439b134d8701434361be281a804c1bbcafcc65652ddc
Size: 379.33 kB - php-pecl-apcu-5.1.18-1.module+el8+1491+38681c8a.src.rpm
MD5: 64f1d3e4f56db9b5f910402ce852536f
SHA-256: f36f4abc9676fab33d2d7d7caaff064efa64a28974db6cfcc5586e162449982a
Size: 107.49 kB - php-pecl-rrd-2.0.1-1.module+el8+1491+38681c8a.src.rpm
MD5: 51380b5abe139511b1b9057d64d4f548
SHA-256: 8b70494c77d3c7bcafbffbb3b59a94c4a4ddb9671c48c86b9527dbaac19dd5f2
Size: 33.12 kB - php-pecl-xdebug-2.9.5-1.module+el8+1491+38681c8a.src.rpm
MD5: de958ac8dadf06fe3edb666624a56026
SHA-256: d1d0e1c64d55f9355e24cb548c500a6e3aa7076eafa12923071f9a7bae5379b3
Size: 442.81 kB - php-pecl-zip-1.18.2-1.module+el8+1491+38681c8a.src.rpm
MD5: c2e93ff08d035e9acd7ed0c43f61e476
SHA-256: 3760ca56f39cdb08d9a77dbdae424f539196efa3d104de5367631a37abf4002f
Size: 307.81 kB - php-7.4.19-2.module+el8+1491+38681c8a.src.rpm
MD5: ceecca9286974a8eaff4ee90678ec059
SHA-256: 0e7c8882b27c33d9cd4e262957e8284b75efeae479f6eb15ae441233cf12cb3b
Size: 10.01 MB
Asianux Server 8 for x86_64
- libzip-1.6.1-1.module+el8+1491+38681c8a.x86_64.rpm
MD5: bf582e28b779d294b0c4f2e791eec4bb
SHA-256: 95d5da4674b24e31b1becb732e40237e285e0fac1d279fa5187875972bd222a9
Size: 63.24 kB - libzip-debugsource-1.6.1-1.module+el8+1491+38681c8a.x86_64.rpm
MD5: 72e2bd1d79c5db404cd38eb45a41f92f
SHA-256: d0932eafc641499cf6c5c277b37ecee28b54257b3f00ee68fcc88aa196b2a067
Size: 100.33 kB - libzip-devel-1.6.1-1.module+el8+1491+38681c8a.x86_64.rpm
MD5: 069bfab16432d2ca739675ee1a8076e6
SHA-256: 5bfca99462aec16dfba7406be2912b5fa2d8c9ae12a5e0cd09d0a3d647e6495b
Size: 180.02 kB - libzip-tools-1.6.1-1.module+el8+1491+38681c8a.x86_64.rpm
MD5: ce124d7bbedf21123506e01b6cbcb6c6
SHA-256: 15780883bcb50c65e0d43fc63cde48623a26c7ed0e6510399cdecc691b462449
Size: 42.90 kB - php-pear-1.10.12-1.module+el8+1491+38681c8a.noarch.rpm
MD5: dfe3786363e78e777e067b769d766076
SHA-256: 2ce0f8ee98095d3e3d88adbf277ea0f94c987a989a9522e7db6d8a75795474ff
Size: 359.61 kB - apcu-panel-5.1.18-1.module+el8+1491+38681c8a.noarch.rpm
MD5: ef53f7512cbef84b88a2836fabd2e282
SHA-256: 378d512bc3ec6d413de3800a4ccf7e12fdd27ab27adf4466fdadc900045f4c00
Size: 22.29 kB - php-pecl-apcu-5.1.18-1.module+el8+1491+38681c8a.x86_64.rpm
MD5: 223ef4cf6410193ed1ec56de68e853cd
SHA-256: 08bad40a08fc55110243e4e68acb672efeb6a59b4e0ecc8b6832a40120857aca
Size: 62.82 kB - php-pecl-apcu-debugsource-5.1.18-1.module+el8+1491+38681c8a.x86_64.rpm
MD5: bd81d8843e3deed38a252731fc7cf95b
SHA-256: 8afb7c4dd00fc22e9ff37cf4a51219debba0c78caf9c2806441e002d0856cc43
Size: 49.52 kB - php-pecl-apcu-devel-5.1.18-1.module+el8+1491+38681c8a.x86_64.rpm
MD5: 2731436f2990e522752d2e437847ab20
SHA-256: 5db23aa8eb40c4b0833b405166fe95257df4c552298e464119d608cb0637104b
Size: 46.16 kB - php-pecl-rrd-2.0.1-1.module+el8+1491+38681c8a.x86_64.rpm
MD5: d6333e2cf442cf843386cb622e7137b6
SHA-256: fb816b3e8744216b868c5a50ece36e45538240d388d20f8b8dd6c6189ca9a0c4
Size: 30.52 kB - php-pecl-rrd-debugsource-2.0.1-1.module+el8+1491+38681c8a.x86_64.rpm
MD5: 86cffe75997a38e04bed7ce8eb214d73
SHA-256: 67f9a8d1123aa267c9869d7c4ec4463ebdc0e024c2c5d37d6585f08291e00b93
Size: 22.38 kB - php-pecl-xdebug-2.9.5-1.module+el8+1491+38681c8a.x86_64.rpm
MD5: b064ee21ce8152857bcb9df2f39cbee8
SHA-256: 8468860195ef2c061c9c9654ab6a0d5f8621ce81b3a52aedf6e54915d2c85a10
Size: 176.17 kB - php-pecl-xdebug-debugsource-2.9.5-1.module+el8+1491+38681c8a.x86_64.rpm
MD5: c942341f2b1b9eec68d6bb5a8c6b4e31
SHA-256: f1fc59d2ae9c857885358ba1eee3523071a72a75866d6b611cab6287cc03cf32
Size: 134.23 kB - php-pecl-zip-1.18.2-1.module+el8+1491+38681c8a.x86_64.rpm
MD5: 4ff32baa179648359a97780b59369e55
SHA-256: 85004d2732a9134bb73221dcc678a164930b0ae7cd7ab073ece1cbb443eebc6b
Size: 53.58 kB - php-pecl-zip-debugsource-1.18.2-1.module+el8+1491+38681c8a.x86_64.rpm
MD5: 8e3877952cd35c9fb69265f7ef69e764
SHA-256: 61a35c70115557e3392480d27a39f6eb471b44c32b901ddfbf22e41d67a60e98
Size: 31.19 kB - php-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
MD5: 803175531f56251d19ce7c2e5c7355e6
SHA-256: 6456b8a483efd951f8ff866decfcb66d3e4e674adcaa5674c7c77d386119a3ab
Size: 1.52 MB - php-bcmath-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
MD5: a80a499990531cb0a246355b3e61529d
SHA-256: 9f4c8274398dde4be02ab4d525c0e17cc5533dd5770d41f2565c84722c8e8767
Size: 78.79 kB - php-cli-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
MD5: 5c00467f2c6c5c5ea9df9ed674bddd98
SHA-256: 5a9e7608bf4ee8caae3bf40d74b360fba771ed15494a8a6c53f69aee4deaf9cd
Size: 3.07 MB - php-common-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
MD5: 828b9d9c2acf1826f427e8cbec7c4f26
SHA-256: b442e75cb145abe3fa63d680cd2071822a92c9630fa1198128b0ab72e3810a46
Size: 700.97 kB - php-dba-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
MD5: 9dc1e3e0b65c95aeb512e7f05e15c7eb
SHA-256: 0c2a279a6bdc5b2f2bf1e1193ea68aa4a818fcc1017d37ebbb9bf7eea5143391
Size: 77.59 kB - php-dbg-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
MD5: 001d09a39ef5b47f28333381fef35921
SHA-256: 97ec3e9df8434d52546bd0b33a203b5eb1969d8e0920c0d5de5e9841d1958aff
Size: 1.63 MB - php-debugsource-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
MD5: 1511522bf1a68f5ab5d8907ca8dce3a3
SHA-256: 9d48d1d2b0cd2662e063ab127e566637a3ccdec2ed317eab82e23b676553e311
Size: 4.11 MB - php-devel-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
MD5: be5221b11e75a5ef609bd7bdb6a12df8
SHA-256: 9280b79d6f5301c09f065962063072adf714448e132934e8153cfa369f81e24f
Size: 727.02 kB - php-embedded-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
MD5: 9a62ff1bbe55ea30a78c52bc9ad234cf
SHA-256: ed31eb361fe5b27535fbfb8bed0b59d0001a033feb01048c5822f533a900cac9
Size: 1.51 MB - php-enchant-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
MD5: 629b0ac4b58decd9fe01c7f2549a97a0
SHA-256: ed3504d9913bfcdf11e0ef58a66f75b261220e29ae77b10edd349d24d765db08
Size: 63.52 kB - php-ffi-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
MD5: 74882c7c627ae8ff159a28a258fb6591
SHA-256: dd18f6e3711bb13fffa1110a79a73ea1275523dac4e23fa26ff631c826af2d40
Size: 115.68 kB - php-fpm-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
MD5: 291f8b432be58d3cbb4cdac8a3f8dad4
SHA-256: d145c59382ddc60e5c50fe569c4da3e23fd96dcefc489ff4b27f23b74a3033e0
Size: 1.60 MB - php-gd-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
MD5: a034d79aad48bc52e49846f5019055f6
SHA-256: d36037e62c66a2544f8f6689821b82ebb015a56399757dfef00500e70916b7a2
Size: 83.75 kB - php-gmp-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
MD5: 763f451f36e02ae8eee1e342a81fb087
SHA-256: 25083a9372999f3fead27c30aabc81722b11001d13d94362589cfe89e803f02a
Size: 75.57 kB - php-intl-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
MD5: 45f6b5d51bc9bd3c56cd486b51069ef6
SHA-256: e2fd1caacd9c594a419b945d763da44678a91f3e25d8c8df137b6fc4310a2350
Size: 191.68 kB - php-json-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
MD5: 2e37c050f9a71d00e90a8daa59e5e2c2
SHA-256: 419be35f248b7645575f68e9a53b057e0d0b8691a5c97cd543c4860786024f91
Size: 73.05 kB - php-ldap-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
MD5: 9d3002f598f80c3efd1bf3ebb6f06691
SHA-256: 10a25b2addcc57499f03e0e187814d101b0b413a9940b73b3a3817f9372ddfc1
Size: 84.87 kB - php-mbstring-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
MD5: 15a9bb86dc048af1534805167e3b2df3
SHA-256: bdcccadd9581423c4d91687835a8a0631cabc5d5587eebc4aed85625726dc648
Size: 482.51 kB - php-mysqlnd-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
MD5: dc45959ea1b86ac797c13b336af7da79
SHA-256: 7c069a24989e24a64c37c7180afb3826abde2187b9f9510d983260c56a0c9549
Size: 191.71 kB - php-odbc-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
MD5: 58b400509f63d40ec4aa53ba0648324a
SHA-256: 22c22a3ca44ef7f583125f7ef08a9d0463dfafeeab927818b8c7999e6f64a0c9
Size: 88.65 kB - php-opcache-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
MD5: 562bbaad85dd05c97f93ea41d19779e8
SHA-256: 433e4547d980b3667a3ec7804b807ece838a3875d563cb6930530ba74ba4a8d6
Size: 266.09 kB - php-pdo-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
MD5: 40b0a3a47c7295adac152671d118bf9e
SHA-256: 09425e9c53ee6756e7cc67a33b5784485ab5eb6081d460e4b5d8d5e3a0b8d064
Size: 121.94 kB - php-pgsql-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
MD5: faca2c4f0c3592a1bef730f84b3d5fc3
SHA-256: 0f79109ee576e66c283c51b4adb5e6bcb4c08e2c0fb8393de2711094ced3dea1
Size: 117.13 kB - php-process-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
MD5: 4e7faca706db53c1074bb6c027d677df
SHA-256: 2c590efc92e08c562dd73c2d8a0317a04bbf090c904658c2bfec12a6664cc34a
Size: 83.96 kB - php-snmp-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
MD5: 8aa7e2966e52b076ea8d4d075556afa1
SHA-256: a03035ed2d858b8527e88abc3353e451fcb7b726bffc21b1e153e07bf7b8d8fa
Size: 73.32 kB - php-soap-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
MD5: a313b8493424d7e9e62f186c1620dff6
SHA-256: ff5617197ee98dd85cdc16aad531d81dfbc25bf2839c43ec2cd4558104eb8583
Size: 175.30 kB - php-xml-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
MD5: a49ff46f8ae29e1c60e2c7a249129f11
SHA-256: 258b92f0733986633c37317362795b7d9b2365122f640f03a543e8d222f9858c
Size: 172.49 kB - php-xmlrpc-7.4.19-2.module+el8+1491+38681c8a.x86_64.rpm
MD5: 2d04973f0ab7cd6841da506c0c29f022
SHA-256: b9424a15719b2cd33f1b09d41f51740eb06f923dcda3de4486004ebb9f0208eb
Size: 88.70 kB