php:7.4 security update
エラータID: AXSA:2022-3857:01
リリース日:
2022/09/20 Tuesday - 03:36
題名:
php:7.4 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- php の Archive_Tar ライブラリには、phar: だけが
ブロックされており PHAR: がブロックされていない問題が
あるため、ローカルの攻撃者により、シリアル化の解除を
可能とする脆弱性が存在します。(CVE-2020-28948)
- php の Archive_Tar ライブラリには、phar ファイルに
対してのみファイル名内の :// をサニタイズする問題が
あるため、その他のストリームラッパー攻撃が可能となる
脆弱性が存在します。(CVE-2020-28949)
- Archive_Tar の Tar.php 関数には、シンボリックリンクの
チェックに問題があるため、リモートの攻撃者により、
ディレクトリトラバーサルを介して、許可されていない
ファイルへの書き込み操作を可能とする脆弱性が存在します。
(CVE-2020-36193)
Modularity name: php
Stream name: 7.4
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2020-28948
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
CVE-2020-28949
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.
CVE-2020-36193
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
追加情報:
N/A
ダウンロード:
SRPMS
- libzip-1.6.1-1.module+el8+1529+89de28d3.src.rpm
MD5: f18220c83810505f8214ee787f0f0968
SHA-256: 532b4b00d1dc23026c8adf6b696c839f3c48c9674eafaf3119391876796207b8
Size: 732.66 kB - php-pear-1.10.13-1.module+el8+1529+89de28d3.src.rpm
MD5: 4d2798ac4005ae964155ea218c12cd8f
SHA-256: 6be2af1f351bfb4ba4bcc179eb965965a050e9d71ef7455c46a3eec6b6142d0c
Size: 380.40 kB - php-pecl-apcu-5.1.18-1.module+el8+1529+89de28d3.src.rpm
MD5: 903e2567879ba6ba539ed3396155e5db
SHA-256: b35dfa141482fa5c28eb65ac4f03b4466d603a022a82ba408ee376661ded881a
Size: 107.49 kB - php-pecl-rrd-2.0.1-1.module+el8+1529+89de28d3.src.rpm
MD5: c8f4e8a823f060cb48dcffc901b0b59d
SHA-256: 64a5cfb749a3953715c9cc7f9886ebea3e6e95316ebd9620618ce216554c63c4
Size: 33.11 kB - php-pecl-xdebug-2.9.5-1.module+el8+1529+89de28d3.src.rpm
MD5: 8b52d89bbd2b23777f7153fddf5e733e
SHA-256: 9ed59f31f1d78d8fe385c68e9338aa44e224f4e235b6ceb2dc965db117062882
Size: 442.81 kB - php-pecl-zip-1.18.2-1.module+el8+1529+89de28d3.src.rpm
MD5: e55bb24141758188050cd44213b3dee3
SHA-256: f3195260c1ade2057d85f6db7a3a5dd1bb983c5b188e183fca6687b8ef189569
Size: 307.81 kB - php-7.4.19-4.module+el8+1529+89de28d3.src.rpm
MD5: 0c8716ccd9c93a73bb5a58977dfb0925
SHA-256: 853e5c5a9c7b0ba056d0b969dc1f93bd6daa68f76d2b093d23e0ae9b1398a97a
Size: 10.01 MB
Asianux Server 8 for x86_64
- libzip-1.6.1-1.module+el8+1529+89de28d3.x86_64.rpm
MD5: d8f9be27a9c1e877b46efeaf78e62e0d
SHA-256: 448a94cc0ccb8cb1ba769f96b56302acca66671981c4ca58b090be82bc70f639
Size: 63.24 kB - libzip-debugsource-1.6.1-1.module+el8+1529+89de28d3.x86_64.rpm
MD5: dfbcd2c0b3752ee0117c1ae7d6a63ffe
SHA-256: 7c1335b76a3b8a6eb8e3715a21cc1fc692497988539c0f15605b51e0fc6bcdbd
Size: 100.33 kB - libzip-devel-1.6.1-1.module+el8+1529+89de28d3.x86_64.rpm
MD5: 64f8636cca4f5c0531b00e41d6b1726a
SHA-256: e245cb0a76d4d624d0a8cffbd3c5ede6173209c2316f47fe3f0ba07cbdfffc26
Size: 180.01 kB - libzip-tools-1.6.1-1.module+el8+1529+89de28d3.x86_64.rpm
MD5: 81736a75cb5ef137ed891ced7a404333
SHA-256: ec42dc6d2b33e7cd9f9a70cb0e05cb718134dc3b62b49bbcd45675f61b9e02fa
Size: 42.83 kB - php-pear-1.10.13-1.module+el8+1529+89de28d3.noarch.rpm
MD5: 574fd148959b955bcbcae57380738b49
SHA-256: c0e4de1d8546687ff55134c4d594829a69f5c309523e166f5ab47baa485680be
Size: 360.49 kB - apcu-panel-5.1.18-1.module+el8+1529+89de28d3.noarch.rpm
MD5: fb3d6e87950312baafdbe934bdb553b4
SHA-256: de8e809a4edd50c76ec34955fbb52ca1a365e6035a71a1263b8e4a37202f5880
Size: 22.29 kB - php-pecl-apcu-5.1.18-1.module+el8+1529+89de28d3.x86_64.rpm
MD5: 501cead22d4c18ab881d5959063934e2
SHA-256: c9ac032991f363e0be8197d1055daaeedf9a1f258d82f67af81ba7e4a387a94d
Size: 62.81 kB - php-pecl-apcu-debugsource-5.1.18-1.module+el8+1529+89de28d3.x86_64.rpm
MD5: 223f42a5df85119d7865242903c767d5
SHA-256: db7243e2477bdb393dee61a97786c9c8d432832f76671c31511729854e37517f
Size: 49.52 kB - php-pecl-apcu-devel-5.1.18-1.module+el8+1529+89de28d3.x86_64.rpm
MD5: 7b0bfcd29a3d1e1d82b0b222dd35a3aa
SHA-256: 33eaa33136a573015e62d119f37bbc871522277ba64176c2aea6e74a0e202e9a
Size: 46.15 kB - php-pecl-rrd-2.0.1-1.module+el8+1529+89de28d3.x86_64.rpm
MD5: 06e0a71cd8c317608bdd963d72cd97c8
SHA-256: f892904521eb99483a808a15bf7d9c66a13c8b541bae2e75f482bdac3a239406
Size: 30.52 kB - php-pecl-rrd-debugsource-2.0.1-1.module+el8+1529+89de28d3.x86_64.rpm
MD5: 3d21a67ea929043f50af9f9ca98af190
SHA-256: 7eb269243fc0526327866d738f0e7fec4b851a4cb31687a05d910a6a26e6cbf2
Size: 22.38 kB - php-pecl-xdebug-2.9.5-1.module+el8+1529+89de28d3.x86_64.rpm
MD5: b2a7f355a64cd296146fc6365bfe54dc
SHA-256: ac4854ae861b7b7f7c77af7a85fb7e3fa0fcd0cf9f6f8abdc81cabc85b950198
Size: 176.17 kB - php-pecl-xdebug-debugsource-2.9.5-1.module+el8+1529+89de28d3.x86_64.rpm
MD5: 019eb9d0ff1848d79a15aa6cad285e0d
SHA-256: 367d8251bb1cae0c57032adaf61a880ef25a83780af6604923ac5dcfb71f3629
Size: 134.23 kB - php-pecl-zip-1.18.2-1.module+el8+1529+89de28d3.x86_64.rpm
MD5: 4f580122b6d69eced067f025b63be998
SHA-256: 591dc93b956ba485adaa1808fdc7b95b249cefd160d388b9a346dc363b8c02f3
Size: 53.56 kB - php-pecl-zip-debugsource-1.18.2-1.module+el8+1529+89de28d3.x86_64.rpm
MD5: 54a1a15a2754f5c6c654066849e12027
SHA-256: 69c9a8c290bafb975cda40926e76465c3dd328943a26da6323a4721341868b81
Size: 31.19 kB - php-7.4.19-4.module+el8+1529+89de28d3.x86_64.rpm
MD5: 12800e4e7941f1943f9fff747adb8074
SHA-256: 5eb05b93d33ad1622c0421fad0b3811522ccd697061a788491f9c0b011056ef5
Size: 1.52 MB - php-bcmath-7.4.19-4.module+el8+1529+89de28d3.x86_64.rpm
MD5: 469fa9d5770ca28c7653b25eba3a91da
SHA-256: 0fd6d349ad48e9d8c87c8618e049727ca1dad79df0afcc6d9fce5e41a84049aa
Size: 79.05 kB - php-cli-7.4.19-4.module+el8+1529+89de28d3.x86_64.rpm
MD5: 5d202fffb73962c96626601f435e8cd7
SHA-256: 07026df910d17ad69e5d6c55fe3fc824aaf48e0ee9256c4d63230b7fec5c33af
Size: 3.07 MB - php-common-7.4.19-4.module+el8+1529+89de28d3.x86_64.rpm
MD5: f977a81dbd0d45b6625cb4a1b0f90277
SHA-256: b5eef809cb62fa9569c9f42567dc7e828bdab5c7ce09e4e0e0405c17a6a0bc86
Size: 701.30 kB - php-dba-7.4.19-4.module+el8+1529+89de28d3.x86_64.rpm
MD5: e0393eb2a16d9eb38944508b2e576ce2
SHA-256: 61318adbf0e2ed80c9a272284bb877bd1dc3dea05b644dea03f4737c9fae77e7
Size: 77.85 kB - php-dbg-7.4.19-4.module+el8+1529+89de28d3.x86_64.rpm
MD5: 379f92f6f7652d856f6c5ba140fadfbe
SHA-256: b4e1c8a162606a056227ebc26a723d707f046a854ece6586d7577aab378152b6
Size: 1.63 MB - php-debugsource-7.4.19-4.module+el8+1529+89de28d3.x86_64.rpm
MD5: 8e82ba1f199e62d873744a859bb192e0
SHA-256: 7e11fcad0e5648acdf58ea279117f34ea2b3b76e1806f7ebd1082156b9b6cfff
Size: 4.11 MB - php-devel-7.4.19-4.module+el8+1529+89de28d3.x86_64.rpm
MD5: a645123c4c3776b6789d55d9dbce9108
SHA-256: 286857c6ec6f1ae22e7a50de49a01a50ca68ba247023284c6a80257b7c59185c
Size: 727.30 kB - php-embedded-7.4.19-4.module+el8+1529+89de28d3.x86_64.rpm
MD5: 3ee5c7d2105caa73c2c75c2ec1862145
SHA-256: b0f14225c784dacc1d6d8f653358711dbebf14a8cebdc275e857e007230ee7e3
Size: 1.51 MB - php-enchant-7.4.19-4.module+el8+1529+89de28d3.x86_64.rpm
MD5: 8e3c983244d4a1f84f0bec863f8fa98d
SHA-256: 140bc4f67c357c9955585d5bde5384bb9530b05fc861c24dbe722129423a307e
Size: 63.79 kB - php-ffi-7.4.19-4.module+el8+1529+89de28d3.x86_64.rpm
MD5: 15f525f6e5f4bfe50434c4ec5ec79c75
SHA-256: e8b48c6c3802da360b2652f143f668a01d790ebcf70ec3420d51fa70de5eeac3
Size: 115.93 kB - php-fpm-7.4.19-4.module+el8+1529+89de28d3.x86_64.rpm
MD5: 209b7058d9ac53b1221c41de62816f88
SHA-256: 10433bd64e586c902fb775f765cba068a7dfae36d8c5dc7f05b824009b083de3
Size: 1.60 MB - php-gd-7.4.19-4.module+el8+1529+89de28d3.x86_64.rpm
MD5: 77f59fe24e5be86c3a5b40afed2231be
SHA-256: 5c3a258652181aaeddf6ed82a41a105a183b96ad5fb488c64709c096edf8875c
Size: 84.00 kB - php-gmp-7.4.19-4.module+el8+1529+89de28d3.x86_64.rpm
MD5: 74f7930dc2d6e1bbbde916a7fb78f002
SHA-256: 429b9fb4ed850ebeef36bbef44edd5b81bd635dde6b2ca2f77e506b65635b642
Size: 75.82 kB - php-intl-7.4.19-4.module+el8+1529+89de28d3.x86_64.rpm
MD5: b29393c05e2cc8cc84f4b53269b0f15f
SHA-256: 998d7455c02d78389d7974168cc1c36686abd98625a727c9fd997eb5a8f8ca0a
Size: 191.92 kB - php-json-7.4.19-4.module+el8+1529+89de28d3.x86_64.rpm
MD5: 43042855787bbb5f6116b8712e908b6a
SHA-256: a26a861185e57a033f5db196f5ac56df36c40f21ab544c5c3521402f9f288d36
Size: 73.22 kB - php-ldap-7.4.19-4.module+el8+1529+89de28d3.x86_64.rpm
MD5: 721aa3b8842579e1034c249a5b25f197
SHA-256: e0caae8d38e6e9bab10cccea41b2152fc77f4e5da7fa5ca9b1dc8e464d686017
Size: 85.13 kB - php-mbstring-7.4.19-4.module+el8+1529+89de28d3.x86_64.rpm
MD5: d54cd5f2bdb5316744753f15b7845e80
SHA-256: 0df13b4bfd1febfc1d209d287f142e9a46d8268981a532014caf501e0aa78cdf
Size: 482.82 kB - php-mysqlnd-7.4.19-4.module+el8+1529+89de28d3.x86_64.rpm
MD5: 9cfd535698a95ea09d0d557330370817
SHA-256: f60a4461e43b1dffc1df36b852fad23ece469082b37cbaf70b07de8a6feaf4d2
Size: 191.85 kB - php-odbc-7.4.19-4.module+el8+1529+89de28d3.x86_64.rpm
MD5: bda50fd28117d8e71d69c6fb8000c57f
SHA-256: 1f1ca0859930888c5a3d9233e9801cf077c5d26bddd1a8ef7aeeb212ea5248de
Size: 88.90 kB - php-opcache-7.4.19-4.module+el8+1529+89de28d3.x86_64.rpm
MD5: 216003de575f000726a4be16bc02b0f2
SHA-256: 10a748d8250295d60cc77ccb76801ec63484a02d9c1427485586145faa89fc66
Size: 266.36 kB - php-pdo-7.4.19-4.module+el8+1529+89de28d3.x86_64.rpm
MD5: 166bdb0ca950a7441d251ec15ffc29a6
SHA-256: 4af3fcfdccd65ed4d76bbf7e9377754d8eca3791e52867f0ae9876b40499cf9d
Size: 122.20 kB - php-pgsql-7.4.19-4.module+el8+1529+89de28d3.x86_64.rpm
MD5: 85cc9e293ad526af87924881276ceb3e
SHA-256: e1058d1bee072a990f928b02a0c829c5bd197124fe08385f64424233a41cee80
Size: 117.40 kB - php-process-7.4.19-4.module+el8+1529+89de28d3.x86_64.rpm
MD5: 53ec2c6d94335ea215e5e7f9175f6724
SHA-256: da657b9c6ac16427dc43e43519595c855d8410555291564363489e23c79fc7b3
Size: 84.31 kB - php-snmp-7.4.19-4.module+el8+1529+89de28d3.x86_64.rpm
MD5: 55fb43473fca5dace080fdc4b8f57705
SHA-256: c13f50c56253749eb1931cb0d893405e700fcd0e9a7c12e0d152dc8e14f646f6
Size: 73.57 kB - php-soap-7.4.19-4.module+el8+1529+89de28d3.x86_64.rpm
MD5: ffb73858e7be59d5e9f34a691677aa11
SHA-256: 41f0511cee74f2b2797f8e39841c168cb234e94238b4be169e25f3f90e4ef9c5
Size: 175.54 kB - php-xml-7.4.19-4.module+el8+1529+89de28d3.x86_64.rpm
MD5: bb8be31244ff1a04f48607910119eaea
SHA-256: 2fdeeab6fcb2dc865cae4c7c57ecec2ff0e71ad33c57f05f4aac41e95c58e5be
Size: 172.74 kB - php-xmlrpc-7.4.19-4.module+el8+1529+89de28d3.x86_64.rpm
MD5: ee5630e7632b54f03b09a90484f25969
SHA-256: 667d0a153d876ed4ecdb70cf1ac96ac93120f695516ec2e6754592ce59fcfab0
Size: 88.85 kB