php:7.4 security, bug fix, and enhancement update
エラータID: AXSA:2022-4415:01
リリース日:
2022/12/13 Tuesday - 11:03
題名:
php:7.4 security, bug fix, and enhancement update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- php の特定の XML 解析関数には、ファイル名の処理が
不適切な問題があるため、リモートの攻撃者により、
URL エンコードされた NUL 文字を含むファイル名を介して、
ユーザーの意図しないファイルの読み込みを可能とする
脆弱性が存在します。(CVE-2021-21707)
- PHP の php_filter_float 関数には、最大/最小値の
制限と FILTER_VALIDATE_FLOAT オプションを指定した場合、
メモリ領域を解放後利用する問題があるため、リモートの
攻撃者により、メモリ破壊や任意のコード実行、クラッシュの
発生によるサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2021-21708)
- php の Archive_Tar ライブラリには、シンボリックリンクが
展開されたアーカイブの外側を参照可能な問題があるため、
ディレクトリトラバーサルを可能とする脆弱性が存在します。
(CVE-2021-32610)
Modularity name: php
Stream name: 7.4
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2021-21707
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.
CVE-2021-21708
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
CVE-2021-32610
In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.
In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.
追加情報:
N/A
ダウンロード:
SRPMS
- libzip-1.6.1-1.module+el8+1550+0007539f.src.rpm
MD5: 035643359e396803e2eb4ed872111fea
SHA-256: f49dc9ee852f38a1b50e4fccacb4c5cad6db1db39a5c2f0e6ffc8d45474090e7
Size: 732.66 kB - php-pear-1.10.13-1.module+el8+1550+0007539f.src.rpm
MD5: f74d39ff2c088cdde1a0fe9c57ed4d5f
SHA-256: 591745b8512c61b0d073d7fa81550e0f46e3bd9338e14591ac0bb347c0d42211
Size: 380.40 kB - php-pecl-apcu-5.1.18-1.module+el8+1550+0007539f.src.rpm
MD5: e44db8092b45fc14a1bb18751cde0aee
SHA-256: 0c21b5f4393c50318929f0757c44583cd1f9b088ddbef2d86e156872b515c158
Size: 107.49 kB - php-pecl-rrd-2.0.1-1.module+el8+1550+0007539f.src.rpm
MD5: 69da206a866349bf5f0e3f51fc38b2e4
SHA-256: e7bb47f7df02d562deac0d9bc9644ce1dffb8620ff083480dad79472f55e20f3
Size: 33.11 kB - php-pecl-xdebug-2.9.5-1.module+el8+1550+0007539f.src.rpm
MD5: 8b5e3fbcf88a15b73128268de8b5236d
SHA-256: 6b4ae2f6328c04c28499ba06ee48c1b786ada64e81ddbde69bb93484f8ebb374
Size: 442.81 kB - php-pecl-zip-1.18.2-1.module+el8+1550+0007539f.src.rpm
MD5: 4556c549a38614765e2df508d8f9a160
SHA-256: fd991a07cb3a6415e34cdb827c05bb5acf56b8a99a03b4881cf5722ceb0b5b2a
Size: 307.80 kB - php-7.4.30-1.module+el8+1550+0007539f.src.rpm
MD5: 1fd8c4f5738460f820dd310b5e779941
SHA-256: 81f2fc39eec2aaccd4d3d9ff1724708a42638073c9e3322a832724edfcd7c783
Size: 10.08 MB
Asianux Server 8 for x86_64
- libzip-1.6.1-1.module+el8+1550+0007539f.x86_64.rpm
MD5: 9e3e8f1e2457f1d0685c65263d7bd1e0
SHA-256: 08983bfbfe4ba60d69ce47c1df8af665c25bdae36684028c1ddefbbfbb6d42f0
Size: 63.24 kB - libzip-debugsource-1.6.1-1.module+el8+1550+0007539f.x86_64.rpm
MD5: a43f8fd56eeb1bd8180dcf9f74e6a39e
SHA-256: e6dfbbfa642fd8eead4c289e7172e7f93d40182fc06c98d29bcdc410d0a4fe42
Size: 100.33 kB - libzip-devel-1.6.1-1.module+el8+1550+0007539f.x86_64.rpm
MD5: 6947139a24f9b5cd0357976613c48d09
SHA-256: 9944fb331c8ad7ec5c71af339df2f12edc48acef71fe99fd1e6ed6c124fa0562
Size: 180.02 kB - libzip-tools-1.6.1-1.module+el8+1550+0007539f.x86_64.rpm
MD5: 65ce272fead49e7e83d4d71f38e42f2b
SHA-256: 7e000d306ba84365ae3d636124478507e0eb4c89c35c57219191eae0bfbf050f
Size: 42.90 kB - php-pear-1.10.13-1.module+el8+1550+0007539f.noarch.rpm
MD5: 6dee8e4f4bff3fed5211794e075aa82f
SHA-256: e1efdaaba700e19f8952bd6c601be9152ef0424b44910258972bae068fccfcdf
Size: 360.49 kB - apcu-panel-5.1.18-1.module+el8+1550+0007539f.noarch.rpm
MD5: cd3467e075de86fa2db34ef875b56399
SHA-256: 257a41fa060d6bd020b2d1a5948a64bb75564e9181e9e6e14eb06167f2fea3a2
Size: 22.29 kB - php-pecl-apcu-5.1.18-1.module+el8+1550+0007539f.x86_64.rpm
MD5: 4cfd6b738570e0f5c2c15c8195ba860e
SHA-256: a23f698b88e3b5fbf2de45f51d0ece934fe775b271feca9b5696b77053b94ad2
Size: 62.82 kB - php-pecl-apcu-debugsource-5.1.18-1.module+el8+1550+0007539f.x86_64.rpm
MD5: 2ebbb67ed82d4733cf00c78e651540b7
SHA-256: 0005ddc7e7221aaea24e03375935a66c7348998c892e1599d64d8db71ed4df73
Size: 49.52 kB - php-pecl-apcu-devel-5.1.18-1.module+el8+1550+0007539f.x86_64.rpm
MD5: a5708fd194ddba40a360da97f92174d0
SHA-256: a7a537ad73bf16fce36844799bfe7dcc7b64ff91cd26d80d033bc6037ec09893
Size: 46.16 kB - php-pecl-rrd-2.0.1-1.module+el8+1550+0007539f.x86_64.rpm
MD5: c62516864b167e4b78b1559c6d007f25
SHA-256: 33236588211ce1d91ef17a2b11cbd78f934ac8396b0c6c8a261b6456ae5719b0
Size: 30.51 kB - php-pecl-rrd-debugsource-2.0.1-1.module+el8+1550+0007539f.x86_64.rpm
MD5: 28abe7c05cee9bf622d2f1214b273d13
SHA-256: 90052dea31258d3f7529883a3c153dee7bb0be66d45de065624fd222c2576fb7
Size: 22.38 kB - php-pecl-xdebug-2.9.5-1.module+el8+1550+0007539f.x86_64.rpm
MD5: b76b2dea85b5d7ecb7ab874068533f87
SHA-256: 095bd255662e1faa2c1aebae5ef24d5c0f088d5ade5025e2eea8fa06c11ed925
Size: 176.17 kB - php-pecl-xdebug-debugsource-2.9.5-1.module+el8+1550+0007539f.x86_64.rpm
MD5: 6bfaa6cbb619e3c3ffbbc90ece6a94f1
SHA-256: 8373afadcb32ff539a1010a1f9fe7fdede6f280eeb12042072fbe4ff2fde3ed8
Size: 134.22 kB - php-pecl-zip-1.18.2-1.module+el8+1550+0007539f.x86_64.rpm
MD5: 30dace2f60038c34ede3905d3aeaa3e8
SHA-256: 449f4891473d096e0d289e3340b38686b5d494d43e45e31da6f8b80e705e9f7d
Size: 53.57 kB - php-pecl-zip-debugsource-1.18.2-1.module+el8+1550+0007539f.x86_64.rpm
MD5: 831b9841e1c28cec080107894e3a418a
SHA-256: 4cf9004a8b02fb17b14178707d6d9daeb501cfb52f824ab42eedda2bc45632cf
Size: 31.19 kB - php-7.4.30-1.module+el8+1550+0007539f.x86_64.rpm
MD5: 778e14170c497c75afb1502466cf92d1
SHA-256: 7e5352e54eed4133a19f8d8e150dfd07e41a89124b4ccad217fa5009cf8bfe87
Size: 1.52 MB - php-bcmath-7.4.30-1.module+el8+1550+0007539f.x86_64.rpm
MD5: 02a4b6c5e592f8b99b71903a9f7b14b0
SHA-256: 207305038a389b23eb1c433ca9c0e8ff95d25ffcf1821576c866e1b0bb00fcc3
Size: 79.04 kB - php-cli-7.4.30-1.module+el8+1550+0007539f.x86_64.rpm
MD5: 0094843c1b11c75ffea49fb1adc773b9
SHA-256: c56859c39127d9db16a590f60d93312320b48170845ae2eb94c1d1ad725ceea9
Size: 3.07 MB - php-common-7.4.30-1.module+el8+1550+0007539f.x86_64.rpm
MD5: 29b5779f8c011e11f1df7b6871e65de9
SHA-256: 183ab8bfeda5cc18cd5f19e42ccdd27d96634e031ad9ad74f2764eeeda447279
Size: 704.57 kB - php-dba-7.4.30-1.module+el8+1550+0007539f.x86_64.rpm
MD5: 0f0d15c7fe01faeed77f0e6ed3ab1162
SHA-256: 93c5c0da710811ea5aefc636a20c199c2173fee71100cfd673f6dfba6e3c98b6
Size: 77.83 kB - php-dbg-7.4.30-1.module+el8+1550+0007539f.x86_64.rpm
MD5: b35f85860810527236e5b57b31205467
SHA-256: c0c3736cd9d87a54a7210789243c0476de526de36eaa6180bbd65fd2497d9d14
Size: 1.63 MB - php-debugsource-7.4.30-1.module+el8+1550+0007539f.x86_64.rpm
MD5: 23207ac8eaa28984d6d39ddf1e5be48a
SHA-256: 91cee0e2b67be6fd4d8837b4b386e5266914dfb9023482e1efb8597f034feb66
Size: 4.11 MB - php-devel-7.4.30-1.module+el8+1550+0007539f.x86_64.rpm
MD5: 15d315774751af08de2d04fb7e684501
SHA-256: 3a6b72ffa7726690981ff4a2e62bab8a0877644b206ac4ae0aef71f19c4af631
Size: 728.34 kB - php-embedded-7.4.30-1.module+el8+1550+0007539f.x86_64.rpm
MD5: fabbb11980056683356bd356d49f86fb
SHA-256: e58b3b2582060c7a8dc3e0b2440bca33439f6b95f1901db5bb39422b9b3b1dd2
Size: 1.51 MB - php-enchant-7.4.30-1.module+el8+1550+0007539f.x86_64.rpm
MD5: 600fdbc4e0d6bc838c046a673f27e944
SHA-256: 8739ae28f728d2f04d94d489f8e062a31069980ea4df408cf1a14b9b09ddbf87
Size: 63.74 kB - php-ffi-7.4.30-1.module+el8+1550+0007539f.x86_64.rpm
MD5: 34269168dfadef8fdce984ebf2f60cb5
SHA-256: 2966395e4795545f71d972eb76c56b86f295b1fad4d3e6aa74b3fa05c4235254
Size: 116.00 kB - php-fpm-7.4.30-1.module+el8+1550+0007539f.x86_64.rpm
MD5: 9dc8e04d247179dfff1263080df3a486
SHA-256: 12ca3cb73afeeaf3a18e0b6cebf7551db674da2eab1c44e8e1b3d863644ff716
Size: 1.60 MB - php-gd-7.4.30-1.module+el8+1550+0007539f.x86_64.rpm
MD5: e558ce7956be9693f19b242c02b031aa
SHA-256: 1bd722bc4de73c03b9b42ba9e78548de42737a97377f291df33c21972e729a56
Size: 83.88 kB - php-gmp-7.4.30-1.module+el8+1550+0007539f.x86_64.rpm
MD5: f0d04dde286ad1c156fd027115ae1bb5
SHA-256: 1595e64bb5b34cca9213e526a231c8521bd1b64ab90b3f79cdca4a8e8b4f9ab9
Size: 75.77 kB - php-intl-7.4.30-1.module+el8+1550+0007539f.x86_64.rpm
MD5: cc167ca90e2db438acbee426ea65d40d
SHA-256: b7869af05c148a7598c1cf1b36e77f3673e5f4f78cd0abadb4484299d437a472
Size: 191.92 kB - php-json-7.4.30-1.module+el8+1550+0007539f.x86_64.rpm
MD5: c334c601699d4f44c45274c0a1b1d92d
SHA-256: 3bb79c4d272a408d096b764dee91216c671dc5fe6584274543969cbebb9632c1
Size: 73.26 kB - php-ldap-7.4.30-1.module+el8+1550+0007539f.x86_64.rpm
MD5: 3264c28588687e28316dde4239291e74
SHA-256: 4318d27663ce1304f1725c701d7d5fffaaeef465f0558425d86c28e653aeb9c7
Size: 85.08 kB - php-mbstring-7.4.30-1.module+el8+1550+0007539f.x86_64.rpm
MD5: ac79d792ae3b0f70dddd62ed59835b5d
SHA-256: 182ff8d0c353235079d1a61f03e904113fcbb54a642170b56d1d09b4251811da
Size: 482.91 kB - php-mysqlnd-7.4.30-1.module+el8+1550+0007539f.x86_64.rpm
MD5: 7884f0688cebb40868677d0372b53f37
SHA-256: 14486a6bd4160f838afa56470e1226ebfd9b0b0d7d74c3e826bac3603efa8102
Size: 191.76 kB - php-odbc-7.4.30-1.module+el8+1550+0007539f.x86_64.rpm
MD5: 0927433d32484e2e37078d58da7205de
SHA-256: 8ff09e827fc2f58f232599788bc647f5aec814dcfc0564db5e92a2b4ed67f8d1
Size: 89.08 kB - php-opcache-7.4.30-1.module+el8+1550+0007539f.x86_64.rpm
MD5: 2ef39b9f16ec755629b14be2592b4576
SHA-256: d893b8ef127c262c2ec66abe3626e66708caad126f75910f85f875b17b16e97b
Size: 266.29 kB - php-pdo-7.4.30-1.module+el8+1550+0007539f.x86_64.rpm
MD5: 89cada4a56071f2a38f7ee763d941412
SHA-256: 51f9a5ae69741b5eb1d31d90744b76b5f995aee492cbc945e48d2b702952c75e
Size: 122.15 kB - php-pgsql-7.4.30-1.module+el8+1550+0007539f.x86_64.rpm
MD5: 01b4c6aff232af14f584784b31ef2235
SHA-256: 4350be89ae8272cb9d4063375001dcdc9d5ee190c1af3481279762efc7ea3c56
Size: 117.32 kB - php-process-7.4.30-1.module+el8+1550+0007539f.x86_64.rpm
MD5: ef281775c9dba3609e09f29059db17fd
SHA-256: 4ab090458df48885a3b6a4b049bcf31932920f4db03e61a8a96c41ee8ff64186
Size: 84.27 kB - php-snmp-7.4.30-1.module+el8+1550+0007539f.x86_64.rpm
MD5: 16b831dc271a0f8e614e1385f953cc3d
SHA-256: f43e240bdbf1fb989135874671e6380a7c5d6a0615e171059671e7e45ba29518
Size: 73.44 kB - php-soap-7.4.30-1.module+el8+1550+0007539f.x86_64.rpm
MD5: 35820c5104d12e1b9346f903f35282e5
SHA-256: a96a8b78ddb6697872ee416cfec086231ce0af0bb960c0ca09382192916b7c42
Size: 175.40 kB - php-xml-7.4.30-1.module+el8+1550+0007539f.x86_64.rpm
MD5: 864c0f2290cf6483b7046c81abd86049
SHA-256: 95f14ca73236001e51fd350b5b24d94b38561aa99b1338fc86cae5b018bf5000
Size: 173.05 kB - php-xmlrpc-7.4.30-1.module+el8+1550+0007539f.x86_64.rpm
MD5: b4b3af3c8a0c888582d76db381b4c2f6
SHA-256: b4cccf0a633e23cb034b8d3acbba907ce2df87c635bb6608db9525f23d182a38
Size: 88.90 kB