php-8.0.20-3.el9
エラータID: AXSA:2023-4943:01
リリース日:
2023/02/01 Wednesday - 09:50
題名:
php-8.0.20-3.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- PHP の php_filter_float 関数には、最大/最小値の制限と
FILTER_VALIDATE_FLOAT オプションを指定した場合、メモリ領域を
解放後利用する問題があるため、リモートの攻撃者により、メモリ破壊
や任意のコード実行、クラッシュの発生によるサービス拒否攻撃を可能
とする脆弱性が存在します。(CVE-2021-21708)
- PHP の postgresql 拡張機能には、ポインタとして初期化されていない
メモリの解放を試行する問題があるため、攻撃者により、無効な値を
引数化されたクエリに引き渡すことを介して、任意のコード実行を可能
とする脆弱性が存在します。(CVE-2022-31625)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2021-21708
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
CVE-2022-31625
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.
追加情報:
N/A
ダウンロード:
SRPMS
- php-8.0.20-3.el9.src.rpm
MD5: 53fd7e8e8ca1be134bf143b54dc3da3f
SHA-256: fbe70818954f2604402ad1c38ae5eec846a1fe482b0c55780f5c744b871bed48
Size: 10.54 MB
Asianux Server 9 for x86_64
- php-8.0.20-3.el9.x86_64.rpm
MD5: 91ec34c8cdcc952416284e55d7333f19
SHA-256: dd69487f427dc1a50644db49609c5b201beb9c61da8051f0c5b78123f85893e1
Size: 11.38 kB - php-bcmath-8.0.20-3.el9.x86_64.rpm
MD5: 95b4e225c52664cde4d6b952af940fea
SHA-256: 3c165494285309d976bfd50dc0c626bed0675aaa5efc86db76ce00fe839d9022
Size: 36.55 kB - php-cli-8.0.20-3.el9.x86_64.rpm
MD5: d6516150d1254054faa7705d1e897271
SHA-256: 79f3c85d7b165553fd888003e7e045d44c0fef9bc2d8f64efe7ef6b353751bae
Size: 3.09 MB - php-common-8.0.20-3.el9.x86_64.rpm
MD5: 5f85daae29adb8d4122234ee00b3c8e7
SHA-256: e707bbe77dee80e8c60bb652e772551f951e0e970ea8a1d79342f8d91f690188
Size: 665.74 kB - php-dba-8.0.20-3.el9.x86_64.rpm
MD5: 08c9e695e7365b9886efbac628a4a552
SHA-256: 4cd44c9a0a457296ed24156d532954406036f7ba49380b91c93322d86cf81ac2
Size: 35.94 kB - php-dbg-8.0.20-3.el9.x86_64.rpm
MD5: 7dc9189a03dac80dca7d50549002d41f
SHA-256: 207874a12a355278e3abd53533a72be24e2a9c4f26072398e7902a76defbfed8
Size: 1.63 MB - php-devel-8.0.20-3.el9.x86_64.rpm
MD5: 71be9bfb0c4fc34c4d8f9084cb305854
SHA-256: 2a4d7b98d0fe1b4f6b029999536e993ab938c07b89f6beb613a37a488c6ad4ee
Size: 657.79 kB - php-embedded-8.0.20-3.el9.x86_64.rpm
MD5: f61aafe32b134d4aac5edfa72f98afb7
SHA-256: 11cc385097d63e8a982427deeedfde18017e14d9865ca476df2d394988e552c8
Size: 1.51 MB - php-enchant-8.0.20-3.el9.x86_64.rpm
MD5: 372f61d471f7fd788262bab577a9465a
SHA-256: 9d4242150fb95897339f70b7aa2b17c25b86d3d9d5c27e1716e936410acb196b
Size: 21.05 kB - php-ffi-8.0.20-3.el9.x86_64.rpm
MD5: 6eb2a0834d9702dc56c85cef38c8a8b6
SHA-256: 7b13a4df9f5976af7c486d2ceaa7bb91ab4eeab17acdc84c70b0361f43116f9d
Size: 75.99 kB - php-fpm-8.0.20-3.el9.x86_64.rpm
MD5: 316d9dd84f839ee4807a416c7454660d
SHA-256: b29443ebfd030d828938ff68f8c9a693ce8b366c5831e7697c31473d70e79c53
Size: 1.59 MB - php-gd-8.0.20-3.el9.x86_64.rpm
MD5: 6d9362ac4071053590daeff54fcd492d
SHA-256: 730caa13ae63b195a3d10e077b2cf209985804a29abe2e447279f12178520f09
Size: 42.58 kB - php-gmp-8.0.20-3.el9.x86_64.rpm
MD5: 03c527009e31d4e2f7bab94987f01bf4
SHA-256: d93487d2560fa094ee9ddcdd58000abb5e9cdfce43fc47a870ecfb87d31f317b
Size: 32.66 kB - php-intl-8.0.20-3.el9.x86_64.rpm
MD5: e1ac8ad4883bfd65ba162b5c4e62c394
SHA-256: fc4b1cf9560598eb36247a89b3abbd34306ebf46ee93ceac31d34ba89a9b35a2
Size: 151.47 kB - php-ldap-8.0.20-3.el9.x86_64.rpm
MD5: 3e2dd647d986c23ed339b893d9d0a82f
SHA-256: ea2d59e58cf7e603b79a8f29266a31963fc6ff689535d211d1ed5bc9e4a4323e
Size: 42.29 kB - php-mbstring-8.0.20-3.el9.x86_64.rpm
MD5: b93980d9ccd16880256a162700148060
SHA-256: 6d2e301207ed432a006a84e2554c93be2912210753af2090aa3a65b19b264dfa
Size: 471.16 kB - php-mysqlnd-8.0.20-3.el9.x86_64.rpm
MD5: 08e6e8c8c9115db8ab7de7eeb76519e1
SHA-256: e63cd770acdce39aea79fea2008df4a31fa2af00ef15e21daf6be5d73c324890
Size: 151.72 kB - php-odbc-8.0.20-3.el9.x86_64.rpm
MD5: 5709f2ed748a60509a602d1149c4b704
SHA-256: fa284d54c82e95c6cab0d22257b1676e9b05375f2f7222a0b2c6673634655bbd
Size: 46.43 kB - php-opcache-8.0.20-3.el9.x86_64.rpm
MD5: c2bff1252401b866b4c480c3ea2d2dce
SHA-256: 1d9e5ea664069d12feb5ae683eddbcf304461164003a7bfd661e2c72276b403b
Size: 512.17 kB - php-pdo-8.0.20-3.el9.x86_64.rpm
MD5: 65cd42246cb5030e40715152ead4cf9f
SHA-256: 008349764af8a970a4aff6c68c5f3458e0a3a70ed2f3e1d206ae68e411439646
Size: 84.28 kB - php-pgsql-8.0.20-3.el9.x86_64.rpm
MD5: 1398143b709651f56e91186f60424258
SHA-256: 6491e0f5e839081b546ba01c0557b0e04def210692204a901f641e6cb341bc7d
Size: 74.12 kB - php-process-8.0.20-3.el9.x86_64.rpm
MD5: 7b510de8139094c66c2e9efab35d68a8
SHA-256: d727b1ac4a67fc3a9611a7e257a17c6f156ae08c82ea34e7bdc263cac75fefbf
Size: 43.32 kB - php-snmp-8.0.20-3.el9.x86_64.rpm
MD5: 9fa307b668c9700977f85871676cd493
SHA-256: 527ebce130cd23ac306672517aded422b255726fcbf91bd4f6c4ae21d719fa22
Size: 33.06 kB - php-soap-8.0.20-3.el9.x86_64.rpm
MD5: 395d8e204c95f34add67f787b5c5cd2e
SHA-256: a0594d9b3e6350426b03b5a28c1a935af65a68a298658458094af2455d06f716
Size: 136.19 kB - php-xml-8.0.20-3.el9.x86_64.rpm
MD5: b8023f9e8a86df343589ea26c18df6d1
SHA-256: d1accadb053248308a42ab29c0d8fc28a6a22eb79083026c15835962dd7808f3
Size: 132.67 kB