php:8.0 security update
エラータID: AXSA:2023-5146:01
リリース日:
2023/02/22 Wednesday - 04:57
題名:
php:8.0 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- PHP の phar ファイル展開処理には、無限ループが発生する問題が
あります。(CVE-2022-31628)
- PHP には、ネットワークおよび同じサイトの攻撃者により、PHP
アプリケーションを介して、標準の安全でないクッキーをブラウザに
セットできる脆弱性が存在します。(CVE-2022-31629)
- PHP の imageloadfont 関数には、境界外読み取りの問題があるため、
リモートの攻撃者により、巧妙に細工されたフォントファイルを介して、
クラッシュや情報漏洩を可能とする脆弱性が存在します。
(CVE-2022-31630)
- XKCP の sponge 関数には、整数オーバーフローとバッファオーバー
フローの問題があるため、リモートの攻撃者により、任意のコード実行
や期待される暗号特性の除去を可能とする脆弱性が存在します。
(CVE-2022-37454)
現時点では下記の CVE の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
CVE-2022-31631
Modularity name: php
Stream name: 8.0
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-31628
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
CVE-2022-31629
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
CVE-2022-31630
In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
CVE-2022-31631
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-37454
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
追加情報:
N/A
ダウンロード:
SRPMS
- libzip-1.7.3-1.module+el8+1587+e1c88df9.src.rpm
MD5: a9590182c9793a68dd15b52b33a3800d
SHA-256: 92b1e6117f28a1a3332a161430aea5ff8252b38b26785356eded142b3c7ec11f
Size: 746.88 kB - php-pear-1.10.13-1.module+el8+1587+e1c88df9.src.rpm
MD5: 9c321920c18fcc627c4c347dc521ccfc
SHA-256: f25293a706c6d1d91d43758f536ae3d0bd7bfc404e534a8c2adbb89d479abde0
Size: 380.40 kB - php-pecl-apcu-5.1.20-1.module+el8+1587+e1c88df9.src.rpm
MD5: 3de3bd25435173378e38dfa1aa96c8c2
SHA-256: 439ebcf4f1290c60de556f614ee2c1b50fe92086df0c8f1675c276ee853a0ac4
Size: 109.60 kB - php-pecl-rrd-2.0.3-1.module+el8+1587+e1c88df9.src.rpm
MD5: a55e84546c4b1dc7c9fac3a68411c426
SHA-256: d1d87aed0d9acbcac5b1fec6419ccce2f43c30c2de6a32f689da045e286e1b95
Size: 33.67 kB - php-pecl-xdebug3-3.1.2-1.module+el8+1587+e1c88df9.src.rpm
MD5: eea8ea82b269f57da76ca012dabfd6f4
SHA-256: a198cf8253596ede1131680881805af1dbc3091801492a2261ec76839822b1b8
Size: 481.11 kB - php-pecl-zip-1.19.2-1.module+el8+1587+e1c88df9.src.rpm
MD5: 4eda1003f91f08167bc114d034af10a1
SHA-256: 6dddbd1080f8df3f9ae583a2f3714c59b9d7d2cead5c729bbce96d29c89d35ab
Size: 331.43 kB - php-8.0.27-1.module+el8+1587+e1c88df9.src.rpm
MD5: ad8b64baca6a57ff5afde0b6a38952b0
SHA-256: cae17c1ddaf978c0c4b3438881c8c7eb388025bc3741c7929422f56e0016f972
Size: 10.47 MB
Asianux Server 8 for x86_64
- apcu-panel-5.1.20-1.module+el8+1587+e1c88df9.noarch.rpm
MD5: f34ded4c23191d88b9db87b17c5b1b1d
SHA-256: 7bedc8f961eb549dad3fcac12b82f3f7b0f774250994887e836ece475e40bd37
Size: 22.34 kB - libzip-1.7.3-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: 605739683e2faeea7b1930461fef2f46
SHA-256: 710f44e6290d373602558f818f75b6d1b2c8a111e7eea0758a04b30a5150bf6e
Size: 66.00 kB - libzip-debugsource-1.7.3-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: 459751593f80f70a4d1750e39b67c9ae
SHA-256: 6e9cbdfb056781b4bbc47991bc1dfda443d01f7e09004903a53e12756d53a50a
Size: 104.79 kB - libzip-devel-1.7.3-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: bcce257c55c88e213a1501620e77a1c0
SHA-256: 1d7bcccdba6a63adf239d2fe1e22938aab617c85e51d14e684a55e027e5020fb
Size: 188.53 kB - libzip-tools-1.7.3-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: e808d6a4cdcb994a767d5973cc7c9093
SHA-256: a121feb5cf04e844eda8e6c7836260d01c65ce297b1e67024c96566e4574d8fd
Size: 43.15 kB - php-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: fedb1573a8318609719cd39b80acae26
SHA-256: 9ca2bd76998440d8749fda2eb77078a70db362e4397ea0eadbab87c077403a62
Size: 1.55 MB - php-bcmath-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: abe46e857d3faaa50956b0e6fd6d903a
SHA-256: 722bd7e432cf15f6d9795f551b7fdb7a0aa04dac9806b2295e970f269c58caf6
Size: 79.62 kB - php-cli-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: 34a486bd82e4402166d9867dcb22e203
SHA-256: 07a0d53d87c65b1478fa20549ba8750c9b12327f4a47ecbcecac2a5aa594484b
Size: 3.14 MB - php-common-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: 356bb65751ff4983034a8ec1e975997d
SHA-256: b55b3830a6fc21ddc26a938444a511f3583e55b00da92ab28675712b92696f89
Size: 724.42 kB - php-dba-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: 876fa4ea08ea8cdff7bbe10ac8278c1a
SHA-256: 79462164155c15b721bd79020fbdfccadfc40c2c047a7dfb83b8bdf41093384d
Size: 78.17 kB - php-dbg-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: 1db2291fa180b00f198322764e09ffb3
SHA-256: 567e4991df74314d9d42551e2374e80de00932d9a08c04457d60c2e13e936105
Size: 1.66 MB - php-debugsource-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: 68b30c4f52c3a0d5f302e5b0e2d16cad
SHA-256: 1b17407e489536a822a437aa9e3375da7025469626e832f9417a3973982ceffa
Size: 4.29 MB - php-devel-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: cb848b38838c2f3b39da6e538bb9d608
SHA-256: 0c4060df928bc8e5248568028fdeec1048fd292b482989543092dd494272d96e
Size: 772.83 kB - php-embedded-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: 8b2d84c8a16b50174916194a91aab103
SHA-256: 5f17d8aef951b40f19e92b2ea8b63b286118e2659b901e35c2f287cf52e95c27
Size: 1.54 MB - php-enchant-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: bffd40341c928da34123189b6b10a2b7
SHA-256: 86006b0cc77221b4c97bf8952c3bab2a08ea3f73988b8553e92e0d79d0ec88a2
Size: 64.22 kB - php-ffi-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: 5925822dd7c649fec209fbb57d1ad387
SHA-256: 57f68906b3b322f47e5cf258fb627868b18fe6ef6c92e7b96c31f16fad7333b2
Size: 116.26 kB - php-fpm-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: c2fa6e3f72e9085ab8f9507bc4074e21
SHA-256: 0c00eb11890ae32ba2dfad9474420179f49ba5743256cf9d804da5fc8324314a
Size: 1.64 MB - php-gd-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: 4996d78820f955e13e042494c774522d
SHA-256: a4d79fe58d1e325de0e63316f9ff6d6b81cd9014f12bfae2c170d161498bba82
Size: 84.45 kB - php-gmp-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: a0a728b145e4115603829da33d8130cc
SHA-256: 49e2bbff47c88ba363963662281eaeb131ce704b7417f5d2b16e60ae24b7f730
Size: 77.52 kB - php-intl-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: 1a81d706325dbaf52957fae56db9622f
SHA-256: fa5a68bb1bd43a6d864d4772cdc65409293d23ba9cc796477bf7e626eb2efb94
Size: 190.94 kB - php-ldap-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: 2b297d03ffafe3bfd969dc5f84ae88e6
SHA-256: 63cadeed63a2129b6cbfef868784418547c1a538cf77f28bc8047ef93385826d
Size: 84.41 kB - php-mbstring-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: 9864746721619f26f789d20b76c8699f
SHA-256: 5181091f76385c00f8e2e18b114dba8d1e2e8b28903dbb927566c841b7752d2d
Size: 481.15 kB - php-mysqlnd-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: 8aa37e87174fc72ba2ae6ad90af89272
SHA-256: 64f64d6e6a2b316dd1259be7cf90ed6729792ae32c6c1660f72a11dbfd2628ac
Size: 192.02 kB - php-odbc-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: 85bca8f704473b37d8f2e8fe0e76644e
SHA-256: ca554fec8a34ed842033c629d5772860c5c656ee0af26b1b8547c3f355866864
Size: 88.88 kB - php-opcache-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: b230c8d8afbea68fc6c20b55b1202db3
SHA-256: b6d2f239afe4c4124d506e7333ca89fdb7aecccc684a5d398b091d8e57978144
Size: 547.89 kB - php-pdo-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: 297ce32257cab5627864fc808eb7bf3a
SHA-256: 17d930c16ddf79bd80b08655bab4a3bc79c36e7e6d5d0a8e45a50a1a290acdde
Size: 125.96 kB - php-pear-1.10.13-1.module+el8+1587+e1c88df9.noarch.rpm
MD5: 4cfe58f66609900d7c28880dc510b0aa
SHA-256: 59d8bb3e6b3fa33ed8ac24b494d8b5c69395184f48449b6076dd44ce6d559a3d
Size: 360.49 kB - php-pecl-apcu-5.1.20-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: 0e61dfd0615759a664653939133adf8a
SHA-256: 8323b96eb442325afea4847a51dfb763f0fc548f692fafdbfe5b48adab971592
Size: 64.07 kB - php-pecl-apcu-debugsource-5.1.20-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: 58595416fb53b5f57cd572221d6aa701
SHA-256: 10a6447d89dd35e1eb3858cf90c3626749e2b44a09ff3fafd70765f76ad9b35b
Size: 50.23 kB - php-pecl-apcu-devel-5.1.20-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: dc824f3f02de6a48c50489d0ba068a2f
SHA-256: b322f277b1a1cf0e46e2d7a42763cfd2efa5018b7518a6e2128f8dcb8e495eb3
Size: 47.51 kB - php-pecl-rrd-2.0.3-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: eb722fe6355e12c6891f7a427023c37d
SHA-256: c3c6acb4de91b745cfbd180cd4220f7279b69a394067f610d0afd90e02157048
Size: 30.65 kB - php-pecl-rrd-debugsource-2.0.3-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: 8bbe57eb69a62367c2039b2156f2b2f0
SHA-256: a34913da8b428b1253c428bc8cd082cc22881f29f4f2a44ade54a922ebe38bbb
Size: 22.49 kB - php-pecl-xdebug3-3.1.2-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: c08d652b67bace62de7e307f2aa4edcf
SHA-256: 6aa795291cb368798eec78e822a1684e1557b558468b2bd1278287d7d6fac96c
Size: 202.67 kB - php-pecl-xdebug3-debugsource-3.1.2-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: ae1bd7d71e44bc627af8e3411dfbaf3b
SHA-256: 6acd42bc75ae7ecd1f485a5bb9dd9d44d10db2b497ed422aca8742a2e5ce6049
Size: 155.90 kB - php-pecl-zip-1.19.2-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: e5a4404d0bc9e2a364f729714f1863bd
SHA-256: da344bd49c2bcbd3657357f0450bbabcf4a5295879387ce8f211c81a0ec1d6db
Size: 55.29 kB - php-pecl-zip-debugsource-1.19.2-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: aa442dc7c679c43e2bee0aeb324c83c0
SHA-256: 8e85adb513811ae1f822cd8178fa33c3677d036cc0314ba815ad2e759237acde
Size: 31.52 kB - php-pgsql-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: cbff270909434974678f37bb5f9df0bc
SHA-256: 537604fdf9aedb2043b474d3d01af8186fe9de37bfbc8efe914d24921bea2955
Size: 118.13 kB - php-process-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: d35e5490253f17ddfc16d36f0c21d105
SHA-256: a15306a4e6d532be80bf05074d931833c2d7c6311cb19377be2ad388df728253
Size: 86.06 kB - php-snmp-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: 51ec1e33f32233e00b0f7c3658902c59
SHA-256: d18deea98f64b6b29b806fdb0beadfa44ef59eb78138e5a8e8e483b19deee334
Size: 75.58 kB - php-soap-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: f5ad7d80b1ee0a5f186d04a485a493dc
SHA-256: 48ec44a79549a3a4a5a9e61b950e8fa0b3b098271b8d0cdf25a43ae8085348ff
Size: 176.07 kB - php-xml-8.0.27-1.module+el8+1587+e1c88df9.x86_64.rpm
MD5: abdb9f428d002fede27ca77716e698f8
SHA-256: 93fc4a216afd43a806845b452a45b3f6a23ca92e7cedc1ec14e29e0321b94b11
Size: 174.79 kB