php:7.4 security update

エラータID: AXSA:2023-5958:01

リリース日: 
2023/06/09 Friday - 08:35
題名: 
php:7.4 security update
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

以下項目について対処しました。

[Security Fix]
- PHP の phar ファイル展開処理には、無限ループが発生する問題が
あります。(CVE-2022-31628)

- PHP には、ネットワークおよび同じサイトの攻撃者により、PHP
アプリケーションを介して、標準の安全でないクッキーをブラウザに
セットできる脆弱性が存在します。(CVE-2022-31629)

- PHP の imageloadfont 関数には、境界外読み取りの問題があるため、
リモートの攻撃者により、巧妙に細工されたフォントファイルを介して、
クラッシュや情報漏洩を可能とする脆弱性が存在します。
(CVE-2022-31630)

- XKCP の sponge 関数には、整数オーバーフローとバッファオーバー
フローの問題があるため、リモートの攻撃者により、任意のコード実行
や期待される暗号特性の除去を可能とする脆弱性が存在します。
(CVE-2022-37454)

現時点では下記の CVE の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。

CVE-2022-31631

Modularity name: php
Stream name: 7.4

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2022-31628
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
CVE-2022-31629
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
CVE-2022-31630
In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
CVE-2022-31631
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-37454
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. libzip-1.6.1-1.module+el8+1610+fab2023c.src.rpm
    MD5: bc87f27349469c464af13aafe4d203c3
    SHA-256: 59dc0049e1b38bf7c9278dfb75105de0416b24bff57adc1b10c088655306019f
    Size: 732.66 kB
  2. php-pear-1.10.13-1.module+el8+1610+fab2023c.src.rpm
    MD5: fb6762e9e4286fa7eaaa12e21f9bd771
    SHA-256: 00774e8630fb9c235c44d772bc271d9786713e6c947b5a0c3c164890290925f5
    Size: 380.40 kB
  3. php-pecl-apcu-5.1.18-1.module+el8+1610+fab2023c.src.rpm
    MD5: aaf08a6341ad9f9f2bb434515b4440b2
    SHA-256: c7bff128b8c68b142f3a10a13cca653649796ae1cc2e3d25aad6a4fd1fb6e4bd
    Size: 107.49 kB
  4. php-pecl-rrd-2.0.1-1.module+el8+1610+fab2023c.src.rpm
    MD5: d0e3d52e3ebb69a37bd4c27f03e8e15f
    SHA-256: 70f1ed46f377b35712ea61dd0f3c706a41650c0c0292807de22a99e2af4cc5b6
    Size: 33.12 kB
  5. php-pecl-xdebug-2.9.5-1.module+el8+1610+fab2023c.src.rpm
    MD5: eee4c19b449bf5639509672c33b3b35e
    SHA-256: c8d65f74b517842516b0c7910fbb6e378061e7dac382652b39fabfa128a83ce2
    Size: 442.81 kB
  6. php-pecl-zip-1.18.2-1.module+el8+1610+fab2023c.src.rpm
    MD5: d1a5721ad21aca8dd3a47b08228b4f71
    SHA-256: b44ca7b9a584b16bd9984752aadea9db0daa296dcad9e77b38b92e5bc7e61970
    Size: 307.81 kB
  7. php-7.4.33-1.module+el8+1610+fab2023c.src.rpm
    MD5: fb8d4f7f94975679f29054b581570627
    SHA-256: 363d752a1eb60f7026b2e1a07cb6ddda31d9cda1b23e8d101cf9e2685f90961a
    Size: 10.08 MB

Asianux Server 8 for x86_64
  1. apcu-panel-5.1.18-1.module+el8+1610+fab2023c.noarch.rpm
    MD5: e1c3410ce5049f0518682484921e81c3
    SHA-256: 1dbb5725d4f91f5a02e3e967c1e17df66bff189a5a850c490f5b5be630baf370
    Size: 22.29 kB
  2. libzip-1.6.1-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: 4bc6f74ac7c926022e9b9cbc2c0df603
    SHA-256: b50b335e8e66a42429f8af727687345249d2303350fee4c0b3f35707e080f185
    Size: 63.24 kB
  3. libzip-debugsource-1.6.1-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: d60bf581cc6ec8a8615064ec26bb197a
    SHA-256: 225f64095fbce5c1a2dca24de06e59518b4f445c3d013eff9254754a5dd5c531
    Size: 100.33 kB
  4. libzip-devel-1.6.1-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: aef8798bbdb02b7c1f5681fb5c89fe15
    SHA-256: 3b519fd77671d22465acbd97a0895d7084f9e0024e3fe2549d92ae39beac3b40
    Size: 180.02 kB
  5. libzip-tools-1.6.1-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: 5cd428d7dc01520a49730ac40e079de5
    SHA-256: 37f1cb61362b86367e96845cb25d728a5ce76eb883fb9d0fa729d2a92be815ed
    Size: 42.90 kB
  6. php-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: 3b52ff0a37314b59f5169351daffe676
    SHA-256: 3d99f9410b0422cd45eac81364fd0115bffa96485972e43d1266554818d438b9
    Size: 1.52 MB
  7. php-bcmath-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: 3a3d210db173b262fc0344ccce98ec8f
    SHA-256: 8912efd340dc0c76170b98db75a62f771d0f1094a09f01536dd88c8841f436b1
    Size: 79.21 kB
  8. php-cli-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: a9e48a26a45e45dccd62738d34d48601
    SHA-256: e370dbc46cc5d6e6192205bfecd5c3d51ef4ca726865c7d97f672266343b0a28
    Size: 3.07 MB
  9. php-common-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: e14595797abafb35a0351d07c7bf08d5
    SHA-256: 984ed51e353ab994cfcc663c37e25ae205daa1d481717de805c77bdcf7a51e4d
    Size: 704.79 kB
  10. php-dba-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: 22c45812ac3d6b3e87066d7c56ed562b
    SHA-256: baca767dbdf0bce5910db9608ecfa54947ef2a73a9efe2ba159829435557d2d3
    Size: 77.98 kB
  11. php-dbg-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: fb7d5f1fbdb874536a4db166a286638b
    SHA-256: e06be804974ad79a6b6491277d0d33e23e4bf3476d60202f316a9385c4f8d393
    Size: 1.63 MB
  12. php-debugsource-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: 480cd00207fef1c5a6237e672b5ced2d
    SHA-256: fb47d6c0db3f4b077565addf3113b057ba403c20f66c7c61962070fb1093529c
    Size: 4.11 MB
  13. php-devel-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: 8216dc57603440a19031973e2ea2cd1d
    SHA-256: e1508c5e96776e85f3b047b65a702d131466a574f76258798727b36b60c4dcd2
    Size: 728.48 kB
  14. php-embedded-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: 963dad8ae856d8cbb4d978ba486760c5
    SHA-256: 2c6e1638bf3801b18d2b1c312f0f83dd5b1481d8d10cba3c95651dd46442c780
    Size: 1.51 MB
  15. php-enchant-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: 70e94ca832a03c7433bd45f98ddc7300
    SHA-256: 46fdc35a02fd5bf76ced98f2c1a207522e2ed3a004b46fc8b6133091e7fa2d53
    Size: 63.90 kB
  16. php-ffi-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: 4874569b256e3d0f68da3adf8aea7618
    SHA-256: f104aa7a91b57643eca96260b6a0f98ecd17cdf33917adbcff825fc7f596b92f
    Size: 116.16 kB
  17. php-fpm-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: c8f63fef1ceadeb99b21ed3a6012108b
    SHA-256: 1bb261104fc0128b67ddf5b825d207829bb1aade5787264e8f0b6e97ecc26ba2
    Size: 1.60 MB
  18. php-gd-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: 936d5ec7b434740524de12f48ae2eec1
    SHA-256: fe82c38994c7517d889912945febdd3bde22a2aa0d511293d8913b23209a7173
    Size: 84.13 kB
  19. php-gmp-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: 36b111b6b5f1e4dddbb3c878775a90af
    SHA-256: 6f6daf1587b8545b19c1b4b4b9bd2d1015ad69fab0af5606f66ee8b3eb4eb53c
    Size: 75.85 kB
  20. php-intl-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: 3ab3c7e1794fcf808d20dcd1d46906c7
    SHA-256: 5cbfaefbbbc66dc451e9377cae59f30b57f13fa5b4792c3dcf4ff881c69300b3
    Size: 192.05 kB
  21. php-json-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: 70c3bde6d97d7e91be9e484acdd464f6
    SHA-256: 4b249279d2af0d84648c6f5deba43cfc64bbd3bddde6a725091ffcf0638a895b
    Size: 73.42 kB
  22. php-ldap-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: 6bcac2c48bdbc0e42553b3b6b2483ca9
    SHA-256: 3d1a00aabee389ca0fc5914b6023a92f400d5791cda89fc9d155c6a5124263ae
    Size: 85.30 kB
  23. php-mbstring-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: 86cc0e76cde2bb9b8738f32fd237dbe9
    SHA-256: 64a95b25b34cf8a2f3fbf9b77e54db926296677c6c8e623cd395a51a926650ad
    Size: 482.88 kB
  24. php-mysqlnd-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: 31d6dbcb21dcec21a3cda5225856f1f0
    SHA-256: d69824f801343000f2bcedb5ed6bee8d24417ebba69a4e468b800e700efe6f25
    Size: 191.92 kB
  25. php-odbc-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: fbcb853b2ea50dcd26903f72eb34aca7
    SHA-256: 9237eb729a9b36852d2070bae56ed7b530bbc40813728b69ac236892b97ff50c
    Size: 89.20 kB
  26. php-opcache-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: 6542073ca648b853199f403a86bd85c2
    SHA-256: 6f482e6087cba90940084fafb1832b11ec612d0114d204263b83be9e2e290bdb
    Size: 266.39 kB
  27. php-pdo-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: 7c9c7d7151c85accb28a089e707bee79
    SHA-256: 69c601cd62a11f308345117357bf9dae75117e0ba5e22e6fc5938c618c68ef2c
    Size: 122.30 kB
  28. php-pear-1.10.13-1.module+el8+1610+fab2023c.noarch.rpm
    MD5: ce92c9cc948017806fd0656d6265fb9a
    SHA-256: 358f7e0c19090be8c0a0c8f50d41104a6c7957380f17463f5002baa493708a92
    Size: 360.49 kB
  29. php-pecl-apcu-5.1.18-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: 67dcb6154464787d4a94dc8c87b71c8e
    SHA-256: e9f6992b19ab07c44295daa56c517540c4a42c903b91a820795c622fa1a7b333
    Size: 62.81 kB
  30. php-pecl-apcu-debugsource-5.1.18-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: ed219b4cac385f0d829f8614d3182bbf
    SHA-256: e58604d2cabef93b33b3054ccc181dd09153dcca5c8e170cad506cd93a75b669
    Size: 49.52 kB
  31. php-pecl-apcu-devel-5.1.18-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: ecf6f9bf63a4e2d2203aaddf7c8d49be
    SHA-256: 50d49a152e83fd368f9ad1e8db0ac3f89d70afb28225319a4cfc7baf8454bb98
    Size: 46.16 kB
  32. php-pecl-rrd-2.0.1-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: ddb260a60ea7cae7b7702ac4265b90ba
    SHA-256: e8603108b7e4af83038314e0523ba33e975eda1ef95de34d825c39639ace4b69
    Size: 30.51 kB
  33. php-pecl-rrd-debugsource-2.0.1-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: f3dabdf8e6b60a2b1380d603c25aee23
    SHA-256: a6b382d6747bd372444eec4c4324e4ace99ab4336943f6f0edf3c58d814b0f58
    Size: 22.38 kB
  34. php-pecl-xdebug-2.9.5-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: 1c947dcd8c0d6fccec9d32860267b8e1
    SHA-256: 281662f09725a36b979ddf8d611deeac21adbda130a666e8604990cb5612326f
    Size: 176.27 kB
  35. php-pecl-xdebug-debugsource-2.9.5-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: f583a6d163c029845d665080aca53b6c
    SHA-256: 391ec963ddf3f88359a5defd412cc9de90d6d835a789676438ffdca4c5509a47
    Size: 134.23 kB
  36. php-pecl-zip-1.18.2-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: 51cce5b7c1be6265aa64eebeb27e78f2
    SHA-256: 6eb044026dff09edb39e9fe45185047911f7326b2fb43bf7e1a9bd4cf4ab371c
    Size: 53.56 kB
  37. php-pecl-zip-debugsource-1.18.2-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: 4292b86531e1e7d14307f1f0f9931d66
    SHA-256: b8ddb3b02b03683230f8509b5849b19def582b54bca539ab41760953d648c879
    Size: 31.19 kB
  38. php-pgsql-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: cd017ccb1a29910447049bfb8a16dd01
    SHA-256: 222c242cef17ab2adb286835e8f349ca8c27a597c5d09293a6d9c24d6b6d606d
    Size: 117.46 kB
  39. php-process-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: a7e0dc5f9df4178cfef3d7dc7b645e26
    SHA-256: 6583297fcf62f57b7aa06e519eb2ce03396f202b032e4d050750f31e8cefe0f2
    Size: 84.45 kB
  40. php-snmp-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: 7adc8b205b3ab13fc53ceca5aa84ed16
    SHA-256: 6ea72f7531d1c02895d73ebc4c4017d7e6e9128ec83fec70be0c107173939221
    Size: 73.69 kB
  41. php-soap-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: bb36bf36bc25dc43f33a52daeedc2fbd
    SHA-256: 36a8b616e8df7903862f51350bd70814012e7c67404c46f10d09c51cb4aee359
    Size: 175.65 kB
  42. php-xml-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: 689dc6bcac0fa545eaed1a3c09f16612
    SHA-256: 290f2d89609c54273127e0152d5f85a940b17e15b5c3b3fe5958039b9f699391
    Size: 173.35 kB
  43. php-xmlrpc-7.4.33-1.module+el8+1610+fab2023c.x86_64.rpm
    MD5: 8c02753ce67caf641a8c9087e2323c6b
    SHA-256: 62b2bbb71f75a322411c9a35497469eec51506f7e80c1d28e6483b126a112e90
    Size: 88.96 kB