php-5.4.16-48.0.1.el7.AXS7
エラータID: AXSA:2024-8915:02
リリース日:
2024/10/21 Monday - 10:16
題名:
php-5.4.16-48.0.1.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- PHP の filter_var() のような関数で URL を検証したときに、
無効なパスワードを含んだ URL を有効な URL として受け
入れてしまうため、URL は有効であることを信頼する関数
に対して、URL を誤って解釈させ、URL の構成要素として
誤ったデータを生成させてしまう脆弱性があります。
(CVE-2020-7071)
- PHP には、FILTER_VALIDATE_URL オプションを指定して
filter_var() 関数の URL 検証機能を利用した場合、無効な
パスワードフィールドを持つ URL を有効なものと評価される
問題があり、不正なサーバーへ接続される、もしくは誤った
アクセス判定がされる脆弱性があります。(CVE-2021-21705)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2020-7071
In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.
In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.
CVE-2021-21705
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.
追加情報:
N/A
ダウンロード:
Asianux Server 7 for x86_64
- php-5.4.16-48.0.1.el7.AXS7.x86_64.rpm
MD5: ff6c97c8414c603b7d792a28ea50b195
SHA-256: 88d1665ad003939b0fa836164d627e5f326b3219295ad24241c8122175dba5c3
Size: 1.36 MB - php-bcmath-5.4.16-48.0.1.el7.AXS7.x86_64.rpm
MD5: 8904a21977016f8a73022e8d2448c33b
SHA-256: df866034a6c7f403bb8775e9f7ff750a044b9799e615b5b0a469597a6c707f31
Size: 58.57 kB - php-cli-5.4.16-48.0.1.el7.AXS7.x86_64.rpm
MD5: 504ad22b2b87095020435774a1303d9a
SHA-256: e1bd1575acff881a52cc6e6ec54108b04f290b5bcf8aaf013743d8c7ba1eaaac
Size: 2.75 MB - php-common-5.4.16-48.0.1.el7.AXS7.x86_64.rpm
MD5: bd7dc10053580a58cd1581e771f08f10
SHA-256: df58117a8ea89b05d43a1cafccfda8fbb1eb19a398c1f443b66b9939e65849d3
Size: 565.82 kB - php-gd-5.4.16-48.0.1.el7.AXS7.x86_64.rpm
MD5: 99a7f096da83e00bde0bbc70e105d7d8
SHA-256: 93a1d4f92712259ccdcb849074fc0398e6cdfc959950aea61f5d6baf1674ca87
Size: 128.42 kB - php-ldap-5.4.16-48.0.1.el7.AXS7.x86_64.rpm
MD5: a7039a20683c819195f5e6122730ad46
SHA-256: 2070009ceead3954a2b7884f41bd3d5edf9dc12e42374cbff5153651c02da521
Size: 53.53 kB - php-mbstring-5.4.16-48.0.1.el7.AXS7.x86_64.rpm
MD5: 7cbba8fa7ca1e213a0d7433f2856a0f6
SHA-256: acaa6d34cb55e3896753cee2863df31e08d11304c99df947fbfdf806ec00ea0a
Size: 506.01 kB - php-mysql-5.4.16-48.0.1.el7.AXS7.x86_64.rpm
MD5: c369723dbb72d04d6b3a41316b25923b
SHA-256: b80204417a1443360e8ab9372b82eefcfda4f8a786532d7c15c14d1123342d1b
Size: 102.16 kB - php-odbc-5.4.16-48.0.1.el7.AXS7.x86_64.rpm
MD5: 4006e136d24ccd8fa15db8ded2d5a758
SHA-256: 4f46b330d9c473b99f13ba16f15d3fbc22b13ac207b16fcdbee1c804d7c6760b
Size: 66.44 kB - php-pdo-5.4.16-48.0.1.el7.AXS7.x86_64.rpm
MD5: 45b277ecf4a5ff769aad07bb00a4c0d9
SHA-256: 98d62d565489bed63efde4b6e04abd74e800e88b00c7e59bbb83c587ee7fc39b
Size: 99.77 kB - php-pgsql-5.4.16-48.0.1.el7.AXS7.x86_64.rpm
MD5: 30550f9e26492f673af49a3a1d671878
SHA-256: b4ebd72625f671f6b22cb26b2e55313c157cda9015b34be6b84a0e78b01c25cb
Size: 87.01 kB - php-process-5.4.16-48.0.1.el7.AXS7.x86_64.rpm
MD5: fc9e8111ff5eace0238c863ca8f08144
SHA-256: dc2e9025e9386f9ce7ce504dcd43482e89010ebb7d1ade4041aa2d1a7a0afcc3
Size: 56.84 kB - php-recode-5.4.16-48.0.1.el7.AXS7.x86_64.rpm
MD5: 20d789e45ed5f0faa97fe6155ef51bab
SHA-256: d1e9eb790fb063def3f53f0fd47411a2d737cb9332118a83ab5b7c7195b18ae1
Size: 39.48 kB - php-soap-5.4.16-48.0.1.el7.AXS7.x86_64.rpm
MD5: 788bcbf319ae94d274eee1e6b158ccd4
SHA-256: a01fd60e5f44b142f89ba10c826c9acff3e0e32b8d7bd869cc9017656710f782
Size: 159.72 kB - php-xml-5.4.16-48.0.1.el7.AXS7.x86_64.rpm
MD5: c9b4cbebd51b12776fc3f4919eed28d6
SHA-256: 52e08c3085fd235874a1330a9332efb55c2e0d928f1b1be03156174df6ab3a82
Size: 128.07 kB - php-xmlrpc-5.4.16-48.0.1.el7.AXS7.x86_64.rpm
MD5: f9f9a648d61c5ba6884ad5d256e63884
SHA-256: 467025663e36ad69594226c3c8cabbb2a695cfb5c9c76671caa1fc088f1e54ef
Size: 69.12 kB