php-5.4.16-48.0.2.el7.AXS7

エラータID: AXSA:2024-8986:03

リリース日: 
2024/11/12 Tuesday - 18:28
題名: 
php-5.4.16-48.0.2.el7.AXS7
影響のあるチャネル: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- PHP には、cgi.force_redirect オプションによるリダイレクト
が正しく機能しなくなる問題があるため、リモートの攻撃者に
より、HTTP_REDIRECT_STATUS HTTP ヘッダー変数を変更
するように細工されたリクエストの送信を介して、意図した
PHP の呼び出しの阻害、および任意のファイルの組み込みを
可能とする脆弱性が存在します。(CVE-2024-8927)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2024-8927
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP.
追加情報: 

N/A

ダウンロード: 

Asianux Server 7 for x86_64
  1. php-5.4.16-48.0.2.el7.AXS7.x86_64.rpm
    MD5: 38485f147f86272bc3791a54405b4528
    SHA-256: cafe4d259f7d8a243643d1f31e40ab9ac2558958fb02ca19c82d3d5ca9eafebd
    Size: 1.36 MB
  2. php-bcmath-5.4.16-48.0.2.el7.AXS7.x86_64.rpm
    MD5: 40974a1a78b75f49187ac7a6191fb397
    SHA-256: 6e1b40e9b27ecd1642f8296f80ec75bda523156cdab9578216c23716e378f3a2
    Size: 58.71 kB
  3. php-cli-5.4.16-48.0.2.el7.AXS7.x86_64.rpm
    MD5: 05e7acb4447241c219f5682960769532
    SHA-256: c91ba96ae65ca2727f3afe2245b23673bb4d54acae087a354cddf547a37876e6
    Size: 2.75 MB
  4. php-common-5.4.16-48.0.2.el7.AXS7.x86_64.rpm
    MD5: 4acba6e2cb6a65a0cce256484b020628
    SHA-256: 18a75cf35a40209df36732d579e22c1af1e149141e000d7474cd4e164dfb04c1
    Size: 565.96 kB
  5. php-gd-5.4.16-48.0.2.el7.AXS7.x86_64.rpm
    MD5: eb13702a816c571e5453d87fa8aaa290
    SHA-256: ebf65578b902c0a2a1c5657bc5bc7ca9243822ee4440434e57dc4c576e985bdb
    Size: 128.56 kB
  6. php-ldap-5.4.16-48.0.2.el7.AXS7.x86_64.rpm
    MD5: 039542db64ebacb984fd24ee14bc446c
    SHA-256: 24fe6738fef1525c383d90ed5a3425ecd3701c9e919eb2b2292c4ae255f4b007
    Size: 53.67 kB
  7. php-mbstring-5.4.16-48.0.2.el7.AXS7.x86_64.rpm
    MD5: b581f66faac5ef79e573419f8f16f244
    SHA-256: 492d6ca339ad572ebfa80e76330b5ccad773000350d924dc2e8ded7f8ae95e65
    Size: 506.15 kB
  8. php-mysql-5.4.16-48.0.2.el7.AXS7.x86_64.rpm
    MD5: 16d4eba42fa2806742bcfca0d62e2b32
    SHA-256: f12930fc511206a1dcdefc3185ab41096d1e3369d40bd5d8a95442c6c81bf5c0
    Size: 102.30 kB
  9. php-odbc-5.4.16-48.0.2.el7.AXS7.x86_64.rpm
    MD5: 4bce5d14c6149996b2a230696c609344
    SHA-256: d6efe37c7bdc6f1cadd3a1b2113b6494e21e8abbcff2a417480847e6ef6003e0
    Size: 66.58 kB
  10. php-pdo-5.4.16-48.0.2.el7.AXS7.x86_64.rpm
    MD5: 2ca774a352b9f3966142fd827dbd7933
    SHA-256: 40938d1ca491b95bc4ae3a5863c8c57640b13026b55652d56929a73b64cdeb79
    Size: 99.91 kB
  11. php-pgsql-5.4.16-48.0.2.el7.AXS7.x86_64.rpm
    MD5: 293ed5c1e826cee2816aa7057fb80039
    SHA-256: b013944d0a0ce98ba69982039633bbd67ec8718ea653f65e6cbe7287aa418e92
    Size: 87.15 kB
  12. php-process-5.4.16-48.0.2.el7.AXS7.x86_64.rpm
    MD5: 28cc2771e7b935bc681195982909ce18
    SHA-256: fa28f505397b101559d5133ee5e0d2b1aea117e8f12521fe72f03c4f24f73cf2
    Size: 56.98 kB
  13. php-recode-5.4.16-48.0.2.el7.AXS7.x86_64.rpm
    MD5: 13f7a58fd6ed5b4ebe2b2fd8de12e47b
    SHA-256: b3ef8e8243ee7d48bc9b135fa05c8a4daaad21136150f3b344087f4922e1a29a
    Size: 39.62 kB
  14. php-soap-5.4.16-48.0.2.el7.AXS7.x86_64.rpm
    MD5: e41bdd80257bda3c8dba53df70a2a655
    SHA-256: d7e92f1215b7abd874aef4aa4a847e43dd471095d00cd22b23247bccf3e22af6
    Size: 159.86 kB
  15. php-xml-5.4.16-48.0.2.el7.AXS7.x86_64.rpm
    MD5: aeccaaabc336e805f723fd08554c0df5
    SHA-256: 45ed1cf94581e407c8b31300d986e13f25f166c3068b1157c5c3c7dd2cee7912
    Size: 128.20 kB
  16. php-xmlrpc-5.4.16-48.0.2.el7.AXS7.x86_64.rpm
    MD5: f8aa14f23e3ccaae1df689d7e255b2ec
    SHA-256: c61d0d1928a252e9588d6990d81a1a9ccfbb32421961da668e303c98c71eaa8e
    Size: 69.26 kB