php-5.4.16-48.0.11.el7.AXS7

エラータID: AXSA:2025-10916:10

リリース日: 
2025/10/03 Friday - 09:20
題名: 
php-5.4.16-48.0.11.el7.AXS7
影響のあるチャネル: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.

Security Fix(es):

* CVE-2017-9224: fix out-of-bounds read of a stack in match_at function
* CVE-2017-9226: fix out-of-bounds write or read of a heap in next_state_val
function
* CVE-2017-9227: fix out-of-bounds read of a stack in mbc_enc_len function

CVE(s):
CVE-2017-9224
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.
CVE-2017-9226
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.
CVE-2017-9227
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.

解決策: 

Update packages.

CVE: 
CVE-2017-9224
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.
CVE-2017-9226
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.
CVE-2017-9227
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.
追加情報: 

N/A

ダウンロード: 

Asianux Server 7 for x86_64
  1. php-5.4.16-48.0.11.el7.AXS7.x86_64.rpm
    MD5: d7bfa59b9d20eef1f4ade93444e088f4
    SHA-256: fb76e4f41f7bf4267da2fda1c3e65769b52a57015b41b7a6d9a82a8629b4eeb4
    Size: 1.36 MB
  2. php-bcmath-5.4.16-48.0.11.el7.AXS7.x86_64.rpm
    MD5: ad8fae599cae482abaa13354cc9001ce
    SHA-256: 2070421d60c6a185f6bac7c8b9810a61b0c50ecfbe407ea0a49f9cddd1a07654
    Size: 60.62 kB
  3. php-cli-5.4.16-48.0.11.el7.AXS7.x86_64.rpm
    MD5: daf34f4ea3811cbec3f75b6b2717b2cc
    SHA-256: c747170d2e1f97018a04364d129fd85e309b6b790e708f854dc026114aab15c1
    Size: 2.75 MB
  4. php-common-5.4.16-48.0.11.el7.AXS7.x86_64.rpm
    MD5: 6f200296db7107d6595793267237a6d9
    SHA-256: b24b3b61fa01e3db726b8463358f52e7a129558649b4ee1a9c1d48da15c7c269
    Size: 567.86 kB
  5. php-gd-5.4.16-48.0.11.el7.AXS7.x86_64.rpm
    MD5: e1a884695995bf0eae03affe0c97d6e1
    SHA-256: 686b33804e5d8609c15e127a7b66a89ca5aa6527a5fe1c89dc19d45e3dec7d65
    Size: 130.49 kB
  6. php-ldap-5.4.16-48.0.11.el7.AXS7.x86_64.rpm
    MD5: 8b9be76f5e96125f322b69a7a2a71488
    SHA-256: 71d98604e65e9687a9f5fea9d6463b2c38153aae2640c647f6871f558967ff36
    Size: 55.59 kB
  7. php-mbstring-5.4.16-48.0.11.el7.AXS7.x86_64.rpm
    MD5: 1d9d2da2588ded90c79c9acf64b6b81b
    SHA-256: e7585225cadb501a2abee0ad3eb398af5b672bdaef5f587bb5220b38d2fcba5a
    Size: 507.88 kB
  8. php-mysql-5.4.16-48.0.11.el7.AXS7.x86_64.rpm
    MD5: db9d2dfc68c9aaad6a0af9568fe9239d
    SHA-256: 428a7408f5e589db5f32329ef09adb6d3327232cf49a2e052133b6f78ebe04b8
    Size: 104.23 kB
  9. php-odbc-5.4.16-48.0.11.el7.AXS7.x86_64.rpm
    MD5: 5f478c0177e1527800395adb89f5d8af
    SHA-256: 79dd9fb8a7265c063ef6d77f4c3dfc515890dd72e70f1337013ae97e3d662ac4
    Size: 68.50 kB
  10. php-pdo-5.4.16-48.0.11.el7.AXS7.x86_64.rpm
    MD5: d9d571e775b73f7e7402e4b9e05dd95a
    SHA-256: 4e5896d728b5360d06388f7b0d90b7573cb1594c2cf81948009706fa0219aca9
    Size: 101.83 kB
  11. php-pgsql-5.4.16-48.0.11.el7.AXS7.x86_64.rpm
    MD5: 76f8dbc4899083ac3d469dee4fe24adb
    SHA-256: dd0c80893db1e0c0bb8232d3eb433914070519476b5a602ddd5758f8aa8e4ed6
    Size: 90.82 kB
  12. php-process-5.4.16-48.0.11.el7.AXS7.x86_64.rpm
    MD5: 9b5329f5288eb3e1b56cf54d6cc140b4
    SHA-256: 3e5e751484fb906f44814624439c7ec5243a538b18bb18638c0b43a573ad7188
    Size: 58.90 kB
  13. php-recode-5.4.16-48.0.11.el7.AXS7.x86_64.rpm
    MD5: 19a2a66a638b5d78f67c7487e1155a5d
    SHA-256: ddf2e45b02851e5d5e65b3767dcc3c79c61d6603a1171f4c3e5f6751bc71006d
    Size: 41.54 kB
  14. php-soap-5.4.16-48.0.11.el7.AXS7.x86_64.rpm
    MD5: ea24db530b0852134e20c6d66609b423
    SHA-256: 67129974fbb0817577aac15a4974d2ec0080080089faec35a403bdf7fa8c1785
    Size: 161.82 kB
  15. php-xml-5.4.16-48.0.11.el7.AXS7.x86_64.rpm
    MD5: 62977261dc32d65a2ca8e01fbf958b42
    SHA-256: 2e077cd937d260c80e417df2994de672b6fbd0db5963479dc6301be260c40add
    Size: 130.14 kB
  16. php-xmlrpc-5.4.16-48.0.11.el7.AXS7.x86_64.rpm
    MD5: 3af868c342d62fa04219a0d2704a0612
    SHA-256: 87953a3a6b8967176d6f400ef8fe85e882c6a9d68508c74d90b371033a58ed0f
    Size: 71.18 kB