Opened 3 years ago

Closed 3 years ago

#16649 closed enhancement (fixed)

php-8.1.7 (eeds security advisory)

Reported by: Bruce Dubbs Owned by: Bruce Dubbs
Priority: elevated Milestone: 11.2
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (6)

comment:1 by Bruce Dubbs, 3 years ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:2 by Bruce Dubbs, 3 years ago

09 Jun 2022, PHP 8.1.7

  • CLI:
    • Fixed bug GH-8575 (CLI closes standard streams too early).
  • Date:
    • Fixed bug 51934 (strtotime plurals / incorrect time).
    • Fixed bug 51987 (Datetime fails to parse an ISO 8601 ordinal date (extended format))*
    • Fixed bug 66019 (DateTime object does not support short ISO 8601 time format - YYYY-MM-DDTHH)
    • Fixed bug 68549 (Timezones and offsets are not properly used when working with dates)
    • Fixed bug 81565 (date parsing fails when provided with timezones including seconds)*
    • Fixed bug GH-7758 (Problems with negative timestamps and fractions).
  • FPM:
    • Fixed ACL build check on MacOS.
    • Fixed bug 72185: php-fpm writes empty fcgi record causing nginx 502.
  • mysqlnd:
    • Fixed bug 81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626) (c dot fol at ambionics dot io)
  • OPcache:
    • Fixed bug GH-8461 (tracing JIT crash after function/method change).
  • OpenSSL:
    • Fixed bug 79589 (error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading)*
  • Pcntl:
    • Fixed Haiku build.
  • pgsql
    • Fixed bug 81720: Uninitialized array in pg_query_params(). (CVE-2022-31625)
  • Soap:
    • Fixed bug GH-8578 (Error on wrong parameter on SoapHeader constructor).
    • Fixed bug GH-8538 (SoapClient may strip parts of nmtokens).
  • SPL:
    • Fixed bug GH-8235 (iterator_count() may run indefinitely).
  • Standard:
    • Fixed bug GH-8185 (Crash during unloading of extension after dl() in ZTS).
  • Zip:
    • Fixed type for index in ZipArchive::replaceFile.

comment:3 by Douglas R. Reno, 3 years ago

Priority: normalelevated

These appear to be brand new CVEs, which are still marked as RESERVED

Looking on Google shows a Twitter post from a security researcher who plans on demoing remote exploits at a conference coming later this month: https://twitter.com/cfreal_/status/1534940109434507264

In addition, PHP says here https://twitter.com/official_php/status/1534930599403823105 the words "Please Update!"

Still trying to find details at this time, but it looks like mysqlnd is vulnerable to remote code execution via a buffer overflow (see https://bugs.php.net/bug.php?id=81719) and pgsql is vulnerable to remote code execution due to the way PHP handled uninitialized arrays (see https://bugs.php.net/bug.php?id=81720)

Since we do not have CVE information yet, let's rate these as "High" in the security advisory. We can update it later with the information from NVD or Red Hat.

comment:4 by Bruce Dubbs, 3 years ago

Fixed at commit 199a3cedaa

Will close when we get details on CVE-2022-31625 and CVE-2022-31626.

comment:5 by Bruce Dubbs, 3 years ago

Summary: php-8.1.7php-8.1.7 (eeds security advisory)

comment:6 by Douglas R. Reno, 3 years ago

Resolution: fixed
Status: assignedclosed

Security Advisories issued. SA-11.1-061 and 062

Note: See TracTickets for help on using tickets.