Bug 26617 - Some security issues on php have been corrected
Summary: Some security issues on php have been corrected
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2020-05-14 16:56 CEST by Marc Krämer
Modified: 2020-05-27 20:18 CEST (History)
5 users (show)

See Also:
Source RPM: php
CVE:
Status comment:


Attachments

Description Marc Krämer 2020-05-14 16:56:40 CEST
Fixed bug #78875 (Long filenames cause OOM and temp files are not cleaned). (CVE-2019-11048)
Fixed bug #78876 (Long variables in multipart/form-data cause OOM and temp files are not cleaned). (CVE-2019-11048)
Fixed bug #79441 (Segfault in mb_chr() if internal encoding is unsupported).
Fixed bug #79491 (Search for .user.iniFixed bug #79468 (SIGSEGV when closing stream handle with a stream filter appended). extends up to root dir).
Comment 1 Marc Krämer 2020-05-14 17:00:08 CEST
Updated php packages fix security vulnerabilities:

- Fixed bug #78875 (Long filenames cause OOM and temp files are not cleaned). [1]
- Fixed bug #78876 (Long variables in multipart/form-data cause OOM and temp files are not cleaned). [2]
- Fixed bug #79441 (Segfault in mb_chr() if internal encoding is unsupported).
- Fixed bug #79491 (Search for .user.iniFixed bug #79468 (SIGSEGV when closing stream handle with a stream filter appended). extends up to root dir).

References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11048
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11048
[3] https://www.php.net/ChangeLog-7.php#7.3.18
========================

Updated packages in core/updates_testing:
php-ini-7.3.18-1.mga7
apache-mod_php-7.3.18-1.mga7
php-cli-7.3.18-1.mga7
php-cgi-7.3.18-1.mga7
libphp_common7-7.3.18-1.mga7
php-devel-7.3.18-1.mga7
php-openssl-7.3.18-1.mga7
php-zlib-7.3.18-1.mga7
php-doc-7.3.18-1.mga7
php-bcmath-7.3.18-1.mga7
php-bz2-7.3.18-1.mga7
php-calendar-7.3.18-1.mga7
php-ctype-7.3.18-1.mga7
php-curl-7.3.18-1.mga7
php-dba-7.3.18-1.mga7
php-dom-7.3.18-1.mga7
php-enchant-7.3.18-1.mga7
php-exif-7.3.18-1.mga7
php-fileinfo-7.3.18-1.mga7
php-filter-7.3.18-1.mga7
php-ftp-7.3.18-1.mga7
php-gd-7.3.18-1.mga7
php-gettext-7.3.18-1.mga7
php-gmp-7.3.18-1.mga7
php-hash-7.3.18-1.mga7
php-iconv-7.3.18-1.mga7
php-imap-7.3.18-1.mga7
php-interbase-7.3.18-1.mga7
php-intl-7.3.18-1.mga7
php-json-7.3.18-1.mga7
php-ldap-7.3.18-1.mga7
php-mbstring-7.3.18-1.mga7
php-mysqli-7.3.18-1.mga7
php-mysqlnd-7.3.18-1.mga7
php-odbc-7.3.18-1.mga7
php-opcache-7.3.18-1.mga7
php-pcntl-7.3.18-1.mga7
php-pdo-7.3.18-1.mga7
php-pdo_dblib-7.3.18-1.mga7
php-pdo_firebird-7.3.18-1.mga7
php-pdo_mysql-7.3.18-1.mga7
php-pdo_odbc-7.3.18-1.mga7
php-pdo_pgsql-7.3.18-1.mga7
php-pdo_sqlite-7.3.18-1.mga7
php-pgsql-7.3.18-1.mga7
php-phar-7.3.18-1.mga7
php-posix-7.3.18-1.mga7
php-readline-7.3.18-1.mga7
php-recode-7.3.18-1.mga7
php-session-7.3.18-1.mga7
php-shmop-7.3.18-1.mga7
php-snmp-7.3.18-1.mga7
php-soap-7.3.18-1.mga7
php-sockets-7.3.18-1.mga7
php-sodium-7.3.18-1.mga7
php-sqlite3-7.3.18-1.mga7
php-sysvmsg-7.3.18-1.mga7
php-sysvsem-7.3.18-1.mga7
php-sysvshm-7.3.18-1.mga7
php-tidy-7.3.18-1.mga7
php-tokenizer-7.3.18-1.mga7
php-xml-7.3.18-1.mga7
php-xmlreader-7.3.18-1.mga7
php-xmlrpc-7.3.18-1.mga7
php-xmlwriter-7.3.18-1.mga7
php-xsl-7.3.18-1.mga7
php-wddx-7.3.18-1.mga7
php-zip-7.3.18-1.mga7
php-fpm-7.3.18-1.mga7
phpdbg-7.3.18-1.mga7
php-debugsource-7.3.18-1.mga7
php-debuginfo-7.3.18-1.mga7
apache-mod_php-debuginfo-7.3.18-1.mga7
php-cli-debuginfo-7.3.18-1.mga7
php-cgi-debuginfo-7.3.18-1.mga7
libphp_common7-debuginfo-7.3.18-1.mga7
php-openssl-debuginfo-7.3.18-1.mga7
php-zlib-debuginfo-7.3.18-1.mga7
php-bcmath-debuginfo-7.3.18-1.mga7
php-bz2-debuginfo-7.3.18-1.mga7
php-calendar-debuginfo-7.3.18-1.mga7
php-ctype-debuginfo-7.3.18-1.mga7
php-curl-debuginfo-7.3.18-1.mga7
php-dba-debuginfo-7.3.18-1.mga7
php-dom-debuginfo-7.3.18-1.mga7
php-enchant-debuginfo-7.3.18-1.mga7
php-exif-debuginfo-7.3.18-1.mga7
php-fileinfo-debuginfo-7.3.18-1.mga7
php-filter-debuginfo-7.3.18-1.mga7
php-ftp-debuginfo-7.3.18-1.mga7
php-gd-debuginfo-7.3.18-1.mga7
php-gettext-debuginfo-7.3.18-1.mga7
php-gmp-debuginfo-7.3.18-1.mga7
php-hash-debuginfo-7.3.18-1.mga7
php-iconv-debuginfo-7.3.18-1.mga7
php-imap-debuginfo-7.3.18-1.mga7
php-interbase-debuginfo-7.3.18-1.mga7
php-intl-debuginfo-7.3.18-1.mga7
php-json-debuginfo-7.3.18-1.mga7
php-ldap-debuginfo-7.3.18-1.mga7
php-mbstring-debuginfo-7.3.18-1.mga7
php-mysqli-debuginfo-7.3.18-1.mga7
php-mysqlnd-debuginfo-7.3.18-1.mga7
php-odbc-debuginfo-7.3.18-1.mga7
php-opcache-debuginfo-7.3.18-1.mga7
php-pcntl-debuginfo-7.3.18-1.mga7
php-pdo-debuginfo-7.3.18-1.mga7
php-pdo_dblib-debuginfo-7.3.18-1.mga7
php-pdo_firebird-debuginfo-7.3.18-1.mga7
php-pdo_mysql-debuginfo-7.3.18-1.mga7
php-pdo_odbc-debuginfo-7.3.18-1.mga7
php-pdo_pgsql-debuginfo-7.3.18-1.mga7
php-pdo_sqlite-debuginfo-7.3.18-1.mga7
php-pgsql-debuginfo-7.3.18-1.mga7
php-phar-debuginfo-7.3.18-1.mga7
php-posix-debuginfo-7.3.18-1.mga7
php-readline-debuginfo-7.3.18-1.mga7
php-recode-debuginfo-7.3.18-1.mga7
php-session-debuginfo-7.3.18-1.mga7
php-shmop-debuginfo-7.3.18-1.mga7
php-snmp-debuginfo-7.3.18-1.mga7
php-soap-debuginfo-7.3.18-1.mga7
php-sockets-debuginfo-7.3.18-1.mga7
php-sodium-debuginfo-7.3.18-1.mga7
php-sqlite3-debuginfo-7.3.18-1.mga7
php-sysvmsg-debuginfo-7.3.18-1.mga7
php-sysvsem-debuginfo-7.3.18-1.mga7
php-sysvshm-debuginfo-7.3.18-1.mga7
php-tidy-debuginfo-7.3.18-1.mga7
php-tokenizer-debuginfo-7.3.18-1.mga7
php-xml-debuginfo-7.3.18-1.mga7
php-xmlreader-debuginfo-7.3.18-1.mga7
php-xmlrpc-debuginfo-7.3.18-1.mga7
php-xmlwriter-debuginfo-7.3.18-1.mga7
php-xsl-debuginfo-7.3.18-1.mga7
php-wddx-debuginfo-7.3.18-1.mga7
php-zip-debuginfo-7.3.18-1.mga7
php-fpm-debuginfo-7.3.18-1.mga7
phpdbg-debuginfo-7.3.18-1.mga7

SRPM:
php-7.3.18-1.mga7.src.rpm

Assignee: mageia => qa-bugs

Comment 2 Herman Viaene 2020-05-15 15:17:07 CEST
MGA7-64 Plasma on Lenovo B50
Installed all but the debug stuff
$ php -r 'phpinfo();' | more
phpinfo()
PHP Version => 7.3.18

System => Linux mach5.hviaene.thuis 5.6.8-desktop-1.mga7 #1 SMP Thu Apr 30 06:12:53 UTC 2020 x86_64
Build Date => May 14 2020 10:58:37
Configure Command =>  './configure'  '--with-apxs2=/usr/bin/apxs' '--with-pic' '--build=x86_64-mageia-linux-gnu' '--prefix=
/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--included
ir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--localstatedir=/var/lib' '--mandir=/usr/share/man' '--
enable-shared=yes' '--enable-static=no' '--disable-debug' '--enable-bcmath=shared' '--enable-calendar=shared' '--enable-cty
pe=shared' '--enable-dba=shared' '--enable-dom=shared,/usr' '--enable-exif=shared' '--enable-fileinfo=shared' '--enable-fil
ter=shared' '--enable-ftp=shared' '--enable-gd-native-ttf' '--enable-hash=shared,/usr' '--enable-inline-optimization' '--en
able-intl=shared' '--enable-json=shared' '--enable-libxml=/usr' '--enable-mbregex' '--enable-mbstring=shared,/usr' '--enabl
e-mysqlnd=shared,/usr/bin/mysql_config' '--enable-opcache=shared' '--enable-pcntl=shared' '--enable-pdo=shared,/usr' '--ena
ble-phar=shared' '--enable-phpdbg' '--enable-phpdbg-webhelper' '--enable-posix=shared' '--enable-session=shared,/usr' '--en
able-shmop=shared,/usr' '--enable-simplexml' '--enable-soap=shared,/usr' '--enable-sockets=shared,/usr' '--enable-sysvmsg=s
hared,/usr' '--enable-sysvsem=shared,/usr' '--enable-sysvshm=shared,/usr' '--enable-tokenizer=shared,/usr' '--enable-wddx=s
hared' '--enable-xmlreader=shared,/usr' '--enable-xml=shared,/usr' '--enable-xmlwriter=shared,/usr' '--enable-zip=shared' '
--with-bz2=shared,/usr' '--with-cdb' '--with-config-file-path=/etc' '--with-config-file-scan-dir=/etc/php.d' '--with-curl=s
hared,/usr' '--with-db4' '--with-enchant=shared,/usr' '--with-freetype-dir=/usr' '--with-gdbm' '--with-gd=shared,/usr' '--w
ith-gettext=shared,/usr' '--with-gmp=shared,/usr' '--with-iconv=shared' '--with-icu-dir=/usr' '--with-imap=shared,/usr' '--
with-imap-ssl=/usr' '--with-interbase=shared,/usr/lib64/firebird' '--with-jpeg-dir=/usr' '--with-ldap-sasl=/usr' '--with-ld
ap=shared,/usr' '--with-libdir=lib64' '--with-libjson' '--with-libmbfl=/usr' '--with-libxml-dir=/usr' '--with-libzip=/usr' 
'--with-mysqli=shared,mysqlnd' '--with-mysql-sock=/var/lib/mysql/mysql.sock' '--with-onig=/usr' '--with-openssl-dir=/usr' '
--with-openssl=shared,/usr' '--without-curlwrappers' '--without-pear' '--with-pcre-dir=/usr' '--with-pcre-regex=/usr' '--wi
th-pdo-dblib=shared,/usr' '--with-pdo-firebird=shared,/usr/lib64/firebird' '--with-pdo-mysql=shared,mysqlnd' '--with-pdo-od
bc=shared,unixODBC,/usr' '--with-pdo-pgsql=shared,/usr' '--with-pdo-sqlite=shared,/usr' '--with-pgsql=shared,/usr' '--with-
png-dir=/usr' '--with-readline=shared,/usr' '--with-recode=shared,/usr' '--with-snmp=shared,/usr' '--with-sodium=shared,/us
r' '--with-sqlite3=shared,/usr' '--with-system-ciphers' '--with-tidy=shared,/usr' '--with-unixODBC=shared,/usr' '--with-web
p-dir=/usr' '--with-xmlrpc=shared,/usr' '--with-xpm-dir=/usr/X11R6' '--with-xsl=shared,/usr' '--with-zlib-dir=/usr' '--with
-zlib=/usr' '--with-zlib=shared,/usr' 'build_alias=x86_64-mageia-linux-gnu'

Used phpmyadmin to exercise, all worked OK.

CC: (none) => herman.viaene

Comment 3 PC LX 2020-05-16 21:07:58 CEST
Installed and tested without issues.


Using PHP FastCGI Process Manager.

Tested with various large scripts (phpmyadmin, phpPgAdmin, roundcubemail, wordpress, drupal, etc) using HTTP(S) and CLI.
No issues found.


System: Mageia 7, x86_64, Apache, PHP FPM, Intel CPU.


$ uname -a
Linux marte 5.6.8-desktop-1.mga7 #1 SMP Thu Apr 30 06:12:53 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | grep php.*7.3.18 | sort
apache-mod_php-7.3.18-1.mga7
lib64php_common7-7.3.18-1.mga7
php-bz2-7.3.18-1.mga7
php-cli-7.3.18-1.mga7
php-ctype-7.3.18-1.mga7
php-curl-7.3.18-1.mga7
php-dom-7.3.18-1.mga7
php-exif-7.3.18-1.mga7
php-fileinfo-7.3.18-1.mga7
php-filter-7.3.18-1.mga7
php-fpm-7.3.18-1.mga7
php-ftp-7.3.18-1.mga7
php-gd-7.3.18-1.mga7
php-gettext-7.3.18-1.mga7
php-hash-7.3.18-1.mga7
php-iconv-7.3.18-1.mga7
php-ini-7.3.18-1.mga7
php-intl-7.3.18-1.mga7
php-json-7.3.18-1.mga7
php-ldap-7.3.18-1.mga7
php-mbstring-7.3.18-1.mga7
php-mysqli-7.3.18-1.mga7
php-mysqlnd-7.3.18-1.mga7
php-openssl-7.3.18-1.mga7
php-pdo-7.3.18-1.mga7
php-pdo_mysql-7.3.18-1.mga7
php-pdo_sqlite-7.3.18-1.mga7
php-pgsql-7.3.18-1.mga7
php-posix-7.3.18-1.mga7
php-session-7.3.18-1.mga7
php-sockets-7.3.18-1.mga7
php-sysvsem-7.3.18-1.mga7
php-sysvshm-7.3.18-1.mga7
php-tokenizer-7.3.18-1.mga7
php-xml-7.3.18-1.mga7
php-xmlreader-7.3.18-1.mga7
php-xmlwriter-7.3.18-1.mga7
php-zip-7.3.18-1.mga7
php-zlib-7.3.18-1.mga7
$ systemctl status php-fpm.socket 
● php-fpm.socket - php-fpm Server Socket
   Loaded: loaded (/usr/local/lib/systemd/system/php-fpm.socket; enabled; vendor preset: disabled)
   Active: inactive (dead) since Sat 2020-05-16 19:56:38 WEST; 9min ago
   Listen: /var/lib/php-fpm/php-fpm.sock (Stream)

mai 16 10:27:32 marte systemd[1]: Listening on php-fpm Server Socket.
mai 16 19:56:38 marte systemd[1]: php-fpm.socket: Succeeded.
mai 16 19:56:38 marte systemd[1]: Closed php-fpm Server Socket.
$ systemctl status php-fpm.service 
● php-fpm.service - The PHP FastCGI Process Manager
   Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; disabled; vendor preset: disabled)
   Active: active (running) since Sat 2020-05-16 19:56:38 WEST; 10min ago
 Main PID: 15521 (php-fpm)
   Status: "Processes active: 0, idle: 3, Requests: 96, slow: 0, Traffic: 0req/sec"
    Tasks: 4 (limit: 4697)
   Memory: 84.1M
   CGroup: /system.slice/php-fpm.service
           ├─15521 php-fpm: master process (/etc/php-fpm.conf)
           ├─15522 php-fpm: pool www
           ├─15629 php-fpm: pool www
           └─15715 php-fpm: pool www

mai 16 19:56:38 marte systemd[1]: Starting The PHP FastCGI Process Manager...
mai 16 19:56:38 marte systemd[1]: Started The PHP FastCGI Process Manager.

CC: (none) => mageia

Comment 4 PC LX 2020-05-24 20:05:32 CEST
This update has been in use for a week without issues so I'm giving the OK for x86_64 based on comment 2 and comment 3.

Whiteboard: (none) => MGA7-64-OK

Comment 5 Thomas Andrews 2020-05-26 03:36:50 CEST
Validating. Advisory information in Comment 1.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Nicolas Lécureuil 2020-05-27 16:34:06 CEST

Keywords: (none) => advisory
CC: (none) => mageia

Comment 6 Mageia Robot 2020-05-27 20:18:41 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0236.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.