Cloud security daily 220705: the red hat PHP interpreter has found a vulnerability of executing arbitrary code, which needs to be upgraded as soon as possible

7 month 4 Japan , Red hat has released a security update , Fixed red hat PHP Arbitrary code execution vulnerability found in the embedded scripting language interpreter . Here are the details of the vulnerability ：

Vulnerability Details

source :https://access.redhat.com/errata/RHSA-2022:5491

1.CVE-2022-31625 CVSS score ：8.1 severity ： important

because pg_query_params() Uninitialized array in function , stay PHP A hole was found in . Use Postgres Database expansion , Providing invalid parameters for parameterized queries may result in PHP Try using uninitialized data as a pointer to free memory . This vulnerability allows remote attackers to control query parameters to execute arbitrary code on the system or may cause a denial of service .

2.CVE-2022-31626 CVSS score ：7.5 severity ： high

stay mysqlnd_wireprotocol.c In dealing with mysqlnd/pdo When the password in , stay PHP A buffer overflow vulnerability was found in . When using with mysqlnd Driver's pdo_mysql When expanding , If a third party is allowed to provide a password for the connecting host , An overly long password will trigger PHP Buffer overflow in . This vulnerability allows a remote attacker to pass through PDO Put the password （ Too long ） Pass to MySQL The server , This triggers arbitrary code execution on the target system .

3.CVE-2021-21703 CVSS score ：6.4 severity ： secondary

php-fpm There is a loophole , It may lead to local permission elevation . This vulnerability is difficult to exploit , Because the attack needs to escape FPM Sandbox mechanism . When a complete attack is achieved , May lead to confidentiality 、 Risks in data integrity and system availability .

4.CVE-2021-21707 CVSS score ：5.3 severity ： secondary

stay php.ini A flaw was found in . The main reason for this vulnerability is parsing extensible markup language (XML) The input validation of entity is incorrect . Special characters may allow attackers to traverse directories . The biggest threat of this vulnerability is confidentiality .

Affected products and versions

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64

Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x

Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le

Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64

Solution

RedHat The official has Red Hat Software Collections Provide rh-php73-php Security update for . After installing the updated package , Must be restarted httpd The daemon can make the update take effect .

For more information on how to apply this update , see also ：

https://access.redhat.com/articles/11258

View more vulnerability information And upgrade, please visit the official website ：

https://access.redhat.com/security/security-updates/#/security-advisories