An update for php is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1721 Final 1.0 1.0 2022-06-24 Initial 2022-06-24 2022-06-24 openEuler SA Tool V1.0 2022-06-24 php security update An update for php is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. Security Fix(es): In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.(CVE-2022-31626) In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.(CVE-2022-31625) An update for php is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High php https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1721 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-31626 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-31625 https://nvd.nist.gov/vuln/detail/CVE-2022-31626 https://nvd.nist.gov/vuln/detail/CVE-2022-31625 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS php-gd-7.2.10-20.oe1.aarch64.rpm php-debugsource-7.2.10-20.oe1.aarch64.rpm php-json-7.2.10-20.oe1.aarch64.rpm php-common-7.2.10-20.oe1.aarch64.rpm php-ldap-7.2.10-20.oe1.aarch64.rpm php-recode-7.2.10-20.oe1.aarch64.rpm php-process-7.2.10-20.oe1.aarch64.rpm php-opcache-7.2.10-20.oe1.aarch64.rpm php-help-7.2.10-20.oe1.aarch64.rpm php-cli-7.2.10-20.oe1.aarch64.rpm php-xml-7.2.10-20.oe1.aarch64.rpm php-pgsql-7.2.10-20.oe1.aarch64.rpm php-soap-7.2.10-20.oe1.aarch64.rpm php-snmp-7.2.10-20.oe1.aarch64.rpm php-fpm-7.2.10-20.oe1.aarch64.rpm php-7.2.10-20.oe1.aarch64.rpm php-odbc-7.2.10-20.oe1.aarch64.rpm php-enchant-7.2.10-20.oe1.aarch64.rpm php-tidy-7.2.10-20.oe1.aarch64.rpm php-pdo-7.2.10-20.oe1.aarch64.rpm php-bcmath-7.2.10-20.oe1.aarch64.rpm php-xmlrpc-7.2.10-20.oe1.aarch64.rpm php-mbstring-7.2.10-20.oe1.aarch64.rpm php-dbg-7.2.10-20.oe1.aarch64.rpm php-intl-7.2.10-20.oe1.aarch64.rpm php-dba-7.2.10-20.oe1.aarch64.rpm php-debuginfo-7.2.10-20.oe1.aarch64.rpm php-embedded-7.2.10-20.oe1.aarch64.rpm php-gmp-7.2.10-20.oe1.aarch64.rpm php-mysqlnd-7.2.10-20.oe1.aarch64.rpm php-devel-7.2.10-20.oe1.aarch64.rpm php-embedded-8.0.0-8.oe1.aarch64.rpm php-bcmath-8.0.0-8.oe1.aarch64.rpm php-8.0.0-8.oe1.aarch64.rpm php-debuginfo-8.0.0-8.oe1.aarch64.rpm php-enchant-8.0.0-8.oe1.aarch64.rpm php-fpm-8.0.0-8.oe1.aarch64.rpm php-cli-8.0.0-8.oe1.aarch64.rpm php-ffi-8.0.0-8.oe1.aarch64.rpm php-pdo-8.0.0-8.oe1.aarch64.rpm php-dbg-8.0.0-8.oe1.aarch64.rpm php-help-8.0.0-8.oe1.aarch64.rpm php-intl-8.0.0-8.oe1.aarch64.rpm php-process-8.0.0-8.oe1.aarch64.rpm php-mbstring-8.0.0-8.oe1.aarch64.rpm php-odbc-8.0.0-8.oe1.aarch64.rpm php-soap-8.0.0-8.oe1.aarch64.rpm php-tidy-8.0.0-8.oe1.aarch64.rpm php-opcache-8.0.0-8.oe1.aarch64.rpm php-dba-8.0.0-8.oe1.aarch64.rpm php-gd-8.0.0-8.oe1.aarch64.rpm php-ldap-8.0.0-8.oe1.aarch64.rpm php-common-8.0.0-8.oe1.aarch64.rpm php-gmp-8.0.0-8.oe1.aarch64.rpm php-snmp-8.0.0-8.oe1.aarch64.rpm php-debugsource-8.0.0-8.oe1.aarch64.rpm php-mysqlnd-8.0.0-8.oe1.aarch64.rpm php-devel-8.0.0-8.oe1.aarch64.rpm php-pgsql-8.0.0-8.oe1.aarch64.rpm php-xml-8.0.0-8.oe1.aarch64.rpm php-soap-8.0.0-10.oe2203.aarch64.rpm php-pdo-8.0.0-10.oe2203.aarch64.rpm php-dbg-8.0.0-10.oe2203.aarch64.rpm php-intl-8.0.0-10.oe2203.aarch64.rpm php-bcmath-8.0.0-10.oe2203.aarch64.rpm php-devel-8.0.0-10.oe2203.aarch64.rpm php-common-8.0.0-10.oe2203.aarch64.rpm php-enchant-8.0.0-10.oe2203.aarch64.rpm php-dba-8.0.0-10.oe2203.aarch64.rpm php-8.0.0-10.oe2203.aarch64.rpm php-debuginfo-8.0.0-10.oe2203.aarch64.rpm php-gmp-8.0.0-10.oe2203.aarch64.rpm php-process-8.0.0-10.oe2203.aarch64.rpm php-embedded-8.0.0-10.oe2203.aarch64.rpm php-opcache-8.0.0-10.oe2203.aarch64.rpm php-mysqlnd-8.0.0-10.oe2203.aarch64.rpm php-mbstring-8.0.0-10.oe2203.aarch64.rpm php-help-8.0.0-10.oe2203.aarch64.rpm php-xml-8.0.0-10.oe2203.aarch64.rpm php-cli-8.0.0-10.oe2203.aarch64.rpm php-tidy-8.0.0-10.oe2203.aarch64.rpm php-pgsql-8.0.0-10.oe2203.aarch64.rpm php-fpm-8.0.0-10.oe2203.aarch64.rpm php-ffi-8.0.0-10.oe2203.aarch64.rpm php-gd-8.0.0-10.oe2203.aarch64.rpm php-snmp-8.0.0-10.oe2203.aarch64.rpm php-debugsource-8.0.0-10.oe2203.aarch64.rpm php-odbc-8.0.0-10.oe2203.aarch64.rpm php-ldap-8.0.0-10.oe2203.aarch64.rpm php-7.2.10-20.oe1.src.rpm php-8.0.0-8.oe1.src.rpm php-8.0.0-10.oe2203.src.rpm php-mbstring-7.2.10-20.oe1.x86_64.rpm php-devel-7.2.10-20.oe1.x86_64.rpm php-json-7.2.10-20.oe1.x86_64.rpm php-ldap-7.2.10-20.oe1.x86_64.rpm php-odbc-7.2.10-20.oe1.x86_64.rpm php-debugsource-7.2.10-20.oe1.x86_64.rpm php-opcache-7.2.10-20.oe1.x86_64.rpm php-help-7.2.10-20.oe1.x86_64.rpm php-xmlrpc-7.2.10-20.oe1.x86_64.rpm php-pgsql-7.2.10-20.oe1.x86_64.rpm php-gmp-7.2.10-20.oe1.x86_64.rpm php-soap-7.2.10-20.oe1.x86_64.rpm php-enchant-7.2.10-20.oe1.x86_64.rpm php-fpm-7.2.10-20.oe1.x86_64.rpm php-debuginfo-7.2.10-20.oe1.x86_64.rpm php-pdo-7.2.10-20.oe1.x86_64.rpm php-xml-7.2.10-20.oe1.x86_64.rpm php-7.2.10-20.oe1.x86_64.rpm php-bcmath-7.2.10-20.oe1.x86_64.rpm php-intl-7.2.10-20.oe1.x86_64.rpm php-embedded-7.2.10-20.oe1.x86_64.rpm php-mysqlnd-7.2.10-20.oe1.x86_64.rpm php-common-7.2.10-20.oe1.x86_64.rpm php-cli-7.2.10-20.oe1.x86_64.rpm php-gd-7.2.10-20.oe1.x86_64.rpm php-tidy-7.2.10-20.oe1.x86_64.rpm php-dba-7.2.10-20.oe1.x86_64.rpm php-snmp-7.2.10-20.oe1.x86_64.rpm php-recode-7.2.10-20.oe1.x86_64.rpm php-dbg-7.2.10-20.oe1.x86_64.rpm php-process-7.2.10-20.oe1.x86_64.rpm php-fpm-8.0.0-8.oe1.x86_64.rpm php-dba-8.0.0-8.oe1.x86_64.rpm php-odbc-8.0.0-8.oe1.x86_64.rpm php-soap-8.0.0-8.oe1.x86_64.rpm php-common-8.0.0-8.oe1.x86_64.rpm php-8.0.0-8.oe1.x86_64.rpm php-debuginfo-8.0.0-8.oe1.x86_64.rpm php-pgsql-8.0.0-8.oe1.x86_64.rpm php-mbstring-8.0.0-8.oe1.x86_64.rpm php-tidy-8.0.0-8.oe1.x86_64.rpm php-xml-8.0.0-8.oe1.x86_64.rpm php-pdo-8.0.0-8.oe1.x86_64.rpm php-cli-8.0.0-8.oe1.x86_64.rpm php-enchant-8.0.0-8.oe1.x86_64.rpm php-help-8.0.0-8.oe1.x86_64.rpm php-embedded-8.0.0-8.oe1.x86_64.rpm php-ldap-8.0.0-8.oe1.x86_64.rpm php-opcache-8.0.0-8.oe1.x86_64.rpm php-gmp-8.0.0-8.oe1.x86_64.rpm php-ffi-8.0.0-8.oe1.x86_64.rpm php-debugsource-8.0.0-8.oe1.x86_64.rpm php-devel-8.0.0-8.oe1.x86_64.rpm php-intl-8.0.0-8.oe1.x86_64.rpm php-dbg-8.0.0-8.oe1.x86_64.rpm php-bcmath-8.0.0-8.oe1.x86_64.rpm php-gd-8.0.0-8.oe1.x86_64.rpm php-mysqlnd-8.0.0-8.oe1.x86_64.rpm php-snmp-8.0.0-8.oe1.x86_64.rpm php-process-8.0.0-8.oe1.x86_64.rpm php-dbg-8.0.0-10.oe2203.x86_64.rpm php-debuginfo-8.0.0-10.oe2203.x86_64.rpm php-snmp-8.0.0-10.oe2203.x86_64.rpm php-gd-8.0.0-10.oe2203.x86_64.rpm php-8.0.0-10.oe2203.x86_64.rpm php-fpm-8.0.0-10.oe2203.x86_64.rpm php-intl-8.0.0-10.oe2203.x86_64.rpm php-ldap-8.0.0-10.oe2203.x86_64.rpm php-xml-8.0.0-10.oe2203.x86_64.rpm php-ffi-8.0.0-10.oe2203.x86_64.rpm php-odbc-8.0.0-10.oe2203.x86_64.rpm php-dba-8.0.0-10.oe2203.x86_64.rpm php-debugsource-8.0.0-10.oe2203.x86_64.rpm php-mysqlnd-8.0.0-10.oe2203.x86_64.rpm php-tidy-8.0.0-10.oe2203.x86_64.rpm php-mbstring-8.0.0-10.oe2203.x86_64.rpm php-process-8.0.0-10.oe2203.x86_64.rpm php-common-8.0.0-10.oe2203.x86_64.rpm php-help-8.0.0-10.oe2203.x86_64.rpm php-soap-8.0.0-10.oe2203.x86_64.rpm php-embedded-8.0.0-10.oe2203.x86_64.rpm php-cli-8.0.0-10.oe2203.x86_64.rpm php-gmp-8.0.0-10.oe2203.x86_64.rpm php-pdo-8.0.0-10.oe2203.x86_64.rpm php-bcmath-8.0.0-10.oe2203.x86_64.rpm php-enchant-8.0.0-10.oe2203.x86_64.rpm php-opcache-8.0.0-10.oe2203.x86_64.rpm php-pgsql-8.0.0-10.oe2203.x86_64.rpm php-devel-8.0.0-10.oe2203.x86_64.rpm In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability. 2022-06-24 CVE-2022-31626 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS High 7.5 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H php security update 2022-06-24 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1721 In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service. 2022-06-24 CVE-2022-31625 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS High 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H php security update 2022-06-24 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1721