安全漏洞

安全漏洞补丁公告

技术服务 培训服务 常见问题 产品试用申请 技术文档下载 安全漏洞 系统更新
当前位置  >  首页  >  服务支持  >  安全漏洞  >  安全漏洞补丁公告

公告ID(KYSA-202202-0045

公告ID:KYSA-202202-0045 公告摘要:php7.4安全漏洞 等级:中等 发布日期:2023-05-05

详细介绍

1. 修复的CVE CVE-2021-21708 PHP是一种在服务器端执行的脚本语言。php 存在资源管理错误漏洞,该漏洞源于 php_filter_float() 导致整数失败的 UAF。 CVE-2017-9118 PHP(PHP:Hypertext Preprocessor,PHP:超文本预处理器)是PHPGroup和开放源代码社区的共同维护的一种开源的通用计算机脚本语言。该语言主要用于Web开发,支持多种数据库及操作系统。 PHP 7.1.5版本中的‘php_pcre_replace_impl’函数存在缓冲区错误漏洞。该漏洞源于网络系统或产品在内存上执行操作时,未正确验证数据边界,导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。 CVE-2021-21707 PHP是一种在服务器端执行的脚本语言。PHP 存在安全漏洞,攻击者可以通过 Xml 函数空字符绕过 PHP 的访问限制,以读取或更改文件。 CVE-2017-9120 PHP(PHP:Hypertext Preprocessor,PHP:超文本预处理器)是PHP Group和开放源代码社区共同维护的一种开源的通用计算机脚本语言。该语言主要用于Web开发,支持多种数据库及操作系统。PHP 7.x版本至7.1.5版本中的‘mysqli_real_escape_string()’函数存在整数溢出漏洞。远程攻击者可借助较长的字符串利用该漏洞造成拒绝服务(缓冲区溢出和应用程序崩溃)。 CVE-2017-8923 PHP(PHP:Hypertext Preprocessor,PHP:超文本预处理器)是PHP Group和开放源代码社区共同维护的一种开源的通用计算机脚本语言。该语言主要用于Web开发,支持多种数据库及操作系统。 PHP 7.1.5及之前的版本中的Zend/zend_string.h文件的‘zend_string_extend’函数存在安全漏洞,该漏洞源于程序没有阻止字符串对象的更改,导致输出负长度值。远程攻击者可利用该漏洞造成拒绝服务(应用程序崩溃)。 CVE-2017-9119 PHP(PHP:Hypertext Preprocessor,PHP:超文本预处理器)是PHP Group和开放源代码社区共同维护的一种开源的通用计算机脚本语言。该语言主要用于Web开发,支持多种数据库及操作系统。PHP 7.1.5版本中的Zend/zend_variables.h文件的‘i_zval_ptr_dtor’函数存在安全漏洞。攻击者可利用该漏洞造成拒绝服务(内存消耗和应用程序崩溃)。 CVE-2015-9253 PHP(PHP:Hypertext Preprocessor,PHP:超文本预处理器)是PHP Group和开放源代码社区共同维护的一种开源的通用计算机脚本语言。该语言主要用于Web开发,支持多种数据库及操作系统。 PHP 7.2.2及之前的版本中存在安全漏洞。攻击者可利用该漏洞耗尽CPU资源并消耗磁盘空间。 2. 受影响的操作系统及软件包 ·银河麒麟桌面操作系统V10 SP1 x86_64 架构: libapache2-mod-php7.4、libphp7.4-embed、php7.4-bcmath、php7.4-bz2、php7.4-cgi、php7.4-cli、php7.4-common、php7.4-curl、php7.4-dba、php7.4-enchant、php7.4-fpm、php7.4-gd、php7.4-gmp、php7.4-imap、php7.4-interbase、php7.4-intl、php7.4-json、php7.4-ldap、php7.4-mbstring、php7.4-mysql、php7.4-odbc、php7.4-opcache、php7.4-pgsql、php7.4-phpdbg、php7.4-pspell、php7.4-readline、php7.4-snmp、php7.4-soap、php7.4-sqlite3、php7.4-sybase、php7.4-tidy、php7.4-xml、php7.4-xmlrpc、php7.4-xsl、php7.4-zip、php7.4 arm64 架构: libapache2-mod-php7.4、libphp7.4-embed、php7.4-bcmath、php7.4-bz2、php7.4-cgi、php7.4-cli、php7.4-common、php7.4-curl、php7.4-dba、php7.4-enchant、php7.4-fpm、php7.4-gd、php7.4-gmp、php7.4-imap、php7.4-interbase、php7.4-intl、php7.4-json、php7.4-ldap、php7.4-mbstring、php7.4-mysql、php7.4-odbc、php7.4-opcache、php7.4-pgsql、php7.4-phpdbg、php7.4-pspell、php7.4-readline、php7.4-snmp、php7.4-soap、php7.4-sqlite3、php7.4-sybase、php7.4-tidy、php7.4-xml、php7.4-xmlrpc、php7.4-xsl、php7.4-zip、php7.4 mips64el 架构: libapache2-mod-php7.4、libphp7.4-embed、php7.4-bcmath、php7.4-bz2、php7.4-cgi、php7.4-cli、php7.4-common、php7.4-curl、php7.4-dba、php7.4-enchant、php7.4-fpm、php7.4-gd、php7.4-gmp、php7.4-imap、php7.4-interbase、php7.4-intl、php7.4-json、php7.4-ldap、php7.4-mbstring、php7.4-mysql、php7.4-odbc、php7.4-opcache、php7.4-pgsql、php7.4-phpdbg、php7.4-pspell、php7.4-readline、php7.4-snmp、php7.4-soap、php7.4-sqlite3、php7.4-sybase、php7.4-tidy、php7.4-xml、php7.4-xmlrpc、php7.4-xsl、php7.4-zip、php7.4 3. 软件包修复版本 ·银河麒麟桌面操作系统V10 SP1 7.4.3-4kylin2.10 4. 修复方法 方法一:升级安装 执行更新命令进行升级 $sudo apt update $sudo apt install php7.4 方法二:下载软件包进行升级安装 通过软件包地址下载软件包,使用软件包升级命令根据受影响的软件包列表升级相关的组件包。 $sudo dpkg -i /Path1/Package1 /Path2/Package2 /Path3/Package3…… 注:Path 指软件包下载到本地的路径,Package指下载的软件包名称,多个软件包则以空格分开。 5. 软件包下载地址 银河麒麟桌面操作系统V10 SP1 x86_64软件包下载地址 http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/libapache2-mod-php7.4_7.4.3-4kylin2.10_amd64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/libphp7.4-embed_7.4.3-4kylin2.10_amd64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-bcmath_7.4.3-4kylin2.10_amd64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-bz2_7.4.3-4kylin2.10_amd64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-cgi_7.4.3-4kylin2.10_amd64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-cli_7.4.3-4kylin2.10_amd64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-common_7.4.3-4kylin2.10_amd64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-curl_7.4.3-4kylin2.10_amd64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-dba_7.4.3-4kylin2.10_amd64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-enchant_7.4.3-4kylin2.10_amd64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-fpm_7.4.3-4kylin2.10_amd64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-gd_7.4.3-4kylin2.10_amd64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-gmp_7.4.3-4kylin2.10_amd64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-imap_7.4.3-4kylin2.10_amd64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-interbase_7.4.3-4kylin2.10_amd64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-intl_7.4.3-4kylin2.10_amd64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-json_7.4.3-4kylin2.10_amd64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-ldap_7.4.3-4kylin2.10_amd64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-mbstring_7.4.3-4kylin2.10_amd64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-mysql_7.4.3-4kylin2.10_amd64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-odbc_7.4.3-4kylin2.10_amd64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-opcache_7.4.3-4kylin2.10_amd64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-pgsql_7.4.3-4kylin2.10_amd64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-phpdbg_7.4.3-4kylin2.10_amd64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-pspell_7.4.3-4kylin2.10_amd64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-readline_7.4.3-4kylin2.10_amd64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-snmp_7.4.3-4kylin2.10_amd64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-soap_7.4.3-4kylin2.10_amd64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-sqlite3_7.4.3-4kylin2.10_amd64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-sybase_7.4.3-4kylin2.10_amd64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-tidy_7.4.3-4kylin2.10_amd64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-xml_7.4.3-4kylin2.10_amd64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-xmlrpc_7.4.3-4kylin2.10_amd64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-xsl_7.4.3-4kylin2.10_all.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-zip_7.4.3-4kylin2.10_amd64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4_7.4.3-4kylin2.10_all.deb arm64软件包下载地址 http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/libapache2-mod-php7.4_7.4.3-4kylin2.10_arm64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/libphp7.4-embed_7.4.3-4kylin2.10_arm64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-bcmath_7.4.3-4kylin2.10_arm64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-bz2_7.4.3-4kylin2.10_arm64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-cgi_7.4.3-4kylin2.10_arm64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-cli_7.4.3-4kylin2.10_arm64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-common_7.4.3-4kylin2.10_arm64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-curl_7.4.3-4kylin2.10_arm64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-dba_7.4.3-4kylin2.10_arm64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-enchant_7.4.3-4kylin2.10_arm64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-fpm_7.4.3-4kylin2.10_arm64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-gd_7.4.3-4kylin2.10_arm64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-gmp_7.4.3-4kylin2.10_arm64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-imap_7.4.3-4kylin2.10_arm64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-interbase_7.4.3-4kylin2.10_arm64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-intl_7.4.3-4kylin2.10_arm64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-json_7.4.3-4kylin2.10_arm64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-ldap_7.4.3-4kylin2.10_arm64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-mbstring_7.4.3-4kylin2.10_arm64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-mysql_7.4.3-4kylin2.10_arm64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-odbc_7.4.3-4kylin2.10_arm64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-opcache_7.4.3-4kylin2.10_arm64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-pgsql_7.4.3-4kylin2.10_arm64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-phpdbg_7.4.3-4kylin2.10_arm64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-pspell_7.4.3-4kylin2.10_arm64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-readline_7.4.3-4kylin2.10_arm64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-snmp_7.4.3-4kylin2.10_arm64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-soap_7.4.3-4kylin2.10_arm64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-sqlite3_7.4.3-4kylin2.10_arm64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-sybase_7.4.3-4kylin2.10_arm64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-tidy_7.4.3-4kylin2.10_arm64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-xml_7.4.3-4kylin2.10_arm64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-xmlrpc_7.4.3-4kylin2.10_arm64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-xsl_7.4.3-4kylin2.10_all.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-zip_7.4.3-4kylin2.10_arm64.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4_7.4.3-4kylin2.10_all.deb mips64el软件包下载地址 http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/libapache2-mod-php7.4_7.4.3-4kylin2.10_mips64el.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/libphp7.4-embed_7.4.3-4kylin2.10_mips64el.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-bcmath_7.4.3-4kylin2.10_mips64el.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-bz2_7.4.3-4kylin2.10_mips64el.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-cgi_7.4.3-4kylin2.10_mips64el.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-cli_7.4.3-4kylin2.10_mips64el.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-common_7.4.3-4kylin2.10_mips64el.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-curl_7.4.3-4kylin2.10_mips64el.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-dba_7.4.3-4kylin2.10_mips64el.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-enchant_7.4.3-4kylin2.10_mips64el.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-fpm_7.4.3-4kylin2.10_mips64el.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-gd_7.4.3-4kylin2.10_mips64el.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-gmp_7.4.3-4kylin2.10_mips64el.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-imap_7.4.3-4kylin2.10_mips64el.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-interbase_7.4.3-4kylin2.10_mips64el.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-intl_7.4.3-4kylin2.10_mips64el.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-json_7.4.3-4kylin2.10_mips64el.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-ldap_7.4.3-4kylin2.10_mips64el.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-mbstring_7.4.3-4kylin2.10_mips64el.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-mysql_7.4.3-4kylin2.10_mips64el.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-odbc_7.4.3-4kylin2.10_mips64el.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-opcache_7.4.3-4kylin2.10_mips64el.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-pgsql_7.4.3-4kylin2.10_mips64el.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-phpdbg_7.4.3-4kylin2.10_mips64el.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-pspell_7.4.3-4kylin2.10_mips64el.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-readline_7.4.3-4kylin2.10_mips64el.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-snmp_7.4.3-4kylin2.10_mips64el.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-soap_7.4.3-4kylin2.10_mips64el.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-sqlite3_7.4.3-4kylin2.10_mips64el.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-sybase_7.4.3-4kylin2.10_mips64el.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-tidy_7.4.3-4kylin2.10_mips64el.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-xml_7.4.3-4kylin2.10_mips64el.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-xmlrpc_7.4.3-4kylin2.10_mips64el.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-xsl_7.4.3-4kylin2.10_all.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4-zip_7.4.3-4kylin2.10_mips64el.deb http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/p/php7.4/php7.4_7.4.3-4kylin2.10_all.deb 6. 修复验证 使用软件包查询命令,查看相关的软件包版本大于或等于修复版本则成功修复。 $sudo dpkg -l |grep Package 注:Package为软件包包名。
上一篇: KYSA-202202-0044 下一篇: KYSA-202203-0013

服务热线

400-089-1870

版权所有 麒麟软件有限公司 Copyright 2020. kylinos.cn. All Rights Reserved. 网站备案号: 津ICP备15002470号-1  

试用

服务

动态

联系