-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2022.3253
                 rh-php73-php security and bug fix update
                                5 July 2022

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           rh-php73-php
Publisher:         Red Hat
Operating System:  Red Hat
Resolution:        Patch/Upgrade
CVE Names:         CVE-2022-31626 CVE-2022-31625 CVE-2021-21707
                   CVE-2021-21703  

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2022:5491

Comment: CVSS (Max):  8.1 CVE-2022-31625 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
         CVSS Source: Red Hat
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: rh-php73-php security and bug fix update
Advisory ID:       RHSA-2022:5491-01
Product:           Red Hat Software Collections
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5491
Issue date:        2022-07-04
CVE Names:         CVE-2021-21703 CVE-2021-21707 CVE-2022-31625 
                   CVE-2022-31626 
=====================================================================

1. Summary:

An update for rh-php73-php is now available for Red Hat Software
Collections.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.

Security Fix(es):

* php: password of excessive length triggers buffer overflow leading to RCE
(CVE-2022-31626)

* php: Local privilege escalation via PHP-FPM (CVE-2021-21703)

* php: special character breaks path in xml parsing (CVE-2021-21707)

* php: uninitialized array in pg_query_params() leading to RCE
(CVE-2022-31625)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* rh-php73: rebase to 7.3.33 (BZ#2100753)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon must be restarted
for the update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2016535 - CVE-2021-21703 php: Local privilege escalation via PHP-FPM
2026045 - CVE-2021-21707 php: special character breaks path in xml parsing
2098521 - CVE-2022-31625 php: uninitialized array in pg_query_params() leading to RCE
2098523 - CVE-2022-31626 php: password of excessive length triggers buffer overflow leading to RCE
2100753 - rh-php73: rebase to 7.3.33 [rhscl-3.8.z]

6. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:
rh-php73-php-7.3.33-1.el7.src.rpm

ppc64le:
rh-php73-php-7.3.33-1.el7.ppc64le.rpm
rh-php73-php-bcmath-7.3.33-1.el7.ppc64le.rpm
rh-php73-php-cli-7.3.33-1.el7.ppc64le.rpm
rh-php73-php-common-7.3.33-1.el7.ppc64le.rpm
rh-php73-php-dba-7.3.33-1.el7.ppc64le.rpm
rh-php73-php-dbg-7.3.33-1.el7.ppc64le.rpm
rh-php73-php-debuginfo-7.3.33-1.el7.ppc64le.rpm
rh-php73-php-devel-7.3.33-1.el7.ppc64le.rpm
rh-php73-php-embedded-7.3.33-1.el7.ppc64le.rpm
rh-php73-php-enchant-7.3.33-1.el7.ppc64le.rpm
rh-php73-php-fpm-7.3.33-1.el7.ppc64le.rpm
rh-php73-php-gd-7.3.33-1.el7.ppc64le.rpm
rh-php73-php-gmp-7.3.33-1.el7.ppc64le.rpm
rh-php73-php-intl-7.3.33-1.el7.ppc64le.rpm
rh-php73-php-json-7.3.33-1.el7.ppc64le.rpm
rh-php73-php-ldap-7.3.33-1.el7.ppc64le.rpm
rh-php73-php-mbstring-7.3.33-1.el7.ppc64le.rpm
rh-php73-php-mysqlnd-7.3.33-1.el7.ppc64le.rpm
rh-php73-php-odbc-7.3.33-1.el7.ppc64le.rpm
rh-php73-php-opcache-7.3.33-1.el7.ppc64le.rpm
rh-php73-php-pdo-7.3.33-1.el7.ppc64le.rpm
rh-php73-php-pgsql-7.3.33-1.el7.ppc64le.rpm
rh-php73-php-process-7.3.33-1.el7.ppc64le.rpm
rh-php73-php-pspell-7.3.33-1.el7.ppc64le.rpm
rh-php73-php-recode-7.3.33-1.el7.ppc64le.rpm
rh-php73-php-snmp-7.3.33-1.el7.ppc64le.rpm
rh-php73-php-soap-7.3.33-1.el7.ppc64le.rpm
rh-php73-php-xml-7.3.33-1.el7.ppc64le.rpm
rh-php73-php-xmlrpc-7.3.33-1.el7.ppc64le.rpm
rh-php73-php-zip-7.3.33-1.el7.ppc64le.rpm

s390x:
rh-php73-php-7.3.33-1.el7.s390x.rpm
rh-php73-php-bcmath-7.3.33-1.el7.s390x.rpm
rh-php73-php-cli-7.3.33-1.el7.s390x.rpm
rh-php73-php-common-7.3.33-1.el7.s390x.rpm
rh-php73-php-dba-7.3.33-1.el7.s390x.rpm
rh-php73-php-dbg-7.3.33-1.el7.s390x.rpm
rh-php73-php-debuginfo-7.3.33-1.el7.s390x.rpm
rh-php73-php-devel-7.3.33-1.el7.s390x.rpm
rh-php73-php-embedded-7.3.33-1.el7.s390x.rpm
rh-php73-php-enchant-7.3.33-1.el7.s390x.rpm
rh-php73-php-fpm-7.3.33-1.el7.s390x.rpm
rh-php73-php-gd-7.3.33-1.el7.s390x.rpm
rh-php73-php-gmp-7.3.33-1.el7.s390x.rpm
rh-php73-php-intl-7.3.33-1.el7.s390x.rpm
rh-php73-php-json-7.3.33-1.el7.s390x.rpm
rh-php73-php-ldap-7.3.33-1.el7.s390x.rpm
rh-php73-php-mbstring-7.3.33-1.el7.s390x.rpm
rh-php73-php-mysqlnd-7.3.33-1.el7.s390x.rpm
rh-php73-php-odbc-7.3.33-1.el7.s390x.rpm
rh-php73-php-opcache-7.3.33-1.el7.s390x.rpm
rh-php73-php-pdo-7.3.33-1.el7.s390x.rpm
rh-php73-php-pgsql-7.3.33-1.el7.s390x.rpm
rh-php73-php-process-7.3.33-1.el7.s390x.rpm
rh-php73-php-pspell-7.3.33-1.el7.s390x.rpm
rh-php73-php-recode-7.3.33-1.el7.s390x.rpm
rh-php73-php-snmp-7.3.33-1.el7.s390x.rpm
rh-php73-php-soap-7.3.33-1.el7.s390x.rpm
rh-php73-php-xml-7.3.33-1.el7.s390x.rpm
rh-php73-php-xmlrpc-7.3.33-1.el7.s390x.rpm
rh-php73-php-zip-7.3.33-1.el7.s390x.rpm

x86_64:
rh-php73-php-7.3.33-1.el7.x86_64.rpm
rh-php73-php-bcmath-7.3.33-1.el7.x86_64.rpm
rh-php73-php-cli-7.3.33-1.el7.x86_64.rpm
rh-php73-php-common-7.3.33-1.el7.x86_64.rpm
rh-php73-php-dba-7.3.33-1.el7.x86_64.rpm
rh-php73-php-dbg-7.3.33-1.el7.x86_64.rpm
rh-php73-php-debuginfo-7.3.33-1.el7.x86_64.rpm
rh-php73-php-devel-7.3.33-1.el7.x86_64.rpm
rh-php73-php-embedded-7.3.33-1.el7.x86_64.rpm
rh-php73-php-enchant-7.3.33-1.el7.x86_64.rpm
rh-php73-php-fpm-7.3.33-1.el7.x86_64.rpm
rh-php73-php-gd-7.3.33-1.el7.x86_64.rpm
rh-php73-php-gmp-7.3.33-1.el7.x86_64.rpm
rh-php73-php-intl-7.3.33-1.el7.x86_64.rpm
rh-php73-php-json-7.3.33-1.el7.x86_64.rpm
rh-php73-php-ldap-7.3.33-1.el7.x86_64.rpm
rh-php73-php-mbstring-7.3.33-1.el7.x86_64.rpm
rh-php73-php-mysqlnd-7.3.33-1.el7.x86_64.rpm
rh-php73-php-odbc-7.3.33-1.el7.x86_64.rpm
rh-php73-php-opcache-7.3.33-1.el7.x86_64.rpm
rh-php73-php-pdo-7.3.33-1.el7.x86_64.rpm
rh-php73-php-pgsql-7.3.33-1.el7.x86_64.rpm
rh-php73-php-process-7.3.33-1.el7.x86_64.rpm
rh-php73-php-pspell-7.3.33-1.el7.x86_64.rpm
rh-php73-php-recode-7.3.33-1.el7.x86_64.rpm
rh-php73-php-snmp-7.3.33-1.el7.x86_64.rpm
rh-php73-php-soap-7.3.33-1.el7.x86_64.rpm
rh-php73-php-xml-7.3.33-1.el7.x86_64.rpm
rh-php73-php-xmlrpc-7.3.33-1.el7.x86_64.rpm
rh-php73-php-zip-7.3.33-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source:
rh-php73-php-7.3.33-1.el7.src.rpm

x86_64:
rh-php73-php-7.3.33-1.el7.x86_64.rpm
rh-php73-php-bcmath-7.3.33-1.el7.x86_64.rpm
rh-php73-php-cli-7.3.33-1.el7.x86_64.rpm
rh-php73-php-common-7.3.33-1.el7.x86_64.rpm
rh-php73-php-dba-7.3.33-1.el7.x86_64.rpm
rh-php73-php-dbg-7.3.33-1.el7.x86_64.rpm
rh-php73-php-debuginfo-7.3.33-1.el7.x86_64.rpm
rh-php73-php-devel-7.3.33-1.el7.x86_64.rpm
rh-php73-php-embedded-7.3.33-1.el7.x86_64.rpm
rh-php73-php-enchant-7.3.33-1.el7.x86_64.rpm
rh-php73-php-fpm-7.3.33-1.el7.x86_64.rpm
rh-php73-php-gd-7.3.33-1.el7.x86_64.rpm
rh-php73-php-gmp-7.3.33-1.el7.x86_64.rpm
rh-php73-php-intl-7.3.33-1.el7.x86_64.rpm
rh-php73-php-json-7.3.33-1.el7.x86_64.rpm
rh-php73-php-ldap-7.3.33-1.el7.x86_64.rpm
rh-php73-php-mbstring-7.3.33-1.el7.x86_64.rpm
rh-php73-php-mysqlnd-7.3.33-1.el7.x86_64.rpm
rh-php73-php-odbc-7.3.33-1.el7.x86_64.rpm
rh-php73-php-opcache-7.3.33-1.el7.x86_64.rpm
rh-php73-php-pdo-7.3.33-1.el7.x86_64.rpm
rh-php73-php-pgsql-7.3.33-1.el7.x86_64.rpm
rh-php73-php-process-7.3.33-1.el7.x86_64.rpm
rh-php73-php-pspell-7.3.33-1.el7.x86_64.rpm
rh-php73-php-recode-7.3.33-1.el7.x86_64.rpm
rh-php73-php-snmp-7.3.33-1.el7.x86_64.rpm
rh-php73-php-soap-7.3.33-1.el7.x86_64.rpm
rh-php73-php-xml-7.3.33-1.el7.x86_64.rpm
rh-php73-php-xmlrpc-7.3.33-1.el7.x86_64.rpm
rh-php73-php-zip-7.3.33-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-21703
https://access.redhat.com/security/cve/CVE-2021-21707
https://access.redhat.com/security/cve/CVE-2022-31625
https://access.redhat.com/security/cve/CVE-2022-31626
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYsLehtzjgjWX9erEAQiwyQ/+PV7nIzWZKjc+4JLfk/tF6u19j7lmxgo/
rXR/9UyeBFTas8Nd+19Q2xgJdEDheHED74zskj6lsMW8V8v7DEwP3QfbBrmsWAKl
HMahWfYEh6ZhpNMAxR1bc+z243unsHXb94b2Ed7oTNFewRxdkga1K+uhhvewfYaw
+yycxRapynaD0SUqtP6KDFirpX14iobazHynhVbiE1KMAv9pIkYlCLJmktnR18Pp
8UFEyGO05tovQqe38+9oVAFxnfq7f/NTmrIJAOuYcS5Lu0B9g4yMrWWiL4XjmL3U
YWHhPm5dSRWXaKGF2JtCsQ7kShFcHj7pXnBQsoRT3GYimuYuZnR9fd3p6i1EUU6c
6oE8Uu5D2dH1iEdYtewohgTGYkUz/IBT+f0d9Z6k0aQdroOGgczjBm8nc7pV580G
3ksyFzk58rOyPDlslrF0OtN2Xdq3Vn2InS/EJeT6d1v0OMMn8Voezg7jE28jT/qx
5tDKv98T4qD+IiurXBr/PFEFkZxMzKFOo6MVtkIpLuJjPf2Guy/8vO6KjUiR0ANE
GLtzbThZrV6js/vurZr0oc7h+UdgcgVm69XlcUVi7rHij7WC0UOlbF0pYM+b805c
HU8AYV8+9FxSB88w49p2eg1iIn0CNfKi2YQL2Gyr4T9L09Eiuf/y/HrgwLg66t4X
4AC7K4v+QQw=
=KI2M
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBYsO26skNZI30y1K9AQiHlQ/8D9Hlr+P/oROG3RTICJKKj1ioyt07PhBY
A2yJ0lcaCg9++JXdQR1Gp/6DE755HaJWuIkHucz78Gan0UMxJncgU9+NPydaxyQV
UTeLk8RRgi/U2UFVQRMKhBlVYjV4HTxZrvT1gbmbIELrhjVuAFyXtWyNsqAtncvF
Tw+RB0fZOr+0wFnU86uFXT9ZagIT9bNpDKrJ3oOZOSC3OeEIoJ2Hk4GFUc3SigNF
tiiz4d8g5kkLyX/oVZ5FfCR9PaxL3Uw2T/4D1PlP5qtFNd4xznJReGVxsOTRrHrx
hACye1g3F/UD6VlnHu4ATvXwFR3Okt8X3/0gVBqzh+e9yKE+HA8MtoL3Whcd8/e+
JMBPuEyiHVF4+aWrcQk2XT4GBinPxAP20g8S76dPxHCHQCtvhwdBy6CfYnVUcY3Q
eJf+zmLj63WAqWt4lXGZc9QnDw4gJUY9vB55gdlXsE8w5mMbWBhZHSRccqb4L9C5
Kgbg5AOH9edD8SAFkb7Y0YCVcwK9V1qWfCaIXUD5ZgvZLgAYurIMpjAfcQ+whwk7
3XQ3Fkx531qlnmSCsSAMnUP/KbWK8C6mlwzHf+vmHgde6kYwa7ju+OPd0tJOzllS
DgunRdlBHFLUMSysQGsisKkIl9d1aUm42k2BNu+IMlvEVU7JikgsCt0HCFwpNxH0
XDH5aTmzmZo=
=IIaV
-----END PGP SIGNATURE-----