SB2022092950 - Gentoo update for PHP

Description

This security bulletin contains information about 7 secuirty vulnerabilities.

1) Out-of-bounds write (CVE-ID: CVE-2021-21703)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists in the way PHP handles shared memory access, when using PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users. A child process can access shared memory with the main process and write to it. As a result, it is possible to cause the root process to conduct invalid memory reads and writes with root privileges. A local user can trigger an out-of-bounds write error and execute arbitrary code on the system with root privileges.

2) Stack-based buffer overflow (CVE-ID: CVE-2021-21704)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

Multiple boundary errors exists within firebird_info_cb(), firebird_handle_doer(), firebird_stmt_execute(), and firebird_fetch_blob() function. A remote attacker can pass specially crafted input to the application, trigger a stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

3) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2021-21705)

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted HTTP request, bypass the FILTER_VALIDATE_URL and trick the application to initiate requests to arbitrary systems.

Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.

4) Use-after-free (CVE-ID: CVE-2021-21708)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the "php_filter_float()" function. A remote attacker can pass specially crafted input to the application that uses the affected PHP function, trigger a use-after-free error and crash the php-fpm process.

5) Use of uninitialized resource (CVE-ID: CVE-2022-31625)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to usage of uninitialized array in the pg_query_params() function. A remote attacker with ability to control query parameters can trigger memory corruption and execute arbitrary code on the system.

6) Buffer overflow (CVE-ID: CVE-2022-31626)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing password in mysqlnd/pdo in mysqlnd_wireprotocol.c. A remote attacker with ability to control password that is passed via PDO to MySQL server can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

7) Heap-based buffer overflow (CVE-ID: CVE-2022-31627)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the finfo_buffer() PHP function. A remote attacker can pass an overly long string to the script that allocates the buffer, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

References

• https://security.gentoo.org/glsa/202209-20