ALAS2023-2023-081

Amazon Linux 2023 Security Advisory: ALAS-2023-081
Advisory Release Date: 2023-02-17 20:47 Pacific
Advisory Updated Date: 2023-02-22 23:30 Pacific
Severity: Important
Issue Overview:

A vulnerability was found in php. This issue occurs due to memory corruption in the finfo_buffer() function and a bad patch of the libmagic library. This flaw allows an attacker or malicious actor to execute a heap buffer overflow successfully, causing a memory crash. (CVE-2022-31627)

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip files, resulting in an infinite loop. (CVE-2022-31628)

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a or cookie by PHP applications. (CVE-2022-31629)

In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. (CVE-2022-31630)

A flaw was found in PHP. This issue occurs due to an uncaught integer overflow in PDO::quote() of PDO_SQLite returning an improperly quoted string. With the implementation of sqlite3_snprintf(), it is possible to force the function to return a single apostrophe if the function is called on user-supplied input without any length restrictions in place. (CVE-2022-31631)

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. (CVE-2022-37454)


Affected Packages:

php8.1


Issue Correction:
Run dnf update php8.1 --releasever=2023.0.20230222 to update your system.

New Packages:
aarch64:
    php8.1-embedded-debuginfo-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-enchant-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-mysqlnd-debuginfo-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-dba-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-opcache-debuginfo-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-tidy-debuginfo-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-dba-debuginfo-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-process-debuginfo-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-pdo-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-tidy-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-pgsql-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-process-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-common-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-ffi-debuginfo-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-gmp-debuginfo-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-pgsql-debuginfo-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-debugsource-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-ffi-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-mysqlnd-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-pdo-debuginfo-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-dbg-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-ldap-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-bcmath-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-bcmath-debuginfo-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-fpm-debuginfo-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-mbstring-debuginfo-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-common-debuginfo-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-odbc-debuginfo-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-soap-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-gd-debuginfo-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-mbstring-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-odbc-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-cli-debuginfo-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-fpm-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-gmp-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-intl-debuginfo-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-opcache-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-ldap-debuginfo-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-devel-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-cli-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-gd-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-xml-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-xml-debuginfo-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-soap-debuginfo-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-embedded-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-intl-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-debuginfo-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-dbg-debuginfo-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-enchant-debuginfo-8.1.14-1.amzn2023.0.2.aarch64
    php8.1-8.1.14-1.amzn2023.0.2.aarch64

src:
    php8.1-8.1.14-1.amzn2023.0.2.src

x86_64:
    php8.1-intl-debuginfo-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-dbg-debuginfo-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-intl-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-mysqlnd-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-fpm-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-debuginfo-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-pdo-debuginfo-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-ffi-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-ldap-debuginfo-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-devel-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-odbc-debuginfo-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-dba-debuginfo-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-mysqlnd-debuginfo-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-process-debuginfo-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-embedded-debuginfo-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-debugsource-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-mbstring-debuginfo-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-xml-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-ffi-debuginfo-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-common-debuginfo-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-opcache-debuginfo-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-mbstring-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-pgsql-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-gd-debuginfo-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-dbg-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-cli-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-cli-debuginfo-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-embedded-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-pdo-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-fpm-debuginfo-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-soap-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-soap-debuginfo-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-opcache-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-xml-debuginfo-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-pgsql-debuginfo-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-common-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-tidy-debuginfo-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-gmp-debuginfo-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-bcmath-debuginfo-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-process-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-gd-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-odbc-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-ldap-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-gmp-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-bcmath-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-dba-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-tidy-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-enchant-debuginfo-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-enchant-8.1.14-1.amzn2023.0.2.x86_64
    php8.1-8.1.14-1.amzn2023.0.2.x86_64

Additional References

Red Hat: CVE-2022-31627, CVE-2022-31628, CVE-2022-31629, CVE-2022-31630, CVE-2022-31631, CVE-2022-37454

Mitre: CVE-2022-31627, CVE-2022-31628, CVE-2022-31629, CVE-2022-31630, CVE-2022-31631, CVE-2022-37454