NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/php: security bump to version 7.4.25

Browse Source 
Fixes the following security issue:

- CVE-2021-21703: n PHP versions 7.3.x up to and including 7.3.31, 7.4.x
  below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main
  FPM daemon process running as root and child worker processes running as
  lower-privileged users, it is possible for the child processes to access
  memory shared with the main process and write to it, modifying it in a way
  that would cause the root process to conduct invalid memory reads and
  writes, which can be used to escalate privileges from local unprivileged
  user to the root user.

  For more details, see https://www.ambionics.io/blog/php-fpm-local-root

https://www.php.net/ChangeLog-7.php#7.4.25

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Peter Korsgaard 2021-10-26 21:08:40 +02:00
parent c1c0d83cbb
commit 8c9111ca6e
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package/php/php.hash
View File

@ -1,5 +1,5 @@
# From https://www.php.net/downloads.php
sha256 ff7658ee2f6d8af05b48c21146af5f502e121def4e76e862df5ec9fa06e98734 php-7.4.24.tar.xz
sha256 12a758f1d7fee544387a28d3cf73226f47e3a52fb3049f07fcc37d156d393c0a php-7.4.25.tar.xz
# License file
sha256 a188db807d711536f71e27b7d36879d63480f7994dc18adc08e624b3c5430fff LICENSE

2
package/php/php.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
PHP_VERSION = 7.4.24
PHP_VERSION = 7.4.25
PHP_SITE = http://www.php.net/distributions
PHP_SOURCE = php-$(PHP_VERSION).tar.xz
PHP_INSTALL_STAGING = YES