* [Buildroot] [git commit branch/2021.02.x] package/php: security bump to version 7.4.25
@ 2021-10-26 19:08 Peter Korsgaard
0 siblings, 0 replies; only message in thread
From: Peter Korsgaard @ 2021-10-26 19:08 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=8c9111ca6e22b3c79fddc353b01b68c90554ca15
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2021.02.x
Fixes the following security issue:
- CVE-2021-21703: n PHP versions 7.3.x up to and including 7.3.31, 7.4.x
below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main
FPM daemon process running as root and child worker processes running as
lower-privileged users, it is possible for the child processes to access
memory shared with the main process and write to it, modifying it in a way
that would cause the root process to conduct invalid memory reads and
writes, which can be used to escalate privileges from local unprivileged
user to the root user.
For more details, see https://www.ambionics.io/blog/php-fpm-local-root
https://www.php.net/ChangeLog-7.php#7.4.25
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/php/php.hash | 2 +-
package/php/php.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/php/php.hash b/package/php/php.hash
index d82c81a703..c55f997731 100644
--- a/package/php/php.hash
+++ b/package/php/php.hash
@@ -1,5 +1,5 @@
# From https://www.php.net/downloads.php
-sha256 ff7658ee2f6d8af05b48c21146af5f502e121def4e76e862df5ec9fa06e98734 php-7.4.24.tar.xz
+sha256 12a758f1d7fee544387a28d3cf73226f47e3a52fb3049f07fcc37d156d393c0a php-7.4.25.tar.xz
# License file
sha256 a188db807d711536f71e27b7d36879d63480f7994dc18adc08e624b3c5430fff LICENSE
diff --git a/package/php/php.mk b/package/php/php.mk
index 30c3ee9ca4..27e665bf3c 100644
--- a/package/php/php.mk
+++ b/package/php/php.mk
@@ -4,7 +4,7 @@
#
################################################################################
-PHP_VERSION = 7.4.24
+PHP_VERSION = 7.4.25
PHP_SITE = http://www.php.net/distributions
PHP_SOURCE = php-$(PHP_VERSION).tar.xz
PHP_INSTALL_STAGING = YES
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2021-10-26 19:10 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-26 19:08 [Buildroot] [git commit branch/2021.02.x] package/php: security bump to version 7.4.25 Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.