SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   PHP Vendors:   PHP Group
(CentOS Issues Fix) PHP Multiple Flaws Let Remote and Local Users Obtain Potentially Sensitive Information, Deny Service, and Execute Arbitrary Code
SecurityTracker Alert ID:  1039823
SecurityTracker URL:  http://securitytracker.com/id/1039823
CVE Reference:   CVE-2016-10167, CVE-2016-10168   (Links to External Site)
Date:  Nov 16 2017
Impact:   Denial of service via local system, Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.6.x, 7.0.x
Description:   Multiple vulnerabilities were reported in PHP. A remote or local user can cause denial of service conditions on the target system. A remote or local user can obtain potentially sensitive information on the target system. A remote or local user can execute arbitrary code on the target system.

A use-after-free memory error may occur in GD in the imagepng() function. Version 5.6.x is affected.

A out-of-bounds heap read error may occur in finish_nested_data() [CVE-2016-10161]. Version 7.0.x is affected.

A null pointer dereference may occur in unserializing a PHP object [CVE-2016-10162]. Version 7.0.x is affected.

The unserialize() function may use uninitialized memory [CVE-2017-5340]. Version 7.0.x is affected.

A use-after-free memory error may occur when resizing an unserialized object's properties hash table [CVE-2016-7479]. Version 7.0.x is affected.

A divide error may occur in exif_convert_any_to_int() when parsing an EXIF tag format [CVE-2016-10158].

A use-after-free memory error may occur in unserialize()). Version 7.0.x is affected.

A type confusion error may occur in object deserialization. Version 7.0.x is affected.

A signed integer overflow may occur in 'gd_io.c' [CVE-2016-10168].

A denial of service error may occur in gdImageCreateFromGd2Ctx() [CVE-2016-10167].

A type confusion error may occur in GMP deserialization. Version 7.0.x is affected.

A memory leak may occur in preg_*() functions. Version 7.0.x is affected.

A memory corruption error may occur in phar [CVE-2016-10160].

A crash may occur when loading a phar archive [CVE-2016-10159].

A memory leak may occur in ReflectionObject. Version 7.0.x is affected.

The specific impact depends on the application using PHP.

Impact:   A remote or local user can cause denial of service conditions.

A remote or local user can execute arbitrary code on the target system.

A remote or local user can obtain potentially sensitive information on the target system.

Solution:   CentOS has issued a fix for CVE-2016-10167 and CVE-2016-10168.

x86_64:
121238a8a61a493e7dcbacfae325d82822bc2786134f3b824506dc9059ae35fe php-5.4.16-43.el7_4.x86_64.rpm
6ec9411ef98c72615a21eff38d93df7b436a5a7240b22bebe40df18a33b92825 php-bcmath-5.4.16-43.el7_4.x86_64.rpm
edb93644bcde6ca82632a22d8b71a6920634558c0b9aa63c633a44dca08f1dff php-cli-5.4.16-43.el7_4.x86_64.rpm
bf306bbf00ce22c080b284d267c143df8c4430483fd49c27f589ea162d7a1e8e php-common-5.4.16-43.el7_4.x86_64.rpm
bfc2743370757a464003379348b1bab863f5f975c9926ec39a3e97405725a8e1 php-dba-5.4.16-43.el7_4.x86_64.rpm
ec43a80352ddaa0aeccd5709f8165c6d33ea39d78e41d5cca4baa9a054be1e8a php-devel-5.4.16-43.el7_4.x86_64.rpm
e6d79b17c0a69659ca56771eaef810859e5aa297381eb8f46546cd4d09d742fa php-embedded-5.4.16-43.el7_4.x86_64.rpm
77884c190002fb9a4feba68b1bcd1164e9705f34e382520b1c7daeb19afa80c9 php-enchant-5.4.16-43.el7_4.x86_64.rpm
266f022532ac1a3d3c70380141f3bcb3e3bb354d459300fe512da706d1ebfc7f php-fpm-5.4.16-43.el7_4.x86_64.rpm
d0c162b23743ed7e1ecfda994a8b039bacfee401e90fd85ffcacf12bda99816b php-gd-5.4.16-43.el7_4.x86_64.rpm
ccee165a03c579f4df3d951d1fa95c2e118effc15ad40317f1500afe9c62183e php-intl-5.4.16-43.el7_4.x86_64.rpm
40a1e1f0af8f3e52e55ee77de96600316865ddcaf2615d89948286029ae31d69 php-ldap-5.4.16-43.el7_4.x86_64.rpm
9ce4096325d89e0301f7e012dd49188a195898efb6a4087cb2fe2ccb677ba859 php-mbstring-5.4.16-43.el7_4.x86_64.rpm
948e0a481f5e0b6128966e2bae9620895ebffc6120014e18922ae8ace9fc3fd1 php-mysql-5.4.16-43.el7_4.x86_64.rpm
e5b9842911c143c46eb81ebe163e47a38486be65a26cb8cd496851217793a196 php-mysqlnd-5.4.16-43.el7_4.x86_64.rpm
cc23b6eebe80887a8c1465050476b7aed5d6a7f58f11936d6c476099aadd5f30 php-odbc-5.4.16-43.el7_4.x86_64.rpm
27a58dc3f4915eaf49886802fade65893d5a1937050c85515a2aed4180483471 php-pdo-5.4.16-43.el7_4.x86_64.rpm
eb880d14c75b86feb3568e803a1cf3042b041face51c70b8f9fe870990bc0628 php-pgsql-5.4.16-43.el7_4.x86_64.rpm
84074f9f87417d86591cf9510b20c614b8cd717132bd1f5457138e9ef2e04a52 php-process-5.4.16-43.el7_4.x86_64.rpm
a1bddbda8c9bcfc79b5da0755c77d339ab242df213ceef29794de204770327bc php-pspell-5.4.16-43.el7_4.x86_64.rpm
ec866e83f7318bd59a45daf6c22d18fd7a3ff1748a11261be31cfc7cfafe889d php-recode-5.4.16-43.el7_4.x86_64.rpm
fe6fa4427503d5bc07422c9df527cd0af609fc69b6372eb128e16731ae3d48cf php-snmp-5.4.16-43.el7_4.x86_64.rpm
b78413a695cd567203ba8dde95d14e55c633500845bd626b938e25cd0353b242 php-soap-5.4.16-43.el7_4.x86_64.rpm
0722fd103a7674a843bcc5fac8c26f5db7297ec5270139f760a240aa60e1222b php-xml-5.4.16-43.el7_4.x86_64.rpm
bdefe8e96bc1450c03abb3e4759ed378868e6be857cffda2a972e6161d63ca8a php-xmlrpc-5.4.16-43.el7_4.x86_64.rpm

Source:
038eb5e24ba9714f6298f8e36afa24d6cfee0fad1ed6fa444c0c2ed90ca97794 php-5.4.16-43.el7_4.src.rpm

Cause:   Access control error, Boundary error, Not specified, State error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  7

Message History:   This archive entry is a follow-up to the message listed below.
Jan 20 2017 PHP Multiple Flaws Let Remote and Local Users Obtain Potentially Sensitive Information, Deny Service, and Execute Arbitrary Code



 Source Message Contents

Subject:  [CentOS-announce] CESA-2017:3221 Moderate CentOS 7 php Security Update


CentOS Errata and Security Advisory 2017:3221 Moderate

Upstream details at : https://access.redhat.com/errata/RHSA-2017:3221

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
121238a8a61a493e7dcbacfae325d82822bc2786134f3b824506dc9059ae35fe  php-5.4.16-43.el7_4.x86_64.rpm
6ec9411ef98c72615a21eff38d93df7b436a5a7240b22bebe40df18a33b92825  php-bcmath-5.4.16-43.el7_4.x86_64.rpm
edb93644bcde6ca82632a22d8b71a6920634558c0b9aa63c633a44dca08f1dff  php-cli-5.4.16-43.el7_4.x86_64.rpm
bf306bbf00ce22c080b284d267c143df8c4430483fd49c27f589ea162d7a1e8e  php-common-5.4.16-43.el7_4.x86_64.rpm
bfc2743370757a464003379348b1bab863f5f975c9926ec39a3e97405725a8e1  php-dba-5.4.16-43.el7_4.x86_64.rpm
ec43a80352ddaa0aeccd5709f8165c6d33ea39d78e41d5cca4baa9a054be1e8a  php-devel-5.4.16-43.el7_4.x86_64.rpm
e6d79b17c0a69659ca56771eaef810859e5aa297381eb8f46546cd4d09d742fa  php-embedded-5.4.16-43.el7_4.x86_64.rpm
77884c190002fb9a4feba68b1bcd1164e9705f34e382520b1c7daeb19afa80c9  php-enchant-5.4.16-43.el7_4.x86_64.rpm
266f022532ac1a3d3c70380141f3bcb3e3bb354d459300fe512da706d1ebfc7f  php-fpm-5.4.16-43.el7_4.x86_64.rpm
d0c162b23743ed7e1ecfda994a8b039bacfee401e90fd85ffcacf12bda99816b  php-gd-5.4.16-43.el7_4.x86_64.rpm
ccee165a03c579f4df3d951d1fa95c2e118effc15ad40317f1500afe9c62183e  php-intl-5.4.16-43.el7_4.x86_64.rpm
40a1e1f0af8f3e52e55ee77de96600316865ddcaf2615d89948286029ae31d69  php-ldap-5.4.16-43.el7_4.x86_64.rpm
9ce4096325d89e0301f7e012dd49188a195898efb6a4087cb2fe2ccb677ba859  php-mbstring-5.4.16-43.el7_4.x86_64.rpm
948e0a481f5e0b6128966e2bae9620895ebffc6120014e18922ae8ace9fc3fd1  php-mysql-5.4.16-43.el7_4.x86_64.rpm
e5b9842911c143c46eb81ebe163e47a38486be65a26cb8cd496851217793a196  php-mysqlnd-5.4.16-43.el7_4.x86_64.rpm
cc23b6eebe80887a8c1465050476b7aed5d6a7f58f11936d6c476099aadd5f30  php-odbc-5.4.16-43.el7_4.x86_64.rpm
27a58dc3f4915eaf49886802fade65893d5a1937050c85515a2aed4180483471  php-pdo-5.4.16-43.el7_4.x86_64.rpm
eb880d14c75b86feb3568e803a1cf3042b041face51c70b8f9fe870990bc0628  php-pgsql-5.4.16-43.el7_4.x86_64.rpm
84074f9f87417d86591cf9510b20c614b8cd717132bd1f5457138e9ef2e04a52  php-process-5.4.16-43.el7_4.x86_64.rpm
a1bddbda8c9bcfc79b5da0755c77d339ab242df213ceef29794de204770327bc  php-pspell-5.4.16-43.el7_4.x86_64.rpm
ec866e83f7318bd59a45daf6c22d18fd7a3ff1748a11261be31cfc7cfafe889d  php-recode-5.4.16-43.el7_4.x86_64.rpm
fe6fa4427503d5bc07422c9df527cd0af609fc69b6372eb128e16731ae3d48cf  php-snmp-5.4.16-43.el7_4.x86_64.rpm
b78413a695cd567203ba8dde95d14e55c633500845bd626b938e25cd0353b242  php-soap-5.4.16-43.el7_4.x86_64.rpm
0722fd103a7674a843bcc5fac8c26f5db7297ec5270139f760a240aa60e1222b  php-xml-5.4.16-43.el7_4.x86_64.rpm
bdefe8e96bc1450c03abb3e4759ed378868e6be857cffda2a972e6161d63ca8a  php-xmlrpc-5.4.16-43.el7_4.x86_64.rpm

Source:
038eb5e24ba9714f6298f8e36afa24d6cfee0fad1ed6fa444c0c2ed90ca97794  php-5.4.16-43.el7_4.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC