Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Moderate Security Issues in Red Hat Software Collections for rh-php70-php

red hat
Calendar Grey May 3, 2018
Dist Redhat Esm H88
Red Hat Software Collections delivers an update that addresses security vulnerabilities and bugs in rh-php70-php with moderate severity.
An update for rh-php70-php is now available for Red Hat Software Collections

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

Summary

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
The following packages have been upgraded to a later upstream version: rh-php70-php (7.0.27). (BZ#1518843)
Security Fix(es):
* php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field (CVE-2016-7412)
* php: Use after free in wddx_deserialize (CVE-2016-7413)
* php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile (CVE-2016-7414)
* php: Stack based buffer overflow in msgfmt_format_message (CVE-2016-7416)
* php: Missing type check when unserializing SplArray (CVE-2016-7417)
* php: Null pointer dereference in php_wddx_push_element (CVE-2016-7418)
* php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object (CVE-2016-7479)
* php: Invalid read when wddx decodes empty boolean element (CVE-2016-9935)
* php: Use After Free in unserialize() (CVE-2016-9936)
* php: Wrong calculation in exif_convert_any_to_int function (CVE-2016-10158)
* php: Integer overflow in phar_parse_pharfile (CVE-2016-10159)
* php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive (CVE-2016-10160)
* php: Out-of-bounds heap read on unserialize in finish_nested_data() (CVE-2016-10161)
* php: Null pointer dereference when unserializing PHP object (CVE-2016-10162)
* gd: DoS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167)
* gd: Integer overflow in gd_io.c (CVE-2016-10168)
* php: Use of uninitialized memory in unserialize() (CVE-2017-5340)
* php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function (CVE-2017-7890)
* oniguruma: Out-of-bounds stack read in match_at() during regular expression searching (CVE-2017-9224)
* oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation (CVE-2017-9226)
* oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching (CVE-2017-9227)
* oniguruma: Out-of-bounds heap write in bitset_set_range() (CVE-2017-9228)
* oniguruma: Invalid pointer dereference in left_adjust_char_head() (CVE-2017-9229)
* php: Incorrect WDDX deserialization of boolean parameters leads to DoS (CVE-2017-11143)
* php: Incorrect return value check of OpenSSL sealing function leads to crash (CVE-2017-11144)
* php: Out-of-bounds read in phar_parse_pharfile (CVE-2017-11147)
* php: Stack-based buffer over-read in msgfmt_parse_message function (CVE-2017-11362)
* php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c (CVE-2017-11628)
* php: heap use after free in ext/standard/var_unserializer.re (CVE-2017-12932)
* php: heap use after free in ext/standard/var_unserializer.re (CVE-2017-12934)
* php: reflected XSS in .phar 404 page (CVE-2018-5712)
* php, gd: Stack overflow in gdImageFillToBorder on truecolor images (CVE-2016-9933)
* php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow (CVE-2016-9934)
* php: wddx_deserialize() heap out-of-bound read via php_parse_date() (CVE-2017-11145)
* php: buffer over-read in finish_nested_data function (CVE-2017-12933)
* php: Out-of-bound read in timelib_meridian() (CVE-2017-16642)
* php: Denial of Service (DoS) via infinite loop in libgd gdImageCreateFromGifCtx function in ext/gd/libgd/gd_gif_in.c (CVE-2018-5711)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For details, see the Red Hat Software Collections 3.1 Release Notes linked from the References section.

Topics%20covered

Topics Covered

security advisory Red Hat buffer overflow bug fix php update heap overflow Moderate impact

References

https://access.redhat.com/security/cve/CVE-2016-7412 https://access.redhat.com/security/cve/CVE-2016-7413 https://access.redhat.com/security/cve/CVE-2016-7414 https://access.redhat.com/security/cve/CVE-2016-7416 https://access.redhat.com/security/cve/CVE-2016-7417 https://access.redhat.com/security/cve/CVE-2016-7418 https://access.redhat.com/security/cve/CVE-2016-7479 https://access.redhat.com/security/cve/CVE-2016-9933 https://access.redhat.com/security/cve/CVE-2016-9934 https://access.redhat.com/security/cve/CVE-2016-9935 https://access.redhat.com/security/cve/CVE-2016-9936 https://access.redhat.com/security/cve/CVE-2016-10158 https://access.redhat.com/security/cve/CVE-2016-10159 https://access.redhat.com/security/cve/CVE-2016-10160 https://access.redhat.com/security/cve/CVE-2016-10161 https://access.redhat.com/security/cve/CVE-2016-10162 https://access.redhat.com/security/cve/CVE-2016-10167 https://access.redhat.com/security/cve/CVE-2016-10168 https://access.redhat.com/security/cve/CVE-2017-5340 https://access.redhat.com/security/cve/CVE-2017-7890 https://access.redhat.com/security/cve/CVE-2017-9224 https://access.redhat.com/security/cve/CVE-2017-9226 https://access.redhat.com/security/cve/CVE-2017-9227 https://access.redhat.com/security/cve/CVE-2017-9228 Read the Full Advisory

Package List

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-php70-php-7.0.27-1.el6.src.rpm
x86_64: rh-php70-php-7.0.27-1.el6.x86_64.rpm rh-php70-php-bcmath-7.0.27-1.el6.x86_64.rpm rh-php70-php-cli-7.0.27-1.el6.x86_64.rpm rh-php70-php-common-7.0.27-1.el6.x86_64.rpm rh-php70-php-dba-7.0.27-1.el6.x86_64.rpm rh-php70-php-dbg-7.0.27-1.el6.x86_64.rpm rh-php70-php-debuginfo-7.0.27-1.el6.x86_64.rpm rh-php70-php-devel-7.0.27-1.el6.x86_64.rpm rh-php70-php-embedded-7.0.27-1.el6.x86_64.rpm rh-php70-php-enchant-7.0.27-1.el6.x86_64.rpm rh-php70-php-fpm-7.0.27-1.el6.x86_64.rpm rh-php70-php-gd-7.0.27-1.el6.x86_64.rpm rh-php70-php-gmp-7.0.27-1.el6.x86_64.rpm rh-php70-php-imap-7.0.27-1.el6.x86_64.rpm rh-php70-php-intl-7.0.27-1.el6.x86_64.rpm rh-php70-php-json-7.0.27-1.el6.x86_64.rpm rh-php70-php-ldap-7.0.27-1.el6.x86_64.rpm rh-php70-php-mbstring-7.0.27-1.el6.x86_64.rpm rh-php70-php-mysqlnd-7.0.27-1.el6.x86_64.rpm rh-php70-php-odbc-7.0.27-1.el6.x86_64.rpm rh-php70-php-opcache-7.0.27-1.el6.x86_64.rpm rh-php70-php-pdo-7.0.27-1.el6.x86_64.rpm rh-php70-php-pgsql-7.0.27-1.el6.x86_64.rpm rh-php70-php-process-7.0.27-1.el6.x86_64.rpm rh-php70-php-pspell-7.0.27-1.el6.x86_64.rpm rh-php70-php-recode-7.0.27-1.el6.x86_64.rpm rh-php70-php-snmp-7.0.27-1.el6.x86_64.rpm

Read the Full Advisory


Advisory ID: RHSA-2018:1296-01
Product: Red Hat Software Collections
Advisory URL: https://access.redhat.com/errata/RHSA-2018:1296
Issue date: 2018-05-03

Topic

An update for rh-php70-php is now available for Red Hat SoftwareCollections.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory Red Hat buffer overflow bug fix php update heap overflow Moderate impact

Relevant Releases Architectures

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - x86_64

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

Bugs Fixed

1377311 - CVE-2016-7412 php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field

1377314 - CVE-2016-7413 php: Use after free in wddx_deserialize

1377336 - CVE-2016-7414 php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile

1377340 - CVE-2016-7416 php: Stack based buffer overflow in msgfmt_format_message

1377344 - CVE-2016-7417 php: Missing type check when unserializing SplArray

1377352 - CVE-2016-7418 php: Null pointer dereference in php_wddx_push_element

1404723 - CVE-2016-9933 php, gd: Stack overflow in gdImageFillToBorder on truecolor images

1404726 - CVE-2016-9934 php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow

1404731 - CVE-2016-9935 php: Invalid read when wddx decodes empty boolean element

1404735 - CVE-2016-9936 php: Use After Free in unserialize()

1412631 - CVE-2017-5340 php: Use of uninitialized memory in unserialize()

1412686 - CVE-2016-7479 php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object

1418984 - CVE-2016-10167 gd: DoS vulnerability in gdImageCreateFromGd2Ctx()

1418986 - CVE-2016-10168 gd: Integer overflow in gd_io.c

1419010 - CVE-2016-10161 php: Out-of-bounds heap read on unserialize in finish_nested_data()

1419012 - CVE-2016-10162 php: Null pointer dereference when unserializing PHP object

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here