SCIENTIFIC-LINUX-ERRATA Archives

December 2016

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: php on SL7.x x86_64
From:
Scott Reid <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Wed, 14 Dec 2016 18:01:56 -0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (68 lines) 
Synopsis:          Moderate: php security and bug fix update
Advisory ID:       SLSA-2016:2598-2
Issue Date:        2016-11-03
CVE Numbers:       CVE-2016-5766
                   CVE-2016-5767
                   CVE-2016-5768
                   CVE-2016-5399
--

Security Fix(es):

* A flaw was found in the way certain error conditions were handled by
bzread() function in PHP. An attacker could use this flaw to upload a
specially crafted bz2 archive which, when parsed via the vulnerable
function, could cause the application to crash or execute arbitrary code
with the permissions of the user running the PHP application.
(CVE-2016-5399)

* An integer overflow flaw, leading to a heap-based buffer overflow was
found in the imagecreatefromgd2() function of PHP's gd extension. A remote
attacker could use this flaw to crash a PHP application or execute
arbitrary code with the privileges of the user running that PHP
application using gd via a specially crafted GD2 image. (CVE-2016-5766)

* An integer overflow flaw, leading to a heap-based buffer overflow was
found in the gdImagePaletteToTrueColor() function of PHP's gd extension. A
remote attacker could use this flaw to crash a PHP application or execute
arbitrary code with the privileges of the user running that PHP
application using gd via a specially crafted image buffer. (CVE-2016-5767)

* A double free flaw was found in the mb_ereg_replace_callback() function
of php which is used to perform regex search. This flaw could possibly
cause a PHP application to crash. (CVE-2016-5768)

Additional Changes:
--

SL7
  x86_64
    php-5.4.16-42.el7.x86_64.rpm
    php-bcmath-5.4.16-42.el7.x86_64.rpm
    php-cli-5.4.16-42.el7.x86_64.rpm
    php-common-5.4.16-42.el7.x86_64.rpm
    php-dba-5.4.16-42.el7.x86_64.rpm
    php-debuginfo-5.4.16-42.el7.x86_64.rpm
    php-devel-5.4.16-42.el7.x86_64.rpm
    php-embedded-5.4.16-42.el7.x86_64.rpm
    php-enchant-5.4.16-42.el7.x86_64.rpm
    php-fpm-5.4.16-42.el7.x86_64.rpm
    php-gd-5.4.16-42.el7.x86_64.rpm
    php-intl-5.4.16-42.el7.x86_64.rpm
    php-ldap-5.4.16-42.el7.x86_64.rpm
    php-mbstring-5.4.16-42.el7.x86_64.rpm
    php-mysql-5.4.16-42.el7.x86_64.rpm
    php-mysqlnd-5.4.16-42.el7.x86_64.rpm
    php-odbc-5.4.16-42.el7.x86_64.rpm
    php-pdo-5.4.16-42.el7.x86_64.rpm
    php-pgsql-5.4.16-42.el7.x86_64.rpm
    php-process-5.4.16-42.el7.x86_64.rpm
    php-pspell-5.4.16-42.el7.x86_64.rpm
    php-recode-5.4.16-42.el7.x86_64.rpm
    php-snmp-5.4.16-42.el7.x86_64.rpm
    php-soap-5.4.16-42.el7.x86_64.rpm
    php-xml-5.4.16-42.el7.x86_64.rpm
    php-xmlrpc-5.4.16-42.el7.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2