Synopsis:          Moderate: php security update
Advisory ID:       SLSA-2017:3221-1
Issue Date:        2017-11-15
CVE Numbers:       CVE-2016-10167
                   CVE-2016-10168
--

Security Fix(es):

* A null pointer dereference flaw was found in libgd. An attacker could
use a specially-crafted .gd2 file to cause an application linked with
libgd to crash, leading to denial of service. (CVE-2016-10167)

* An integer overflow flaw, leading to a heap-based buffer overflow was
found in the way libgd read some specially-crafted gd2 files. A remote
attacker could use this flaw to crash an application compiled with libgd
or in certain cases execute arbitrary code with the privileges of the user
running that application. (CVE-2016-10168)
--

SL7
  x86_64
    php-5.4.16-43.el7_4.x86_64.rpm
    php-bcmath-5.4.16-43.el7_4.x86_64.rpm
    php-cli-5.4.16-43.el7_4.x86_64.rpm
    php-common-5.4.16-43.el7_4.x86_64.rpm
    php-dba-5.4.16-43.el7_4.x86_64.rpm
    php-debuginfo-5.4.16-43.el7_4.x86_64.rpm
    php-devel-5.4.16-43.el7_4.x86_64.rpm
    php-embedded-5.4.16-43.el7_4.x86_64.rpm
    php-enchant-5.4.16-43.el7_4.x86_64.rpm
    php-fpm-5.4.16-43.el7_4.x86_64.rpm
    php-gd-5.4.16-43.el7_4.x86_64.rpm
    php-intl-5.4.16-43.el7_4.x86_64.rpm
    php-ldap-5.4.16-43.el7_4.x86_64.rpm
    php-mbstring-5.4.16-43.el7_4.x86_64.rpm
    php-mysql-5.4.16-43.el7_4.x86_64.rpm
    php-mysqlnd-5.4.16-43.el7_4.x86_64.rpm
    php-odbc-5.4.16-43.el7_4.x86_64.rpm
    php-pdo-5.4.16-43.el7_4.x86_64.rpm
    php-pgsql-5.4.16-43.el7_4.x86_64.rpm
    php-process-5.4.16-43.el7_4.x86_64.rpm
    php-pspell-5.4.16-43.el7_4.x86_64.rpm
    php-recode-5.4.16-43.el7_4.x86_64.rpm
    php-snmp-5.4.16-43.el7_4.x86_64.rpm
    php-soap-5.4.16-43.el7_4.x86_64.rpm
    php-xml-5.4.16-43.el7_4.x86_64.rpm
    php-xmlrpc-5.4.16-43.el7_4.x86_64.rpm
    php-5.4.16-43.el7_4.src.rpm

- Scientific Linux Development Team