Synopsis: Moderate: php security update Advisory ID: SLSA-2017:3221-1 Issue Date: 2017-11-15 CVE Numbers: CVE-2016-10167 CVE-2016-10168 -- Security Fix(es): * A null pointer dereference flaw was found in libgd. An attacker could use a specially-crafted .gd2 file to cause an application linked with libgd to crash, leading to denial of service. (CVE-2016-10167) * An integer overflow flaw, leading to a heap-based buffer overflow was found in the way libgd read some specially-crafted gd2 files. A remote attacker could use this flaw to crash an application compiled with libgd or in certain cases execute arbitrary code with the privileges of the user running that application. (CVE-2016-10168) -- SL7 x86_64 php-5.4.16-43.el7_4.x86_64.rpm php-bcmath-5.4.16-43.el7_4.x86_64.rpm php-cli-5.4.16-43.el7_4.x86_64.rpm php-common-5.4.16-43.el7_4.x86_64.rpm php-dba-5.4.16-43.el7_4.x86_64.rpm php-debuginfo-5.4.16-43.el7_4.x86_64.rpm php-devel-5.4.16-43.el7_4.x86_64.rpm php-embedded-5.4.16-43.el7_4.x86_64.rpm php-enchant-5.4.16-43.el7_4.x86_64.rpm php-fpm-5.4.16-43.el7_4.x86_64.rpm php-gd-5.4.16-43.el7_4.x86_64.rpm php-intl-5.4.16-43.el7_4.x86_64.rpm php-ldap-5.4.16-43.el7_4.x86_64.rpm php-mbstring-5.4.16-43.el7_4.x86_64.rpm php-mysql-5.4.16-43.el7_4.x86_64.rpm php-mysqlnd-5.4.16-43.el7_4.x86_64.rpm php-odbc-5.4.16-43.el7_4.x86_64.rpm php-pdo-5.4.16-43.el7_4.x86_64.rpm php-pgsql-5.4.16-43.el7_4.x86_64.rpm php-process-5.4.16-43.el7_4.x86_64.rpm php-pspell-5.4.16-43.el7_4.x86_64.rpm php-recode-5.4.16-43.el7_4.x86_64.rpm php-snmp-5.4.16-43.el7_4.x86_64.rpm php-soap-5.4.16-43.el7_4.x86_64.rpm php-xml-5.4.16-43.el7_4.x86_64.rpm php-xmlrpc-5.4.16-43.el7_4.x86_64.rpm php-5.4.16-43.el7_4.src.rpm - Scientific Linux Development Team