SB2016031110 - Multiple vulnerabilities in PHP
Published: March 11, 2016 Updated: June 8, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Memory leak (CVE-ID: CVE-2016-2116)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file. A remote attacker can perform a denial of service attack.
2) Heap-based buffer overflow (CVE-ID: CVE-2008-5557)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6. A remote attacker can use a crafted string containing an HTML entity to trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Buffer overflow (CVE-ID: CVE-2008-2829)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long IMAP request, which triggers an "rfc822.c legacy routine buffer overflow" error message, related to the rfc822_write_address function.
4) Path traversal (CVE-ID: CVE-2008-2665)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in the posix_access function in PHP 5.2.6 and earlier. A remote authenticated attacker can send a specially crafted HTTP request and remote attackers to bypass safe_mode restrictions via a . (dot dot) in an http URL, which results in the URL being canonicalized to a local filename after the safe_mode check has successfully run.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=9d20dfb4b70c35a10a26afd2ddfb7f487ee2eeb9
- https://git.alpinelinux.org/aports/commit/?id=5cb610fc7996f6d7ddcdffd54f62c2adc184be7a
- https://git.alpinelinux.org/aports/commit/?id=e8da5230ad1d093c3862cca920ceec95b812f23d
- https://git.alpinelinux.org/aports/commit/?id=81be3fe3c463ee04af98ce512eeb4953800941b9
- https://git.alpinelinux.org/aports/commit/?id=aad6049e893525da6da4ffa07329f4fe1377b55c
- https://git.alpinelinux.org/aports/commit/?id=0d073f6c289592065b773cef9b13f0559dd4d58e
- https://git.alpinelinux.org/aports/commit/?id=244e4d797e740c7fedf8e3e9df9d9d85859b11b4
- http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0477.html
- http://bugs.php.net/bug.php?id=45722
- http://cvs.php.net/viewvc.cgi/php-src/ext/mbstring/libmbfl/filters/mbfilter_htmlent.c?r1=1.7&r2=1.8
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444
- http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
- http://marc.info/?l=bugtraq&m=124654546101607&w=2
- http://marc.info/?l=bugtraq&m=125631037611762&w=2
- http://secunia.com/advisories/34642
- http://secunia.com/advisories/35003
- http://secunia.com/advisories/35074
- http://secunia.com/advisories/35306
- http://secunia.com/advisories/35650
- http://securitytracker.com/id?1021482
- http://support.apple.com/kb/HT3549
- http://wiki.rpath.com/Advisories:rPSA-2009-0035
- http://www.debian.org/security/2009/dsa-1789
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:045
- http://www.php.net/ChangeLog-5.php#5.2.7
- http://www.redhat.com/support/errata/RHSA-2009-0350.html
- http://www.securityfocus.com/archive/1/501376/100/0/threaded
- http://www.securityfocus.com/bid/32948
- http://www.us-cert.gov/cas/techalerts/TA09-133A.html
- http://www.vupen.com/english/advisories/2009/1297
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47525
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10286
- https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html
- https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html
- http://bugs.php.net/bug.php?id=42862
- http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
- http://osvdb.org/46641
- http://secunia.com/advisories/31200
- http://secunia.com/advisories/32746
- http://security.gentoo.org/glsa/glsa-200811-05.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:126
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:127
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:128
- http://www.openwall.com/lists/oss-security/2008/06/19/6
- http://www.openwall.com/lists/oss-security/2008/06/24/2
- http://www.securityfocus.com/bid/29829
- http://www.ubuntu.com/usn/usn-628-1
- https://bugs.gentoo.org/show_bug.cgi?id=221969
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43357
- http://securityreason.com/achievement_securityalert/54
- http://securityreason.com/securityalert/3941
- http://www.securityfocus.com/bid/29797
- http://www.securitytracker.com/id?1020327
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43196