SB2016072213 - Slackware Linux update for php
Published: July 22, 2016 Updated: May 6, 2017
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) SSRF in Guzzle library (CVE-ID: CVE-2016-5385)
The vulnerability allows a remote attacker to execute arbitrary commands on vulnerable system.
The vulnerability exists due to usage of third-party PHP library Guzzle for performing server-side HTTP requests. A remote attacker can use malicious server that returns a 301 HTTP redirect response to local resource to connect to services within internal network or on localhost.
Successful exploitation of this vulnerability may allow an attacker to perform SSRF attack to retrieve information for further attacks against vulnerable system by performing unauthorized connections to local resources, gain access to sensitive information and compromise vulnerable system.
Note: this vulnerability is being actively exploited in the wild and is referred as HTTPoxy.
2) Environment variable injection in TYPO3 (CVE-ID: CVE-2016-5385)
The vulnerability allows a remote attacker to redirect an application's outbound HTTP traffic.The vulnerability exists in TYPO3 CMS. A remote attacker can redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request.
Successful exploitation of this vulnerability may result in XSS attack and data injection.
3) Buffer overflow (CVE-ID: CVE-2016-6207)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.
Remediation
Install update from vendor's website.