SB2016090902 - Slackware Linux update for php

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2016090902

SB2016090902 - Slackware Linux update for php

Published: September 9, 2016 Updated: May 6, 2017

Security Bulletin ID SB2016090902
Severity
High
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 40% Medium 60%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-ID: CVE-2016-7125)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection.


2) Out-of-bounds write (CVE-ID: CVE-2016-7126)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have unspecified other impact via a large value in the third argument.


3) Out-of-bounds write (CVE-ID: CVE-2016-7127)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different signs for the second and third arguments.


4) Information disclosure (CVE-ID: CVE-2016-7128)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.


5) Input validation error (CVE-ID: CVE-2016-7129)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML document.


6) NULL pointer dereference (CVE-ID: CVE-2016-7130)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML document.


7) NULL pointer dereference (CVE-ID: CVE-2016-7131)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks a < (less than) character.


8) NULL pointer dereference (CVE-ID: CVE-2016-7132)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a stray element inside a boolean element, leading to incorrect pop processing.


9) Integer overflow (CVE-ID: CVE-2016-7133)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a long pathname.


10) Heap-based buffer overflow (CVE-ID: CVE-2016-7134)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in ext/curl/interface.c in PHP 7.x before 7.0.10. A remote attacker can use a long string that is mishandled in a curl_escape call. to trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


Remediation

Install update from vendor's website.

References