Slackware Linux update for php



Published: 2016-09-24
Risk High
Patch available YES
Number of vulnerabilities 7
CVE-ID CVE-2016-7416
CVE-2016-7412
CVE-2016-7414
CVE-2016-7417
CVE-2016-7411
CVE-2016-7413
CVE-2016-7418
CWE-ID CWE-284
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
Slackware Linux
Operating systems & Components / Operating system

Vendor Slackware

Security Bulletin

This security bulletin contains information about 7 vulnerabilities.

1) Arbitrary code execution

EUVDB-ID: #VU523

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-7416

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by memory corruption in local data handling that allows a malicious user to get access to the system and cause arbitrary code execution.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected package php.

Vulnerable software versions

Slackware Linux: 14.0 - 14.2


CPE2.3 External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.449886

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Arbitrary code execution

EUVDB-ID: #VU524

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-7412

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by heap overflow during handling of BIT fields in mysqlnd that allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected package php.

Vulnerable software versions

Slackware Linux: 14.0 - 14.2


CPE2.3 External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.449886

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Arbitrary code execution

EUVDB-ID: #VU525

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-7414

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by out-of-bounds memory error in phar_parse_zipfile() that allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected package php.

Vulnerable software versions

Slackware Linux: 14.0 - 14.2


CPE2.3 External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.449886

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Arbitrary code execution

EUVDB-ID: #VU526

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-7417

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by unserializing SplArray that leads to memory corruption error and allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected package php.

Vulnerable software versions

Slackware Linux: 14.0 - 14.2


CPE2.3 External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.449886

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Arbitrary code execution

EUVDB-ID: #VU529

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-7411

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by deserialized object destruction that may result in memory corruption error and allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected package php.

Vulnerable software versions

Slackware Linux: 14.0 - 14.2


CPE2.3 External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.449886

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Arbitrary code execution

EUVDB-ID: #VU527

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-7413

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by use-after-free memory error in wddx_deserialize() that allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected package php.

Vulnerable software versions

Slackware Linux: 14.0 - 14.2


CPE2.3 External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.449886

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Arbitrary code execution

EUVDB-ID: #VU528

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-7418

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by out-of-bounds memory read error in php_wddx_push_element() that allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected package php.

Vulnerable software versions

Slackware Linux: 14.0 - 14.2


CPE2.3 External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.449886

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###