Debian update for php7.0



Published: 2018-01-11
Risk High
Patch available YES
Number of vulnerabilities 7
CVE-ID CVE-2017-11144
CVE-2017-11145
CVE-2017-11628
CVE-2017-12932
CVE-2017-12933
CVE-2017-12934
CVE-2017-16642
CWE-ID CWE-284
CWE-125
CWE-121
CWE-416
CWE-502
Exploitation vector Network
Public exploit Public exploit code for vulnerability #7 is available.
Vulnerable software
Subscribe
Debian Linux
Operating systems & Components / Operating system

Vendor Debian

Security Bulletin

This security bulletin contains information about 7 vulnerabilities.

1) Denial of service

EUVDB-ID: #VU9716

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-11144

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function. A remote attacker can trigger a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected package to version: 7.0.27-0+deb9u1

Vulnerable software versions

Debian Linux: All versions


CPE2.3 External links

http://bugs.php.net/bug.php?id=74651

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Out-of-bounds read

EUVDB-ID: #VU8965

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-11145

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to out-of-bounds read in timelib_meridian(). A remote attacker can read arbitrary data on the target system.

Mitigation

Update the affected package to version: 7.0.27-0+deb9u1

Vulnerable software versions

Debian Linux: All versions


CPE2.3 External links

http://php.net/ChangeLog-5.php#5.6.32

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Stack-based buffer overflow

EUVDB-ID: #VU7356

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-11628

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or potentially execute arbitrary code.

The weakness exists due to stack buffer overflow in PHP INI parsing API 2 when handling malicious input. A remote attacker can send specially crafted data, trigger stack buffer overflow in zend_ini_do_op() that may lead to out-of-bounds write, cause the application to crash or execute arbitrary code with web server privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update the affected package to version: 7.0.27-0+deb9u1

Vulnerable software versions

Debian Linux: All versions


CPE2.3 External links

http://php.net/ChangeLog-7.php#7.0.21
http://bugs.php.net/bug.php?id=74603

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Heap use-after-free error

EUVDB-ID: #VU8137

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2017-12932

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to improper use of the hash API for key deletion in a situation with an invalid array size. A remote attacker can use untrusted data to trigger heap use-after-free error in ext/standard/var_unserializer.re and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update the affected package to version: 7.0.27-0+deb9u1

Vulnerable software versions

Debian Linux: All versions


CPE2.3 External links

http://bugs.php.net/bug.php?id=74103

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Deserialization of untrusted data

EUVDB-ID: #VU9956

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-12933

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a buffer over-read while unserializing untrusted data in the finish_nested_data function in ext/standard/var_unserializer.re. A remote attacker can perform a denial of service attack.


Mitigation

Update the affected package to version: 7.0.27-0+deb9u1

Vulnerable software versions

Debian Linux: All versions


CPE2.3 External links

http://php.net/ChangeLog-5.php
http://php.net/ChangeLog-7.php
http://bugs.php.net/bug.php?id=74111

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Deserialization of untrusted data

EUVDB-ID: #VU9957

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-12934

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h in ext/standard/var_unserializer.re. A remote attacker can trigger a use-after-free condition and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package to version: 7.0.27-0+deb9u1

Vulnerable software versions

Debian Linux: All versions


CPE2.3 External links

http://php.net/ChangeLog-7.php
http://bugs.php.net/bug.php?id=74101

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Out-of-bounds read

EUVDB-ID: #VU8968

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-16642

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read in timelib_meridian(). A remote attacker can cause the application to crash.

Mitigation

Update the affected package to version: 7.0.27-0+deb9u1

Vulnerable software versions

Debian Linux: All versions


CPE2.3 External links

http://bugs.php.net/bug.php?id=75055

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###