Red Hat update for php



Published: 2018-05-03 | Updated: 2018-05-23
Risk High
Patch available YES
Number of vulnerabilities 37
CVE-ID CVE-2016-7412
CVE-2016-7413
CVE-2016-7414
CVE-2016-7416
CVE-2016-7417
CVE-2016-7418
CVE-2016-7479
CVE-2016-9933
CVE-2016-9934
CVE-2016-9935
CVE-2016-9936
CVE-2016-10158
CVE-2016-10159
CVE-2016-10160
CVE-2016-10161
CVE-2016-10162
CVE-2016-10167
CVE-2016-10168
CVE-2017-5340
CVE-2017-7890
CVE-2017-9224
CVE-2017-9226
CVE-2017-9227
CVE-2017-9228
CVE-2017-9229
CVE-2017-11143
CVE-2017-11144
CVE-2017-11145
CVE-2017-11147
CVE-2017-11362
CVE-2017-11628
CVE-2017-12932
CVE-2017-12933
CVE-2017-12934
CVE-2017-16642
CVE-2018-5711
CVE-2018-5712
CWE-ID CWE-284
CWE-416
CWE-400
CWE-476
CWE-125
CWE-682
CWE-190
CWE-193
CWE-126
CWE-20
CWE-200
CWE-787
CWE-502
CWE-121
CWE-835
CWE-79
Exploitation vector Network
Public exploit Public exploit code for vulnerability #7 is available.
Public exploit code for vulnerability #35 is available.
Vulnerable software
Subscribe
Red Hat Enterprise Linux for Power
Operating systems & Components / Operating system

Red Hat Enterprise Linux for x86_64
Operating systems & Components / Operating system

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 37 vulnerabilities.

1) Arbitrary code execution

EUVDB-ID: #VU524

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-7412

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by heap overflow during handling of BIT fields in mysqlnd that allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power: 7.5

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1296

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Arbitrary code execution

EUVDB-ID: #VU527

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-7413

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by use-after-free memory error in wddx_deserialize() that allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power: 7.5

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1296

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Arbitrary code execution

EUVDB-ID: #VU525

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-7414

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by out-of-bounds memory error in phar_parse_zipfile() that allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power: 7.5

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1296

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Arbitrary code execution

EUVDB-ID: #VU523

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-7416

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by memory corruption in local data handling that allows a malicious user to get access to the system and cause arbitrary code execution.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power: 7.5

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1296

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Arbitrary code execution

EUVDB-ID: #VU526

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-7417

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by unserializing SplArray that leads to memory corruption error and allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power: 7.5

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1296

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Arbitrary code execution

EUVDB-ID: #VU528

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-7418

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by out-of-bounds memory read error in php_wddx_push_element() that allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power: 7.5

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1296

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Use-after-free error

EUVDB-ID: #VU12900

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-7479

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to resizing the 'properties' hash table of a serialized object during the unserialization process. A remote attacker can trigger use-after-free error and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power: 7.5

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1296

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Resource exhaustion

EUVDB-ID: #VU12901

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2016-9933

CWE-ID: CWE-400 - Uncontrolled Resource Consumption ('Resource Exhaustion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the gdImageFillToBorder function in gd.c due to stack consumption. A remote attacker can submit a specially crafted imagefilltoborder call that triggers use of a negative color value and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power: 7.5

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1296

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) NULL pointer dereference

EUVDB-ID: #VU12902

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2016-9934

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in ext/wddx/wddx.c due to NULL pointer dereference. A remote attacker can submit crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string, and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power: 7.5

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1296

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

10) Out-of-bounds read

EUVDB-ID: #VU12903

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2016-9935

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the php_wddx_push_element function in ext/wddx/wddx.c due to out-of-bounds read. A remote attacker can submit an empty boolean element in a wddxPacket XML document and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power: 7.5

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1296

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

11) Use-after-free error

EUVDB-ID: #VU12904

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2016-9936

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the unserialize implementation in ext/standard/var.c due to use-after-free error. A remote attacker can submit crafted serialized data and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power: 7.5

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1296

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

12) Incorrect calculation

EUVDB-ID: #VU12905

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2016-10158

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the exif_convert_any_to_int function in ext/exif/exif.c due to numeric errors. A remote attacker can submit specially crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1 and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power: 7.5

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1296

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

13) Integer overflow

EUVDB-ID: #VU12906

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2016-10159

CWE-ID: CWE-190 - Integer Overflow or Wraparound

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the phar_parse_pharfile function in ext/phar/phar.c due to integer overflow. A remote attacker can submit a truncated manifest entry in a PHAR archive and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power: 7.5

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1296

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

14) Off-by-one error

EUVDB-ID: #VU12907

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-10160

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists in the phar_parse_pharfile function in ext/phar/phar.c due to off-by-one error. A remote attacker can submit a specially crafted PHAR archive with an alias mismatch and cause the service to crash or execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power: 7.5

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1296

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

15) Buffer over-read

EUVDB-ID: #VU12908

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2016-10161

CWE-ID: CWE-126 - Buffer Over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the object_common1 function in ext/standard/var_unserializer.c due to buffer over-read. A remote attacker can submit specially crafted serialized data that is mishandled in a finish_nested_data call and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power: 7.5

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1296

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

16) NULL pointer dereference

EUVDB-ID: #VU12909

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2016-10162

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the php_wddx_pop_element function in ext/wddx/wddx.c due to NULL pointer dereference. A remote attacker can submit an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call, and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power: 7.5

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1296

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

17) Improper input validation

EUVDB-ID: #VU7575

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2016-10167

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation when processing images in gdImageCreateFromGd2Ctx() function in gd_gd2.c. A remote attacker can supply a malformed image and crash the application, using the affected library.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power: 7.5

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1296

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

18) Integer overflow

EUVDB-ID: #VU7576

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-10168

CWE-ID: CWE-190 - Integer Overflow or Wraparound

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack and potentially compromise vulnerable system.

The vulnerability exists due to integer overflow when processing the number of horizontal and vertical chunks in an image in gd_io.c. A remote attacker create a specially crafted image file, trigger memory corruption and crash the affected application or execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power: 7.5

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1296

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

19) Integer overflow

EUVDB-ID: #VU12910

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-5340

CWE-ID: CWE-190 - Integer Overflow or Wraparound

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists in zend/zend_hash.c due to mishandling certain cases that require large array allocations. A remote attacker can submit specially crafted serialized data and cause the service to crash or execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power: 7.5

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1296

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

20) Information disclosure

EUVDB-ID: #VU11789

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-7890

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists in the GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c due to it does not zero colorMap arrays before use. A remote attacker can trick the victim into opening a specially crafted GIF image that could use the uninitialized tables to read ~700 bytes from the top of the stack and gain access to potentially sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power: 7.5

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1296

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

21) Out-of-bounds read

EUVDB-ID: #VU7345

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-9224

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists in the mbstring due to stack out-of-bounds read in match_at() during regular expression searching. A remote attacker can trigger a logical error involving order of validation and access in match_at() and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power: 7.5

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1296

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

22) Heap-out-of-bounds write

EUVDB-ID: #VU7346

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-9226

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code.

The weakness exists in the mbstring due to heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. A remote attacker can supply a malformed regular expression containing an octal number in the form of '\700', trigger
out-of-bounds write memory corruption and execute arbitrary code with web server privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power: 7.5

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1296

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

23) Out-of-bounds read

EUVDB-ID: #VU7347

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-9227

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists in the mbstring due to an error in handling of reg->dmin in forward_search_range(). A remote attacker can trigger stack out-of-bounds read in mbc_enc_len() during regular expression searching and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power: 7.5

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1296

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

24) Heap-out-of-bounds write

EUVDB-ID: #VU7348

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-9228

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code.

The weakness exists in the mbstring due to heap out-of-bounds write in bitset_set_range() during regular expression compilation due to incorrect state transition in parse_char_class(). A remote attacker can trigger out-of-bounds write memory corruption and execute arbitrary code with web server privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power: 7.5

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1296

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

25) Null pointer dereference

EUVDB-ID: #VU7349

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-9229

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition.

The weakness exists in the mbstring due to an error in handling of reg->dmin in forward_search_range(). A remote attacker can trigger SIGSEGV in left_adjust_char_head() during regular expression compilation, cause NULL pointer dereference and the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power: 7.5

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1296

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

26) Deserialization of untrusted data

EUVDB-ID: #VU9695

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-11143

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in parser.c function due to deserialization of untrusted data. A remote attacker can inject specially crafted XML file and crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power: 7.5

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1296

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

27) Denial of service

EUVDB-ID: #VU9716

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-11144

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function. A remote attacker can trigger a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power: 7.5

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1296

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

28) Out-of-bounds read

EUVDB-ID: #VU8965

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-11145

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to out-of-bounds read in timelib_meridian(). A remote attacker can read arbitrary data on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power: 7.5

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1296

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

29) Buffer over-read

EUVDB-ID: #VU9717

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-11147

CWE-ID: CWE-126 - Buffer Over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or obtain potentially sensitive information on the target system.

The weakness exists due to a flaw in the PHAR archive handler. A remote attacker can supply malicious archive files, trigger buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c and cause the PHP interpreter to crash or potentially disclose information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power: 7.5

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1296

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

30) Stack-based buffer overflow

EUVDB-ID: #VU7352

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-11362

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code.

The weakness exists due to stack buffer overflow in line 142 when parsing locale in msgfmt_parse_message(). A remote attacker can trigger an error when passing overtly long slocale into libicu's umsg_open() that may lead to out-of-bounds write and execute arbitrary code with web server privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power: 7.5

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1296

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

31) Stack-based buffer overflow

EUVDB-ID: #VU7356

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-11628

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or potentially execute arbitrary code.

The weakness exists due to stack buffer overflow in PHP INI parsing API 2 when handling malicious input. A remote attacker can send specially crafted data, trigger stack buffer overflow in zend_ini_do_op() that may lead to out-of-bounds write, cause the application to crash or execute arbitrary code with web server privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power: 7.5

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1296

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

32) Heap use-after-free error

EUVDB-ID: #VU8137

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2017-12932

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to improper use of the hash API for key deletion in a situation with an invalid array size. A remote attacker can use untrusted data to trigger heap use-after-free error in ext/standard/var_unserializer.re and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power: 7.5

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1296

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

33) Deserialization of untrusted data

EUVDB-ID: #VU9956

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-12933

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a buffer over-read while unserializing untrusted data in the finish_nested_data function in ext/standard/var_unserializer.re. A remote attacker can perform a denial of service attack.


Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power: 7.5

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1296

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

34) Deserialization of untrusted data

EUVDB-ID: #VU9957

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-12934

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h in ext/standard/var_unserializer.re. A remote attacker can trigger a use-after-free condition and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power: 7.5

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1296

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

35) Out-of-bounds read

EUVDB-ID: #VU8968

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-16642

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read in timelib_meridian(). A remote attacker can cause the application to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power: 7.5

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1296

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

36) Infinite loop

EUVDB-ID: #VU10390

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-5711

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The disclosed vulnerability allows a local unauthenticated attacker to cause DoS condition.

The vulnerability exists  in PHP GD Graphics Library due to insufficient sanitization of user-supplied data. A local attacker can submit a specially crafted GIF, trigger an infinite loop and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power: 7.5

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1296

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

37) Reflected cross-site scripting

EUVDB-ID: #VU10389

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-5712

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists on the PHAR 404 error page due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power: 7.5

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1296

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###