RHSA-2018:1296: Moderate: rh-php70-php security, bug fix, and enhancement update

First published: Thu May 03 2018(Updated: )

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: rh-php70-php (7.0.27). (BZ#1518843) Security Fix(es): <li> php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field (CVE-2016-7412)</li> <li> php: Use after free in wddx_deserialize (CVE-2016-7413)</li> <li> php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile (CVE-2016-7414)</li> <li> php: Stack based buffer overflow in msgfmt_format_message (CVE-2016-7416)</li> <li> php: Missing type check when unserializing SplArray (CVE-2016-7417)</li> <li> php: Null pointer dereference in php_wddx_push_element (CVE-2016-7418)</li> <li> php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object (CVE-2016-7479)</li> <li> php: Invalid read when wddx decodes empty boolean element (CVE-2016-9935)</li> <li> php: Use After Free in unserialize() (CVE-2016-9936)</li> <li> php: Wrong calculation in exif_convert_any_to_int function (CVE-2016-10158)</li> <li> php: Integer overflow in phar_parse_pharfile (CVE-2016-10159)</li> <li> php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive (CVE-2016-10160)</li> <li> php: Out-of-bounds heap read on unserialize in finish_nested_data() (CVE-2016-10161)</li> <li> php: Null pointer dereference when unserializing PHP object (CVE-2016-10162)</li> <li> gd: DoS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167)</li> <li> gd: Integer overflow in gd_io.c (CVE-2016-10168)</li> <li> php: Use of uninitialized memory in unserialize() (CVE-2017-5340)</li> <li> php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function (CVE-2017-7890)</li> <li> oniguruma: Out-of-bounds stack read in match_at() during regular expression searching (CVE-2017-9224)</li> <li> oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation (CVE-2017-9226)</li> <li> oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching (CVE-2017-9227)</li> <li> oniguruma: Out-of-bounds heap write in bitset_set_range() (CVE-2017-9228)</li> <li> oniguruma: Invalid pointer dereference in left_adjust_char_head() (CVE-2017-9229)</li> <li> php: Incorrect WDDX deserialization of boolean parameters leads to DoS (CVE-2017-11143)</li> <li> php: Incorrect return value check of OpenSSL sealing function leads to crash (CVE-2017-11144)</li> <li> php: Out-of-bounds read in phar_parse_pharfile (CVE-2017-11147)</li> <li> php: Stack-based buffer over-read in msgfmt_parse_message function (CVE-2017-11362)</li> <li> php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c (CVE-2017-11628)</li> <li> php: heap use after free in ext/standard/var_unserializer.re (CVE-2017-12932)</li> <li> php: heap use after free in ext/standard/var_unserializer.re (CVE-2017-12934)</li> <li> php: reflected XSS in .phar 404 page (CVE-2018-5712)</li> <li> php, gd: Stack overflow in gdImageFillToBorder on truecolor images (CVE-2016-9933)</li> <li> php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow (CVE-2016-9934)</li> <li> php: wddx_deserialize() heap out-of-bound read via php_parse_date() (CVE-2017-11145)</li> <li> php: buffer over-read in finish_nested_data function (CVE-2017-12933)</li> <li> php: Out-of-bound read in timelib_meridian() (CVE-2017-16642)</li> <li> php: Denial of Service (DoS) via infinite loop in libgd gdImageCreateFromGifCtx function in ext/gd/libgd/gd_gif_in.c (CVE-2018-5711)</li> For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For details, see the Red Hat Software Collections 3.1 Release Notes linked from the References section.

Affected Software	Affected Version	How to fix
redhat/rh-php70-php	<7.0.27-1.el7	7.0.27-1.el7
redhat/rh-php70-php	<7.0.27-1.el7	7.0.27-1.el7
redhat/rh-php70-php-bcmath	<7.0.27-1.el7	7.0.27-1.el7
redhat/rh-php70-php-cli	<7.0.27-1.el7	7.0.27-1.el7
redhat/rh-php70-php-common	<7.0.27-1.el7	7.0.27-1.el7
redhat/rh-php70-php-dba	<7.0.27-1.el7	7.0.27-1.el7
redhat/rh-php70-php-dbg	<7.0.27-1.el7	7.0.27-1.el7
redhat/rh-php70-php-debuginfo	<7.0.27-1.el7	7.0.27-1.el7
redhat/rh-php70-php-devel	<7.0.27-1.el7	7.0.27-1.el7
redhat/rh-php70-php-embedded	<7.0.27-1.el7	7.0.27-1.el7
redhat/rh-php70-php-enchant	<7.0.27-1.el7	7.0.27-1.el7
redhat/rh-php70-php-fpm	<7.0.27-1.el7	7.0.27-1.el7
redhat/rh-php70-php-gd	<7.0.27-1.el7	7.0.27-1.el7
redhat/rh-php70-php-gmp	<7.0.27-1.el7	7.0.27-1.el7
redhat/rh-php70-php-intl	<7.0.27-1.el7	7.0.27-1.el7
redhat/rh-php70-php-json	<7.0.27-1.el7	7.0.27-1.el7
redhat/rh-php70-php-ldap	<7.0.27-1.el7	7.0.27-1.el7
redhat/rh-php70-php-mbstring	<7.0.27-1.el7	7.0.27-1.el7
redhat/rh-php70-php-mysqlnd	<7.0.27-1.el7	7.0.27-1.el7
redhat/rh-php70-php-odbc	<7.0.27-1.el7	7.0.27-1.el7
redhat/rh-php70-php-opcache	<7.0.27-1.el7	7.0.27-1.el7
redhat/rh-php70-php-pdo	<7.0.27-1.el7	7.0.27-1.el7
redhat/rh-php70-php-pgsql	<7.0.27-1.el7	7.0.27-1.el7
redhat/rh-php70-php-process	<7.0.27-1.el7	7.0.27-1.el7
redhat/rh-php70-php-pspell	<7.0.27-1.el7	7.0.27-1.el7
redhat/rh-php70-php-recode	<7.0.27-1.el7	7.0.27-1.el7
redhat/rh-php70-php-snmp	<7.0.27-1.el7	7.0.27-1.el7
redhat/rh-php70-php-soap	<7.0.27-1.el7	7.0.27-1.el7
redhat/rh-php70-php-xml	<7.0.27-1.el7	7.0.27-1.el7
redhat/rh-php70-php-xmlrpc	<7.0.27-1.el7	7.0.27-1.el7
redhat/rh-php70-php-zip	<7.0.27-1.el7	7.0.27-1.el7
redhat/rh-php70-php	<7.0.27-1.el6	7.0.27-1.el6
redhat/rh-php70-php	<7.0.27-1.el6	7.0.27-1.el6
redhat/rh-php70-php-bcmath	<7.0.27-1.el6	7.0.27-1.el6
redhat/rh-php70-php-cli	<7.0.27-1.el6	7.0.27-1.el6
redhat/rh-php70-php-common	<7.0.27-1.el6	7.0.27-1.el6
redhat/rh-php70-php-dba	<7.0.27-1.el6	7.0.27-1.el6
redhat/rh-php70-php-dbg	<7.0.27-1.el6	7.0.27-1.el6
redhat/rh-php70-php-debuginfo	<7.0.27-1.el6	7.0.27-1.el6
redhat/rh-php70-php-devel	<7.0.27-1.el6	7.0.27-1.el6
redhat/rh-php70-php-embedded	<7.0.27-1.el6	7.0.27-1.el6
redhat/rh-php70-php-enchant	<7.0.27-1.el6	7.0.27-1.el6
redhat/rh-php70-php-fpm	<7.0.27-1.el6	7.0.27-1.el6
redhat/rh-php70-php-gd	<7.0.27-1.el6	7.0.27-1.el6
redhat/rh-php70-php-gmp	<7.0.27-1.el6	7.0.27-1.el6
redhat/rh-php70-php-imap	<7.0.27-1.el6	7.0.27-1.el6
redhat/rh-php70-php-intl	<7.0.27-1.el6	7.0.27-1.el6
redhat/rh-php70-php-json	<7.0.27-1.el6	7.0.27-1.el6
redhat/rh-php70-php-ldap	<7.0.27-1.el6	7.0.27-1.el6
redhat/rh-php70-php-mbstring	<7.0.27-1.el6	7.0.27-1.el6
redhat/rh-php70-php-mysqlnd	<7.0.27-1.el6	7.0.27-1.el6
redhat/rh-php70-php-odbc	<7.0.27-1.el6	7.0.27-1.el6
redhat/rh-php70-php-opcache	<7.0.27-1.el6	7.0.27-1.el6
redhat/rh-php70-php-pdo	<7.0.27-1.el6	7.0.27-1.el6
redhat/rh-php70-php-pgsql	<7.0.27-1.el6	7.0.27-1.el6
redhat/rh-php70-php-process	<7.0.27-1.el6	7.0.27-1.el6
redhat/rh-php70-php-pspell	<7.0.27-1.el6	7.0.27-1.el6
redhat/rh-php70-php-recode	<7.0.27-1.el6	7.0.27-1.el6
redhat/rh-php70-php-snmp	<7.0.27-1.el6	7.0.27-1.el6
redhat/rh-php70-php-soap	<7.0.27-1.el6	7.0.27-1.el6
redhat/rh-php70-php-tidy	<7.0.27-1.el6	7.0.27-1.el6
redhat/rh-php70-php-xml	<7.0.27-1.el6	7.0.27-1.el6
redhat/rh-php70-php-xmlrpc	<7.0.27-1.el6	7.0.27-1.el6
redhat/rh-php70-php-zip	<7.0.27-1.el6	7.0.27-1.el6

Never miss a vulnerability like this again

Reference Links

https://access.redhat.com/errata/RHSA-2018:1296 (Advisory)

agent/severity
agent/references
agent/type
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
agent/title
agent/remedy
agent/weakness
agent/tags
agent/description
agent/event
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2018:1296
agent/software-canonical-lookup
package-manager/redhat

RHSA-2018:1296: Moderate: rh-php70-php security, bug fix, and enhancement update

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact