ID CVE-2017-7890
Summary The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.
References
Vulnerable Configurations
  • PHP 5.6.30
    cpe:2.3:a:php:php:5.6.30
  • PHP 7.0.0
    cpe:2.3:a:php:php:7.0.0
  • PHP 7.0.1
    cpe:2.3:a:php:php:7.0.1
  • PHP 7.0.2
    cpe:2.3:a:php:php:7.0.2
  • PHP 7.0.3
    cpe:2.3:a:php:php:7.0.3
  • PHP 7.0.4
    cpe:2.3:a:php:php:7.0.4
  • PHP 7.0.5
    cpe:2.3:a:php:php:7.0.5
  • PHP 7.0.6
    cpe:2.3:a:php:php:7.0.6
  • PHP 7.0.7
    cpe:2.3:a:php:php:7.0.7
  • PHP 7.0.8
    cpe:2.3:a:php:php:7.0.8
  • PHP 7.0.9
    cpe:2.3:a:php:php:7.0.9
  • PHP 7.0.10
    cpe:2.3:a:php:php:7.0.10
  • PHP 7.0.11
    cpe:2.3:a:php:php:7.0.11
  • PHP 7.0.12
    cpe:2.3:a:php:php:7.0.12
  • PHP 7.0.13
    cpe:2.3:a:php:php:7.0.13
  • PHP 7.0.14
    cpe:2.3:a:php:php:7.0.14
  • PHP 7.0.15
    cpe:2.3:a:php:php:7.0.15
  • PHP 7.0.16
    cpe:2.3:a:php:php:7.0.16
  • PHP 7.0.17
    cpe:2.3:a:php:php:7.0.17
  • PHP 7.0.18
    cpe:2.3:a:php:php:7.0.18
  • PHP 7.0.19
    cpe:2.3:a:php:php:7.0.19
  • PHP 7.0.20
    cpe:2.3:a:php:php:7.0.20
  • PHP 7.1.0
    cpe:2.3:a:php:php:7.1.0
  • PHP 7.1.1
    cpe:2.3:a:php:php:7.1.1
  • PHP 7.1.2
    cpe:2.3:a:php:php:7.1.2
  • PHP 7.1.3
    cpe:2.3:a:php:php:7.1.3
  • PHP 7.1.4
    cpe:2.3:a:php:php:7.1.4
  • PHP 7.1.5
    cpe:2.3:a:php:php:7.1.5
  • PHP 7.1.6
    cpe:2.3:a:php:php:7.1.6
CVSS
Base: 4.3
Impact:
Exploitability:
CWE CWE-200
CAPEC
  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
  • Reusing Session IDs (aka Session Replay)
    This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
  • Using Slashes in Alternate Encoding
    This attack targets the encoding of the Slash characters. An attacker would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the attacker many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.
nessus via4
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-0406.NASL
    description An update for php is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * php: Buffer over-read from uninitialized data in gdImageCreateFromGifCtx function (CVE-2017-7890) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 107272
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107272
    title CentOS 7 : php (CESA-2018:0406)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-0406.NASL
    description From Red Hat Security Advisory 2018:0406 : An update for php is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * php: Buffer over-read from uninitialized data in gdImageCreateFromGifCtx function (CVE-2017-7890) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen 2019-02-21
    modified 2018-03-08
    plugin id 107204
    published 2018-03-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107204
    title Oracle Linux 7 : php (ELSA-2018-0406)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-0406.NASL
    description An update for php is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * php: Buffer over-read from uninitialized data in gdImageCreateFromGifCtx function (CVE-2017-7890) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 107188
    published 2018-03-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107188
    title RHEL 7 : php (RHSA-2018:0406)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3389-1.NASL
    description A vulnerability was discovered in GD Graphics Library (aka libgd), as used in PHP that does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read bytes from the top of the stack. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 102493
    published 2017-08-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102493
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : libgd2 vulnerability (USN-3389-1)
  • NASL family Misc.
    NASL id SECURITYCENTER_PHP_5_6_31.NASL
    description The Tenable SecurityCenter application installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities in the bundled version of PHP : - An out-of-bounds read flaw in the phar_parse_pharfile() function in ext/phar/phar.c that is triggered when handling phar archives. This may allow a remote attacker to cause a denial of service. - An out-of-bounds read flaw in the gdImageCreateFromGifCtx() function in gd_gif_in.c that is triggered when handling a specially crafted GIF file. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. - An extended invalid free flaw in the php_wddx_push_element() function in ext/wddx/wddx.c that is triggered during the parsing of empty boolean tags. This may allow a remote attacker to crash a program built with the language. - The openssl extension PEM sealing code does not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter. - A flaw that is triggered when handling overly large POST requests. This may allow a remote attacker to exhaust available CPU resources. - An out-of-bounds read flaw in the php_parse_date() function in ext/date/lib/parse_date.c that may allow a remote attacker to crash a program built with the language or potentially disclose memory contents. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-12-14
    plugin id 103121
    published 2017-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103121
    title Tenable SecurityCenter PHP < 5.6.31 Multiple Vulnerabilities (TNS-2017-12
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_5033E2FC98EC4EF58E0B87CFBBC73081.NASL
    description PHP developers report : The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 103478
    published 2017-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103478
    title FreeBSD : php-gd and gd -- Buffer over-read into uninitialized memory (5033e2fc-98ec-4ef5-8e0b-87cfbbc73081)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-AC3DD4ECF8.NASL
    description **Version 2.2.5** - 2017-08-30 - **Security** - Double-free in gdImagePngPtr(). **CVE-2017-6362** - Buffer over-read into uninitialized memory. **CVE-2017-7890** - **Fixed** - Fix #109: XBM reading fails with printed error - Fix #338: Fatal and normal libjpeg/ibpng errors not distinguishable - Fix #357: 2.2.4: Segfault in test suite - Fix #386: gdImageGrayScale() may produce colors - Fix #406: webpng -i removes the transparent color - Fix Coverity #155475: Failure to restore alphaBlendingFlag - Fix Coverity #155476: potential resource leak - Fix several build issues and test failures - Fix and reenable optimized support for reading 1 bps TIFFs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-02
    plugin id 105952
    published 2018-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105952
    title Fedora 27 : gd (2017-ac3dd4ecf8)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3938.NASL
    description Matviy Kotoniy reported that the gdImageCreateFromGifCtx() function used to load images from GIF format files in libgd2, a library for programmatic graphics creation and manipulation, does not zero stack allocated color map buffers before their use, which may result in information disclosure if a specially crafted file is processed.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 102445
    published 2017-08-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102445
    title Debian DSA-3938-1 : libgd2 - security update
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1249.NASL
    description According to the version of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.(CVE-2017-7890) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 117558
    published 2018-09-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117558
    title EulerOS Virtualization 2.5.0 : php (EulerOS-SA-2018-1249)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2017-867.NASL
    description Out-of-bounds heap write in bitset_set_range() : An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption. (CVE-2017-9228) Buffer over-read from unitialized data in gdImageCreateFromGifCtx function The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information. (CVE-2017-7890) Invalid pointer dereference in left_adjust_char_head() : An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition. (CVE-2017-9229) Heap buffer overflow in next_state_val() during regular expression compilation : An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of \\700 would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.(CVE-2017-9226) Out-of-bounds stack read in mbc_enc_len() during regular expression searching : An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer. (CVE-2017-9227) Out-of-bounds stack read in match_at() during regular expression searching : An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer. (CVE-2017-9224)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 102181
    published 2017-08-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102181
    title Amazon Linux AMI : php70 (ALAS-2017-867)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20180306_PHP_ON_SL7_X.NASL
    description Security Fix(es) : - php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function (CVE-2017-7890)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 107212
    published 2018-03-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107212
    title Scientific Linux Security Update : php on SL7.x x86_64
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1055.NASL
    description Matviy Kotoniy reported that the gdImageCreateFromGifCtx() function used to load images from GIF format files in libgd2, a library for programmatic graphics creation and manipulation, does not zero stack allocated color map buffers before their use, which may result in information disclosure if a specially crafted file is processed. For Debian 7 'Wheezy', these problems have been fixed in version 2.0.36~rc1~dfsg-6.1+deb7u9. We recommend that you upgrade your libgd2 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-09
    plugin id 102440
    published 2017-08-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102440
    title Debian DLA-1055-1 : libgd2 security update
  • NASL family CGI abuses
    NASL id PHP_7_1_7.NASL
    description According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.7. It is, therefore, affected by the following vulnerabilities : - An out-of-bounds read error exists in the GD Graphics Library (LibGD) in the gdImageCreateFromGifCtx() function within file gd_gif_in.c when handling a specially crafted GIF file. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-7890) - An out-of-bounds read error exists in Oniguruma in the match_at() function within file regexec.c. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-9224) - An out-of-bounds write error exists in Oniguruma in the next_state_val() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9226) - An out-of-bounds read error exists in Oniguruma in the mbc_enc_len() function within file utf8.c. An unauthenticated, remote attacker can exploit this to disclose memory contents or crash a process linked to the library. (CVE-2017-9227) - An out-of-bounds write error exists in Oniguruma in the bitset_set_range() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9228) - An invalid pointer deference flaw exists in Oniguruma in the left_adjust_char_head() function within file regexec.c during regular expression compilation. An unauthenticated, remote attacker can exploit this to crash a process linked to the library, resulting in a denial of service condition. (CVE-2017-9229) - A flaw exists in OpenSSL in the EVP_SealInit() function within file crypto/evp/p_seal.c due to returning an undocumented value of '-1'. An unauthenticated, remote attacker can exploit this to cause an unspecified impact. (CVE-2017-11144) - An out-of-bounds read error exists in PHP in the php_parse_date() function within file ext/date/lib/parse_date.c. An unauthenticated, remote attacker can exploit this to disclose memory contents or cause a denial of service condition. (CVE-2017-11145) - A use-after-free error exists in PHP in the zval_get_type() function within file ext/standard/var_unserializer.c. An unauthenticated, remote attacker can exploit this to execute arbitrary code. - An out-of-bounds read error exists in PHP in the finish_nested_data() function within file ext/standard/var_unserializer.re. An unauthenticated, remote attacker can exploit this to disclose memory contents or cause a denial of service condition. - An off-by-one overflow condition exists in PHP in the INI parsing API, specifically in the zend_ini_do_op() function within file Zend/zend_ini_parser.y, due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. - A stack-based buffer overflow condition exists in PHP in the msgfmt_parse_message() function due to improper validation of user-supplied input when parsing locale. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 101527
    published 2017-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101527
    title PHP 7.1.x < 7.1.7 Multiple Vulnerabilities
  • NASL family CGI abuses
    NASL id PHP_7_0_21.NASL
    description According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.21. It is, therefore, affected by the following vulnerabilities : - An out-of-bounds read error exists in the PCRE library in the compile_bracket_matchingpath() function within file pcre_jit_compile.c. An unauthenticated, remote attacker can exploit this, via a specially crafted regular expression, to crash a process linked to the library, resulting in a denial of service condition. (CVE-2017-6004) - An out-of-bounds read error exists in the GD Graphics Library (LibGD) in the gdImageCreateFromGifCtx() function within file gd_gif_in.c when handling a specially crafted GIF file. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-7890) - An out-of-bounds read error exists in Oniguruma in the match_at() function within file regexec.c. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-9224) - An out-of-bounds write error exists in Oniguruma in the next_state_val() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9226) - An out-of-bounds read error exists in Oniguruma in the mbc_enc_len() function within file utf8.c. An unauthenticated, remote attacker can exploit this to disclose memory contents or crash a process linked to the library. (CVE-2017-9227) - An out-of-bounds write error exists in Oniguruma in the bitset_set_range() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9228) - An invalid pointer deference flaw exists in Oniguruma in the left_adjust_char_head() function within file regexec.c during regular expression compilation. An unauthenticated, remote attacker can exploit this to crash a process linked to the library, resulting in a denial of service condition. (CVE-2017-9229) - A flaw exists in OpenSSL in the EVP_SealInit() function within file crypto/evp/p_seal.c due to returning an undocumented value of '-1'. An unauthenticated, remote attacker can exploit this to cause an unspecified impact. (CVE-2017-11144) - An out-of-bounds read error exists in PHP in the php_parse_date() function within file ext/date/lib/parse_date.c. An unauthenticated, remote attacker can exploit this to disclose memory contents or cause a denial of service condition. (CVE-2017-11145) - A use-after-free error exists in PHP in the zval_get_type() function within file ext/standard/var_unserializer.c. An unauthenticated, remote attacker can exploit this to execute arbitrary code. - An out-of-bounds read error exists in PHP in the finish_nested_data() function within file ext/standard/var_unserializer.re. An unauthenticated, remote attacker can exploit this to disclose memory contents or cause a denial of service condition. - An off-by-one overflow condition exists in PHP in the INI parsing API, specifically in the zend_ini_do_op() function within file Zend/zend_ini_parser.y, due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. - A stack-based buffer overflow condition exists in PHP in the msgfmt_parse_message() function due to improper validation of user-supplied input when parsing locale. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 101526
    published 2017-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101526
    title PHP 7.0.x < 7.0.21 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-1010.NASL
    description This update for php5 fixes the following issues : - CVE-2016-10397: parse_url() can be bypassed to return fake host. (bsc#1047454) - CVE-2017-11143: An invalid free in the WDDX deserialization of booleanparameters could be used by attackers able to inject XML for deserialization tocrash the PHP interpreter. (bsc#1048097) - CVE-2017-11144: The opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash. (bsc#1048096) - CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to information leak. (bsc#1048112) - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could lead to information leak. (bsc#1048111) - CVE-2017-11147: The PHAR archive handler could beused by attackers supplying malicious archive files to crash the PHP interpreteror potentially disclose information. (bsc#1048094) - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting could lead to heap overflow (bsc#986386) - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() in Zend/zend_ini_parser.c (bsc#1050726) - CVE-2017-7890: Buffer over-read from uninitialized data in gdImageCreateFromGifCtx function could lead to denial of service (bsc#1050241) This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 102966
    published 2017-09-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102966
    title openSUSE Security Update : php5 (openSUSE-2017-1010)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-A69B0BB52D.NASL
    description **Version 2.2.5** - 2017-08-30 - **Security** - Double-free in gdImagePngPtr(). **CVE-2017-6362** - Buffer over-read into uninitialized memory. **CVE-2017-7890** - **Fixed** - Fix #109: XBM reading fails with printed error - Fix #338: Fatal and normal libjpeg/ibpng errors not distinguishable - Fix #357: 2.2.4: Segfault in test suite - Fix #386: gdImageGrayScale() may produce colors - Fix #406: webpng -i removes the transparent color - Fix Coverity #155475: Failure to restore alphaBlendingFlag - Fix Coverity #155476: potential resource leak - Fix several build issues and test failures - Fix and reenable optimized support for reading 1 bps TIFFs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-02
    plugin id 102985
    published 2017-09-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102985
    title Fedora 25 : gd (2017-a69b0bb52d)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-7CC0E6A5F5.NASL
    description **Version 2.2.5** - 2017-08-30 - **Security** - Double-free in gdImagePngPtr(). **CVE-2017-6362** - Buffer over-read into uninitialized memory. **CVE-2017-7890** - **Fixed** - Fix #109: XBM reading fails with printed error - Fix #338: Fatal and normal libjpeg/ibpng errors not distinguishable - Fix #357: 2.2.4: Segfault in test suite - Fix #386: gdImageGrayScale() may produce colors - Fix #406: webpng -i removes the transparent color - Fix Coverity #155475: Failure to restore alphaBlendingFlag - Fix Coverity #155476: potential resource leak - Fix several build issues and test failures - Fix and reenable optimized support for reading 1 bps TIFFs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-02
    plugin id 102937
    published 2017-09-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102937
    title Fedora 26 : gd (2017-7cc0e6a5f5)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2018-108-01.NASL
    description New gd packages are available for Slackware 14.2 and -current to fix security issues.
    last seen 2019-02-21
    modified 2018-04-19
    plugin id 109147
    published 2018-04-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109147
    title Slackware 14.2 / current : gd (SSA:2018-108-01)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2303-1.NASL
    description This update for php7 fixes the following issues : - CVE-2016-10397: parse_url() can be bypassed to return fake host. (bsc#1047454) - CVE-2017-11142: Remoteattackers could cause a CPU consumption denial of service attack by injectinglong form variables, related to main/php_variables. (bsc#1048100) - CVE-2017-11144: The opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash. (bsc#1048096) - CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to information leak. (bsc#1048112) - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could lead to information leak. (bsc#1048111) - CVE-2017-11147: The PHAR archive handler could beused by attackers supplying malicious archive files to crash the PHP interpreteror potentially disclose information. (bsc#1048094) - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() could lead to denial of service (bsc#1050726) - CVE-2017-7890: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function could lead to denial of service (bsc#1050241) - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow could lead to denial of service or code execution (bsc#986386) Other fixes : - Soap Request with References (bsc#1053645) - php7-pear should explicitly require php7-pear-Archive_Tar otherwise this dependency must be declared in every php7-pear-* package explicitly. [bnc#1052389] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 120003
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120003
    title SUSE SLES12 Security Update : php7 (SUSE-SU-2017:2303-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-994.NASL
    description This update for php7 fixes the following issues : - CVE-2016-10397: parse_url() can be bypassed to return fake host. (bsc#1047454) - CVE-2017-11142: Remoteattackers could cause a CPU consumption denial of service attack by injectinglong form variables, related to main/php_variables. (bsc#1048100) - CVE-2017-11144: The opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash. (bsc#1048096) - CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to information leak. (bsc#1048112) - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could lead to information leak. (bsc#1048111) - CVE-2017-11147: The PHAR archive handler could beused by attackers supplying malicious archive files to crash the PHP interpreteror potentially disclose information. (bsc#1048094) - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() could lead to denial of service (bsc#1050726) - CVE-2017-7890: Buffer over-read from uninitialized data in gdImageCreateFromGifCtx function could lead to denial of service (bsc#1050241) - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow could lead to denial of service or code execution (bsc#986386) Other fixes : - Soap Request with References (bsc#1053645) - php7-pear should explicitly require php7-pear-Archive_Tar otherwise this dependency must be declared in every php7-pear-* package explicitly. [bnc#1052389] This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 102947
    published 2017-09-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102947
    title openSUSE Security Update : php7 (openSUSE-2017-994)
  • NASL family CGI abuses
    NASL id PHP_5_6_31.NASL
    description According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.31. It is, therefore, affected by the following vulnerabilities : - An out-of-bounds read error exists in the PCRE library in the compile_bracket_matchingpath() function within file pcre_jit_compile.c. An unauthenticated, remote attacker can exploit this, via a specially crafted regular expression, to crash a process linked to the library, resulting in a denial of service condition. (CVE-2017-6004) - An out-of-bounds read error exists in the GD Graphics Library (LibGD) in the gdImageCreateFromGifCtx() function within file gd_gif_in.c when handling a specially crafted GIF file. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-7890) - An out-of-bounds read error exists in Oniguruma in the match_at() function within file regexec.c. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-9224) - An out-of-bounds write error exists in Oniguruma in the next_state_val() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9226) - An out-of-bounds read error exists in Oniguruma in the mbc_enc_len() function within file utf8.c. An unauthenticated, remote attacker can exploit this to disclose memory contents or crash a process linked to the library. (CVE-2017-9227) - An out-of-bounds write error exists in Oniguruma in the bitset_set_range() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9228) - An invalid pointer deference flaw exists in Oniguruma in the left_adjust_char_head() function within file regexec.c during regular expression compilation. An unauthenticated, remote attacker can exploit this to crash a process linked to the library, resulting in a denial of service condition. (CVE-2017-9229) - A denial of service condition exists in PHP when handling overlarge POST requests. An unauthenticated, remote attacker can exploit this to exhaust available CPU resources. (CVE-2017-11142) - An extended invalid free error exists in PHP in the php_wddx_push_element() function within file ext/wddx/wddx.c when parsing empty boolean tags. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-11143) - A flaw exists in OpenSSL in the EVP_SealInit() function within file crypto/evp/p_seal.c due to returning an undocumented value of '-1'. An unauthenticated, remote attacker can exploit this to cause an unspecified impact. (CVE-2017-11144) - An out-of-bounds read error exists in PHP in the php_parse_date() function within file ext/date/lib/parse_date.c. An unauthenticated, remote attacker can exploit this to disclose memory contents or cause a denial of service condition. (CVE-2017-11145) - An out-of-bounds read error exists in PHP in the finish_nested_data() function within file ext/standard/var_unserializer.re. An unauthenticated, remote attacker can exploit this to disclose memory contents or cause a denial of service condition. - An off-by-one overflow condition exists in PHP in the INI parsing API, specifically in the zend_ini_do_op() function within file Zend/zend_ini_parser.y, due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 101525
    published 2017-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101525
    title PHP 5.6.x < 5.6.31 Multiple Vulnerabilities
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1096.NASL
    description According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string.(CVE-2018-7584) - In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a '$uri = stream_get_meta_data(fopen($file, 'r'))['uri']' call mishandles the case where $file is data:text/plain;uri=eviluri, -- in other words, metadata can be set by an attacker.(CVE-2016-10712) - The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.(CVE-2017-7890) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 109494
    published 2018-05-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109494
    title EulerOS 2.0 SP1 : php (EulerOS-SA-2018-1096)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2522-1.NASL
    description This update for php53 fixes the several issues. These security issues were fixed : - CVE-2017-12933: The finish_nested_data function in ext/standard/var_unserializer.re was prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue could have had an unspecified impact on the integrity of PHP (bsc#1054430). - CVE-2017-11628: Stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could have caused a denial of service or potentially allowed executing code (bsc#1050726). - CVE-2017-7890: The GIF decoding function gdImageCreateFromGifCtx in the GD Graphics Library did not zero colorMap arrays use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information (bsc#1050241). - CVE-2016-5766: Integer overflow in the _gd2GetHeader in the GD Graphics Library (aka libgd) allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image (bsc#986386). - CVE-2017-11145: An error in the date extension's timelib_meridian parsing code could have been used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function (bsc#1048112). - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could have lead to information leak [bsc#1048111] - CVE-2016-10397: Incorrect handling of various URI components in the URL parser could have been used by attackers to bypass hostname-specific URL checks (bsc#1047454). - CVE-2017-11147: The PHAR archive handler could have been used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function (bsc#1048094). - CVE-2017-11144: The openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could have lead to a crash of the PHP interpreter (bsc#1048096). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 103317
    published 2017-09-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103317
    title SUSE SLES11 Security Update : php53 (SUSE-SU-2017:2522-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2317-1.NASL
    description This update for php5 fixes the following issues : - CVE-2016-10397: parse_url() can be bypassed to return fake host. (bsc#1047454) - CVE-2017-11143: An invalid free in the WDDX deserialization of booleanparameters could be used by attackers able to inject XML for deserialization tocrash the PHP interpreter. (bsc#1048097) - CVE-2017-11144: The opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash. (bsc#1048096) - CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to information leak. (bsc#1048112) - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could lead to information leak. (bsc#1048111) - CVE-2017-11147: The PHAR archive handler could beused by attackers supplying malicious archive files to crash the PHP interpreteror potentially disclose information. (bsc#1048094) - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting could lead to heap overflow (bsc#986386) - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() in Zend/zend_ini_parser.c (bsc#1050726) - CVE-2017-7890: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function could lead to denial of service (bsc#1050241) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 120004
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120004
    title SUSE SLES12 Security Update : php5 (SUSE-SU-2017:2317-1)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1097.NASL
    description According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string.(CVE-2018-7584) - In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a '$uri = stream_get_meta_data(fopen($file, 'r'))['uri']' call mishandles the case where $file is data:text/plain;uri=eviluri, -- in other words, metadata can be set by an attacker.(CVE-2016-10712) - The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.(CVE-2017-7890) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 109495
    published 2018-05-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109495
    title EulerOS 2.0 SP2 : php (EulerOS-SA-2018-1097)
redhat via4
advisories
  • bugzilla
    id 1473822
    title CVE-2017-7890 php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment php is earlier than 0:5.4.16-43.el7_4.1
          oval oval:com.redhat.rhsa:tst:20180406041
        • comment php is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195006
      • AND
        • comment php-bcmath is earlier than 0:5.4.16-43.el7_4.1
          oval oval:com.redhat.rhsa:tst:20180406027
        • comment php-bcmath is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195048
      • AND
        • comment php-cli is earlier than 0:5.4.16-43.el7_4.1
          oval oval:com.redhat.rhsa:tst:20180406039
        • comment php-cli is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195044
      • AND
        • comment php-common is earlier than 0:5.4.16-43.el7_4.1
          oval oval:com.redhat.rhsa:tst:20180406019
        • comment php-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195010
      • AND
        • comment php-dba is earlier than 0:5.4.16-43.el7_4.1
          oval oval:com.redhat.rhsa:tst:20180406021
        • comment php-dba is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195054
      • AND
        • comment php-devel is earlier than 0:5.4.16-43.el7_4.1
          oval oval:com.redhat.rhsa:tst:20180406053
        • comment php-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195032
      • AND
        • comment php-embedded is earlier than 0:5.4.16-43.el7_4.1
          oval oval:com.redhat.rhsa:tst:20180406011
        • comment php-embedded is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195038
      • AND
        • comment php-enchant is earlier than 0:5.4.16-43.el7_4.1
          oval oval:com.redhat.rhsa:tst:20180406033
        • comment php-enchant is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195026
      • AND
        • comment php-fpm is earlier than 0:5.4.16-43.el7_4.1
          oval oval:com.redhat.rhsa:tst:20180406047
        • comment php-fpm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130514036
      • AND
        • comment php-gd is earlier than 0:5.4.16-43.el7_4.1
          oval oval:com.redhat.rhsa:tst:20180406035
        • comment php-gd is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195056
      • AND
        • comment php-intl is earlier than 0:5.4.16-43.el7_4.1
          oval oval:com.redhat.rhsa:tst:20180406023
        • comment php-intl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195030
      • AND
        • comment php-ldap is earlier than 0:5.4.16-43.el7_4.1
          oval oval:com.redhat.rhsa:tst:20180406045
        • comment php-ldap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195046
      • AND
        • comment php-mbstring is earlier than 0:5.4.16-43.el7_4.1
          oval oval:com.redhat.rhsa:tst:20180406017
        • comment php-mbstring is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195042
      • AND
        • comment php-mysql is earlier than 0:5.4.16-43.el7_4.1
          oval oval:com.redhat.rhsa:tst:20180406043
        • comment php-mysql is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195008
      • AND
        • comment php-mysqlnd is earlier than 0:5.4.16-43.el7_4.1
          oval oval:com.redhat.rhsa:tst:20180406007
        • comment php-mysqlnd is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141013028
      • AND
        • comment php-odbc is earlier than 0:5.4.16-43.el7_4.1
          oval oval:com.redhat.rhsa:tst:20180406037
        • comment php-odbc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195020
      • AND
        • comment php-pdo is earlier than 0:5.4.16-43.el7_4.1
          oval oval:com.redhat.rhsa:tst:20180406005
        • comment php-pdo is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195018
      • AND
        • comment php-pgsql is earlier than 0:5.4.16-43.el7_4.1
          oval oval:com.redhat.rhsa:tst:20180406013
        • comment php-pgsql is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195014
      • AND
        • comment php-process is earlier than 0:5.4.16-43.el7_4.1
          oval oval:com.redhat.rhsa:tst:20180406029
        • comment php-process is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195016
      • AND
        • comment php-pspell is earlier than 0:5.4.16-43.el7_4.1
          oval oval:com.redhat.rhsa:tst:20180406015
        • comment php-pspell is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195028
      • AND
        • comment php-recode is earlier than 0:5.4.16-43.el7_4.1
          oval oval:com.redhat.rhsa:tst:20180406051
        • comment php-recode is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195050
      • AND
        • comment php-snmp is earlier than 0:5.4.16-43.el7_4.1
          oval oval:com.redhat.rhsa:tst:20180406009
        • comment php-snmp is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195036
      • AND
        • comment php-soap is earlier than 0:5.4.16-43.el7_4.1
          oval oval:com.redhat.rhsa:tst:20180406049
        • comment php-soap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195024
      • AND
        • comment php-xml is earlier than 0:5.4.16-43.el7_4.1
          oval oval:com.redhat.rhsa:tst:20180406031
        • comment php-xml is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195022
      • AND
        • comment php-xmlrpc is earlier than 0:5.4.16-43.el7_4.1
          oval oval:com.redhat.rhsa:tst:20180406025
        • comment php-xmlrpc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195052
    rhsa
    id RHSA-2018:0406
    released 2018-03-06
    severity Moderate
    title RHSA-2018:0406: php security update (Moderate)
  • rhsa
    id RHSA-2018:1296
rpms
  • php-0:5.4.16-43.el7_4.1
  • php-bcmath-0:5.4.16-43.el7_4.1
  • php-cli-0:5.4.16-43.el7_4.1
  • php-common-0:5.4.16-43.el7_4.1
  • php-dba-0:5.4.16-43.el7_4.1
  • php-devel-0:5.4.16-43.el7_4.1
  • php-embedded-0:5.4.16-43.el7_4.1
  • php-enchant-0:5.4.16-43.el7_4.1
  • php-fpm-0:5.4.16-43.el7_4.1
  • php-gd-0:5.4.16-43.el7_4.1
  • php-intl-0:5.4.16-43.el7_4.1
  • php-ldap-0:5.4.16-43.el7_4.1
  • php-mbstring-0:5.4.16-43.el7_4.1
  • php-mysql-0:5.4.16-43.el7_4.1
  • php-mysqlnd-0:5.4.16-43.el7_4.1
  • php-odbc-0:5.4.16-43.el7_4.1
  • php-pdo-0:5.4.16-43.el7_4.1
  • php-pgsql-0:5.4.16-43.el7_4.1
  • php-process-0:5.4.16-43.el7_4.1
  • php-pspell-0:5.4.16-43.el7_4.1
  • php-recode-0:5.4.16-43.el7_4.1
  • php-snmp-0:5.4.16-43.el7_4.1
  • php-soap-0:5.4.16-43.el7_4.1
  • php-xml-0:5.4.16-43.el7_4.1
  • php-xmlrpc-0:5.4.16-43.el7_4.1
refmap via4
bid 99492
confirm
debian DSA-3938
Last major update 02-08-2017 - 15:29
Published 02-08-2017 - 15:29
Last modified 03-05-2018 - 21:29
Back to Top