ASA-201611-19 log original external raw

[ASA-201611-19] php: multiple issues
Arch Linux Security Advisory ASA-201611-19 ========================================== Severity: High Date : 2016-11-18 CVE-ID : CVE-2016-6911 CVE-2016-7478 CVE-2016-7568 CVE-2016-8670 CVE-2016-9138 CVE-2016-9933 CVE-2016-9934 Package : php Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-58 Summary ======= The package php before version 7.0.13-1 is vulnerable to multiple issues including arbitrary code execution and denial of service. Resolution ========== Upgrade to 7.0.13-1. # pacman -Syu "php>=7.0.13-1" The problems have been fixed upstream in version 7.0.13. Workaround ========== None. Description =========== - CVE-2016-6911 (denial of service) A vulnerability was found in gd as used in php. The function dynamicGetbuf() failed to check for out of bounds reads. An attacker could create a crafted image that would lead to a crash or, potentially, information disclosure. - CVE-2016-7478 (denial of service) Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, which refers to itself as the previous exception and causing exception::__toString to never to terminate. - CVE-2016-7568 (arbitrary code execution) An integer overflow flaw, leading to a heap-based buffer overflow, was found in gd. A specially crafted image, when converted to webp, could cause the application to crash or potentially execute arbitrary code. - CVE-2016-8670 (arbitrary code execution) A vulnerability was found in gd. Integer underflow in a calculation in dynamicGetbuf() was incorrectly handled, leading in some circumstances to an out of bounds write through a very large argument to memcpy(). An attacker could create a crafted image that would lead to a crash or, potentially, code execution. - CVE-2016-9138 (arbitrary code execution) PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing while unserializing, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup. - CVE-2016-9933 (denial of service) Stack consumption vulnerability has been discovered in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. - CVE-2016-9934 (denial of service) It has been discovered that ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. Impact ====== A remote attacker is able to execute arbitrary code or crash the application via various vectors. References ========== https://bugs.php.net/bug.php?id=73093 https://bugs.php.net/bug.php?id=73003 https://github.com/libgd/libgd/issues/308 http://seclists.org/oss-sec/2016/q3/639 https://bugs.php.net/bug.php?id=73280 http://www.openwall.com/lists/oss-security/2016/10/15/6 https://bugs.php.net/bug.php?id=73147 https://git.php.net/?p=php-src.git;a=commit;h=0e6fe3a4c96be2d3e88389a5776f878021b4c59f http://seclists.org/oss-sec/2016/q4/296 https://bugs.php.net/bug.php?id=72696 https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1 http://www.openwall.com/lists/oss-security/2016/12/12/2 https://bugs.php.net/bug.php?id=73331 https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d https://security.archlinux.org/CVE-2016-6911 https://security.archlinux.org/CVE-2016-7478 https://security.archlinux.org/CVE-2016-7568 https://security.archlinux.org/CVE-2016-8670 https://security.archlinux.org/CVE-2016-9138 https://security.archlinux.org/CVE-2016-9933 https://security.archlinux.org/CVE-2016-9934

[ASA-201611-19] php: multiple issues

Arch Linux Security Advisory ASA-201611-19 ========================================== Severity: High Date : 2016-11-18 CVE-ID : CVE-2016-6911 CVE-2016-7478 CVE-2016-7568 CVE-2016-8670 CVE-2016-9138 CVE-2016-9933 CVE-2016-9934 Package : php Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-58 Summary ======= The package php before version 7.0.13-1 is vulnerable to multiple issues including arbitrary code execution and denial of service. Resolution ========== Upgrade to 7.0.13-1. # pacman -Syu "php>=7.0.13-1" The problems have been fixed upstream in version 7.0.13. Workaround ========== None. Description =========== - CVE-2016-6911 (denial of service) A vulnerability was found in gd as used in php. The function dynamicGetbuf() failed to check for out of bounds reads. An attacker could create a crafted image that would lead to a crash or, potentially, information disclosure. - CVE-2016-7478 (denial of service) Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, which refers to itself as the previous exception and causing exception::__toString to never to terminate. - CVE-2016-7568 (arbitrary code execution) An integer overflow flaw, leading to a heap-based buffer overflow, was found in gd. A specially crafted image, when converted to webp, could cause the application to crash or potentially execute arbitrary code. - CVE-2016-8670 (arbitrary code execution) A vulnerability was found in gd. Integer underflow in a calculation in dynamicGetbuf() was incorrectly handled, leading in some circumstances to an out of bounds write through a very large argument to memcpy(). An attacker could create a crafted image that would lead to a crash or, potentially, code execution. - CVE-2016-9138 (arbitrary code execution) PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing while unserializing, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup. - CVE-2016-9933 (denial of service) Stack consumption vulnerability has been discovered in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. - CVE-2016-9934 (denial of service) It has been discovered that ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. Impact ====== A remote attacker is able to execute arbitrary code or crash the application via various vectors. References ========== https://bugs.php.net/bug.php?id=73093 https://bugs.php.net/bug.php?id=73003 https://github.com/libgd/libgd/issues/308 http://seclists.org/oss-sec/2016/q3/639 https://bugs.php.net/bug.php?id=73280 http://www.openwall.com/lists/oss-security/2016/10/15/6 https://bugs.php.net/bug.php?id=73147 https://git.php.net/?p=php-src.git;a=commit;h=0e6fe3a4c96be2d3e88389a5776f878021b4c59f http://seclists.org/oss-sec/2016/q4/296 https://bugs.php.net/bug.php?id=72696 https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1 http://www.openwall.com/lists/oss-security/2016/12/12/2 https://bugs.php.net/bug.php?id=73331 https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d https://security.archlinux.org/CVE-2016-6911 https://security.archlinux.org/CVE-2016-7478 https://security.archlinux.org/CVE-2016-7568 https://security.archlinux.org/CVE-2016-8670 https://security.archlinux.org/CVE-2016-9138 https://security.archlinux.org/CVE-2016-9933 https://security.archlinux.org/CVE-2016-9934