AVG-105 log
| Package | php |
| Status | Fixed |
| Severity | High |
| Type | multiple issues |
| Affected | 7.0.13-1 |
| Fixed | 7.1.1-0 |
| Current | 8.3.6-1 [extra] |
| Ticket | None |
| Created | Mon Dec 12 21:20:53 2016 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2017-5340 | High | Yes | Arbitrary code execution | It was found that PHP uses uninitialized memory during calls to `unserialize()`. The payload supplied to `unserialize()` may control this uninitialized... |
| CVE-2016-9936 | High | Yes | Arbitrary code execution | The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use- after-free) or... |
| CVE-2016-9935 | Medium | Yes | Denial of service | The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 19 Jan 2017 | ASA-201701-28 | php | multiple issues |
| References |
|---|
http://www.openwall.com/lists/oss-security/2016/12/12/2 |