AVG-105

Package php
Status Fixed
Severity High
Type multiple issues
Affected 7.0.13-1
Fixed 7.1.1-0
Current 7.2.2-1 [extra]
Ticket None
Created Mon Dec 12 21:20:53 2016
Issue Severity Remote Type Description
CVE-2017-5340 High Yes Arbitrary code execution
It was found that PHP uses uninitialized memory during calls to `unserialize()`. The payload supplied to `unserialize()` may control this uninitialized...
CVE-2016-9936 High Yes Arbitrary code execution
The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use- after-free) or...
CVE-2016-9935 Medium Yes Denial of service
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service...
Date Advisory Package Description
19 Jan 2017 ASA-201701-28 php multiple issues
References
http://www.openwall.com/lists/oss-security/2016/12/12/2