Detections
Analytics
Fedora 25 : php (2016-03518b366b)
high Nessus Plugin ID 94768
Language:
Synopsis
The remote Fedora host is missing a security update.Description
18 Aug 2016 **PHP 7.0.10****Core:**
- Fixed bug php#72629 (Caught exception assignment to variables ignores references). (Laruence)
- Fixed bug php#72594 (Calling an earlier instance of an included anonymous class fatals). (Laruence)
- Fixed bug php#72581 (previous property undefined in Exception after deserialization). (Laruence)
- Fixed bug php#72496 (Cannot declare public method with signature incompatible with parent private method).
(Pedro Magalhães)
- Fixed bug php#72024 (microtime() leaks memory).
(maroszek at gmx dot net)
- Fixed bug php#71911 (Unable to set --enable-debug on building extensions by phpize on Windows). (Yuji Uchiyama)
- Fixed bug causing ClosedGeneratorException being thrown into the calling code instead of the Generator yielding from. (Bob)
- Implemented FR php#72614 (Support 'nmake test' on building extensions by phpize). (Yuji Uchiyama)
- Fixed bug php#72641 (phpize (on Windows) ignores PHP_PREFIX). (Yuji Uchiyama)
- Fixed potential segfault in object storage freeing in shutdown sequence. (Bob)
- Fixed bug php#72663 (Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization). (Stas)
- Fixed bug php#72681 (PHP Session Data Injection Vulnerability). (Stas)
- Fixed bug php#72683 (getmxrr broken). (Anatol)
- Fixed bug php#72742 (memory allocator fails to realloc small block to large one). (Stas)
**Bz2:**
- Fixed bug php#72837 (integer overflow in bzdecompress caused heap corruption). (Stas)
**Calendar:**
- Fixed bug php#67976 (cal_days_month() fails for final month of the French calendar). (cmb)
- Fixed bug php#71894 (AddressSanitizer:
global-buffer-overflow in zif_cal_from_jd). (cmb)
**COM:**
- Fixed bug php#72569 (DOTNET/COM array parameters broke in PHP7). (Anatol)
**CURL:**
- Fixed bug php#71709 (curl_setopt segfault with empty CURLOPT_HTTPHEADER). (Pierrick)
- Fixed bug php#71929 (CURLINFO_CERTINFO data parsing error). (Pierrick)
- Fixed bug php#72674 (Heap overflow in curl_escape).
(Stas)
**DOM:**
- Fixed bug php#66502 (DOM document dangling reference).
(Sean Heelan, cmb)
**EXIF:**
- Fixed bug php#72735 (Samsung picture thumb not read (zero size)). (Kalle, Remi)
- Fixed bug php#72627 (Memory Leakage In exif_process_IFD_in_TIFF). (Stas)
**Filter:**
- Fixed bug php#71745 (FILTER_FLAG_NO_RES_RANGE does not cover whole 127.0.0.0/8 range). (bugs dot php dot net at majkl578 dot cz)
**FPM:**
- Fixed bug php#72575 (using --allow-to-run-as-root should ignore missing user). (gooh)
**GD:**
- Fixed bug php#72596 (imagetypes function won't advertise WEBP support). (cmb)
- Fixed bug php#72604 (imagearc() ignores thickness for full arcs). (cmb)
- Fixed bug php#70315 (500 Server Error but page is fully rendered). (cmb)
- Fixed bug php#43828 (broken transparency of imagearc for truecolor in blendingmode). (cmb)
- Fixed bug php#66555 (Always false condition in ext/gd/libgd/gdkanji.c). (cmb)
- Fixed bug php#68712 (suspicious if-else statements).
(cmb)
- Fixed bug php#72697 (select_colors write out-of-bounds).
(Stas)
- Fixed bug php#72730 (imagegammacorrect allows arbitrary write access). (Stas)
**Intl:**
- Fixed bug php#72639 (Segfault when instantiating class that extends IntlCalendar and adds a property).
(Laruence)
- Partially fixed php#72506 (idn_to_ascii for UTS #46 incorrect for long domain names). (cmb)
**mbstring:**
- Fixed bug php#72691 (mb_ereg_search raises a warning if a match zero-width). (cmb)
- Fixed bug php#72693 (mb_ereg_search increments search position when a match zero-width). (cmb)
- Fixed bug php#72694 (mb_ereg_search_setpos does not accept a string's last position). (cmb)
- Fixed bug php#72710 (`mb_ereg` causes buffer overflow on regexp compile error). (ju1ius)
**Mcrypt:**
- Fixed bug php#72782 (Heap Overflow due to integer overflows). (Stas)
**Opcache:**
- Fixed bug php#72590 (Opcache restart with kill_all_lockers does not work). (Keyur)
**PCRE:**
- Fixed bug php#72688 (preg_match missing group names in matches). (cmb)
**PDO_pgsql:**
- Fixed bug php#70313 (PDO statement fails to throw exception). (Matteo)
**Reflection:**
- Fixed bug php#72222 (ReflectionClass::export doesn't handle array constants). (Nikita Nefedov)
**SimpleXML:**
- Fixed bug php#72588 (Using global var doesn't work while accessing SimpleXML element). (Laruence)
**SNMP:**
- Fixed bug php#72708 (php_snmp_parse_oid integer overflow in memory allocation). (djodjo at gmail dot com)
**SPL:**
- Fixed bug php#55701 (GlobIterator throws LogicException). (Valentin VĂLCIU)
- Fixed bug php#72646 (SplFileObject::getCsvControl does not return the escape character). (cmb)
- Fixed bug php#72684 (AppendIterator segfault with closed generator). (Pierrick)
**SQLite3:**
- Fixed bug php#72668 (Spurious warning when exception is thrown in user defined function). (Laruence)
- Fixed bug php#72571 (SQLite3::bindValue, SQLite3::bindParam crash). (Laruence)
- Implemented FR php#72653 (SQLite should allow opening with empty filename). (cmb)
- Updated to SQLite3 3.13.0. (cmb)
**Standard:**
- Fixed bug php#72622 (array_walk + array_replace_recursive create references from nothing).
(Laruence)
- Fixed bug php#72152 (base64_decode $strict fails to detect null byte). (Lauri Kenttä)
- Fixed bug php#72263 (base64_decode skips a character after padding in strict mode). (Lauri Kenttä)
- Fixed bug php#72264 (base64_decode $strict fails with whitespace between padding). (Lauri Kenttä)
- Fixed bug php#72330 (CSV fields incorrectly split if escape char followed by UTF chars). (cmb)
**Streams:**
- Fixed bug php#41021 (Problems with the ftps wrapper).
(vhuk)
- Fixed bug php#54431 (opendir() does not work with ftps:// wrapper). (vhuk)
- Fixed bug php#72667 (opendir() with ftp:// attempts to open data stream for non-existent directories). (vhuk)
- Fixed bug php#72771 (ftps:// wrapper is vulnerable to protocol downgrade attack). (Stas)
**XMLRPC:**
- Fixed bug php#72647 (xmlrpc_encode() unexpected output after referencing array elements). (Laruence)
**Wddx:**
- Fixed bug php#72564 (boolean always deserialized as 'true') (Remi)
- Fixed bug php#72142 (WDDX Packet Injection Vulnerability in wddx_serialize_value()). (Taoguang Chen)
- Fixed bug php#72749 (wddx_deserialize allows illegal memory access) (Stas)
- Fixed bug php#72750 (wddx_deserialize null dereference).
(Stas)
- Fixed bug php#72790 (wddx_deserialize null dereference with invalid xml). (Stas)
- Fixed bug php#72771 (ftps:// wrapper is vulnerable to protocol downgrade attack). (Stas)
**XMLRPC:**
- Fixed bug php#72647 (xmlrpc_encode() unexpected output after referencing array elements). (Laruence)
**Wddx:**
- Fixed bug php#72564 (boolean always deserialized as 'true') (Remi)
- Fixed bug php#72142 (WDDX Packet Injection Vulnerability in wddx_serialize_value()). (Taoguang Chen)
- Fixed bug php#72749 (wddx_deserialize allows illegal memory access) (Stas)
- Fixed bug php#72750 (wddx_deserialize null dereference).
(Stas)
- Fixed bug php#72790 (wddx_deserialize null dereference with invalid xml). (Stas)
- Fixed bug php#72799 (wddx_deserialize null dereference in php_wddx_pop_element). (Stas)
**Zip:**
- Fixed bug php#72660 (NULL pointer dereference in zend_virtual_cwd). (Laruence)
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
Update the affected php package.See Also
https://bodhi.fedoraproject.org/updates/FEDORA-2016-03518b366b
Plugin Details
Severity: High
ID: 94768
File Name: fedora_2016-03518b366b.nasl
Version: 2.5
Type: local
Agent: unix
Family: Fedora Local Security Checks
Published: 11/15/2016
Updated: 1/11/2021
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Vulnerability Information
CPE: p-cpe:/a:fedoraproject:fedora:php, cpe:/o:fedoraproject:fedora:25
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list
Patch Publication Date: 9/5/2016
Vulnerability Publication Date: 9/5/2016
Reference Information
FEDORA: 2016-03518b366b