97178

1038158

https://bugs.php.net/bug.php?id=74216

https://bugs.php.net/bug.php?id=75505

https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a

https://security.netapp.com/advisory/ntap-20180112-0001/

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170403-0_PHP_Misbehavior_of_fsockopen_function_v10.txt

This update for php53 fixes the following issues :

  - The fix for CVE-2017-7272 was reverted, as it caused     regressions in the mysql server connect module.
    [bsc#1044976] The security fix tried to avoid a server     side request forgery, and will be submitted when a     better fix becomes available.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for php53 fixes the following issues: This security issue was fixed :

  - CVE-2017-7272: PHP enabled potential SSRF in     applications that accept an fsockopen hostname argument     with an expectation that the port number is constrained.
    Because a :port syntax was recognized, fsockopen used     the port number that is specified in the hostname     argument, instead of the port number in the second     argument of the function (bsc#1031246)

  - CVE-2016-6294: The locale_accept_from_http function in     ext/intl/locale/locale_methods.c did not properly     restrict calls to the ICU uloc_acceptLanguageFromHTTP     function, which allowed remote attackers to cause a     denial of service (out-of-bounds read) or possibly have     unspecified other impact via a call with a long argument     (bsc#1035111).

  - CVE-2017-9227: An issue was discovered in Oniguruma     6.2.0, as used in mbstring in PHP. A stack out-of-bounds     read occurs in mbc_enc_len() during regular expression     searching. Invalid handling of reg->dmin in     forward_search_range() could result in an invalid     pointer dereference, as an out-of-bounds read from a     stack buffer. (bsc#1040883)

  - CVE-2017-9226: An issue was discovered in Oniguruma     6.2.0, as used in Oniguruma-mod in mbstring in PHP. A     heap out-of-bounds write or read occurs in     next_state_val() during regular expression compilation.
    Octal numbers larger than 0xff are not handled correctly     in fetch_token() and fetch_token_in_cc(). A malformed     regular expression containing an octal number in the     form of '\700' would produce an invalid code point value     larger than 0xff in next_state_val(), resulting in an     out-of-bounds write memory corruption. (bsc#1040889)

  - CVE-2017-9224: An issue was discovered in Oniguruma     6.2.0, as used in Oniguruma-mod in mbstring in PHP. A     stack out-of-bounds read occurs in match_at() during     regular expression searching. A logical error involving     order of validation and access in match_at() could     result in an out-of-bounds read from a stack buffer.
    (bsc#1040891)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several issues have been discovered in PHP (recursive acronym for PHP:
Hypertext Preprocessor), a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML.

CVE-2016-7478: Zend/zend_exceptions.c in PHP allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.

CVE-2016-7479: During the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain the ability of arbitrary code execution. Even though the property table issue only affects PHP 7 this change also prevents a wide range of other __wakeup() based attacks.

CVE-2017-7272: The fsockopen() function will use the port number which is defined in hostname instead of the port number passed to the second parameter of the function. This misbehavior may introduce another attack vector for an already known application vulnerability (e.g.
Server Side Request Forgery).

For Debian 7 'Wheezy', these problems have been fixed in version 5.4.45-0+deb7u8.

We recommend that you upgrade your php5 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
132184	EulerOS 2.0 SP3 : php (EulerOS-SA-2019-2649)	Nessus	Huawei Local Security Checks	critical
131592	EulerOS 2.0 SP2 : php (EulerOS-SA-2019-2438)	Nessus	Huawei Local Security Checks	critical
101107	SUSE SLES11 Security Update : php53 (SUSE-SU-2017:1709-1)	Nessus	SuSE Local Security Checks	medium
100866	SUSE SLES11 Security Update : php53 (SUSE-SU-2017:1585-1)	Nessus	SuSE Local Security Checks	high
99003	Debian DLA-875-1 : php5 security update	Nessus	Debian Local Security Checks	high

CVE-2017-7272

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins