http://php.net/ChangeLog-5.php

http://php.net/ChangeLog-7.php

104019

1040807

RHSA-2019:2519

https://bugs.php.net/bug.php?id=76130

[debian-lts-announce] 20180626 [SECURITY] [DLA 1397-1] php5 security update

GLSA-201812-01

https://security.netapp.com/advisory/ntap-20180607-0003/

USN-3646-1

DSA-4240

https://www.synology.com/support/security/Synology_SA_18_20

https://www.tenable.com/security/tns-2018-12

According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.5. It is, therefore, affected by multiple vulnerabilities.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.17. It is, therefore, affected by multiple vulnerabilities.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.30. It is, therefore, affected by multiple vulnerabilities.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.36. It is, therefore, affected by multiple vulnerabilities.

Note that the scanner has not attempted to exploit this issue but has instead relied only on the application's self-reported version number.

**PHP version 7.2.5** (26 Apr 2018)

**Core:**

  - Fixed bug php#75722 (Convert valgrind detection to     configure option). (Michael Heimpold)

**Date:**

  - Fixed bug php#76131 (mismatch arginfo for date_create).
    (carusogabriel)

**Exif:**

  - Fixed bug php#76130 (Heap Buffer Overflow (READ: 1786)     in exif_iif_add_value). (Stas)

**FPM:**

  - Fixed bug php#68440 (ERROR: failed to reload: execvp()     failed: Argument list too long). (Jacob Hipps)

  - Fixed incorrect write to getenv result in FPM reload.
    (Jakub Zelenka)

**GD:**

  - Fixed bug php#52070 (imagedashedline() - dashed line     sometimes is not visible). (cmb)

**intl:**

  - Fixed bug php#76153 (Intl compilation fails with icu4c     61.1). (Anatol)

**iconv:**

  - Fixed bug php#76249 (stream filter convert.iconv leads     to infinite loop on invalid sequence). (Stas)

**ldap:**

  - Fixed bug php#76248 (Malicious LDAP-Server Response     causes Crash). (Stas)

**mbstring:**

  - Fixed bug php#75944 (Wrong cp1251 detection). (dmk001)

  - Fixed bug php#76113 (mbstring does not build with     Oniguruma 6.8.1). (chrullrich, cmb)

**ODBC:**

  - Fixed bug php#76088 (ODBC functions are not available by     default on Windows). (cmb)

**Opcache:**

  - Fixed bug php#76094 (Access violation when using     opcache). (Laruence)

**Phar:**

  - Fixed bug php#76129 (fix for CVE-2018-5712 may not be     complete). (Stas)

**phpdbg:**

  - Fixed bug php#76143 (Memory corruption: arbitrary NUL     overwrite). (Laruence)

**SPL:**

  - Fixed bug php#76131 (mismatch arginfo for splarray     constructor). (carusogabriel)

**standard:**

  - Fixed bug php#74139 (mail.add_x_header default     inconsistent with docs). (cmb)

  - Fixed bug php#75996 (incorrect url in header for     mt_rand). (tatarbj)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201812-01 (PHP: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in PHP. Please review the       referenced CVE identifiers for details.
  Impact :

    An attacker could cause a Denial of Service condition or obtain       sensitive information.
  Workaround :

    There is no known workaround at this time.

According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is prior to 5.7.1. It is, therefore, affected by multiple vulnerabilities.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language :

  - CVE-2018-7584     Buffer underread in parsing HTTP responses

  - CVE-2018-10545     Dumpable FPM child processes allowed the bypass of     opcache access controls

  - CVE-2018-10546     Denial of service via infinite loop in convert.iconv     stream filter

  - CVE-2018-10547     The fix for CVE-2018-5712 (shipped in DSA 4080) was     incomplete

  - CVE-2018-10548     Denial of service via malformed LDAP server responses

  - CVE-2018-10549     Out-of-bounds read when parsing malformed JPEG files

Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language :

CVE-2018-7584

A stack-buffer-overflow while parsing HTTP response results in copying a large string and possible memory corruption and/or denial of service

CVE-2018-10545

Dumpable FPM child processes allow bypassing opcache access controls resulting in potential information disclosure where one user can obtain information about another user's running PHP applications

CVE-2018-10546

An invalid sequence of bytes can trigger an infinite loop in the stream filter convert.iconv

CVE-2018-10547

A previous fix for CVE-2018-5712 may not be complete, resulting in an additional vulnerability in the form of a reflected XSS in the PHAR 403 and 404 error pages

CVE-2018-10548

A malicious remote LDAP server can send a crafted response that will cause a denial of service (NULL pointer dereference resulting in an application crash)

CVE-2018-10549

A crafted JPEG file can case an out-of-bounds read and heap buffer overflow

For Debian 8 'Jessie', these problems have been fixed in version 5.6.36+dfsg-0+deb8u1.

We recommend that you upgrade your php5 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

New php packages are available for Slackware 14.0, 14.1, and 14.2 to fix security issues.

It was discovered that PHP incorrectly handled opcache access controls when configured to use PHP-FPM. A local user could possibly use this issue to obtain sensitive information from another user's PHP applications. (CVE-2018-10545)

It was discovered that the PHP iconv stream filter incorrect handled certain invalid multibyte sequences. A remote attacker could possibly use this issue to cause PHP to hang, resulting in a denial of service.
(CVE-2018-10546)

It was discovered that the PHP PHAR error pages incorrectly filtered certain data. A remote attacker could possibly use this issue to perform a reflected XSS attack. (CVE-2018-10547)

It was discovered that PHP incorrectly handled LDAP. A malicious remote LDAP server could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2018-10548)

It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 17.10, and Ubuntu 18.04 LTS.
(CVE-2018-10549).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

NULL pointer dereference due to mishandling of ldap_get_dn return value allows denial-of-service by malicious LDAP server or man-in-the-middle attacker

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value.(CVE-2018-10548)

Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.(CVE-2018-10546)

Reflected XSS vulnerability on PHAR 403 and 404 error pages

An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712 .(CVE-2018-10547)

Out-of-bounds read in ext/exif/exif.c:exif_read_data() when reading crafted JPEG data

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\0' character.(CVE-2018-10549)

According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.5. It is, therefore, affected by multiple vulnerabilities.

According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.17. It is, therefore, affected by multiple vulnerabilities.

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.30. It is, therefore, affected by multiple vulnerabilities.

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.36. It is, therefore, affected by multiple vulnerabilities.

**PHP version 7.1.17** (26 Apr 2018)

**Date:**

  - Fixed bug php#76131 (mismatch arginfo for date_create).
    (carusogabriel)

**Exif:**

  - Fixed bug php#76130 (Heap Buffer Overflow (READ: 1786)     in exif_iif_add_value). (Stas)

**FPM:**

  - Fixed bug php#68440 (ERROR: failed to reload: execvp()     failed: Argument list too long). (Jacob Hipps)

  - Fixed incorrect write to getenv result in FPM reload.
    (Jakub Zelenka)

**GD:**

  - Fixed bug php#52070 (imagedashedline() - dashed line     sometimes is not visible). (cmb)

**iconv:**

  - Fixed bug php#76249 (stream filter convert.iconv leads     to infinite loop on invalid sequence). (Stas)

**intl:**

  - Fixed bug php#76153 (Intl compilation fails with icu4c     61.1). (Anatol)

**ldap:**

  - Fixed bug php#76248 (Malicious LDAP-Server Response     causes Crash). (Stas)

**mbstring:**

  - Fixed bug php#75944 (Wrong cp1251 detection). (dmk001)

  - Fixed bug php#76113 (mbstring does not build with     Oniguruma 6.8.1). (chrullrich, cmb)

**Phar:**

  - Fixed bug php#76129 (fix for CVE-2018-5712 may not be     complete). (Stas)

**phpdbg:**

  - Fixed bug php#76143 (Memory corruption: arbitrary NUL     overwrite). (Laruence)

**SPL:**

  - Fixed bug php#76131 (mismatch arginfo for splarray     constructor). (carusogabriel)

**standard:**

  - Fixed bug php#75996 (incorrect url in header for     mt_rand). (tatarbj)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
98868	PHP 7.2.x < 7.2.5 Multiple Vulnerabilities	Web Application Scanning	Component Vulnerability	medium
98860	PHP 7.1.x < 7.1.17 Multiple Vulnerabilities	Web Application Scanning	Component Vulnerability	medium
98849	PHP 7.0.x < 7.0.30 Multiple Vulnerabilities	Web Application Scanning	Component Vulnerability	medium
98826	PHP 5.6.x < 5.6.36 Multiple Vulnerabilities	Web Application Scanning	Component Vulnerability	medium
120886	Fedora 28 : php (2018-ee6707d519)	Nessus	Fedora Local Security Checks	medium
119320	GLSA-201812-01 : PHP: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
117672	Tenable SecurityCenter < 5.7.1 Multiple Vulnerabilities (TNS-2018-12)	Nessus	Misc.	high
110928	Debian DSA-4240-1 : php7.0 - security update	Nessus	Debian Local Security Checks	high
110697	Debian DLA-1397-1 : php5 security update	Nessus	Debian Local Security Checks	high
109871	Slackware 14.0 / 14.1 / 14.2 : php (SSA:2018-136-02)	Nessus	Slackware Local Security Checks	medium
109812	Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : PHP vulnerabilities (USN-3646-1)	Nessus	Ubuntu Local Security Checks	medium
109701	Amazon Linux AMI : php56 / php70,php71 (ALAS-2018-1019)	Nessus	Amazon Linux Local Security Checks	medium
109579	PHP 7.2.x < 7.2.5 Stack Buffer Overflow	Nessus	CGI abuses	medium
109578	PHP 7.1.x < 7.1.17 Multiple Vulnerabilities	Nessus	CGI abuses	medium
109577	PHP 7.0.x < 7.0.30 Multiple Vulnerabilities	Nessus	CGI abuses	medium
109576	PHP 5.6.x < 5.6.36 Multiple Vulnerabilities	Nessus	CGI abuses	medium
109560	Fedora 26 : php (2018-6071a600e8)	Nessus	Fedora Local Security Checks	medium
109559	Fedora 27 : php (2018-04f6056c42)	Nessus	Fedora Local Security Checks	medium

CVE-2018-10549

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Tenable Plugins