openSUSE Security Update : php7 (openSUSE-2017-304)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for php7 fixes the following security issues :

- CVE-2016-7480: The SplObjectStorage unserialize
implementation in ext/spl/spl_observer.c in PHP did not
verify that a key is an object, which allowed remote
attackers to execute arbitrary code or cause a denial of
service (uninitialized memory access) via crafted
serialized data. (bsc#1019568)

- CVE-2017-5340: Zend/zend_hash.c in PHP mishandled
certain cases that require large array allocations,
which allowed remote attackers to execute arbitrary code
or cause a denial of service (integer overflow,
uninitialized memory access, and use of arbitrary
destructor function pointers) via crafted serialized
data. (bsc#1019570)

- CVE-2016-7479: In all versions of PHP 7, during the
unserialization process, resizing the 'properties' hash
table of a serialized object may have lead to
use-after-free. A remote attacker may exploit this bug
to gain arbitrary code execution. (bsc#1019547)

- CVE-2016-7478: Zend/zend_exceptions.c in PHP allowed
remote attackers to cause a denial of service (infinite
loop) via a crafted Exception object in serialized data,
a related issue to CVE-2015-8876. (bsc#1019550)

- CVE-2016-10159: Integer overflow in the
phar_parse_pharfile function in ext/phar/phar.c in PHP
allowed remote attackers to cause a denial of service
(memory consumption or application crash) via a
truncated manifest entry in a PHAR archive.
(bsc#1022255)

- CVE-2016-10160: Off-by-one error in the
phar_parse_pharfile function in ext/phar/phar.c in PHP
allowed remote attackers to cause a denial of service
(memory corruption) or possibly execute arbitrary code
via a crafted PHAR archive with an alias mismatch.
(bsc#1022257)

- CVE-2016-10161: The object_common1 function in
ext/standard/var_unserializer.c in PHP allowed remote
attackers to cause a denial of service (buffer over-read
and application crash) via crafted serialized data that
is mishandled in a finish_nested_data call.
(bsc#1022260)

- CVE-2016-10162: The php_wddx_pop_element function in
ext/wddx/wddx.c in PHP 7 allowed remote attackers to
cause a denial of service (NULL pointer dereference and
application crash) via an inapplicable class name in a
wddxPacket XML document, leading to mishandling in a
wddx_deserialize call. (bsc#1022262)

- CVE-2016-10166: A potential unsigned underflow in gd
interpolation functions could lead to memory corruption
in the PHP gd module (bsc#1022263)

- CVE-2016-10167: A denial of service problem in
gdImageCreateFromGd2Ctx() could lead to php out of
memory even on small files. (bsc#1022264)

- CVE-2016-10168: A signed integer overflow in the gd
module could lead to memory corruption (bsc#1022265)

- CVE-2016-9138: PHP mishandled property modification
during __wakeup processing, which allows remote
attackers to cause a denial of service or possibly have
unspecified other impact via crafted serialized data, as
demonstrated by Exception::__toString with
DateInterval::__wakeup. (bsc#1008026)

This update was imported from the SUSE:SLE-12:Update update project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1008026
https://bugzilla.opensuse.org/show_bug.cgi?id=1019547
https://bugzilla.opensuse.org/show_bug.cgi?id=1019550
https://bugzilla.opensuse.org/show_bug.cgi?id=1019568
https://bugzilla.opensuse.org/show_bug.cgi?id=1019570
https://bugzilla.opensuse.org/show_bug.cgi?id=1022219
https://bugzilla.opensuse.org/show_bug.cgi?id=1022255
https://bugzilla.opensuse.org/show_bug.cgi?id=1022257
https://bugzilla.opensuse.org/show_bug.cgi?id=1022260
https://bugzilla.opensuse.org/show_bug.cgi?id=1022262
https://bugzilla.opensuse.org/show_bug.cgi?id=1022263
https://bugzilla.opensuse.org/show_bug.cgi?id=1022264
https://bugzilla.opensuse.org/show_bug.cgi?id=1022265

Solution :

Update the affected php7 packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now