Oracle Linux 7 : php (ELSA-2017-3221)
Medium Nessus Plugin ID 104618
SynopsisThe remote Oracle Linux host is missing one or more security updates.
DescriptionFrom Red Hat Security Advisory 2017:3221 :
An update for php is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
Security Fix(es) :
* A NULL pointer dereference flaw was found in libgd. An attacker could use a specially crafted .gd2 file to cause an application linked with libgd to crash, leading to denial of service. (CVE-2016-10167)
* An integer overflow flaw, leading to a heap-based buffer overflow was found in the way libgd read some specially crafted gd2 files. A remote attacker could use this flaw to crash an application compiled with libgd or in certain cases execute arbitrary code with the privileges of the user running that application. (CVE-2016-10168)
SolutionUpdate the affected php packages.