Scientific Linux Security Update : php on SL7.x x86_64

Medium Nessus Plugin ID 104624

Synopsis

The remote Scientific Linux host is missing one or more security updates.

Description

Security Fix(es) :

- A NULL pointer dereference flaw was found in libgd. An attacker could use a specially crafted .gd2 file to cause an application linked with libgd to crash, leading to denial of service. (CVE-2016-10167)

- An integer overflow flaw, leading to a heap-based buffer overflow was found in the way libgd read some specially crafted gd2 files. A remote attacker could use this flaw to crash an application compiled with libgd or in certain cases execute arbitrary code with the privileges of the user running that application. (CVE-2016-10168)

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?556337d0

Plugin Details

Severity: Medium

ID: 104624

File Name: sl_20171115_php_on_SL7_x.nasl

Version: $Revision: 3.1 $

Type: local

Agent: unix

Published: 2017/11/16

Modified: 2017/11/16

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 2017/11/15

Reference Information

CVE: CVE-2016-10167, CVE-2016-10168