Scientific Linux Security Update : php on SL7.x x86_64
Medium Nessus Plugin ID 104624
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionSecurity Fix(es) :
- A NULL pointer dereference flaw was found in libgd. An attacker could use a specially crafted .gd2 file to cause an application linked with libgd to crash, leading to denial of service. (CVE-2016-10167)
- An integer overflow flaw, leading to a heap-based buffer overflow was found in the way libgd read some specially crafted gd2 files. A remote attacker could use this flaw to crash an application compiled with libgd or in certain cases execute arbitrary code with the privileges of the user running that application. (CVE-2016-10168)
SolutionUpdate the affected packages.