EulerOS 2.0 SP1 : php (EulerOS-SA-2018-1096)
High Nessus Plugin ID 109494
SynopsisThe remote EulerOS host is missing multiple security updates.
DescriptionAccording to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
- In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string.(CVE-2018-7584)
- In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a '$uri = stream_get_meta_data(fopen($file, 'r'))['uri']' call mishandles the case where $file is data:text/plain;uri=eviluri, -- in other words, metadata can be set by an attacker.(CVE-2016-10712)
- The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.(CVE-2017-7890)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected php packages.