RHSA-2018:1296-01 -- Redhat rh-php70-phpID: oval:org.secpod.oval:def:504906 | Date: (C)2021-01-29 (M)2024-05-09 |
Class: PATCH | Family: unix |
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: rh-php70-php . Security Fix: * php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field * php: Use after free in wddx_deserialize * php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile * php: Stack based buffer overflow in msgfmt_format_message * php: Missing type check when unserializing SplArray * php: Null pointer dereference in php_wddx_push_element * php: Use-after-free vulnerability when resizing the "properties" hash table of a serialized object * php: Invalid read when wddx decodes empty boolean element * php: Use After Free in unserialize * php: Wrong calculation in exif_convert_any_to_int function * php: Integer overflow in phar_parse_pharfile * php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive * php: Out-of-bounds heap read on unserialize in finish_nested_data * php: Null pointer dereference when unserializing PHP object * gd: DoS vulnerability in gdImageCreateFromGd2Ctx * gd: Integer overflow in gd_io.c * php: Use of uninitialized memory in unserialize * php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function * oniguruma: Out-of-bounds stack read in match_at during regular expression searching * oniguruma: Heap buffer overflow in next_state_val during regular expression compilation * oniguruma: Out-of-bounds stack read in mbc_enc_len during regular expression searching * oniguruma: Out-of-bounds heap write in bitset_set_range * oniguruma: Invalid pointer dereference in left_adjust_char_head * php: Incorrect WDDX deserialization of boolean parameters leads to DoS * php: Incorrect return value check of OpenSSL sealing function leads to crash * php: Out-of-bounds read in phar_parse_pharfile * php: Stack-based buffer over-read in msgfmt_parse_message function * php: Stack based 1-byte buffer over-write in zend_ini_do_op function Zend/zend_ini_parser.c * php: heap use after free in ext/standard/var_unserializer.re * php: heap use after free in ext/standard/var_unserializer.re * php: reflected XSS in .phar 404 page * php, gd: Stack overflow in gdImageFillToBorder on truecolor images * php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow * php: wddx_deserialize heap out-of-bound read via php_parse_date * php: buffer over-read in finish_nested_data function * php: Out-of-bound read in timelib_meridian * php: Denial of Service via infinite loop in libgd gdImageCreateFromGifCtx function in ext/gd/libgd/gd_gif_in.c For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section. Additional Changes: For details, see the Red Hat Software Collections 3.1 Release Notes linked from the References section.
Platform: |
Red Hat Enterprise Linux 7 |
Red Hat Enterprise Linux 6 |