exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2016-2598-02

Red Hat Security Advisory 2016-2598-02
Posted Nov 4, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2598-02 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: A flaw was found in the way certain error conditions were handled by bzread() function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vulnerable function, could cause the application to crash or execute arbitrary code with the permissions of the user running the PHP application.

tags | advisory, web, arbitrary, php
systems | linux, redhat
advisories | CVE-2016-5399, CVE-2016-5766, CVE-2016-5767, CVE-2016-5768
SHA-256 | 0ac1d44bc1b4ff934ac63b7a99f65417137a7c3af28173760451af2b834039d0

Red Hat Security Advisory 2016-2598-02

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: php security and bug fix update
Advisory ID: RHSA-2016:2598-02
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2598.html
Issue date: 2016-11-03
CVE Names: CVE-2016-5399 CVE-2016-5766 CVE-2016-5767
CVE-2016-5768
=====================================================================

1. Summary:

An update for php is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.

Security Fix(es):

* A flaw was found in the way certain error conditions were handled by
bzread() function in PHP. An attacker could use this flaw to upload a
specially crafted bz2 archive which, when parsed via the vulnerable
function, could cause the application to crash or execute arbitrary code
with the permissions of the user running the PHP application.
(CVE-2016-5399)

* An integer overflow flaw, leading to a heap-based buffer overflow was
found in the imagecreatefromgd2() function of PHP's gd extension. A remote
attacker could use this flaw to crash a PHP application or execute
arbitrary code with the privileges of the user running that PHP application
using gd via a specially crafted GD2 image. (CVE-2016-5766)

* An integer overflow flaw, leading to a heap-based buffer overflow was
found in the gdImagePaletteToTrueColor() function of PHP's gd extension. A
remote attacker could use this flaw to crash a PHP application or execute
arbitrary code with the privileges of the user running that PHP application
using gd via a specially crafted image buffer. (CVE-2016-5767)

* A double free flaw was found in the mb_ereg_replace_callback() function
of php which is used to perform regex search. This flaw could possibly
cause a PHP application to crash. (CVE-2016-5768)

Red Hat would like to thank Hans Jerry Illikainen for reporting
CVE-2016-5399.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.3 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon must be restarted
for the update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1073388 - ext/openssl: default_md algo is MD5
1131979 - Segfault running ZendFramework test suite (php_wddx_serialize_var)
1289457 - httpd segfault in php_module_shutdown when opcache loaded twice
1291667 - No TLS1.1 or TLS1.2 support for php curl module
1297179 - PHP crashes with [core:notice] [pid 3864] AH00052: child pid 95199 exit signal Segmentation fault (11)
1344578 - Segmentation fault while header_register_callback
1351068 - CVE-2016-5766 gd: Integer Overflow in _gd2GetHeader() resulting in heap overflow
1351069 - CVE-2016-5767 gd: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
1351168 - CVE-2016-5768 php: Double free in _php_mb_regex_ereg_replace_exec
1358395 - CVE-2016-5399 php: Improper error handling in bzread()

6. Package List:

Red Hat Enterprise Linux Client Optional (v. 7):

Source:
php-5.4.16-42.el7.src.rpm

x86_64:
php-5.4.16-42.el7.x86_64.rpm
php-bcmath-5.4.16-42.el7.x86_64.rpm
php-cli-5.4.16-42.el7.x86_64.rpm
php-common-5.4.16-42.el7.x86_64.rpm
php-dba-5.4.16-42.el7.x86_64.rpm
php-debuginfo-5.4.16-42.el7.x86_64.rpm
php-devel-5.4.16-42.el7.x86_64.rpm
php-embedded-5.4.16-42.el7.x86_64.rpm
php-enchant-5.4.16-42.el7.x86_64.rpm
php-fpm-5.4.16-42.el7.x86_64.rpm
php-gd-5.4.16-42.el7.x86_64.rpm
php-intl-5.4.16-42.el7.x86_64.rpm
php-ldap-5.4.16-42.el7.x86_64.rpm
php-mbstring-5.4.16-42.el7.x86_64.rpm
php-mysql-5.4.16-42.el7.x86_64.rpm
php-mysqlnd-5.4.16-42.el7.x86_64.rpm
php-odbc-5.4.16-42.el7.x86_64.rpm
php-pdo-5.4.16-42.el7.x86_64.rpm
php-pgsql-5.4.16-42.el7.x86_64.rpm
php-process-5.4.16-42.el7.x86_64.rpm
php-pspell-5.4.16-42.el7.x86_64.rpm
php-recode-5.4.16-42.el7.x86_64.rpm
php-snmp-5.4.16-42.el7.x86_64.rpm
php-soap-5.4.16-42.el7.x86_64.rpm
php-xml-5.4.16-42.el7.x86_64.rpm
php-xmlrpc-5.4.16-42.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source:
php-5.4.16-42.el7.src.rpm

x86_64:
php-5.4.16-42.el7.x86_64.rpm
php-bcmath-5.4.16-42.el7.x86_64.rpm
php-cli-5.4.16-42.el7.x86_64.rpm
php-common-5.4.16-42.el7.x86_64.rpm
php-dba-5.4.16-42.el7.x86_64.rpm
php-debuginfo-5.4.16-42.el7.x86_64.rpm
php-devel-5.4.16-42.el7.x86_64.rpm
php-embedded-5.4.16-42.el7.x86_64.rpm
php-enchant-5.4.16-42.el7.x86_64.rpm
php-fpm-5.4.16-42.el7.x86_64.rpm
php-gd-5.4.16-42.el7.x86_64.rpm
php-intl-5.4.16-42.el7.x86_64.rpm
php-ldap-5.4.16-42.el7.x86_64.rpm
php-mbstring-5.4.16-42.el7.x86_64.rpm
php-mysql-5.4.16-42.el7.x86_64.rpm
php-mysqlnd-5.4.16-42.el7.x86_64.rpm
php-odbc-5.4.16-42.el7.x86_64.rpm
php-pdo-5.4.16-42.el7.x86_64.rpm
php-pgsql-5.4.16-42.el7.x86_64.rpm
php-process-5.4.16-42.el7.x86_64.rpm
php-pspell-5.4.16-42.el7.x86_64.rpm
php-recode-5.4.16-42.el7.x86_64.rpm
php-snmp-5.4.16-42.el7.x86_64.rpm
php-soap-5.4.16-42.el7.x86_64.rpm
php-xml-5.4.16-42.el7.x86_64.rpm
php-xmlrpc-5.4.16-42.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
php-5.4.16-42.el7.src.rpm

aarch64:
php-5.4.16-42.el7.aarch64.rpm
php-cli-5.4.16-42.el7.aarch64.rpm
php-common-5.4.16-42.el7.aarch64.rpm
php-debuginfo-5.4.16-42.el7.aarch64.rpm
php-gd-5.4.16-42.el7.aarch64.rpm
php-ldap-5.4.16-42.el7.aarch64.rpm
php-mysql-5.4.16-42.el7.aarch64.rpm
php-odbc-5.4.16-42.el7.aarch64.rpm
php-pdo-5.4.16-42.el7.aarch64.rpm
php-pgsql-5.4.16-42.el7.aarch64.rpm
php-process-5.4.16-42.el7.aarch64.rpm
php-recode-5.4.16-42.el7.aarch64.rpm
php-soap-5.4.16-42.el7.aarch64.rpm
php-xml-5.4.16-42.el7.aarch64.rpm
php-xmlrpc-5.4.16-42.el7.aarch64.rpm

ppc64:
php-5.4.16-42.el7.ppc64.rpm
php-cli-5.4.16-42.el7.ppc64.rpm
php-common-5.4.16-42.el7.ppc64.rpm
php-debuginfo-5.4.16-42.el7.ppc64.rpm
php-gd-5.4.16-42.el7.ppc64.rpm
php-ldap-5.4.16-42.el7.ppc64.rpm
php-mysql-5.4.16-42.el7.ppc64.rpm
php-odbc-5.4.16-42.el7.ppc64.rpm
php-pdo-5.4.16-42.el7.ppc64.rpm
php-pgsql-5.4.16-42.el7.ppc64.rpm
php-process-5.4.16-42.el7.ppc64.rpm
php-recode-5.4.16-42.el7.ppc64.rpm
php-soap-5.4.16-42.el7.ppc64.rpm
php-xml-5.4.16-42.el7.ppc64.rpm
php-xmlrpc-5.4.16-42.el7.ppc64.rpm

ppc64le:
php-5.4.16-42.el7.ppc64le.rpm
php-cli-5.4.16-42.el7.ppc64le.rpm
php-common-5.4.16-42.el7.ppc64le.rpm
php-debuginfo-5.4.16-42.el7.ppc64le.rpm
php-gd-5.4.16-42.el7.ppc64le.rpm
php-ldap-5.4.16-42.el7.ppc64le.rpm
php-mysql-5.4.16-42.el7.ppc64le.rpm
php-odbc-5.4.16-42.el7.ppc64le.rpm
php-pdo-5.4.16-42.el7.ppc64le.rpm
php-pgsql-5.4.16-42.el7.ppc64le.rpm
php-process-5.4.16-42.el7.ppc64le.rpm
php-recode-5.4.16-42.el7.ppc64le.rpm
php-soap-5.4.16-42.el7.ppc64le.rpm
php-xml-5.4.16-42.el7.ppc64le.rpm
php-xmlrpc-5.4.16-42.el7.ppc64le.rpm

s390x:
php-5.4.16-42.el7.s390x.rpm
php-cli-5.4.16-42.el7.s390x.rpm
php-common-5.4.16-42.el7.s390x.rpm
php-debuginfo-5.4.16-42.el7.s390x.rpm
php-gd-5.4.16-42.el7.s390x.rpm
php-ldap-5.4.16-42.el7.s390x.rpm
php-mysql-5.4.16-42.el7.s390x.rpm
php-odbc-5.4.16-42.el7.s390x.rpm
php-pdo-5.4.16-42.el7.s390x.rpm
php-pgsql-5.4.16-42.el7.s390x.rpm
php-process-5.4.16-42.el7.s390x.rpm
php-recode-5.4.16-42.el7.s390x.rpm
php-soap-5.4.16-42.el7.s390x.rpm
php-xml-5.4.16-42.el7.s390x.rpm
php-xmlrpc-5.4.16-42.el7.s390x.rpm

x86_64:
php-5.4.16-42.el7.x86_64.rpm
php-cli-5.4.16-42.el7.x86_64.rpm
php-common-5.4.16-42.el7.x86_64.rpm
php-debuginfo-5.4.16-42.el7.x86_64.rpm
php-gd-5.4.16-42.el7.x86_64.rpm
php-ldap-5.4.16-42.el7.x86_64.rpm
php-mysql-5.4.16-42.el7.x86_64.rpm
php-odbc-5.4.16-42.el7.x86_64.rpm
php-pdo-5.4.16-42.el7.x86_64.rpm
php-pgsql-5.4.16-42.el7.x86_64.rpm
php-process-5.4.16-42.el7.x86_64.rpm
php-recode-5.4.16-42.el7.x86_64.rpm
php-soap-5.4.16-42.el7.x86_64.rpm
php-xml-5.4.16-42.el7.x86_64.rpm
php-xmlrpc-5.4.16-42.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

aarch64:
php-bcmath-5.4.16-42.el7.aarch64.rpm
php-dba-5.4.16-42.el7.aarch64.rpm
php-debuginfo-5.4.16-42.el7.aarch64.rpm
php-devel-5.4.16-42.el7.aarch64.rpm
php-embedded-5.4.16-42.el7.aarch64.rpm
php-enchant-5.4.16-42.el7.aarch64.rpm
php-fpm-5.4.16-42.el7.aarch64.rpm
php-intl-5.4.16-42.el7.aarch64.rpm
php-mbstring-5.4.16-42.el7.aarch64.rpm
php-mysqlnd-5.4.16-42.el7.aarch64.rpm
php-pspell-5.4.16-42.el7.aarch64.rpm
php-snmp-5.4.16-42.el7.aarch64.rpm

ppc64:
php-bcmath-5.4.16-42.el7.ppc64.rpm
php-dba-5.4.16-42.el7.ppc64.rpm
php-debuginfo-5.4.16-42.el7.ppc64.rpm
php-devel-5.4.16-42.el7.ppc64.rpm
php-embedded-5.4.16-42.el7.ppc64.rpm
php-enchant-5.4.16-42.el7.ppc64.rpm
php-fpm-5.4.16-42.el7.ppc64.rpm
php-intl-5.4.16-42.el7.ppc64.rpm
php-mbstring-5.4.16-42.el7.ppc64.rpm
php-mysqlnd-5.4.16-42.el7.ppc64.rpm
php-pspell-5.4.16-42.el7.ppc64.rpm
php-snmp-5.4.16-42.el7.ppc64.rpm

ppc64le:
php-bcmath-5.4.16-42.el7.ppc64le.rpm
php-dba-5.4.16-42.el7.ppc64le.rpm
php-debuginfo-5.4.16-42.el7.ppc64le.rpm
php-devel-5.4.16-42.el7.ppc64le.rpm
php-embedded-5.4.16-42.el7.ppc64le.rpm
php-enchant-5.4.16-42.el7.ppc64le.rpm
php-fpm-5.4.16-42.el7.ppc64le.rpm
php-intl-5.4.16-42.el7.ppc64le.rpm
php-mbstring-5.4.16-42.el7.ppc64le.rpm
php-mysqlnd-5.4.16-42.el7.ppc64le.rpm
php-pspell-5.4.16-42.el7.ppc64le.rpm
php-snmp-5.4.16-42.el7.ppc64le.rpm

s390x:
php-bcmath-5.4.16-42.el7.s390x.rpm
php-dba-5.4.16-42.el7.s390x.rpm
php-debuginfo-5.4.16-42.el7.s390x.rpm
php-devel-5.4.16-42.el7.s390x.rpm
php-embedded-5.4.16-42.el7.s390x.rpm
php-enchant-5.4.16-42.el7.s390x.rpm
php-fpm-5.4.16-42.el7.s390x.rpm
php-intl-5.4.16-42.el7.s390x.rpm
php-mbstring-5.4.16-42.el7.s390x.rpm
php-mysqlnd-5.4.16-42.el7.s390x.rpm
php-pspell-5.4.16-42.el7.s390x.rpm
php-snmp-5.4.16-42.el7.s390x.rpm

x86_64:
php-bcmath-5.4.16-42.el7.x86_64.rpm
php-dba-5.4.16-42.el7.x86_64.rpm
php-debuginfo-5.4.16-42.el7.x86_64.rpm
php-devel-5.4.16-42.el7.x86_64.rpm
php-embedded-5.4.16-42.el7.x86_64.rpm
php-enchant-5.4.16-42.el7.x86_64.rpm
php-fpm-5.4.16-42.el7.x86_64.rpm
php-intl-5.4.16-42.el7.x86_64.rpm
php-mbstring-5.4.16-42.el7.x86_64.rpm
php-mysqlnd-5.4.16-42.el7.x86_64.rpm
php-pspell-5.4.16-42.el7.x86_64.rpm
php-snmp-5.4.16-42.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
php-5.4.16-42.el7.src.rpm

x86_64:
php-5.4.16-42.el7.x86_64.rpm
php-cli-5.4.16-42.el7.x86_64.rpm
php-common-5.4.16-42.el7.x86_64.rpm
php-debuginfo-5.4.16-42.el7.x86_64.rpm
php-gd-5.4.16-42.el7.x86_64.rpm
php-ldap-5.4.16-42.el7.x86_64.rpm
php-mysql-5.4.16-42.el7.x86_64.rpm
php-odbc-5.4.16-42.el7.x86_64.rpm
php-pdo-5.4.16-42.el7.x86_64.rpm
php-pgsql-5.4.16-42.el7.x86_64.rpm
php-process-5.4.16-42.el7.x86_64.rpm
php-recode-5.4.16-42.el7.x86_64.rpm
php-soap-5.4.16-42.el7.x86_64.rpm
php-xml-5.4.16-42.el7.x86_64.rpm
php-xmlrpc-5.4.16-42.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
php-bcmath-5.4.16-42.el7.x86_64.rpm
php-dba-5.4.16-42.el7.x86_64.rpm
php-debuginfo-5.4.16-42.el7.x86_64.rpm
php-devel-5.4.16-42.el7.x86_64.rpm
php-embedded-5.4.16-42.el7.x86_64.rpm
php-enchant-5.4.16-42.el7.x86_64.rpm
php-fpm-5.4.16-42.el7.x86_64.rpm
php-intl-5.4.16-42.el7.x86_64.rpm
php-mbstring-5.4.16-42.el7.x86_64.rpm
php-mysqlnd-5.4.16-42.el7.x86_64.rpm
php-pspell-5.4.16-42.el7.x86_64.rpm
php-snmp-5.4.16-42.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2016-5399
https://access.redhat.com/security/cve/CVE-2016-5766
https://access.redhat.com/security/cve/CVE-2016-5767
https://access.redhat.com/security/cve/CVE-2016-5768
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFYGv0TXlSAg2UNWIIRAp5HAJ9klb3/2rtiS6x3SPaFdGuYWwxEegCfafaI
5XgUajtsAnxecqRTeRWw5H4=
=G7qP
-----END PGP SIGNATURE-----


--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close