[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 818-1] php5 security update



Package        : php5
Version        : 5.4.45-0+deb7u7
CVE ID         : CVE-2016-2554 CVE-2016-3141 CVE-2016-3142 CVE-2016-4342 
                 CVE-2016-9934 CVE-2016-9935 CVE-2016-10158 CVE-2016-10159 
                 CVE-2016-10160 CVE-2016-10161
PHP-Bugs       : 71323 70979 71039 71459 71391 71335


Several issues have been discovered in PHP (recursive acronym for PHP:
Hypertext Preprocessor), a widely-used open source general-purpose
scripting language that is especially suited for web development and can
be embedded into HTML.

  * CVE-2016-2554
    Stack-based buffer overflow in ext/phar/tar.c allows remote
    attackers to cause a denial of service (application crash) or
    possibly have unspecified other impact via a crafted TAR archive.
  * CVE-2016-3141
    Use-after-free vulnerability in wddx.c in the WDDX extension allows
    remote attackers to cause a denial of service (memory corruption and
    application crash) or possibly have unspecified other impact by
    triggering a wddx_deserialize call on XML data containing a crafted
    var element.
  * CVE-2016-3142
    The phar_parse_zipfile function in zip.c in the PHAR extension in
    PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to
    obtain sensitive information from process memory or cause a denial
    of service (out-of-bounds read and application crash) by placing a
    PK\x05\x06 signature at an invalid location.
  * CVE-2016-4342
    ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18,
    and 7.x before 7.0.3 mishandles zero-length uncompressed data, which
    allows remote attackers to cause a denial of service (heap memory
    corruption) or possibly have unspecified other impact via a crafted
    (1) TAR, (2) ZIP, or (3) PHAR archive.
  * CVE-2016-9934
    ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows
    remote attackers to cause a denial of service (NULL pointer
    dereference) via crafted serialized data in a wddxPacket XML
    document, as demonstrated by a PDORow string.
  * CVE-2016-9935
    The php_wddx_push_element function in ext/wddx/wddx.c in PHP before
    5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a
    denial of service (out-of-bounds read and memory corruption) or
    possibly have unspecified other impact via an empty boolean element
    in a wddxPacket XML document.
  * CVE-2016-10158
    The exif_convert_any_to_int function in ext/exif/exif.c in PHP
    before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows
    remote attackers to cause a denial of service (application crash)
    via crafted EXIF data that triggers an attempt to divide the minimum
    representable negative integer by -1.
  * CVE-2016-10159
    Integer overflow in the phar_parse_pharfile function in
    ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows
    remote attackers to cause a denial of service (memory consumption or
    application crash) via a truncated manifest entry in a PHAR archive.
  * CVE-2016-10160
    Off-by-one error in the phar_parse_pharfile function in
    ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows
    remote attackers to cause a denial of service (memory corruption) or
    possibly execute arbitrary code via a crafted PHAR archive with an
    alias mismatch.
  * CVE-2016-10161
    The object_common1 function in ext/standard/var_unserializer.c in
    PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1
    allows remote attackers to cause a denial of service (buffer
    over-read and application crash) via crafted serialized data that is
    mishandled in a finish_nested_data call.
  * BUG-71323.patch
    Output of stream_get_meta_data can be falsified by its input
  * BUG-70979.patch
    Crash on bad SOAP request
  * BUG-71039.patch
    exec functions ignore length but look for NULL termination
  * BUG-71459.patch
    Integer overflow in iptcembed()
  * BUG-71391.patch
    NULL Pointer Dereference in phar_tar_setupmetadata()
  * BUG-71335.patch
    Type confusion vulnerability in WDDX packet deserialization


For Debian 7 "Wheezy", these problems have been fixed in version
5.4.45-0+deb7u7.

We recommend that you upgrade your php5 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Attachment: signature.asc
Description: Digital signature


Reply to: