RHEL 6 / 7 : rh-php70-php (RHSA-2018:1296)

critical Nessus Plugin ID 194027

Language:

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1296 advisory.

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

The following packages have been upgraded to a later upstream version: rh-php70-php (7.0.27). (BZ#1518843)

Security Fix(es):

* php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field (CVE-2016-7412)

* php: Use after free in wddx_deserialize (CVE-2016-7413)

* php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile (CVE-2016-7414)

* php: Stack based buffer overflow in msgfmt_format_message (CVE-2016-7416)

* php: Missing type check when unserializing SplArray (CVE-2016-7417)

* php: Null pointer dereference in php_wddx_push_element (CVE-2016-7418)

* php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object (CVE-2016-7479)

* php: Invalid read when wddx decodes empty boolean element (CVE-2016-9935)

* php: Use After Free in unserialize() (CVE-2016-9936)

* php: Wrong calculation in exif_convert_any_to_int function (CVE-2016-10158)

* php: Integer overflow in phar_parse_pharfile (CVE-2016-10159)

* php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive (CVE-2016-10160)

* php: Out-of-bounds heap read on unserialize in finish_nested_data() (CVE-2016-10161)

* php: Null pointer dereference when unserializing PHP object (CVE-2016-10162)

* gd: DoS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167)

* gd: Integer overflow in gd_io.c (CVE-2016-10168)

* php: Use of uninitialized memory in unserialize() (CVE-2017-5340)

* php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function (CVE-2017-7890)

* oniguruma: Out-of-bounds stack read in match_at() during regular expression searching (CVE-2017-9224)

* oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation (CVE-2017-9226)

* oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching (CVE-2017-9227)

* oniguruma: Out-of-bounds heap write in bitset_set_range() (CVE-2017-9228)

* oniguruma: Invalid pointer dereference in left_adjust_char_head() (CVE-2017-9229)

* php: Incorrect WDDX deserialization of boolean parameters leads to DoS (CVE-2017-11143)

* php: Incorrect return value check of OpenSSL sealing function leads to crash (CVE-2017-11144)

* php: Out-of-bounds read in phar_parse_pharfile (CVE-2017-11147)

* php: Stack-based buffer over-read in msgfmt_parse_message function (CVE-2017-11362)

* php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c (CVE-2017-11628)

* php: heap use after free in ext/standard/var_unserializer.re (CVE-2017-12932)

* php: heap use after free in ext/standard/var_unserializer.re (CVE-2017-12934)

* php: reflected XSS in .phar 404 page (CVE-2018-5712)

* php, gd: Stack overflow in gdImageFillToBorder on truecolor images (CVE-2016-9933)

* php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow (CVE-2016-9934)

* php: wddx_deserialize() heap out-of-bound read via php_parse_date() (CVE-2017-11145)

* php: buffer over-read in finish_nested_data function (CVE-2017-12933)

* php: Out-of-bound read in timelib_meridian() (CVE-2017-16642)

* php: Denial of Service (DoS) via infinite loop in libgd gdImageCreateFromGifCtx function in ext/gd/libgd/gd_gif_in.c (CVE-2018-5711)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For details, see the Red Hat Software Collections 3.1 Release Notes linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Plugin Details

Severity: Critical

ID: 194027

File Name: redhat-RHSA-2018-1296.nasl

Version: 1.1

Type: local

Agent: unix

Family: Red Hat Local Security Checks

Published: 4/27/2024

Updated: 4/15/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2017-9228

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:rh-php70-php-enchant, p-cpe:/a:redhat:enterprise_linux:rh-php70-php-gmp, p-cpe:/a:redhat:enterprise_linux:rh-php70-php-xmlrpc, p-cpe:/a:redhat:enterprise_linux:rh-php70-php-json, p-cpe:/a:redhat:enterprise_linux:rh-php70-php-cli, cpe:/o:redhat:enterprise_linux:6, p-cpe:/a:redhat:enterprise_linux:rh-php70-php-mysqlnd, p-cpe:/a:redhat:enterprise_linux:rh-php70-php-embedded, p-cpe:/a:redhat:enterprise_linux:rh-php70-php-gd, p-cpe:/a:redhat:enterprise_linux:rh-php70-php-bcmath, p-cpe:/a:redhat:enterprise_linux:rh-php70-php-intl, p-cpe:/a:redhat:enterprise_linux:rh-php70-php, p-cpe:/a:redhat:enterprise_linux:rh-php70-php-opcache, p-cpe:/a:redhat:enterprise_linux:rh-php70-php-pdo, p-cpe:/a:redhat:enterprise_linux:rh-php70-php-ldap, p-cpe:/a:redhat:enterprise_linux:rh-php70-php-mbstring, p-cpe:/a:redhat:enterprise_linux:rh-php70-php-dba, p-cpe:/a:redhat:enterprise_linux:rh-php70-php-dbg, p-cpe:/a:redhat:enterprise_linux:rh-php70-php-tidy, p-cpe:/a:redhat:enterprise_linux:rh-php70-php-pgsql, p-cpe:/a:redhat:enterprise_linux:rh-php70-php-process, p-cpe:/a:redhat:enterprise_linux:rh-php70-php-odbc, p-cpe:/a:redhat:enterprise_linux:rh-php70-php-pspell, p-cpe:/a:redhat:enterprise_linux:rh-php70-php-xml, p-cpe:/a:redhat:enterprise_linux:rh-php70-php-fpm, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:rh-php70-php-recode, p-cpe:/a:redhat:enterprise_linux:rh-php70-php-devel, p-cpe:/a:redhat:enterprise_linux:rh-php70-php-snmp, p-cpe:/a:redhat:enterprise_linux:rh-php70-php-imap, p-cpe:/a:redhat:enterprise_linux:rh-php70-php-soap, p-cpe:/a:redhat:enterprise_linux:rh-php70-php-common, p-cpe:/a:redhat:enterprise_linux:rh-php70-php-zip

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/3/2018

Vulnerability Publication Date: 8/16/2016

Reference Information

CVE: CVE-2016-10158, CVE-2016-10159, CVE-2016-10160, CVE-2016-10161, CVE-2016-10162, CVE-2016-10167, CVE-2016-10168, CVE-2016-7412, CVE-2016-7413, CVE-2016-7414, CVE-2016-7416, CVE-2016-7417, CVE-2016-7418, CVE-2016-7479, CVE-2016-9933, CVE-2016-9934, CVE-2016-9935, CVE-2016-9936, CVE-2017-11143, CVE-2017-11144, CVE-2017-11145, CVE-2017-11147, CVE-2017-11362, CVE-2017-11628, CVE-2017-12932, CVE-2017-12933, CVE-2017-12934, CVE-2017-16642, CVE-2017-5340, CVE-2017-7890, CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229, CVE-2018-5711, CVE-2018-5712

CWE: 119, 121, 122, 125, 190, 193, 20, 252, 253, 416, 456, 476, 682, 787, 835

RHSA: 2018:1296

Detections

Analytics