Lucene search

K
amazonAmazonALAS-2017-788
HistoryJan 26, 2017 - 6:00 p.m.

Medium: php70

2017-01-2618:00:00
alas.aws.amazon.com
26

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.201

Percentile

96.4%

Issue Overview:

The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. (CVE-2016-7480)

Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing. (CVE-2016-9137)

Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. (CVE-2016-9933)

ext/wddx/wddx.c in PHP 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. (CVE-2016-9934)

The php_wddx_push_element function in ext/wddx/wddx.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. (CVE-2016-9935)

The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. This vulnerability exists because of an incomplete fix for CVE-2015-6834. (CVE-2016-9936)

Affected Packages:

php70

Issue Correction:
Run yum update php70 to update your system.

New Packages:

i686:  
    php70-pspell-7.0.14-1.20.amzn1.i686  
    php70-bcmath-7.0.14-1.20.amzn1.i686  
    php70-mbstring-7.0.14-1.20.amzn1.i686  
    php70-mysqlnd-7.0.14-1.20.amzn1.i686  
    php70-7.0.14-1.20.amzn1.i686  
    php70-mcrypt-7.0.14-1.20.amzn1.i686  
    php70-imap-7.0.14-1.20.amzn1.i686  
    php70-intl-7.0.14-1.20.amzn1.i686  
    php70-xmlrpc-7.0.14-1.20.amzn1.i686  
    php70-enchant-7.0.14-1.20.amzn1.i686  
    php70-debuginfo-7.0.14-1.20.amzn1.i686  
    php70-embedded-7.0.14-1.20.amzn1.i686  
    php70-zip-7.0.14-1.20.amzn1.i686  
    php70-dbg-7.0.14-1.20.amzn1.i686  
    php70-soap-7.0.14-1.20.amzn1.i686  
    php70-snmp-7.0.14-1.20.amzn1.i686  
    php70-common-7.0.14-1.20.amzn1.i686  
    php70-gd-7.0.14-1.20.amzn1.i686  
    php70-ldap-7.0.14-1.20.amzn1.i686  
    php70-gmp-7.0.14-1.20.amzn1.i686  
    php70-cli-7.0.14-1.20.amzn1.i686  
    php70-devel-7.0.14-1.20.amzn1.i686  
    php70-tidy-7.0.14-1.20.amzn1.i686  
    php70-xml-7.0.14-1.20.amzn1.i686  
    php70-pdo-7.0.14-1.20.amzn1.i686  
    php70-dba-7.0.14-1.20.amzn1.i686  
    php70-process-7.0.14-1.20.amzn1.i686  
    php70-recode-7.0.14-1.20.amzn1.i686  
    php70-pgsql-7.0.14-1.20.amzn1.i686  
    php70-pdo-dblib-7.0.14-1.20.amzn1.i686  
    php70-fpm-7.0.14-1.20.amzn1.i686  
    php70-opcache-7.0.14-1.20.amzn1.i686  
    php70-json-7.0.14-1.20.amzn1.i686  
    php70-odbc-7.0.14-1.20.amzn1.i686  
  
src:  
    php70-7.0.14-1.20.amzn1.src  
  
x86_64:  
    php70-embedded-7.0.14-1.20.amzn1.x86_64  
    php70-json-7.0.14-1.20.amzn1.x86_64  
    php70-pdo-dblib-7.0.14-1.20.amzn1.x86_64  
    php70-common-7.0.14-1.20.amzn1.x86_64  
    php70-intl-7.0.14-1.20.amzn1.x86_64  
    php70-cli-7.0.14-1.20.amzn1.x86_64  
    php70-soap-7.0.14-1.20.amzn1.x86_64  
    php70-pspell-7.0.14-1.20.amzn1.x86_64  
    php70-xmlrpc-7.0.14-1.20.amzn1.x86_64  
    php70-zip-7.0.14-1.20.amzn1.x86_64  
    php70-enchant-7.0.14-1.20.amzn1.x86_64  
    php70-gd-7.0.14-1.20.amzn1.x86_64  
    php70-mysqlnd-7.0.14-1.20.amzn1.x86_64  
    php70-imap-7.0.14-1.20.amzn1.x86_64  
    php70-recode-7.0.14-1.20.amzn1.x86_64  
    php70-mcrypt-7.0.14-1.20.amzn1.x86_64  
    php70-gmp-7.0.14-1.20.amzn1.x86_64  
    php70-mbstring-7.0.14-1.20.amzn1.x86_64  
    php70-xml-7.0.14-1.20.amzn1.x86_64  
    php70-pdo-7.0.14-1.20.amzn1.x86_64  
    php70-pgsql-7.0.14-1.20.amzn1.x86_64  
    php70-debuginfo-7.0.14-1.20.amzn1.x86_64  
    php70-dba-7.0.14-1.20.amzn1.x86_64  
    php70-process-7.0.14-1.20.amzn1.x86_64  
    php70-devel-7.0.14-1.20.amzn1.x86_64  
    php70-fpm-7.0.14-1.20.amzn1.x86_64  
    php70-ldap-7.0.14-1.20.amzn1.x86_64  
    php70-bcmath-7.0.14-1.20.amzn1.x86_64  
    php70-opcache-7.0.14-1.20.amzn1.x86_64  
    php70-snmp-7.0.14-1.20.amzn1.x86_64  
    php70-7.0.14-1.20.amzn1.x86_64  
    php70-odbc-7.0.14-1.20.amzn1.x86_64  
    php70-tidy-7.0.14-1.20.amzn1.x86_64  
    php70-dbg-7.0.14-1.20.amzn1.x86_64  

Additional References

Red Hat: CVE-2016-7480, CVE-2016-9137, CVE-2016-9933, CVE-2016-9934, CVE-2016-9935, CVE-2016-9936

Mitre: CVE-2016-7480, CVE-2016-9137, CVE-2016-9933, CVE-2016-9934, CVE-2016-9935, CVE-2016-9936

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.201

Percentile

96.4%