CentOS Errata and Security Advisory CESA-2017:3221
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
A null pointer dereference flaw was found in libgd. An attacker could use a specially-crafted .gd2 file to cause an application linked with libgd to crash, leading to denial of service. (CVE-2016-10167)
An integer overflow flaw, leading to a heap-based buffer overflow was found in the way libgd read some specially-crafted gd2 files. A remote attacker could use this flaw to crash an application compiled with libgd or in certain cases execute arbitrary code with the privileges of the user running that application. (CVE-2016-10168)
Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2017-November/022613.html
Affected packages: php php-bcmath php-cli php-common php-dba php-devel php-embedded php-enchant php-fpm php-gd php-intl php-ldap php-mbstring php-mysql php-mysqlnd php-odbc php-pdo php-pgsql php-process php-pspell php-recode php-snmp php-soap php-xml php-xmlrpc
Upstream details at: