php security update

ID CESA-2017:3221
Type centos
Reporter CentOS Project
Modified 2017-11-15T21:26:52


CentOS Errata and Security Advisory CESA-2017:3221

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

Security Fix(es):

  • A null pointer dereference flaw was found in libgd. An attacker could use a specially-crafted .gd2 file to cause an application linked with libgd to crash, leading to denial of service. (CVE-2016-10167)

  • An integer overflow flaw, leading to a heap-based buffer overflow was found in the way libgd read some specially-crafted gd2 files. A remote attacker could use this flaw to crash an application compiled with libgd or in certain cases execute arbitrary code with the privileges of the user running that application. (CVE-2016-10168)

Merged security bulletin from advisories:

Affected packages: php php-bcmath php-cli php-common php-dba php-devel php-embedded php-enchant php-fpm php-gd php-intl php-ldap php-mbstring php-mysql php-mysqlnd php-odbc php-pdo php-pgsql php-process php-pspell php-recode php-snmp php-soap php-xml php-xmlrpc

Upstream details at: