(RHSA-2017:3221) Moderate: php security update

2017-11-15T09:10:03
ID RHSA-2017:3221
Type redhat
Reporter RedHat
Modified 2018-04-12T03:33:33

Description

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

Security Fix(es):

  • A null pointer dereference flaw was found in libgd. An attacker could use a specially-crafted .gd2 file to cause an application linked with libgd to crash, leading to denial of service. (CVE-2016-10167)

  • An integer overflow flaw, leading to a heap-based buffer overflow was found in the way libgd read some specially-crafted gd2 files. A remote attacker could use this flaw to crash an application compiled with libgd or in certain cases execute arbitrary code with the privileges of the user running that application. (CVE-2016-10168)