CLSA-2026-1779212665 php: Fix of 14 CVEs

CVE-2018-5711: fix infinite loop in gdImageCreateFromGifCtx - CVE-2018-5712: remove file name from phar stub error output XSS - CVE-2018-10545: do not set PRSETDUMPABLE in php-fpm workers by default - CVE-2018-10546: fail iconvmimedecode on invalid multibyte sequences - CVE-2018-10547: escape...

SUSE CVE-2018-5712

An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file...

Cross-site Scripting (XSS)

PHP is vulnerable to reflected XSS vulnerability. An attack can inject a malicious script on PHAR 403 and 404 error pages through request data of a request for a .phar file. It is possible due to an incomplete fix of CVE-2018-5712...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : PHP vulnerabilities (USN-3646-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3646-1 advisory. It was discovered that PHP incorrectly handled opcache access controls when configured to use PHP-FPM. A local user could possibl...

USN-3646-1 php5, php7.0, php7.1, php7.2 vulnerabilities

It was discovered that PHP incorrectly handled opcache access controls when configured to use PHP-FPM. A local user could possibly use this issue to obtain sensitive information from another user's PHP applications. CVE-2018-10545 It was discovered that the PHP iconv stream filter incorrect handl...

ALPINE-CVE-2018-10547

An issue was discovered in ext/phar/pharobject.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an...

EUVD-2018-2619

An issue was discovered in ext/phar/pharobject.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an...

UBUNTU-CVE-2018-10547

An issue was discovered in ext/phar/pharobject.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an...

USN-3600-1 php5, php7.0, php7.1 vulnerabilities

It was discovered that PHP incorrectly handled certain stream metadata. A remote attacker could possibly use this issue to set arbitrary metadata. This issue only affected Ubuntu 14.04 LTS. CVE-2016-10712 It was discovered that PHP incorrectly handled the PHAR 404 error page. A remote attacker...

USN-3566-1 php5 vulnerabilities

It was discovered that PHP incorrectly handled the PHAR 404 error page. A remote attacker could possibly use this issue to conduct cross-site scripting XSS attacks. CVE-2018-5712 It was discovered that PHP incorrectly handled memory when unserializing certain data. A remote attacker could use thi...

ALPINE-CVE-2018-5712

An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file...