php: Out-of-bound read in timelib_meridian()

In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelibmeridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parsedate.c...

CVE-2018-10545

An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpmunix.c makes a PRSETDUMPABLE prctl call, allowing one user in a multiuser environment to obtain sensitive...

CVE-2018-10548

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service NULL pointer dereference and application crash because of mishandling of the ldapgetdn return value...

CVE-2018-10549

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exifreaddata in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exifiifaddvalue mishandles the case of a MakerNote that lacks a final '\0' character...

CVE-2018-10545

An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpmunix.c makes a PRSETDUMPABLE prctl call, allowing one user in a multiuser environment to obtain sensitive...

CVE-2016-10712

In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of streamgetmetadata can be controlled if the input can be controlled e.g., during file uploads. For example, a "$uri = streamgetmetadatafopen$file, "r"'uri'" call mishandles the case where $file is...

CVE-2016-10712

In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of streamgetmetadata can be controlled if the input can be controlled e.g., during file uploads. For example, a "$uri = streamgetmetadatafopen$file, "r"'uri'" call mishandles the case where $file is...

MGASA-2018-0085 Updated php & libgd packages fix security vulnerabilities

Potential infinite loop in gdImageCreateFromGifCtx php75571. Reflected XSS in .phar 404 page php74782...

Debian: Security Advisory (DLA-875-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

pcc - PHP Secure Configuration Checker

Check current PHP configuration for potential security flaws. Simply access this file from your webserver or run on CLI. Author This software was written by Ben Fuhrmannek, SektionEins GmbH, in an effort to automate php.ini checks and spend more time on cheerful tasks. Idea one single file for ea...

CVE-2017-11628

CVE-2017-11628: A stack-based buffer overflow in Zend/zend_ini_parser.c (zend_ini_do_op) in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 can cause DoS or code execution when untrusted input is passed to parse_ini_string/parse_ini_file. Public advisories reference this in unpatch...

CVE-2016-10158

Removed by vendor...

PHP 7.1.0 / 5.6.29 missing null byte checks for paths in exif_imagetype Vulnerability

Exploit for php platform in category dos / poc Description: ------------ exifimagetype doesn’t ensure that pathnames lack NULL byte, which might allow attacker to manipulate the file path. =============================================== Affected code: PHPFUNCTIONexifimagetype char imagefile; size...

Swift Mailer PwnScriptum Command Injection

Added: 01/17/2017 BID: 95140 Background Swift Mailer is a component-based library used for sending email from PHP. It is used by many PHP programming frameworks, e.g., Yii2, Laraval, and Symfony. Problem Swift Mailer library mail transport SwiftTransportMailTransport is vulnerable to command...

SUSE-SU-2017:0017-1 Security update for php7

This update for php7 fixes the following issues: CVE-2016-9933 Possible stack overflow on truecolor images handling bsc1015187 CVE-2016-9934 Dereference from NULL pointer could lead to crash bsc1015188 CVE-2016-9935 Invalid read could lead to crash bsc1015189 CVE-2016-9936 Use After free in the...

Debian DLA-749-1 : php5 security update (httpoxy)

CVE-2016-5385 PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's...

php security and bug fix update

5.4.16-42 - bz2: fix improper error handling in bzread CVE-2016-5399 5.4.16-41 - gd: fix integer overflow in gd2GetHeader resulting in heap overflow CVE-2016-5766 - gd: fix integer overflow in gdImagePaletteToTrueColor resulting in heap overflow CVE-2016-5767 - mbstring: fix double free in...

CVE-2016-9138

PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::toString with DateInterval::wakeup...

Internet Bug Bounty: imagecropauto out-of-bounds access

Upstream Bug --- https://bugs.php.net/bug.php?id=72494 Summary --- imagecropauto on IMGCROPTHRESHOLD mode causes arbitrary read access and possible leak of information. The function imagecropauto doesn't check valid colors for non-truecolor images. This causes that gdImageRed/Green/Blue/Alpha...

SUSE-SU-2016:2477-2 Security update for php5

This update for php5 fixes the following security issues: CVE-2016-7411: php5: Memory corruption when destructing deserialized object CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNEDFLAG in BIT field CVE-2016-7413: Use after free in wddxdeserialize CVE-2016-7414: Out of bounds...