RHSA-2018:1296 Red Hat Security Advisory: rh-php70-php security, bug fix, and enhancement update

Bulletin has no description...

Amazon Linux AMI : php70-pecl-imagick (ALAS-2023-1813)

The version of php70-pecl-imagick installed on the remote host is prior to 3.4.4-1.7. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1813 advisory. ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c...

Amazon Linux AMI : php70-pecl-memcached (ALAS-2023-1673)

The version of php70-pecl-memcached installed on the remote host is prior to 3.2.0-1.3. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1673 advisory. PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection...

Amazon Linux AMI : php54-pecl-imagick / php55-pecl-imagick,php56-pecl-imagick,php70-pecl-imagick,php71-pecl-imagick,php72-pecl-imagick (ALAS-2019-1237)

In PHP imagick extension, writing to an array of values in ImagickKernel::fromMatrix function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party. CVE-2019-11037 C...

Amazon Linux AMI : php56 / php70,php71 (ALAS-2018-1066)

exifprocessIFDinMAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, and 7.1.x before 7.1.20, allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted JPEG file.CVE-2018-14851 An issue was discovered in PHP before 5.6.37, 7.0.x...

Amazon Linux AMI : php56 / php70,php71 (ALAS-2017-924)

pcre: heap buffer overflow in handling of duplicate named groups 8.39/14 The pcrecompile2 function in pcrecompile.c mishandles a specific type of pattern with named subgroups, which allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other...

Important: php56, php70, php71

Issue Overview: pcre: heap buffer overflow in handling of duplicate named groups 8.39/14 The pcrecompile2 function in pcrecompile.c mishandles the /?:F?+?:^?Ra+\"99-?J?'R'?'R'?'RR'?'R'\\97?J?J?'R'?'R'\\99|:?|?'R'\\k'R'|?'R'H'R'RH'R/ pattern and related patterns with named subgroups, which...

Amazon Linux AMI : php70 (ALAS-2017-867)

Out-of-bounds heap write in bitsetsetrange : An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitsetsetrange during regular expression compilation due to an uninitialized variable fro...

Amazon Linux AMI : php70 (ALAS-2017-812)

Integer overflow in gdio.c in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image. CVE-2016-10168 In all versions of PHP 7, during the unserialization process, resizing the...

Amazon Linux AMI : php70 (ALAS-2017-788)

The SplObjectStorage unserialize implementation in ext/spl/splobserver.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service uninitialized memory access via crafted serialized data. CVE-2016-7480...

Amazon Linux: Security Advisory (ALAS-2016-754)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux AMI : php70 (ALAS-2016-754)

ext/mysqlnd/mysqlndwireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNEDFLAG flag, which allows remote MySQL servers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted field metadata...

Medium: php70

Issue Overview: ext/mysqlnd/mysqlndwireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNEDFLAG flag, which allows remote MySQL servers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted...