Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2018-136-02
HistoryMay 17, 2018 - 4:21 a.m.

[slackware-security] php

2018-05-1704:21:18
Slackware Linux Project
www.slackware.com
76

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.921 High

EPSS

Percentile

98.9%

JSON

New php packages are available for Slackware 14.0, 14.1, and 14.2 to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:

patches/packages/php-5.6.36-i586-1_slack14.2.txz: Upgraded.
This fixes many bugs, including some security issues:
Heap Buffer Overflow (READ: 1786) in exif_iif_add_value
stream filter convert.iconv leads to infinite loop on invalid sequence
Malicious LDAP-Server Response causes crash
fix for CVE-2018-5712 may not be complete
For more information, see:
https://vulners.com/cve/CVE-2018-10549
https://vulners.com/cve/CVE-2018-10546
https://vulners.com/cve/CVE-2018-10548
https://vulners.com/cve/CVE-2018-10547
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.6.36-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.6.36-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.6.36-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.6.36-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/php-5.6.36-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/php-5.6.36-x86_64-1_slack14.2.txz

MD5 signatures:

Slackware 14.0 package:
4daf072adf746379ffa6062a44deba83 php-5.6.36-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
50275f93ed5f4c41bffd4829b9a34511 php-5.6.36-x86_64-1_slack14.0.txz

Slackware 14.1 package:
4de2f669fad7c183650ae48baf5bf1cf php-5.6.36-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
fd66a7ab788c9200bf9a3eb16649c4f9 php-5.6.36-x86_64-1_slack14.1.txz

Slackware 14.2 package:
e0b2e7c338595c6ef1d2b5da26cfafbf php-5.6.36-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
a3f8e64ee8d2c2e45f41166a923190ca php-5.6.36-x86_64-1_slack14.2.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg php-5.6.36-i586-1_slack14.2.txz

Then, restart Apache httpd:
> /etc/rc.d/rc.httpd stop
> /etc/rc.d/rc.httpd start

Related

fedora 3
nessus 53
openvas 42
amazon 2
mageia 1
ubuntu 5
debian 4
ibm 4
osv 11
suse 4
debiancve 5
f5 5
ubuntucve 5
redhatcve 5
prion 5
alpinelinux 5
cve 5
veracode 6
gentoo 1
centos 1
redhat 3
checkpoint_advisories 1
hackerone 2
oraclelinux 1
slackware 1
rosalinux 1
cloudlinux 1
oracle 1
fedora
fedora
[SECURITY] Fedora 26 Update: php-7.1.17-1.fc26
2018-05-03 15:23:45
[SECURITY] Fedora 27 Update: php-7.1.17-1.fc27
2018-05-04 08:20:24
[SECURITY] Fedora 28 Update: php-7.2.5-1.fc28
2018-05-03 15:27:57
nessus
nessus
Fedora 26 : php (2018-6071a600e8)
2018-05-04 00:00:00
Fedora 28 : php (2018-ee6707d519)
2019-01-03 00:00:00
Amazon Linux AMI : php56 / php70,php71 (ALAS-2018-1019)
2018-05-11 00:00:00
openvas
openvas
PHP Multiple Vulnerabilities (May 2018) - Linux
2018-05-02 00:00:00
PHP Multiple Vulnerabilities (May 2018) - Windows
2018-05-02 00:00:00
Slackware: Security Advisory (SSA:2018-136-02)
2022-04-21 00:00:00
amazon
amazon
Medium: php56, php70, php71
2018-05-10 18:23:00
Medium: php56, php70, php71
2018-02-07 17:10:00
mageia
mageia
Updated php packages fix security vulnerabilities
2018-05-04 20:29:33
ubuntu
ubuntu
PHP vulnerabilities
2018-05-14 00:00:00
PHP vulnerabilities
2018-05-16 00:00:00
PHP vulnerabilities
2018-05-15 00:00:00
debian
debian
[SECURITY] [DLA 1397-1] php5 security update
2018-06-26 18:41:29
[SECURITY] [DSA 4240-1] php7.0 security update
2018-07-05 20:34:23
[SECURITY] [DLA 1373-1] php5 security update
2018-05-09 19:09:30
ibm
ibm
Security Bulletin: API Connect Developer Portal is affected by multiple PHP vulnerabilities
2018-08-01 13:05:47
Security Bulletin: Vulnerabilities in PHP affect IBM BladeCenter Advanced Management Module (AMM)
2018-10-03 18:00:01
Security Bulletin: IBM API Connect Developer Portal is impacted by PHP vulnerabilities (CVE-2018-10548, CVE-2018-10546)
2018-06-23 02:54:18
osv
osv
php7.0 - security update
2018-07-05 00:00:00
php5 - security update
2018-06-26 00:00:00
CVE-2018-10547
2018-04-29 21:29:00
suse
suse
Security update for php7 (important)
2018-05-11 00:11:52
Security update for php5 (important)
2018-05-17 00:10:37
Security update for php7 (important)
2018-05-09 15:08:34
debiancve
debiancve
CVE-2018-10547
2018-04-29 21:29:00
CVE-2018-10549
2018-04-29 21:29:00
CVE-2018-10546
2018-04-29 21:29:00
f5
f5
K61561040 : PHP vulnerability CVE-2018-10547
2018-05-07 00:00:00
K13060403 : PHP vulnerability CVE-2018-10548
2018-05-10 00:00:00
K48355112 : PHP vulnerability CVE-2018-10549
2018-05-07 00:00:00
ubuntucve
ubuntucve
CVE-2018-10547
2018-04-29 00:00:00
CVE-2018-10549
2018-04-29 00:00:00
CVE-2018-10546
2018-04-29 00:00:00
redhatcve
redhatcve
CVE-2018-10547
2018-05-02 10:29:35
CVE-2018-10549
2020-01-18 09:23:57
CVE-2018-10546
2020-01-24 16:00:26
prion
prion
Design/Logic Flaw
2018-04-29 21:29:00
Design/Logic Flaw
2018-04-29 21:29:00
Design/Logic Flaw
2018-04-29 21:29:00
alpinelinux
alpinelinux
CVE-2018-10547
2018-04-29 21:29:00
CVE-2018-10549
2018-04-29 21:29:00
CVE-2018-10546
2018-04-29 21:29:00
cve
cve
CVE-2018-10547
2018-04-29 21:29:00
CVE-2018-10549
2018-04-29 21:29:00
CVE-2018-10546
2018-04-29 21:29:00
veracode
veracode
Cross-site Scripting (XSS)
2019-08-20 00:10:41
Denial Of Service (DoS)
2019-08-20 00:10:41
Out-of-bounds Read
2019-08-20 00:10:41
gentoo
gentoo
PHP: Multiple vulnerabilities
2018-12-02 00:00:00
centos
centos
php security update
2020-04-08 19:04:38
redhat
redhat
(RHSA-2020:1112) Moderate: php security update
2020-03-31 09:20:14
(RHSA-2019:2519) Moderate: rh-php71-php security, bug fix, and enhancement update
2019-08-19 08:09:18
(RHSA-2018:1296) Moderate: rh-php70-php security, bug fix, and enhancement update
2018-05-03 03:21:11
checkpoint_advisories
checkpoint_advisories
PHP LDAP ldap_get_dn Denial of Service (CVE-2018-10548)
2019-11-04 00:00:00
hackerone
hackerone
Internet Bug Bounty: Heap Buffer Overflow (READ: 1786) in exif_iif_add_value
2018-04-27 16:12:39
Internet Bug Bounty: DOS in stream filters
2019-03-05 16:55:38
oraclelinux
oraclelinux
php security update
2020-04-06 00:00:00
slackware
slackware
[slackware-security] php
2018-02-04 07:16:29
rosalinux
rosalinux
Advisory ROSA-SA-2021-1950
2021-07-02 17:57:45
cloudlinux
cloudlinux
Fix of 227 CVE
2020-10-15 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2020
2020-04-14 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.921 High

EPSS

Percentile

98.9%

JSON
Related for SSA-2018-136-02
fedora3nessus53openvas42amazon2mageia1ubuntu5debian4ibm4osv11suse4debiancve5f55ubuntucve5redhatcve5prion5alpinelinux5cve5veracode6gentoo1centos1redhat3checkpoint_advisories1hackerone2oraclelinux1slackware1rosalinux1cloudlinux1oracle1