Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS-2016-754

Related Vulnerabilities: CVE-2016-7412   CVE-2016-7413   CVE-2016-7414   CVE-2016-7416   CVE-2016-7417   CVE-2016-7418  

ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata (CVE-2016-7412). Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call (CVE-2016-7413). The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c (CVE-2016-7414). ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument (CVE-2016-7416). ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data (CVE-2016-7417). The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call (CVE-2016-7418).

Source

ALAS-2016-754

Amazon Linux AMI Security Advisory: ALAS-2016-754
Advisory Release Date: 2016-10-12 17:00 Pacific
Advisory Updated Date: 2016-10-12 17:00 Pacific
Severity: Medium
Issue Overview:

ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata (CVE-2016-7412).

Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call (CVE-2016-7413).

The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c (CVE-2016-7414).

ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument (CVE-2016-7416).

ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data (CVE-2016-7417).

The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call (CVE-2016-7418).


Affected Packages:

php70


Issue Correction:
Run yum update php70 to update your system.

New Packages:
i686:
    php70-enchant-7.0.11-1.16.amzn1.i686
    php70-bcmath-7.0.11-1.16.amzn1.i686
    php70-process-7.0.11-1.16.amzn1.i686
    php70-intl-7.0.11-1.16.amzn1.i686
    php70-gmp-7.0.11-1.16.amzn1.i686
    php70-soap-7.0.11-1.16.amzn1.i686
    php70-xml-7.0.11-1.16.amzn1.i686
    php70-mbstring-7.0.11-1.16.amzn1.i686
    php70-mcrypt-7.0.11-1.16.amzn1.i686
    php70-json-7.0.11-1.16.amzn1.i686
    php70-gd-7.0.11-1.16.amzn1.i686
    php70-recode-7.0.11-1.16.amzn1.i686
    php70-snmp-7.0.11-1.16.amzn1.i686
    php70-imap-7.0.11-1.16.amzn1.i686
    php70-ldap-7.0.11-1.16.amzn1.i686
    php70-tidy-7.0.11-1.16.amzn1.i686
    php70-cli-7.0.11-1.16.amzn1.i686
    php70-odbc-7.0.11-1.16.amzn1.i686
    php70-zip-7.0.11-1.16.amzn1.i686
    php70-common-7.0.11-1.16.amzn1.i686
    php70-embedded-7.0.11-1.16.amzn1.i686
    php70-pdo-dblib-7.0.11-1.16.amzn1.i686
    php70-fpm-7.0.11-1.16.amzn1.i686
    php70-pdo-7.0.11-1.16.amzn1.i686
    php70-devel-7.0.11-1.16.amzn1.i686
    php70-7.0.11-1.16.amzn1.i686
    php70-mysqlnd-7.0.11-1.16.amzn1.i686
    php70-dba-7.0.11-1.16.amzn1.i686
    php70-xmlrpc-7.0.11-1.16.amzn1.i686
    php70-dbg-7.0.11-1.16.amzn1.i686
    php70-pgsql-7.0.11-1.16.amzn1.i686
    php70-pspell-7.0.11-1.16.amzn1.i686
    php70-opcache-7.0.11-1.16.amzn1.i686
    php70-debuginfo-7.0.11-1.16.amzn1.i686

src:
    php70-7.0.11-1.16.amzn1.src

x86_64:
    php70-tidy-7.0.11-1.16.amzn1.x86_64
    php70-imap-7.0.11-1.16.amzn1.x86_64
    php70-pspell-7.0.11-1.16.amzn1.x86_64
    php70-mbstring-7.0.11-1.16.amzn1.x86_64
    php70-intl-7.0.11-1.16.amzn1.x86_64
    php70-dba-7.0.11-1.16.amzn1.x86_64
    php70-embedded-7.0.11-1.16.amzn1.x86_64
    php70-mysqlnd-7.0.11-1.16.amzn1.x86_64
    php70-soap-7.0.11-1.16.amzn1.x86_64
    php70-zip-7.0.11-1.16.amzn1.x86_64
    php70-opcache-7.0.11-1.16.amzn1.x86_64
    php70-gmp-7.0.11-1.16.amzn1.x86_64
    php70-pdo-7.0.11-1.16.amzn1.x86_64
    php70-fpm-7.0.11-1.16.amzn1.x86_64
    php70-snmp-7.0.11-1.16.amzn1.x86_64
    php70-common-7.0.11-1.16.amzn1.x86_64
    php70-mcrypt-7.0.11-1.16.amzn1.x86_64
    php70-pgsql-7.0.11-1.16.amzn1.x86_64
    php70-enchant-7.0.11-1.16.amzn1.x86_64
    php70-recode-7.0.11-1.16.amzn1.x86_64
    php70-odbc-7.0.11-1.16.amzn1.x86_64
    php70-json-7.0.11-1.16.amzn1.x86_64
    php70-cli-7.0.11-1.16.amzn1.x86_64
    php70-xmlrpc-7.0.11-1.16.amzn1.x86_64
    php70-ldap-7.0.11-1.16.amzn1.x86_64
    php70-pdo-dblib-7.0.11-1.16.amzn1.x86_64
    php70-7.0.11-1.16.amzn1.x86_64
    php70-devel-7.0.11-1.16.amzn1.x86_64
    php70-process-7.0.11-1.16.amzn1.x86_64
    php70-debuginfo-7.0.11-1.16.amzn1.x86_64
    php70-dbg-7.0.11-1.16.amzn1.x86_64
    php70-bcmath-7.0.11-1.16.amzn1.x86_64
    php70-gd-7.0.11-1.16.amzn1.x86_64
    php70-xml-7.0.11-1.16.amzn1.x86_64

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started