Synopsis
Moderate: php security update
Type/Severity
Security Advisory: Moderate
Topic
An update for php is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
Security Fix(es):
- A null pointer dereference flaw was found in libgd. An attacker could use a specially-crafted .gd2 file to cause an application linked with libgd to crash, leading to denial of service. (CVE-2016-10167)
- An integer overflow flaw, leading to a heap-based buffer overflow was found in the way libgd read some specially-crafted gd2 files. A remote attacker could use this flaw to crash an application compiled with libgd or in certain cases execute arbitrary code with the privileges of the user running that application. (CVE-2016-10168)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
Affected Products
-
Red Hat Enterprise Linux Server 7 x86_64
-
Red Hat Enterprise Linux Server - Extended Update Support 7.6 x86_64
-
Red Hat Enterprise Linux Server - Extended Update Support 7.5 x86_64
-
Red Hat Enterprise Linux Server - Extended Update Support 7.4 x86_64
-
Red Hat Enterprise Linux Server - AUS 7.6 x86_64
-
Red Hat Enterprise Linux Server - AUS 7.4 x86_64
-
Red Hat Enterprise Linux Workstation 7 x86_64
-
Red Hat Enterprise Linux Desktop 7 x86_64
-
Red Hat Enterprise Linux for IBM z Systems 7 s390x
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.6 s390x
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.5 s390x
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.4 s390x
-
Red Hat Enterprise Linux for Power, big endian 7 ppc64
-
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.6 ppc64
-
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.5 ppc64
-
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.4 ppc64
-
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
-
Red Hat Enterprise Linux EUS Compute Node 7.6 x86_64
-
Red Hat Enterprise Linux EUS Compute Node 7.5 x86_64
-
Red Hat Enterprise Linux EUS Compute Node 7.4 x86_64
-
Red Hat Enterprise Linux for Power, little endian 7 ppc64le
-
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6 ppc64le
-
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.5 ppc64le
-
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.4 ppc64le
-
Red Hat Enterprise Linux Server - TUS 7.6 x86_64
-
Red Hat Enterprise Linux Server - TUS 7.4 x86_64
-
Red Hat Enterprise Linux for ARM 64 7 aarch64
-
Red Hat Enterprise Linux for Power 9 7 ppc64le
-
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6 ppc64le
-
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.4 ppc64le
-
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6 x86_64
-
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.4 x86_64
Fixes
- BZ - 1418984 - CVE-2016-10167 gd: DoS vulnerability in gdImageCreateFromGd2Ctx()
- BZ - 1418986 - CVE-2016-10168 gd: Integer overflow in gd_io.c
CVEs
References