CVE-2016-7417

Synopsis Moderate: rh-php70-php security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-php70-php is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabilit ...

Several security issues were fixed in PHP ...

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development The vulnerabilities are addressed by upgrading PHP to the new upstream version 5626, which includes additional bug fixes Please refer to the upstream changelog for more information: phpnet/ChangeLog-5php#562 ...

ext/mysqlnd/mysqlnd_wireprotocolc in PHP before 5626 and 7x before 7011 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata (CVE-2016-7412) Use-after-free vulnerability in t ...

ext/standard/var_unserializerre in PHP before 5626 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object (CVE-2016-7411) ext/mysqlnd/mysqlnd_wireprotocolc in PHP b ...

ext/spl/spl_arrayc in PHP before 5626 and 7x before 7011 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data ...

SecurityCenter has recently been discovered to have several vulnerabilities Two were reported by external parties while the rest were discovered during internal testing Note that the library vulnerabilities were not fully diagnosed so SecurityCenter may or may not be impacted Tenable opted to upgrade the libraries as it was more efficient Detai ...