VARIoT IoT vulnerabilities database
| VAR-201604-0147 | CVE-2015-7921 | plural Pro-face GP-Pro EX Product FTP Vulnerability that prevents authentication on the server |
CVSS V2: 6.4 CVSS V3: 9.1 Severity: CRITICAL |
The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these credentials. Pro-face GP-Pro EX is a set of HMI screen editing and logic programming software
| VAR-201704-0308 | CVE-2016-1560 | ExaGrid Vulnerabilities that can gain management access in appliance firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session. ExaGrid is prone to multiple unauthorized-access vulnerabilities.
Successfully exploiting these issues may allow an attacker to gain unauthorized access, obtain sensitive information and perform unauthorized actions; This may lead to other attacks. ExaGrid is a backup and recovery storage device based on the Linux platform of ExaGrid Company of the United States that provides deduplication function. ExaGrid appliances using firmware versions prior to 4.8 P26 have a security vulnerability
| VAR-201704-0309 | CVE-2016-1561 | ExaGrid In the appliance firmware SSH Vulnerability for which access rights are acquired |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image. ExaGrid is prone to multiple unauthorized-access vulnerabilities.
Successfully exploiting these issues may allow an attacker to gain unauthorized access, obtain sensitive information and perform unauthorized actions; This may lead to other attacks. ExaGrid is a backup and recovery storage device based on the Linux platform of ExaGrid Company of the United States that provides deduplication function. ExaGrid appliances using firmware versions prior to 4.8 P26 have a security vulnerability
| VAR-201604-0061 | CVE-2016-1291 | Cisco Prime Infrastructure and Evolved Programmable Network Manager Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: 9.8 Severity: CRITICAL |
Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192.
An attacker can exploit this issue to execute arbitrary code on the affected system. This may aid in further attacks.
This issue being tracked by Cisco Bug ID's CSCuw03192 and CSCuy10236. PI is a set of wireless management solutions through Cisco Prime LAN Management Solution (LMS) and Cisco Prime Network Control System (NCS) technologies; EPNM is a set of network management solutions. A security vulnerability exists in Cisco PI Releases 1.2.0 through 2.2(2) and Cisco EPNM Release 1.2
| VAR-201604-0127 | CVE-2016-3950 | Huawei AR3200 Service disruption in router software (DoS) Vulnerabilities |
CVSS V2: 6.8 CVSS V3: 6.5 Severity: MEDIUM |
Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted packets. The AR3200 series enterprise routers are Huawei's next-generation network products. They inherit Huawei's deep accumulation in data communication, wireless communication, PON access and softswitch, and rely on the VRP platform with independent intellectual property rights. Wireless Internet access, private line access, PBX, converged communication, and security functions are widely deployed in large and medium-sized campus network outlets, large and medium-sized enterprise headquarters or branches. An AR2200 device has an input verification vulnerability. After an attacker uses the vulnerability to log in to the device and constructs a specific attack packet and sends it to the device, the device can be restarted probabilistically. Huawei AR3200 routers are prone to a denial-of-service vulnerability.
Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. A security vulnerability exists in the Huawei AR3200. The following versions are affected: Huawei AR3200 using V200R005C20, V200R005C30, and V200R005C32 software
| VAR-201604-0006 | CVE-2015-6312 | Run on multiple devices Cisco TelePresence Server Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Cisco TelePresence Server 3.1 on 7010, Mobility Services Engine (MSE) 8710, Multiparty Media 310 and 320, and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (device reload) via malformed STUN packets, aka Bug ID CSCuv01348. Run on multiple devices Cisco TelePresence Server There is a service disruption ( Device reload ) There are vulnerabilities that are put into a state. Vendors have confirmed this vulnerability Bug ID CSCuv01348 It is released as.Malformed by a third party STUN Service disruption via packets ( Device reload ) There is a possibility of being put into a state. Cisco TelePresence Server is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to cause a denial of service condition, denying service to legitimate users.
This issue is being tracked by Cisco bug ID CSCuv01348. MSE is a platform (Mobile Service Engine) that can provide Wi-Fi services. The platform collects, stores and manages data from wireless clients, Cisco access points and controllers
| VAR-201604-0007 | CVE-2015-6313 | Run on multiple devices Cisco TelePresence Server Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted HTTP requests that are not followed by an unspecified negotiation, aka Bug ID CSCuv47565. Run on multiple devices Cisco TelePresence Server There is a service disruption ( Memory consumption or device reload ) There are vulnerabilities that are put into a state. Cisco TelePresence Server is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to consume excessive amounts of memory resources, resulting in a denial-of-service condition.
This issue is being tracked by Cisco bug ID CSCuv47565. MSE is a platform (Mobile Service Engine) that can provide Wi-Fi services. The platform collects, stores and manages data from wireless clients, Cisco access points and controllers. A security vulnerability exists in Cisco TelePresence Server due to the improper handling of specially crafted URLs by the HTTP parsing engine
| VAR-201604-0060 | CVE-2016-1290 | Cisco Prime Infrastructure and Evolved Programmable Network Manager of Web API In RBAC Vulnerabilities that can be bypassed |
CVSS V2: 5.5 CVSS V3: 8.1 Severity: HIGH |
The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227.
An attacker can exploit this issue to gain elevated privileges on an affected device.
This issue is being tracked by Cisco Bug ID's CSCuv61354 and CSCuy10227. PI is a set of wireless management solutions through Cisco Prime LAN Management Solution (LMS) and Cisco Prime Network Control System (NCS) technologies; EPNM is a set of network management solutions. A security vulnerability exists in the Web API of Cisco PI Release 1.2.0 through 2.2(2) and Cisco EPNM Release 1.2
| VAR-201604-0048 | CVE-2016-1313 | Cisco UCS Invicta C3124SA In products such as appliances root Vulnerabilities that gain access to |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner improperly store a default SSH private key, which allows remote attackers to obtain root access via unspecified vectors, aka Bug ID CSCun71294. Vendors have confirmed this vulnerability Bug ID CSCun71294 It is released as.By a third party root May be granted access rights. Cisco UCS Invicta is prone to a privilege escalation vulnerability.
Attackers can exploit this issue to gain elevated root privileges. Cisco UCS Invicta C3124SA Appliance, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner are all products of Cisco. UCS Invicta Scaling System and Appliance is a flash-based storage system device. The following products and versions are affected: Cisco UCS Invicta C3124SA Appliance Version 4.3.1 to Version 5.0.1, UCS Invicta Scaling System and Appliance, Whiptail Racerunner
| VAR-201604-0566 | CVE-2016-1346 | Cisco Mobility Services Engine 8710 Run on device TelePresence Server Service disruption in some kernels (DoS) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: 5.9 Severity: MEDIUM |
The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted sequence of IPv6 packets, aka Bug ID CSCuu46673. Cisco TelePresence Server is prone to a denial-of-service vulnerability.
Exploiting this issue allows remote attackers to trigger kernel panics, denying further service to legitimate users.
This issue is being tracked by Cisco bug ID CSCuu46673
| VAR-201604-0426 | CVE-2016-3118 | CA API Gateway In CRLF Injection vulnerability |
CVSS V2: 6.4 CVSS V3: 6.5 Severity: MEDIUM |
CRLF injection vulnerability in CA API Gateway (formerly Layer7 API Gateway) 7.1 before 7.1.04, 8.0 through 8.3 before 8.3.01, and 8.4 before 8.4.01 allows remote attackers to have an unspecified impact via unknown vectors. Supplementary information : CWE Vulnerability type by CWE-93: Improper Neutralization of CRLF Sequences (CRLF injection ) Has been identified. http://cwe.mitre.org/data/definitions/93.htmlA third party may be affected unspecified.
An attacker can exploit this issue to add arbitrary headers to a webpage. This may aid in further attacks. CA has fixes
available. Update to the fix version indicated below. All Rights Reserved. One CA Plaza, Islandia,
N.Y. 11749. All other trademarks, trade names, service marks, and
logos referenced herein belong to their respective companies.
-----BEGIN PGP SIGNATURE-----
Charset: utf-8
wsFVAwUBVwQ4wDuotw2cX+zOAQqaNg//Q3UFXyWWwTCUWubjAJD9XKmwmQ94mN1z
Z8nZlDZoAvS72F0PM9IxPs4Y135Gxw6D9mbyOjDKcF1uPaZCCAHyAjsYf+wkwLyq
l8ILYq1FPchY6lbwH+nx8U+XHRG0/g+mgGjBa4jDNhItGFVidxFFm1CjPHQkbONq
xifyNhkys81InM115ikkhmXEE7CORRwmrtC+kHu/vnZpHO1yw9uUQNn4M41hmW2d
3fJt9D6m5mroBa9qN4Z6Q2GrOY7yRM54mETcEa6mDvh9jtRxhIuXVVmWBG0tI0fG
9+ul46MbNb1oSUQilrrDqlZOfnUvAPhvB2nCwnnO14cuI9pgslomVsXb6L1Td7XR
to6lA60Q75GxPJRC8g0OPnq5OSW1WtUf7hnq+jJh0WFHN/zoacKPZiiPilsy9xCq
rV4nMEm/MAZeF8nNljn434Z6HugoPcilkjmyk4aZPsZXq43xxO2flsedEubYH8dC
6qc6tkyyAQXXuwazf7cWk+jlCafjXDqSYz70KMRhyWCqMvNXWnlHfyc4TLWxUtU1
3C9YeLsp20RS6TSDTDCpZJMZyhIRN/icg7WA/Sjoh+spV6dZ9JTCB+oXpB7wP+8V
t7kcF9hW+Dh/II1OUMN/PXvH72G4M1NyaPuBhFyVsdYU97uwfVGSPBqG2NqMkBlL
yBbzOtDOq6s=
=rWD3
-----END PGP SIGNATURE-----
| VAR-201604-0079 | CVE-2016-2277 | Rockwell Automation Integrated Architecture Builder Arbitrary code execution vulnerability |
CVSS V2: 6.9 CVSS V3: 6.3 Severity: MEDIUM |
IAB.exe in Rockwell Automation Integrated Architecture Builder (IAB) before 9.6.0.8 and 9.7.x before 9.7.0.2 allows remote attackers to execute arbitrary code via a crafted project file. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. The following versions are affected: Rockwell Automation IAB version 9.6.0.7 and earlier, version 9.7.0.0, version 9.7.0.1
| VAR-201604-0097 | CVE-2016-3968 | Sophos Cyberoam CR100iNG UTM and CR35iNG UTM Appliance firmware cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam CR100iNG UTM appliance with firmware 10.6.3 MR-1 build 503, CR35iNG UTM appliance with firmware 10.6.2 MR-1 build 383, and CR35iNG UTM appliance with firmware 10.6.2 Build 378 allow remote attackers to inject arbitrary web script or HTML via the (1) ipFamily parameter to corporate/webpages/trafficdiscovery/LiveConnections.jsp; the (2) ipFamily, (3) applicationname, or (4) username parameter to corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp; or the (5) X-Forwarded-For HTTP header. (1) corporate/webpages/trafficdiscovery/LiveConnections.jsp of ipFamily Parameters (2) corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp of ipFamily Parameters (3) corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp of applicationname Parameters (4) corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp of username Parameters (5) X-Forwarded-For HTTP header.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected application. This may let the attacker steal cookie-based authentication credentials and launch other attacks. Cyberoam NG series of Unified Threat Management appliances arethe Next-Generation network security appliances that include UTM securityfeatures along with performance required for future networks. The NG seriesfor SMEs are the 'fastest UTMs' made for this segment. The best-in-classhardware along with software to match, enables the NG series to offer unmatchedthroughput speeds, compared to any other UTM appliance in this market segment.This assures support for future IT trends in organizations like high-speedInternet and rising number of devices in organizations – offering future-readysecurity to SMEs.Multiple reflected XSS issues were discovered in Cyberoam NG appliances.Input passed via the 'ipFamily', 'applicationname' and 'username' GET parametersto LiveConnections.jsp and LiveConnectionDetail.jsp is not properly sanitisedbefore being returned to the user. Adding arbitrary 'X-Forwarded-For' HTTP headerto a request makes the appliance also prone to a XSS issue. Sophos Cyberoam CR100iNG UTM, CR35iNG UTM and CR35iNG UTM are all new-generation firewalls running CyberoamOS operating system from British Sophos Company, which provide online application detection and control, web filtering, HTTPS inspection, intrusion prevention and other functions. The vulnerability stems from the fact that the corporate/webpages/trafficdiscovery/LiveConnections.jsp script does not fully filter the 'ipFamily' parameter; the corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp script does not fully filter the 'ipFamily' , 'applicationname', and 'username' parameters; the program did not adequately filter the X-Forwarded-For HTTP header. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML
| VAR-201604-0390 | CVE-2016-1175 | AQUOS Photo Player HN-PP150 vulnerable to cross-site request forgery |
CVSS V2: 5.8 CVSS V3: 4.3 Severity: MEDIUM |
Cross-site request forgery (CSRF) vulnerability in AQUOS Photo Player HN-PP150 1.02.00.04 through 1.03.01.04 allows remote attackers to hijack the authentication of arbitrary users. Junichi MURAKAMI of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page, information such as settings may be altered unintentionaly. Sharp AQUOS PhotoPlayer HN-PP150 is prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected application. Other attacks are also possible.
Sharp AQUOS PhotoPlayer HN-PP150 1.02.00.04 through 1.03.01.04 are vulnerable. This product provides slideshow presentation, photo printing and other functions
| VAR-201604-0191 | CVE-2016-7921 | Pro-face GP-Pro EX Certification Bypass Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-7921. Reason: This candidate is a duplicate of CVE-2015-7921. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2015-7921 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Pro-face GP-Pro EX is a set of HMI screen editing and logic programming software from Pro-face, USA. Pro-face GP-Pro EX has a security hole because the FTP server uses hard-coded certificates. A remote attacker could exploit the vulnerability to access items in the device. Proface GP-Pro EX is prone to an authentication-bypass vulnerability.
GP-Pro EX 1.00 through 4.0.4 are vulnerable.
Note: This issue was previously titled 'Proface GP-Pro EX CVE-2015-7921 Hard Coded Credentials Authentication Bypass Vulnerability'. The title has been changed due to corrected CVE external identifier
| VAR-201604-0062 | CVE-2016-2289 | ICONICS WebHMI Directory Traversal Vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Directory traversal vulnerability in ICONICS WebHMI 9 and earlier allows remote attackers to read configuration files, and consequently discover password hashes, via unspecified vectors. ICONICS WebHMI is a set of real-time automation software using a web browser in the HMI/SCADA suite. ICONICS WebHMI is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.
Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to retrieve arbitrary files from the affected system in the context of the application. Information obtained could aid in further attacks.
WebHMI 9 and prior versions are vulnerable
| VAR-201604-0526 | CVE-2016-1789 | Apple iBooks Author Vulnerable to reading arbitrary files |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
Apple iBooks Author before 2.4.1 allows remote attackers to read arbitrary files via an iBooks Author file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Attackers can exploit this issue to gain unauthorized access, and obtain potentially sensitive information. This may lead to further attacks.
Versions prior to iBooks Author 2.4.1 are vulnerable. Apple iBooks Author is a set of apps from Apple (Apple) that can be obtained for free from the Mac App Store and is used to create Multi-Touch (Multi-Touch) e-books for the iPad and other e-books of any category. It supports the use of Rich content such as galleries, videos, interactive charts, 3D objects, mathematical expressions, etc. This issue was addressed through improved
parsing.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT201222
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW/ZD8AAoJEBcWfLTuOo7t0tEP/jOndtapfdeu3rZ9jz8kvC0U
llXs4fFSacP++PWNAtLbh5zVf619YIicylTUVtGI2jAv2HPZNQN0r3K48e6Oa7Pr
LOPk1zR+jcU+0pn72lnO/0OzUdpa+lWoY+K2pnEbP40dBMM8OBO6oQzhHhWquZSE
N8jM+A2eO+UoxpfHFSopNmOnrVqvJCFTUYhlS8e2uYAPsZglZkPA20Z7VSju+sLA
HGvu3TB771dv3TpL+3kScYhH/yChEmFFHa5rG51C7UHgTLbfSYLcABRGpmNyyufa
p+nfqGuRc5CY67XacmcXqxJ3iqYjDlCNqcQl0HtCf+wZFky2xdBJ6G7ASbyDDeFP
APkisPOt6O+sYtfRiDKs8bqZiey2PR6ft2/1n4FMJv19VOTmhnlG7J1RWQm2ObOg
HCEYej6D21uzpRwbL9Ott5LF7uguHIW96g/ezZw7Q3TAWVbSDaFmxy8y1Fu5xSyo
+5vivMoPo4NME6NYU0SYxb/FzzcPv6VyeP+et2rgADcOwYieN3lQiRJRLWgODwgt
jcw/QVViq9hNIYIocjr4kXpD324SPhJdm55oDA98xJenlcxV7Uy8pEsbr2j2/+yK
E9Fn633U8YttSnqHqKgjQVLv5mBuDLzEG4HbR3FQNWMUBN6btUL9gY6acH75FP4p
/9/+EO8HZte9pHuNjeTk
=/Ihd
-----END PGP SIGNATURE-----
| VAR-201603-0113 | CVE-2016-3142 | PHP of PHAR Extension zip.c Inside phar_parse_zipfile Vulnerabilities that capture important information in functions |
CVSS V2: 6.4 CVSS V3: 8.2 Severity: HIGH |
The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. One of these archive extensions is PHAR, which allows applications to be packaged with a single file that contains everything needed to run the application. A security vulnerability exists in the 'phar_parse_zipfile' function in the zip.c file in PHP 5.5.32 and prior and 5.6.x versions of the PHAR extension prior to 5.6.19. ============================================================================
Ubuntu Security Notice USN-2952-2
April 27, 2016
php5 regression
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
Summary:
USN-2952-1 caused a regression in PHP. One of the backported patches
caused a regression in the PHP Soap client. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that the PHP Zip extension incorrectly handled
directories when processing certain zip files. A remote attacker could
possibly use this issue to create arbitrary directories. (CVE-2014-9767)
It was discovered that the PHP Soap client incorrectly validated data
types.
(CVE-2015-8835, CVE-2016-3185)
It was discovered that the PHP MySQL native driver incorrectly handled TLS
connections to MySQL databases. A man in the middle attacker could possibly
use this issue to downgrade and snoop on TLS connections. This
vulnerability is known as BACKRONYM. (CVE-2015-8838)
It was discovered that PHP incorrectly handled the imagerotate function. This issue
only applied to Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-1903)
Hans Jerry Illikainen discovered that the PHP phar extension incorrectly
handled certain tar archives. (CVE-2016-2554)
It was discovered that the PHP WDDX extension incorrectly handled certain
malformed XML data. (CVE-2016-3141)
It was discovered that the PHP phar extension incorrectly handled certain
zip files.
(CVE-2016-3142)
It was discovered that the PHP libxml_disable_entity_loader() setting was
shared between threads. When running under PHP-FPM, this could result in
XML external entity injection and entity expansion issues. This issue only
applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (No CVE number)
It was discovered that the PHP openssl_random_pseudo_bytes() function did
not return cryptographically strong pseudo-random bytes. (No CVE number)
It was discovered that the PHP Fileinfo component incorrectly handled
certain magic files. (CVE number pending)
It was discovered that the PHP php_snmp_error() function incorrectly
handled string formatting. This issue only applied to Ubuntu 14.04 LTS and Ubuntu
15.10. (CVE number pending)
It was discovered that the PHP rawurlencode() function incorrectly handled
large strings. (CVE number pending)
It was discovered that the PHP phar extension incorrectly handled certain
filenames in archives. (CVE number pending)
It was discovered that the PHP mb_strcut() function incorrectly handled
string formatting. (CVE number pending)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
libapache2-mod-php5 5.6.11+dfsg-1ubuntu3.3
php5-cgi 5.6.11+dfsg-1ubuntu3.3
php5-cli 5.6.11+dfsg-1ubuntu3.3
php5-fpm 5.6.11+dfsg-1ubuntu3.3
php5-gd 5.6.11+dfsg-1ubuntu3.3
php5-mysqlnd 5.6.11+dfsg-1ubuntu3.3
php5-snmp 5.6.11+dfsg-1ubuntu3.3
In general, a standard system update will make all the necessary changes.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: rh-php56 security, bug fix, and enhancement update
Advisory ID: RHSA-2016:2750-01
Product: Red Hat Software Collections
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2750.html
Issue date: 2016-11-15
CVE Names: CVE-2013-7456 CVE-2014-9767 CVE-2015-2325
CVE-2015-2326 CVE-2015-2327 CVE-2015-2328
CVE-2015-3210 CVE-2015-3217 CVE-2015-5073
CVE-2015-8381 CVE-2015-8383 CVE-2015-8384
CVE-2015-8385 CVE-2015-8386 CVE-2015-8388
CVE-2015-8391 CVE-2015-8392 CVE-2015-8395
CVE-2015-8835 CVE-2015-8865 CVE-2015-8866
CVE-2015-8867 CVE-2015-8873 CVE-2015-8874
CVE-2015-8876 CVE-2015-8877 CVE-2015-8879
CVE-2016-1903 CVE-2016-2554 CVE-2016-3074
CVE-2016-3141 CVE-2016-3142 CVE-2016-4070
CVE-2016-4071 CVE-2016-4072 CVE-2016-4073
CVE-2016-4342 CVE-2016-4343 CVE-2016-4473
CVE-2016-4537 CVE-2016-4538 CVE-2016-4539
CVE-2016-4540 CVE-2016-4541 CVE-2016-4542
CVE-2016-4543 CVE-2016-4544 CVE-2016-5093
CVE-2016-5094 CVE-2016-5096 CVE-2016-5114
CVE-2016-5399 CVE-2016-5766 CVE-2016-5767
CVE-2016-5768 CVE-2016-5770 CVE-2016-5771
CVE-2016-5772 CVE-2016-5773 CVE-2016-6128
CVE-2016-6207 CVE-2016-6288 CVE-2016-6289
CVE-2016-6290 CVE-2016-6291 CVE-2016-6292
CVE-2016-6294 CVE-2016-6295 CVE-2016-6296
CVE-2016-6297 CVE-2016-7124 CVE-2016-7125
CVE-2016-7126 CVE-2016-7127 CVE-2016-7128
CVE-2016-7129 CVE-2016-7130 CVE-2016-7131
CVE-2016-7132
=====================================================================
1. Summary:
An update for rh-php56, rh-php56-php, and rh-php56-php-pear is now
available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
3. Description:
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server. The rh-php56 packages provide a recent stable release of PHP
with PEAR 1.9.5 and enhanced language features including constant
expressions, variadic functions, arguments unpacking, and the interactive
debuger. The memcache, mongo, and XDebug extensions are also included.
The rh-php56 Software Collection has been upgraded to version 5.6.25, which
provides a number of bug fixes and enhancements over the previous version.
(BZ#1356157, BZ#1365401)
Security Fixes in the rh-php56-php component:
* Several Moderate and Low impact security issues were found in PHP. Under
certain circumstances, these issues could cause PHP to crash, disclose
portions of its memory, execute arbitrary code, or impact PHP application
integrity. Space precludes documenting each of these issues in this
advisory. Refer to the CVE links in the References section for a
description of each of these vulnerabilities. (CVE-2013-7456,
CVE-2014-9767, CVE-2015-8835, CVE-2015-8865, CVE-2015-8866, CVE-2015-8867,
CVE-2015-8873, CVE-2015-8874, CVE-2015-8876, CVE-2015-8877, CVE-2015-8879,
CVE-2016-1903, CVE-2016-2554, CVE-2016-3074, CVE-2016-3141, CVE-2016-3142,
CVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4073, CVE-2016-4342,
CVE-2016-4343, CVE-2016-4473, CVE-2016-4537, CVE-2016-4538, CVE-2016-4539,
CVE-2016-4540, CVE-2016-4541, CVE-2016-4542, CVE-2016-4543, CVE-2016-4544,
CVE-2016-5093, CVE-2016-5094, CVE-2016-5096, CVE-2016-5114, CVE-2016-5399,
CVE-2016-5766, CVE-2016-5767, CVE-2016-5768, CVE-2016-5770, CVE-2016-5771,
CVE-2016-5772, CVE-2016-5773, CVE-2016-6128, CVE-2016-6207, CVE-2016-6288,
CVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294,
CVE-2016-6295, CVE-2016-6296, CVE-2016-6297, CVE-2016-7124, CVE-2016-7125,
CVE-2016-7126, CVE-2016-7127, CVE-2016-7128, CVE-2016-7129, CVE-2016-7130,
CVE-2016-7131, CVE-2016-7132)
* Multiple flaws were found in the PCRE library included with the
rh-php56-php packages for Red Hat Enterprise Linux 6. A specially crafted
regular expression could cause PHP to crash or, possibly, execute arbitrary
code. (CVE-2015-2325, CVE-2015-2326, CVE-2015-2327, CVE-2015-2328,
CVE-2015-3210, CVE-2015-3217, CVE-2015-5073, CVE-2015-8381, CVE-2015-8383,
CVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8388, CVE-2015-8391,
CVE-2015-8392, CVE-2015-8395)
Red Hat would like to thank Hans Jerry Illikainen for reporting
CVE-2016-3074, CVE-2016-4473, and CVE-2016-5399.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon must be restarted
for the update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1207198 - CVE-2015-2325 pcre: heap buffer overflow in compile_branch()
1207202 - CVE-2015-2326 pcre: heap buffer over-read in pcre_compile2() (8.37/23)
1228283 - CVE-2015-3217 pcre: stack overflow caused by mishandled group empty match (8.38/11)
1237223 - CVE-2015-5073 CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)
1260716 - CVE-2014-9767 php: ZipArchive::extractTo allows for directory traversal when creating directories
1285399 - CVE-2015-2328 pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20)
1285408 - CVE-2015-2327 pcre: infinite recursion compiling pattern with zero-repeated groups that include recursive back reference (8.36/19)
1287614 - CVE-2015-8383 pcre: Buffer overflow caused by repeated conditional group (8.38/3)
1287623 - CVE-2015-3210 CVE-2015-8384 pcre: buffer overflow caused by recursive back reference by name within certain group (8.38/4)
1287629 - CVE-2015-8385 pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30)
1287636 - CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion (8.38/6)
1287671 - CVE-2015-8391 pcre: inefficient posix character class syntax check (8.38/16)
1287690 - CVE-2015-8392 pcre: buffer overflow caused by patterns with duplicated named groups with (?| (8.38/27)
1287711 - CVE-2015-8381 CVE-2015-8395 pcre: Buffer overflow caused by duplicate named references (8.38/36)
1297710 - CVE-2016-5114 php: out-of-bounds write in fpm_log.c
1297717 - CVE-2016-1903 php: Out-of-bounds memory read via gdImageRotateInterpolated
1305536 - CVE-2016-4342 php: use of uninitialized pointer in PharFileInfo::getContent
1305543 - CVE-2016-2554 php: buffer overflow in handling of long link names in tar phar archives
1315312 - CVE-2016-3142 php: Out-of-bounds read in phar_parse_zipfile()
1315328 - CVE-2016-3141 php: Use after free in WDDX Deserialize when processing XML data
1321893 - CVE-2016-3074 php: Signedness vulnerability causing heap overflow in libgd
1323074 - CVE-2015-8835 php: type confusion issue in Soap Client call() method
1323103 - CVE-2016-4073 php: Negative size parameter in memcpy
1323106 - CVE-2016-4072 php: Invalid memory write in phar on filename containing \0 inside name
1323108 - CVE-2016-4071 php: Format string vulnerability in php_snmp_error()
1323114 - CVE-2016-4070 php: Integer overflow in php_raw_url_encode
1323118 - CVE-2015-8865 file: Buffer over-write in finfo_open with malformed magic file
1330418 - CVE-2015-8866 php: libxml_disable_entity_loader setting is shared between threads
1330420 - CVE-2015-8867 php: openssl_random_pseudo_bytes() is not cryptographically secure
1332454 - CVE-2016-4343 php: Uninitialized pointer in phar_make_dirstream()
1332860 - CVE-2016-4537 CVE-2016-4538 php: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition
1332865 - CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input
1332872 - CVE-2016-4540 CVE-2016-4541 php: OOB read in grapheme_stripos and grapheme_strpos when negative offset is used
1332877 - CVE-2016-4539 php: xml_parse_into_struct() can crash when XML parser is re-used
1336772 - CVE-2015-8874 gd: gdImageFillToBorder deep recursion leading to stack overflow
1336775 - CVE-2015-8873 php: Stack consumption vulnerability in Zend/zend_exceptions.c
1338896 - CVE-2015-8876 php: Zend/zend_exceptions.c does not validate certain Exception objects
1338907 - CVE-2015-8877 gd: gdImageScaleTwoPass function in gd_interpolation.c uses inconsistent allocate and free approaches
1338912 - CVE-2015-8879 php: odbc_bindcols function mishandles driver behavior for SQL_WVARCHAR columns
1339590 - CVE-2016-5093 php: improper nul termination leading to out-of-bounds read in get_icu_value_internal
1339949 - CVE-2016-5096 php: Integer underflow causing arbitrary null write in fread/gzread
1340433 - CVE-2013-7456 gd: incorrect boundary adjustment in _gdContributionsCalc
1340738 - CVE-2016-5094 php: Integer overflow in php_html_entities()
1347772 - CVE-2016-4473 php: Invalid free() instead of efree() in phar_extract_file()
1351068 - CVE-2016-5766 gd: Integer Overflow in _gd2GetHeader() resulting in heap overflow
1351069 - CVE-2016-5767 gd: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
1351168 - CVE-2016-5768 php: Double free in _php_mb_regex_ereg_replace_exec
1351171 - CVE-2016-5770 php: Int/size_t confusion in SplFileObject::fread
1351173 - CVE-2016-5771 php: Use After Free Vulnerability in PHP's GC algorithm and unserialize
1351175 - CVE-2016-5772 php: Double Free Corruption in wddx_deserialize
1351179 - CVE-2016-5773 php: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
1351603 - CVE-2016-6128 gd: Invalid color index not properly handled
1358395 - CVE-2016-5399 php: Improper error handling in bzread()
1359698 - CVE-2016-6289 php: Integer overflow leads to buffer overflow in virtual_file_ex
1359710 - CVE-2016-6290 php: Use after free in unserialize() with Unexpected Session Deserialization
1359718 - CVE-2016-6291 php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE
1359756 - CVE-2016-6292 php: Null pointer dereference in exif_process_user_comment
1359800 - CVE-2016-6207 php,gd: Integer overflow error within _gdContributionsAlloc()
1359811 - CVE-2016-6294 php: Out-of-bounds access in locale_accept_from_http
1359815 - CVE-2016-6295 php: Use after free in SNMP with GC and unserialize()
1359822 - CVE-2016-6296 php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c
1359828 - CVE-2016-6297 php: Stack-based buffer overflow vulnerability in php_stream_zip_opener
1360322 - CVE-2016-6288 php: Buffer over-read in php_url_parse_ex
1374697 - CVE-2016-7124 php: bypass __wakeup() in deserialization of an unexpected object
1374698 - CVE-2016-7125 php: Session Data Injection Vulnerability
1374699 - CVE-2016-7126 php: select_colors write out-of-bounds
1374701 - CVE-2016-7127 php: imagegammacorrect allows arbitrary write access
1374704 - CVE-2016-7128 php: Memory Leakage In exif_process_IFD_in_TIFF
1374705 - CVE-2016-7129 php: wddx_deserialize allows illegal memory access
1374707 - CVE-2016-7130 php: wddx_deserialize null dereference
1374708 - CVE-2016-7131 php: wddx_deserialize null dereference with invalid xml
1374711 - CVE-2016-7132 php: wddx_deserialize null dereference in php_wddx_pop_element
6. Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source:
rh-php56-2.3-1.el6.src.rpm
rh-php56-php-5.6.25-1.el6.src.rpm
rh-php56-php-pear-1.9.5-4.el6.src.rpm
noarch:
rh-php56-php-pear-1.9.5-4.el6.noarch.rpm
x86_64:
rh-php56-2.3-1.el6.x86_64.rpm
rh-php56-php-5.6.25-1.el6.x86_64.rpm
rh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm
rh-php56-php-cli-5.6.25-1.el6.x86_64.rpm
rh-php56-php-common-5.6.25-1.el6.x86_64.rpm
rh-php56-php-dba-5.6.25-1.el6.x86_64.rpm
rh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm
rh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm
rh-php56-php-devel-5.6.25-1.el6.x86_64.rpm
rh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm
rh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm
rh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm
rh-php56-php-gd-5.6.25-1.el6.x86_64.rpm
rh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm
rh-php56-php-imap-5.6.25-1.el6.x86_64.rpm
rh-php56-php-intl-5.6.25-1.el6.x86_64.rpm
rh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm
rh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm
rh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm
rh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm
rh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm
rh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm
rh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm
rh-php56-php-process-5.6.25-1.el6.x86_64.rpm
rh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm
rh-php56-php-recode-5.6.25-1.el6.x86_64.rpm
rh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm
rh-php56-php-soap-5.6.25-1.el6.x86_64.rpm
rh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm
rh-php56-php-xml-5.6.25-1.el6.x86_64.rpm
rh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm
rh-php56-runtime-2.3-1.el6.x86_64.rpm
rh-php56-scldevel-2.3-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source:
rh-php56-2.3-1.el6.src.rpm
rh-php56-php-5.6.25-1.el6.src.rpm
rh-php56-php-pear-1.9.5-4.el6.src.rpm
noarch:
rh-php56-php-pear-1.9.5-4.el6.noarch.rpm
x86_64:
rh-php56-2.3-1.el6.x86_64.rpm
rh-php56-php-5.6.25-1.el6.x86_64.rpm
rh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm
rh-php56-php-cli-5.6.25-1.el6.x86_64.rpm
rh-php56-php-common-5.6.25-1.el6.x86_64.rpm
rh-php56-php-dba-5.6.25-1.el6.x86_64.rpm
rh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm
rh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm
rh-php56-php-devel-5.6.25-1.el6.x86_64.rpm
rh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm
rh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm
rh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm
rh-php56-php-gd-5.6.25-1.el6.x86_64.rpm
rh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm
rh-php56-php-imap-5.6.25-1.el6.x86_64.rpm
rh-php56-php-intl-5.6.25-1.el6.x86_64.rpm
rh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm
rh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm
rh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm
rh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm
rh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm
rh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm
rh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm
rh-php56-php-process-5.6.25-1.el6.x86_64.rpm
rh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm
rh-php56-php-recode-5.6.25-1.el6.x86_64.rpm
rh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm
rh-php56-php-soap-5.6.25-1.el6.x86_64.rpm
rh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm
rh-php56-php-xml-5.6.25-1.el6.x86_64.rpm
rh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm
rh-php56-runtime-2.3-1.el6.x86_64.rpm
rh-php56-scldevel-2.3-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source:
rh-php56-2.3-1.el6.src.rpm
rh-php56-php-5.6.25-1.el6.src.rpm
rh-php56-php-pear-1.9.5-4.el6.src.rpm
noarch:
rh-php56-php-pear-1.9.5-4.el6.noarch.rpm
x86_64:
rh-php56-2.3-1.el6.x86_64.rpm
rh-php56-php-5.6.25-1.el6.x86_64.rpm
rh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm
rh-php56-php-cli-5.6.25-1.el6.x86_64.rpm
rh-php56-php-common-5.6.25-1.el6.x86_64.rpm
rh-php56-php-dba-5.6.25-1.el6.x86_64.rpm
rh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm
rh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm
rh-php56-php-devel-5.6.25-1.el6.x86_64.rpm
rh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm
rh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm
rh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm
rh-php56-php-gd-5.6.25-1.el6.x86_64.rpm
rh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm
rh-php56-php-imap-5.6.25-1.el6.x86_64.rpm
rh-php56-php-intl-5.6.25-1.el6.x86_64.rpm
rh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm
rh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm
rh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm
rh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm
rh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm
rh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm
rh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm
rh-php56-php-process-5.6.25-1.el6.x86_64.rpm
rh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm
rh-php56-php-recode-5.6.25-1.el6.x86_64.rpm
rh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm
rh-php56-php-soap-5.6.25-1.el6.x86_64.rpm
rh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm
rh-php56-php-xml-5.6.25-1.el6.x86_64.rpm
rh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm
rh-php56-runtime-2.3-1.el6.x86_64.rpm
rh-php56-scldevel-2.3-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source:
rh-php56-2.3-1.el7.src.rpm
rh-php56-php-5.6.25-1.el7.src.rpm
rh-php56-php-pear-1.9.5-4.el7.src.rpm
noarch:
rh-php56-php-pear-1.9.5-4.el7.noarch.rpm
x86_64:
rh-php56-2.3-1.el7.x86_64.rpm
rh-php56-php-5.6.25-1.el7.x86_64.rpm
rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm
rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm
rh-php56-php-common-5.6.25-1.el7.x86_64.rpm
rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm
rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm
rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm
rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm
rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm
rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm
rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm
rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm
rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm
rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm
rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm
rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm
rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm
rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm
rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm
rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm
rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm
rh-php56-php-process-5.6.25-1.el7.x86_64.rpm
rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm
rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm
rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm
rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm
rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm
rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm
rh-php56-runtime-2.3-1.el7.x86_64.rpm
rh-php56-scldevel-2.3-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):
Source:
rh-php56-2.3-1.el7.src.rpm
rh-php56-php-5.6.25-1.el7.src.rpm
rh-php56-php-pear-1.9.5-4.el7.src.rpm
noarch:
rh-php56-php-pear-1.9.5-4.el7.noarch.rpm
x86_64:
rh-php56-2.3-1.el7.x86_64.rpm
rh-php56-php-5.6.25-1.el7.x86_64.rpm
rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm
rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm
rh-php56-php-common-5.6.25-1.el7.x86_64.rpm
rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm
rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm
rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm
rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm
rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm
rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm
rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm
rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm
rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm
rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm
rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm
rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm
rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm
rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm
rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm
rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm
rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm
rh-php56-php-process-5.6.25-1.el7.x86_64.rpm
rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm
rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm
rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm
rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm
rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm
rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm
rh-php56-runtime-2.3-1.el7.x86_64.rpm
rh-php56-scldevel-2.3-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):
Source:
rh-php56-2.3-1.el7.src.rpm
rh-php56-php-5.6.25-1.el7.src.rpm
rh-php56-php-pear-1.9.5-4.el7.src.rpm
noarch:
rh-php56-php-pear-1.9.5-4.el7.noarch.rpm
x86_64:
rh-php56-2.3-1.el7.x86_64.rpm
rh-php56-php-5.6.25-1.el7.x86_64.rpm
rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm
rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm
rh-php56-php-common-5.6.25-1.el7.x86_64.rpm
rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm
rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm
rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm
rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm
rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm
rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm
rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm
rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm
rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm
rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm
rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm
rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm
rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm
rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm
rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm
rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm
rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm
rh-php56-php-process-5.6.25-1.el7.x86_64.rpm
rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm
rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm
rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm
rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm
rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm
rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm
rh-php56-runtime-2.3-1.el7.x86_64.rpm
rh-php56-scldevel-2.3-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source:
rh-php56-2.3-1.el7.src.rpm
rh-php56-php-5.6.25-1.el7.src.rpm
rh-php56-php-pear-1.9.5-4.el7.src.rpm
noarch:
rh-php56-php-pear-1.9.5-4.el7.noarch.rpm
x86_64:
rh-php56-2.3-1.el7.x86_64.rpm
rh-php56-php-5.6.25-1.el7.x86_64.rpm
rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm
rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm
rh-php56-php-common-5.6.25-1.el7.x86_64.rpm
rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm
rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm
rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm
rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm
rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm
rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm
rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm
rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm
rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm
rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm
rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm
rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm
rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm
rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm
rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm
rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm
rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm
rh-php56-php-process-5.6.25-1.el7.x86_64.rpm
rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm
rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm
rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm
rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm
rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm
rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm
rh-php56-runtime-2.3-1.el7.x86_64.rpm
rh-php56-scldevel-2.3-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2013-7456
https://access.redhat.com/security/cve/CVE-2014-9767
https://access.redhat.com/security/cve/CVE-2015-2325
https://access.redhat.com/security/cve/CVE-2015-2326
https://access.redhat.com/security/cve/CVE-2015-2327
https://access.redhat.com/security/cve/CVE-2015-2328
https://access.redhat.com/security/cve/CVE-2015-3210
https://access.redhat.com/security/cve/CVE-2015-3217
https://access.redhat.com/security/cve/CVE-2015-5073
https://access.redhat.com/security/cve/CVE-2015-8381
https://access.redhat.com/security/cve/CVE-2015-8383
https://access.redhat.com/security/cve/CVE-2015-8384
https://access.redhat.com/security/cve/CVE-2015-8385
https://access.redhat.com/security/cve/CVE-2015-8386
https://access.redhat.com/security/cve/CVE-2015-8388
https://access.redhat.com/security/cve/CVE-2015-8391
https://access.redhat.com/security/cve/CVE-2015-8392
https://access.redhat.com/security/cve/CVE-2015-8395
https://access.redhat.com/security/cve/CVE-2015-8835
https://access.redhat.com/security/cve/CVE-2015-8865
https://access.redhat.com/security/cve/CVE-2015-8866
https://access.redhat.com/security/cve/CVE-2015-8867
https://access.redhat.com/security/cve/CVE-2015-8873
https://access.redhat.com/security/cve/CVE-2015-8874
https://access.redhat.com/security/cve/CVE-2015-8876
https://access.redhat.com/security/cve/CVE-2015-8877
https://access.redhat.com/security/cve/CVE-2015-8879
https://access.redhat.com/security/cve/CVE-2016-1903
https://access.redhat.com/security/cve/CVE-2016-2554
https://access.redhat.com/security/cve/CVE-2016-3074
https://access.redhat.com/security/cve/CVE-2016-3141
https://access.redhat.com/security/cve/CVE-2016-3142
https://access.redhat.com/security/cve/CVE-2016-4070
https://access.redhat.com/security/cve/CVE-2016-4071
https://access.redhat.com/security/cve/CVE-2016-4072
https://access.redhat.com/security/cve/CVE-2016-4073
https://access.redhat.com/security/cve/CVE-2016-4342
https://access.redhat.com/security/cve/CVE-2016-4343
https://access.redhat.com/security/cve/CVE-2016-4473
https://access.redhat.com/security/cve/CVE-2016-4537
https://access.redhat.com/security/cve/CVE-2016-4538
https://access.redhat.com/security/cve/CVE-2016-4539
https://access.redhat.com/security/cve/CVE-2016-4540
https://access.redhat.com/security/cve/CVE-2016-4541
https://access.redhat.com/security/cve/CVE-2016-4542
https://access.redhat.com/security/cve/CVE-2016-4543
https://access.redhat.com/security/cve/CVE-2016-4544
https://access.redhat.com/security/cve/CVE-2016-5093
https://access.redhat.com/security/cve/CVE-2016-5094
https://access.redhat.com/security/cve/CVE-2016-5096
https://access.redhat.com/security/cve/CVE-2016-5114
https://access.redhat.com/security/cve/CVE-2016-5399
https://access.redhat.com/security/cve/CVE-2016-5766
https://access.redhat.com/security/cve/CVE-2016-5767
https://access.redhat.com/security/cve/CVE-2016-5768
https://access.redhat.com/security/cve/CVE-2016-5770
https://access.redhat.com/security/cve/CVE-2016-5771
https://access.redhat.com/security/cve/CVE-2016-5772
https://access.redhat.com/security/cve/CVE-2016-5773
https://access.redhat.com/security/cve/CVE-2016-6128
https://access.redhat.com/security/cve/CVE-2016-6207
https://access.redhat.com/security/cve/CVE-2016-6288
https://access.redhat.com/security/cve/CVE-2016-6289
https://access.redhat.com/security/cve/CVE-2016-6290
https://access.redhat.com/security/cve/CVE-2016-6291
https://access.redhat.com/security/cve/CVE-2016-6292
https://access.redhat.com/security/cve/CVE-2016-6294
https://access.redhat.com/security/cve/CVE-2016-6295
https://access.redhat.com/security/cve/CVE-2016-6296
https://access.redhat.com/security/cve/CVE-2016-6297
https://access.redhat.com/security/cve/CVE-2016-7124
https://access.redhat.com/security/cve/CVE-2016-7125
https://access.redhat.com/security/cve/CVE-2016-7126
https://access.redhat.com/security/cve/CVE-2016-7127
https://access.redhat.com/security/cve/CVE-2016-7128
https://access.redhat.com/security/cve/CVE-2016-7129
https://access.redhat.com/security/cve/CVE-2016-7130
https://access.redhat.com/security/cve/CVE-2016-7131
https://access.redhat.com/security/cve/CVE-2016-7132
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFYKvj4XlSAg2UNWIIRAqg2AKCB6Jcysv4gkiktKAJA3gy+RKlAqwCeJpjs
UCuj+0gWfBsWXOgFhgH0uL8=
=FcPG
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201603-0112 | CVE-2016-3141 | PHP of WDDX Extension wddx.c Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. WDDX is one of the XML-based Web distributed data exchange extension modules. The wddx.c file in the WDDX extension of PHP 5.5.32 and earlier versions and 5.6.x versions prior to 5.6.19 has a reuse-after-free vulnerability. ============================================================================
Ubuntu Security Notice USN-2952-2
April 27, 2016
php5 regression
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
Summary:
USN-2952-1 caused a regression in PHP. One of the backported patches
caused a regression in the PHP Soap client. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that the PHP Zip extension incorrectly handled
directories when processing certain zip files. A remote attacker could
possibly use this issue to create arbitrary directories. (CVE-2014-9767)
It was discovered that the PHP Soap client incorrectly validated data
types.
(CVE-2015-8835, CVE-2016-3185)
It was discovered that the PHP MySQL native driver incorrectly handled TLS
connections to MySQL databases. A man in the middle attacker could possibly
use this issue to downgrade and snoop on TLS connections. This
vulnerability is known as BACKRONYM. (CVE-2015-8838)
It was discovered that PHP incorrectly handled the imagerotate function. This issue
only applied to Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-1903)
Hans Jerry Illikainen discovered that the PHP phar extension incorrectly
handled certain tar archives. (CVE-2016-2554)
It was discovered that the PHP WDDX extension incorrectly handled certain
malformed XML data. (CVE-2016-3141)
It was discovered that the PHP phar extension incorrectly handled certain
zip files.
(CVE-2016-3142)
It was discovered that the PHP libxml_disable_entity_loader() setting was
shared between threads. When running under PHP-FPM, this could result in
XML external entity injection and entity expansion issues. This issue only
applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (No CVE number)
It was discovered that the PHP openssl_random_pseudo_bytes() function did
not return cryptographically strong pseudo-random bytes. (No CVE number)
It was discovered that the PHP Fileinfo component incorrectly handled
certain magic files. (CVE number pending)
It was discovered that the PHP php_snmp_error() function incorrectly
handled string formatting. This issue only applied to Ubuntu 14.04 LTS and Ubuntu
15.10. (CVE number pending)
It was discovered that the PHP rawurlencode() function incorrectly handled
large strings. (CVE number pending)
It was discovered that the PHP phar extension incorrectly handled certain
filenames in archives. (CVE number pending)
It was discovered that the PHP mb_strcut() function incorrectly handled
string formatting. (CVE number pending)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
libapache2-mod-php5 5.6.11+dfsg-1ubuntu3.3
php5-cgi 5.6.11+dfsg-1ubuntu3.3
php5-cli 5.6.11+dfsg-1ubuntu3.3
php5-fpm 5.6.11+dfsg-1ubuntu3.3
php5-gd 5.6.11+dfsg-1ubuntu3.3
php5-mysqlnd 5.6.11+dfsg-1ubuntu3.3
php5-snmp 5.6.11+dfsg-1ubuntu3.3
In general, a standard system update will make all the necessary changes.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: rh-php56 security, bug fix, and enhancement update
Advisory ID: RHSA-2016:2750-01
Product: Red Hat Software Collections
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2750.html
Issue date: 2016-11-15
CVE Names: CVE-2013-7456 CVE-2014-9767 CVE-2015-2325
CVE-2015-2326 CVE-2015-2327 CVE-2015-2328
CVE-2015-3210 CVE-2015-3217 CVE-2015-5073
CVE-2015-8381 CVE-2015-8383 CVE-2015-8384
CVE-2015-8385 CVE-2015-8386 CVE-2015-8388
CVE-2015-8391 CVE-2015-8392 CVE-2015-8395
CVE-2015-8835 CVE-2015-8865 CVE-2015-8866
CVE-2015-8867 CVE-2015-8873 CVE-2015-8874
CVE-2015-8876 CVE-2015-8877 CVE-2015-8879
CVE-2016-1903 CVE-2016-2554 CVE-2016-3074
CVE-2016-3141 CVE-2016-3142 CVE-2016-4070
CVE-2016-4071 CVE-2016-4072 CVE-2016-4073
CVE-2016-4342 CVE-2016-4343 CVE-2016-4473
CVE-2016-4537 CVE-2016-4538 CVE-2016-4539
CVE-2016-4540 CVE-2016-4541 CVE-2016-4542
CVE-2016-4543 CVE-2016-4544 CVE-2016-5093
CVE-2016-5094 CVE-2016-5096 CVE-2016-5114
CVE-2016-5399 CVE-2016-5766 CVE-2016-5767
CVE-2016-5768 CVE-2016-5770 CVE-2016-5771
CVE-2016-5772 CVE-2016-5773 CVE-2016-6128
CVE-2016-6207 CVE-2016-6288 CVE-2016-6289
CVE-2016-6290 CVE-2016-6291 CVE-2016-6292
CVE-2016-6294 CVE-2016-6295 CVE-2016-6296
CVE-2016-6297 CVE-2016-7124 CVE-2016-7125
CVE-2016-7126 CVE-2016-7127 CVE-2016-7128
CVE-2016-7129 CVE-2016-7130 CVE-2016-7131
CVE-2016-7132
=====================================================================
1. Summary:
An update for rh-php56, rh-php56-php, and rh-php56-php-pear is now
available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
3. Description:
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server. The rh-php56 packages provide a recent stable release of PHP
with PEAR 1.9.5 and enhanced language features including constant
expressions, variadic functions, arguments unpacking, and the interactive
debuger. The memcache, mongo, and XDebug extensions are also included.
The rh-php56 Software Collection has been upgraded to version 5.6.25, which
provides a number of bug fixes and enhancements over the previous version.
(BZ#1356157, BZ#1365401)
Security Fixes in the rh-php56-php component:
* Several Moderate and Low impact security issues were found in PHP. Under
certain circumstances, these issues could cause PHP to crash, disclose
portions of its memory, execute arbitrary code, or impact PHP application
integrity. Space precludes documenting each of these issues in this
advisory. Refer to the CVE links in the References section for a
description of each of these vulnerabilities. (CVE-2013-7456,
CVE-2014-9767, CVE-2015-8835, CVE-2015-8865, CVE-2015-8866, CVE-2015-8867,
CVE-2015-8873, CVE-2015-8874, CVE-2015-8876, CVE-2015-8877, CVE-2015-8879,
CVE-2016-1903, CVE-2016-2554, CVE-2016-3074, CVE-2016-3141, CVE-2016-3142,
CVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4073, CVE-2016-4342,
CVE-2016-4343, CVE-2016-4473, CVE-2016-4537, CVE-2016-4538, CVE-2016-4539,
CVE-2016-4540, CVE-2016-4541, CVE-2016-4542, CVE-2016-4543, CVE-2016-4544,
CVE-2016-5093, CVE-2016-5094, CVE-2016-5096, CVE-2016-5114, CVE-2016-5399,
CVE-2016-5766, CVE-2016-5767, CVE-2016-5768, CVE-2016-5770, CVE-2016-5771,
CVE-2016-5772, CVE-2016-5773, CVE-2016-6128, CVE-2016-6207, CVE-2016-6288,
CVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294,
CVE-2016-6295, CVE-2016-6296, CVE-2016-6297, CVE-2016-7124, CVE-2016-7125,
CVE-2016-7126, CVE-2016-7127, CVE-2016-7128, CVE-2016-7129, CVE-2016-7130,
CVE-2016-7131, CVE-2016-7132)
* Multiple flaws were found in the PCRE library included with the
rh-php56-php packages for Red Hat Enterprise Linux 6. A specially crafted
regular expression could cause PHP to crash or, possibly, execute arbitrary
code. (CVE-2015-2325, CVE-2015-2326, CVE-2015-2327, CVE-2015-2328,
CVE-2015-3210, CVE-2015-3217, CVE-2015-5073, CVE-2015-8381, CVE-2015-8383,
CVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8388, CVE-2015-8391,
CVE-2015-8392, CVE-2015-8395)
Red Hat would like to thank Hans Jerry Illikainen for reporting
CVE-2016-3074, CVE-2016-4473, and CVE-2016-5399.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon must be restarted
for the update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1207198 - CVE-2015-2325 pcre: heap buffer overflow in compile_branch()
1207202 - CVE-2015-2326 pcre: heap buffer over-read in pcre_compile2() (8.37/23)
1228283 - CVE-2015-3217 pcre: stack overflow caused by mishandled group empty match (8.38/11)
1237223 - CVE-2015-5073 CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)
1260716 - CVE-2014-9767 php: ZipArchive::extractTo allows for directory traversal when creating directories
1285399 - CVE-2015-2328 pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20)
1285408 - CVE-2015-2327 pcre: infinite recursion compiling pattern with zero-repeated groups that include recursive back reference (8.36/19)
1287614 - CVE-2015-8383 pcre: Buffer overflow caused by repeated conditional group (8.38/3)
1287623 - CVE-2015-3210 CVE-2015-8384 pcre: buffer overflow caused by recursive back reference by name within certain group (8.38/4)
1287629 - CVE-2015-8385 pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30)
1287636 - CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion (8.38/6)
1287671 - CVE-2015-8391 pcre: inefficient posix character class syntax check (8.38/16)
1287690 - CVE-2015-8392 pcre: buffer overflow caused by patterns with duplicated named groups with (?| (8.38/27)
1287711 - CVE-2015-8381 CVE-2015-8395 pcre: Buffer overflow caused by duplicate named references (8.38/36)
1297710 - CVE-2016-5114 php: out-of-bounds write in fpm_log.c
1297717 - CVE-2016-1903 php: Out-of-bounds memory read via gdImageRotateInterpolated
1305536 - CVE-2016-4342 php: use of uninitialized pointer in PharFileInfo::getContent
1305543 - CVE-2016-2554 php: buffer overflow in handling of long link names in tar phar archives
1315312 - CVE-2016-3142 php: Out-of-bounds read in phar_parse_zipfile()
1315328 - CVE-2016-3141 php: Use after free in WDDX Deserialize when processing XML data
1321893 - CVE-2016-3074 php: Signedness vulnerability causing heap overflow in libgd
1323074 - CVE-2015-8835 php: type confusion issue in Soap Client call() method
1323103 - CVE-2016-4073 php: Negative size parameter in memcpy
1323106 - CVE-2016-4072 php: Invalid memory write in phar on filename containing \0 inside name
1323108 - CVE-2016-4071 php: Format string vulnerability in php_snmp_error()
1323114 - CVE-2016-4070 php: Integer overflow in php_raw_url_encode
1323118 - CVE-2015-8865 file: Buffer over-write in finfo_open with malformed magic file
1330418 - CVE-2015-8866 php: libxml_disable_entity_loader setting is shared between threads
1330420 - CVE-2015-8867 php: openssl_random_pseudo_bytes() is not cryptographically secure
1332454 - CVE-2016-4343 php: Uninitialized pointer in phar_make_dirstream()
1332860 - CVE-2016-4537 CVE-2016-4538 php: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition
1332865 - CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input
1332872 - CVE-2016-4540 CVE-2016-4541 php: OOB read in grapheme_stripos and grapheme_strpos when negative offset is used
1332877 - CVE-2016-4539 php: xml_parse_into_struct() can crash when XML parser is re-used
1336772 - CVE-2015-8874 gd: gdImageFillToBorder deep recursion leading to stack overflow
1336775 - CVE-2015-8873 php: Stack consumption vulnerability in Zend/zend_exceptions.c
1338896 - CVE-2015-8876 php: Zend/zend_exceptions.c does not validate certain Exception objects
1338907 - CVE-2015-8877 gd: gdImageScaleTwoPass function in gd_interpolation.c uses inconsistent allocate and free approaches
1338912 - CVE-2015-8879 php: odbc_bindcols function mishandles driver behavior for SQL_WVARCHAR columns
1339590 - CVE-2016-5093 php: improper nul termination leading to out-of-bounds read in get_icu_value_internal
1339949 - CVE-2016-5096 php: Integer underflow causing arbitrary null write in fread/gzread
1340433 - CVE-2013-7456 gd: incorrect boundary adjustment in _gdContributionsCalc
1340738 - CVE-2016-5094 php: Integer overflow in php_html_entities()
1347772 - CVE-2016-4473 php: Invalid free() instead of efree() in phar_extract_file()
1351068 - CVE-2016-5766 gd: Integer Overflow in _gd2GetHeader() resulting in heap overflow
1351069 - CVE-2016-5767 gd: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
1351168 - CVE-2016-5768 php: Double free in _php_mb_regex_ereg_replace_exec
1351171 - CVE-2016-5770 php: Int/size_t confusion in SplFileObject::fread
1351173 - CVE-2016-5771 php: Use After Free Vulnerability in PHP's GC algorithm and unserialize
1351175 - CVE-2016-5772 php: Double Free Corruption in wddx_deserialize
1351179 - CVE-2016-5773 php: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
1351603 - CVE-2016-6128 gd: Invalid color index not properly handled
1358395 - CVE-2016-5399 php: Improper error handling in bzread()
1359698 - CVE-2016-6289 php: Integer overflow leads to buffer overflow in virtual_file_ex
1359710 - CVE-2016-6290 php: Use after free in unserialize() with Unexpected Session Deserialization
1359718 - CVE-2016-6291 php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE
1359756 - CVE-2016-6292 php: Null pointer dereference in exif_process_user_comment
1359800 - CVE-2016-6207 php,gd: Integer overflow error within _gdContributionsAlloc()
1359811 - CVE-2016-6294 php: Out-of-bounds access in locale_accept_from_http
1359815 - CVE-2016-6295 php: Use after free in SNMP with GC and unserialize()
1359822 - CVE-2016-6296 php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c
1359828 - CVE-2016-6297 php: Stack-based buffer overflow vulnerability in php_stream_zip_opener
1360322 - CVE-2016-6288 php: Buffer over-read in php_url_parse_ex
1374697 - CVE-2016-7124 php: bypass __wakeup() in deserialization of an unexpected object
1374698 - CVE-2016-7125 php: Session Data Injection Vulnerability
1374699 - CVE-2016-7126 php: select_colors write out-of-bounds
1374701 - CVE-2016-7127 php: imagegammacorrect allows arbitrary write access
1374704 - CVE-2016-7128 php: Memory Leakage In exif_process_IFD_in_TIFF
1374705 - CVE-2016-7129 php: wddx_deserialize allows illegal memory access
1374707 - CVE-2016-7130 php: wddx_deserialize null dereference
1374708 - CVE-2016-7131 php: wddx_deserialize null dereference with invalid xml
1374711 - CVE-2016-7132 php: wddx_deserialize null dereference in php_wddx_pop_element
6. Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source:
rh-php56-2.3-1.el6.src.rpm
rh-php56-php-5.6.25-1.el6.src.rpm
rh-php56-php-pear-1.9.5-4.el6.src.rpm
noarch:
rh-php56-php-pear-1.9.5-4.el6.noarch.rpm
x86_64:
rh-php56-2.3-1.el6.x86_64.rpm
rh-php56-php-5.6.25-1.el6.x86_64.rpm
rh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm
rh-php56-php-cli-5.6.25-1.el6.x86_64.rpm
rh-php56-php-common-5.6.25-1.el6.x86_64.rpm
rh-php56-php-dba-5.6.25-1.el6.x86_64.rpm
rh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm
rh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm
rh-php56-php-devel-5.6.25-1.el6.x86_64.rpm
rh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm
rh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm
rh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm
rh-php56-php-gd-5.6.25-1.el6.x86_64.rpm
rh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm
rh-php56-php-imap-5.6.25-1.el6.x86_64.rpm
rh-php56-php-intl-5.6.25-1.el6.x86_64.rpm
rh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm
rh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm
rh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm
rh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm
rh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm
rh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm
rh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm
rh-php56-php-process-5.6.25-1.el6.x86_64.rpm
rh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm
rh-php56-php-recode-5.6.25-1.el6.x86_64.rpm
rh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm
rh-php56-php-soap-5.6.25-1.el6.x86_64.rpm
rh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm
rh-php56-php-xml-5.6.25-1.el6.x86_64.rpm
rh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm
rh-php56-runtime-2.3-1.el6.x86_64.rpm
rh-php56-scldevel-2.3-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source:
rh-php56-2.3-1.el6.src.rpm
rh-php56-php-5.6.25-1.el6.src.rpm
rh-php56-php-pear-1.9.5-4.el6.src.rpm
noarch:
rh-php56-php-pear-1.9.5-4.el6.noarch.rpm
x86_64:
rh-php56-2.3-1.el6.x86_64.rpm
rh-php56-php-5.6.25-1.el6.x86_64.rpm
rh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm
rh-php56-php-cli-5.6.25-1.el6.x86_64.rpm
rh-php56-php-common-5.6.25-1.el6.x86_64.rpm
rh-php56-php-dba-5.6.25-1.el6.x86_64.rpm
rh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm
rh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm
rh-php56-php-devel-5.6.25-1.el6.x86_64.rpm
rh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm
rh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm
rh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm
rh-php56-php-gd-5.6.25-1.el6.x86_64.rpm
rh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm
rh-php56-php-imap-5.6.25-1.el6.x86_64.rpm
rh-php56-php-intl-5.6.25-1.el6.x86_64.rpm
rh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm
rh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm
rh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm
rh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm
rh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm
rh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm
rh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm
rh-php56-php-process-5.6.25-1.el6.x86_64.rpm
rh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm
rh-php56-php-recode-5.6.25-1.el6.x86_64.rpm
rh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm
rh-php56-php-soap-5.6.25-1.el6.x86_64.rpm
rh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm
rh-php56-php-xml-5.6.25-1.el6.x86_64.rpm
rh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm
rh-php56-runtime-2.3-1.el6.x86_64.rpm
rh-php56-scldevel-2.3-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source:
rh-php56-2.3-1.el6.src.rpm
rh-php56-php-5.6.25-1.el6.src.rpm
rh-php56-php-pear-1.9.5-4.el6.src.rpm
noarch:
rh-php56-php-pear-1.9.5-4.el6.noarch.rpm
x86_64:
rh-php56-2.3-1.el6.x86_64.rpm
rh-php56-php-5.6.25-1.el6.x86_64.rpm
rh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm
rh-php56-php-cli-5.6.25-1.el6.x86_64.rpm
rh-php56-php-common-5.6.25-1.el6.x86_64.rpm
rh-php56-php-dba-5.6.25-1.el6.x86_64.rpm
rh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm
rh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm
rh-php56-php-devel-5.6.25-1.el6.x86_64.rpm
rh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm
rh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm
rh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm
rh-php56-php-gd-5.6.25-1.el6.x86_64.rpm
rh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm
rh-php56-php-imap-5.6.25-1.el6.x86_64.rpm
rh-php56-php-intl-5.6.25-1.el6.x86_64.rpm
rh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm
rh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm
rh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm
rh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm
rh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm
rh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm
rh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm
rh-php56-php-process-5.6.25-1.el6.x86_64.rpm
rh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm
rh-php56-php-recode-5.6.25-1.el6.x86_64.rpm
rh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm
rh-php56-php-soap-5.6.25-1.el6.x86_64.rpm
rh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm
rh-php56-php-xml-5.6.25-1.el6.x86_64.rpm
rh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm
rh-php56-runtime-2.3-1.el6.x86_64.rpm
rh-php56-scldevel-2.3-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source:
rh-php56-2.3-1.el7.src.rpm
rh-php56-php-5.6.25-1.el7.src.rpm
rh-php56-php-pear-1.9.5-4.el7.src.rpm
noarch:
rh-php56-php-pear-1.9.5-4.el7.noarch.rpm
x86_64:
rh-php56-2.3-1.el7.x86_64.rpm
rh-php56-php-5.6.25-1.el7.x86_64.rpm
rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm
rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm
rh-php56-php-common-5.6.25-1.el7.x86_64.rpm
rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm
rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm
rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm
rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm
rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm
rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm
rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm
rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm
rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm
rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm
rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm
rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm
rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm
rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm
rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm
rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm
rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm
rh-php56-php-process-5.6.25-1.el7.x86_64.rpm
rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm
rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm
rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm
rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm
rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm
rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm
rh-php56-runtime-2.3-1.el7.x86_64.rpm
rh-php56-scldevel-2.3-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):
Source:
rh-php56-2.3-1.el7.src.rpm
rh-php56-php-5.6.25-1.el7.src.rpm
rh-php56-php-pear-1.9.5-4.el7.src.rpm
noarch:
rh-php56-php-pear-1.9.5-4.el7.noarch.rpm
x86_64:
rh-php56-2.3-1.el7.x86_64.rpm
rh-php56-php-5.6.25-1.el7.x86_64.rpm
rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm
rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm
rh-php56-php-common-5.6.25-1.el7.x86_64.rpm
rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm
rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm
rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm
rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm
rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm
rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm
rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm
rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm
rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm
rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm
rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm
rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm
rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm
rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm
rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm
rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm
rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm
rh-php56-php-process-5.6.25-1.el7.x86_64.rpm
rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm
rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm
rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm
rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm
rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm
rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm
rh-php56-runtime-2.3-1.el7.x86_64.rpm
rh-php56-scldevel-2.3-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):
Source:
rh-php56-2.3-1.el7.src.rpm
rh-php56-php-5.6.25-1.el7.src.rpm
rh-php56-php-pear-1.9.5-4.el7.src.rpm
noarch:
rh-php56-php-pear-1.9.5-4.el7.noarch.rpm
x86_64:
rh-php56-2.3-1.el7.x86_64.rpm
rh-php56-php-5.6.25-1.el7.x86_64.rpm
rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm
rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm
rh-php56-php-common-5.6.25-1.el7.x86_64.rpm
rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm
rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm
rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm
rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm
rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm
rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm
rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm
rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm
rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm
rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm
rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm
rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm
rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm
rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm
rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm
rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm
rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm
rh-php56-php-process-5.6.25-1.el7.x86_64.rpm
rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm
rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm
rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm
rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm
rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm
rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm
rh-php56-runtime-2.3-1.el7.x86_64.rpm
rh-php56-scldevel-2.3-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source:
rh-php56-2.3-1.el7.src.rpm
rh-php56-php-5.6.25-1.el7.src.rpm
rh-php56-php-pear-1.9.5-4.el7.src.rpm
noarch:
rh-php56-php-pear-1.9.5-4.el7.noarch.rpm
x86_64:
rh-php56-2.3-1.el7.x86_64.rpm
rh-php56-php-5.6.25-1.el7.x86_64.rpm
rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm
rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm
rh-php56-php-common-5.6.25-1.el7.x86_64.rpm
rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm
rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm
rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm
rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm
rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm
rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm
rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm
rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm
rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm
rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm
rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm
rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm
rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm
rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm
rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm
rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm
rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm
rh-php56-php-process-5.6.25-1.el7.x86_64.rpm
rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm
rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm
rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm
rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm
rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm
rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm
rh-php56-runtime-2.3-1.el7.x86_64.rpm
rh-php56-scldevel-2.3-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2013-7456
https://access.redhat.com/security/cve/CVE-2014-9767
https://access.redhat.com/security/cve/CVE-2015-2325
https://access.redhat.com/security/cve/CVE-2015-2326
https://access.redhat.com/security/cve/CVE-2015-2327
https://access.redhat.com/security/cve/CVE-2015-2328
https://access.redhat.com/security/cve/CVE-2015-3210
https://access.redhat.com/security/cve/CVE-2015-3217
https://access.redhat.com/security/cve/CVE-2015-5073
https://access.redhat.com/security/cve/CVE-2015-8381
https://access.redhat.com/security/cve/CVE-2015-8383
https://access.redhat.com/security/cve/CVE-2015-8384
https://access.redhat.com/security/cve/CVE-2015-8385
https://access.redhat.com/security/cve/CVE-2015-8386
https://access.redhat.com/security/cve/CVE-2015-8388
https://access.redhat.com/security/cve/CVE-2015-8391
https://access.redhat.com/security/cve/CVE-2015-8392
https://access.redhat.com/security/cve/CVE-2015-8395
https://access.redhat.com/security/cve/CVE-2015-8835
https://access.redhat.com/security/cve/CVE-2015-8865
https://access.redhat.com/security/cve/CVE-2015-8866
https://access.redhat.com/security/cve/CVE-2015-8867
https://access.redhat.com/security/cve/CVE-2015-8873
https://access.redhat.com/security/cve/CVE-2015-8874
https://access.redhat.com/security/cve/CVE-2015-8876
https://access.redhat.com/security/cve/CVE-2015-8877
https://access.redhat.com/security/cve/CVE-2015-8879
https://access.redhat.com/security/cve/CVE-2016-1903
https://access.redhat.com/security/cve/CVE-2016-2554
https://access.redhat.com/security/cve/CVE-2016-3074
https://access.redhat.com/security/cve/CVE-2016-3141
https://access.redhat.com/security/cve/CVE-2016-3142
https://access.redhat.com/security/cve/CVE-2016-4070
https://access.redhat.com/security/cve/CVE-2016-4071
https://access.redhat.com/security/cve/CVE-2016-4072
https://access.redhat.com/security/cve/CVE-2016-4073
https://access.redhat.com/security/cve/CVE-2016-4342
https://access.redhat.com/security/cve/CVE-2016-4343
https://access.redhat.com/security/cve/CVE-2016-4473
https://access.redhat.com/security/cve/CVE-2016-4537
https://access.redhat.com/security/cve/CVE-2016-4538
https://access.redhat.com/security/cve/CVE-2016-4539
https://access.redhat.com/security/cve/CVE-2016-4540
https://access.redhat.com/security/cve/CVE-2016-4541
https://access.redhat.com/security/cve/CVE-2016-4542
https://access.redhat.com/security/cve/CVE-2016-4543
https://access.redhat.com/security/cve/CVE-2016-4544
https://access.redhat.com/security/cve/CVE-2016-5093
https://access.redhat.com/security/cve/CVE-2016-5094
https://access.redhat.com/security/cve/CVE-2016-5096
https://access.redhat.com/security/cve/CVE-2016-5114
https://access.redhat.com/security/cve/CVE-2016-5399
https://access.redhat.com/security/cve/CVE-2016-5766
https://access.redhat.com/security/cve/CVE-2016-5767
https://access.redhat.com/security/cve/CVE-2016-5768
https://access.redhat.com/security/cve/CVE-2016-5770
https://access.redhat.com/security/cve/CVE-2016-5771
https://access.redhat.com/security/cve/CVE-2016-5772
https://access.redhat.com/security/cve/CVE-2016-5773
https://access.redhat.com/security/cve/CVE-2016-6128
https://access.redhat.com/security/cve/CVE-2016-6207
https://access.redhat.com/security/cve/CVE-2016-6288
https://access.redhat.com/security/cve/CVE-2016-6289
https://access.redhat.com/security/cve/CVE-2016-6290
https://access.redhat.com/security/cve/CVE-2016-6291
https://access.redhat.com/security/cve/CVE-2016-6292
https://access.redhat.com/security/cve/CVE-2016-6294
https://access.redhat.com/security/cve/CVE-2016-6295
https://access.redhat.com/security/cve/CVE-2016-6296
https://access.redhat.com/security/cve/CVE-2016-6297
https://access.redhat.com/security/cve/CVE-2016-7124
https://access.redhat.com/security/cve/CVE-2016-7125
https://access.redhat.com/security/cve/CVE-2016-7126
https://access.redhat.com/security/cve/CVE-2016-7127
https://access.redhat.com/security/cve/CVE-2016-7128
https://access.redhat.com/security/cve/CVE-2016-7129
https://access.redhat.com/security/cve/CVE-2016-7130
https://access.redhat.com/security/cve/CVE-2016-7131
https://access.redhat.com/security/cve/CVE-2016-7132
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFYKvj4XlSAg2UNWIIRAqg2AKCB6Jcysv4gkiktKAJA3gy+RKlAqwCeJpjs
UCuj+0gWfBsWXOgFhgH0uL8=
=FcPG
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201606-0023 | CVE-2016-4057 | Huawei FusionCompute Denial of Service Vulnerability |
CVSS V2: 6.8 CVSS V3: 6.5 Severity: MEDIUM |
Huawei FusionCompute before V100R005C10SPC700 allows remote authenticated users to cause a denial of service (resource consumption) via a large number of crafted packets. HuaweiFusionCompute is an enterprise-class open server virtualization solution based on Xen open source design. Huawei FusionCompute is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to exhaust system resources, denying service to legitimate users. The solution provides automation, advanced integration and management capabilities for virtualized data centers. Security vulnerabilities exist in Huawei FusionCompute V100R005C00