Arch Linux Security Advisory ASA-201601-10 ========================================== Severity: Medium Date : 2016-01-14 CVE-ID : CVE-2016-1903 CVE-2016-1904 Package : php Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package php before version 7.0.2-1 is vulnerable to multiple issues including information disclosure and heap buffer overflow that is leading to denial of service or possibly arbitrary code execution. Resolution ========== Upgrade to 7.0.2-1. # pacman -Syu "php>=7.0.2-1" The problems have been fixed upstream in version 7.0.2. Workaround ========== None. Description =========== - CVE-2016-1903 (information disclosure) An out-of-bounds vulnerability has been discovered in ext/gd/libgd/gd_interpolation.c in the gdImageRotateInterpolated function. The background color of an image is passed in as an integer that represents an index to the color palette. As there is a lack of validation of that parameter, one can pass in a large number that exceeds the color palette array. This reads memory beyond the color palette. Information of the memory leak can then be obtained via the background color after the image has been rotated. - CVE-2016-1904 (arbitrary code execution) A not further specified integer overflow vulnerability has been discovered in ext/standard/exec.c (in the php_escape_shell_cmd function and the php_escape_shell_arg function). This issue results in a heap buffer overflow that is leading to a denial of service or possibly arbitrary code execution. Impact ====== A remote attacker is able to disclose information via a memory leak, perform a denial of service attack or possibly execute arbitrary code. References ========== http://seclists.org/oss-sec/2016/q1/100 https://secure.php.net/ChangeLog-7.php#7.0.2 https://bugs.php.net/bug.php?id=70976 https://github.com/php/php-src/commit/2871c70efaaaa0f