[arch-security] [ASA-201601-10] php: multiple issues
anthraxx at archlinux.org
Thu Jan 14 21:32:39 UTC 2016
Arch Linux Security Advisory ASA-201601-10
Date : 2016-01-14
CVE-ID : CVE-2016-1903 CVE-2016-1904
Package : php
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
The package php before version 7.0.2-1 is vulnerable to multiple issues
including information disclosure and heap buffer overflow that is
leading to denial of service or possibly arbitrary code execution.
Upgrade to 7.0.2-1.
# pacman -Syu "php>=7.0.2-1"
The problems have been fixed upstream in version 7.0.2.
- CVE-2016-1903 (information disclosure)
An out-of-bounds vulnerability has been discovered in
ext/gd/libgd/gd_interpolation.c in the gdImageRotateInterpolated
function. The background color of an image is passed in as an integer
that represents an index to the color palette. As there is a lack of
validation of that parameter, one can pass in a large number that
exceeds the color palette array. This reads memory beyond the color
palette. Information of the memory leak can then be obtained via the
background color after the image has been rotated.
- CVE-2016-1904 (arbitrary code execution)
A not further specified integer overflow vulnerability has been
discovered in ext/standard/exec.c (in the php_escape_shell_cmd function
and the php_escape_shell_arg function). This issue results in a heap
buffer overflow that is leading to a denial of service or possibly
arbitrary code execution.
A remote attacker is able to disclose information via a memory leak,
perform a denial of service attack or possibly execute arbitrary code.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the arch-security