English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.871700
Categoría:Red Hat Local Security Checks
Título:RedHat Update for php RHSA-2016:2598-02
Resumen:The remote host is missing an update for the 'php'; package(s) announced via the referenced advisory.
Descripción:Summary:
The remote host is missing an update for the 'php'
package(s) announced via the referenced advisory.

Vulnerability Insight:
PHP is an HTML-embedded scripting language
commonly used with the Apache HTTP Server.

Security Fix(es):

* A flaw was found in the way certain error conditions were handled by
bzread() function in PHP. An attacker could use this flaw to upload a
specially crafted bz2 archive which, when parsed via the vulnerable
function, could cause the application to crash or execute arbitrary code
with the permissions of the user running the PHP application.
(CVE-2016-5399)

* An integer overflow flaw, leading to a heap-based buffer overflow was
found in the imagecreatefromgd2() function of PHP's gd extension. A remote
attacker could use this flaw to crash a PHP application or execute
arbitrary code with the privileges of the user running that PHP application
using gd via a specially crafted GD2 image. (CVE-2016-5766)

* An integer overflow flaw, leading to a heap-based buffer overflow was
found in the gdImagePaletteToTrueColor() function of PHP's gd extension. A
remote attacker could use this flaw to crash a PHP application or execute
arbitrary code with the privileges of the user running that PHP application
using gd via a specially crafted image buffer. (CVE-2016-5767)

* A double free flaw was found in the mb_ereg_replace_callback() function
of php which is used to perform regex search. This flaw could possibly
cause a PHP application to crash. (CVE-2016-5768)

Red Hat would like to thank Hans Jerry Illikainen for reporting
CVE-2016-5399.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.3 Release Notes linked from the References section.

Affected Software/OS:
php on Red Hat Enterprise Linux Server (v. 7)

Solution:
Please Install the Updated Packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-5399
1036430
http://www.securitytracker.com/id/1036430
20160721 CVE-2016-5399: php: out-of-bounds write in bzread()
http://www.securityfocus.com/archive/1/538966/100/0/threaded
20160725 CVE-2016-5399: php: out-of-bounds write in bzread()
http://seclists.org/fulldisclosure/2016/Jul/72
40155
https://www.exploit-db.com/exploits/40155/
92051
http://www.securityfocus.com/bid/92051
DSA-3631
http://www.debian.org/security/2016/dsa-3631
RHSA-2016:2598
http://rhn.redhat.com/errata/RHSA-2016-2598.html
RHSA-2016:2750
http://rhn.redhat.com/errata/RHSA-2016-2750.html
[oss-security] 20160721 CVE-2016-5399: php: out-of-bounds write in bzread()
http://www.openwall.com/lists/oss-security/2016/07/21/1
http://packetstormsecurity.com/files/137998/PHP-7.0.8-5.6.23-5.5.37-bzread-OOB-Write.html
http://php.net/ChangeLog-5.php
http://php.net/ChangeLog-7.php
https://bugs.php.net/bug.php?id=72613
https://bugzilla.redhat.com/show_bug.cgi?id=1358395
https://security.netapp.com/advisory/ntap-20180112-0001/
Common Vulnerability Exposure (CVE) ID: CVE-2016-5766
Debian Security Information: DSA-3619 (Google Search)
http://www.debian.org/security/2016/dsa-3619
https://security.gentoo.org/glsa/201612-09
http://www.openwall.com/lists/oss-security/2016/06/23/4
RedHat Security Advisories: RHSA-2016:2598
RedHat Security Advisories: RHSA-2016:2750
SuSE Security Announcement: SUSE-SU-2016:2013 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html
SuSE Security Announcement: openSUSE-SU-2016:1761 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html
SuSE Security Announcement: openSUSE-SU-2016:1922 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html
http://www.ubuntu.com/usn/USN-3030-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-5767
BugTraq ID: 91395
http://www.securityfocus.com/bid/91395
Common Vulnerability Exposure (CVE) ID: CVE-2016-5768
http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
BugTraq ID: 91396
http://www.securityfocus.com/bid/91396
Debian Security Information: DSA-3618 (Google Search)
http://www.debian.org/security/2016/dsa-3618
CopyrightCopyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.