English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.120742
Category:Amazon Linux Local Security Checks
Title:Amazon Linux: Security Advisory (ALAS-2016-753)
Summary:The remote host is missing an update for the 'php56' package(s) announced via the ALAS-2016-753 advisory.
Description:Summary:
The remote host is missing an update for the 'php56' package(s) announced via the ALAS-2016-753 advisory.

Vulnerability Insight:
ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object (CVE-2016-7411).

ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata (CVE-2016-7412).

Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call (CVE-2016-7413).

The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c (CVE-2016-7414).

ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument (CVE-2016-7416).

ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data (CVE-2016-7417).

The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call (CVE-2016-7418).

Affected Software/OS:
'php56' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-7411
BugTraq ID: 93009
http://www.securityfocus.com/bid/93009
https://security.gentoo.org/glsa/201611-22
http://www.openwall.com/lists/oss-security/2016/09/15/10
http://www.securitytracker.com/id/1036836
Common Vulnerability Exposure (CVE) ID: CVE-2016-7412
BugTraq ID: 93005
http://www.securityfocus.com/bid/93005
RedHat Security Advisories: RHSA-2018:1296
https://access.redhat.com/errata/RHSA-2018:1296
Common Vulnerability Exposure (CVE) ID: CVE-2016-7413
BugTraq ID: 93006
http://www.securityfocus.com/bid/93006
Common Vulnerability Exposure (CVE) ID: CVE-2016-7414
BugTraq ID: 93004
http://www.securityfocus.com/bid/93004
Common Vulnerability Exposure (CVE) ID: CVE-2016-7416
BugTraq ID: 93008
http://www.securityfocus.com/bid/93008
Common Vulnerability Exposure (CVE) ID: CVE-2016-7417
BugTraq ID: 93007
http://www.securityfocus.com/bid/93007
Common Vulnerability Exposure (CVE) ID: CVE-2016-7418
BugTraq ID: 93011
http://www.securityfocus.com/bid/93011
CopyrightCopyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.