Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2016-754)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.120743

Category: Amazon Linux Local Security Checks

Title: Amazon Linux: Security Advisory (ALAS-2016-754)

Summary: The remote host is missing an update for the 'php70' package(s) announced via the ALAS-2016-754 advisory.

Description: Summary:
The remote host is missing an update for the 'php70' package(s) announced via the ALAS-2016-754 advisory.

Vulnerability Insight:
ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata (CVE-2016-7412).

Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call (CVE-2016-7413).

The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c (CVE-2016-7414).

ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument (CVE-2016-7416).

ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data (CVE-2016-7417).

The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call (CVE-2016-7418).

Affected Software/OS:
'php70' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-7412
BugTraq ID: 93005
http://www.securityfocus.com/bid/93005
https://security.gentoo.org/glsa/201611-22
http://www.openwall.com/lists/oss-security/2016/09/15/10
RedHat Security Advisories: RHSA-2018:1296
https://access.redhat.com/errata/RHSA-2018:1296
http://www.securitytracker.com/id/1036836
Common Vulnerability Exposure (CVE) ID: CVE-2016-7413
BugTraq ID: 93006
http://www.securityfocus.com/bid/93006
Common Vulnerability Exposure (CVE) ID: CVE-2016-7414
BugTraq ID: 93004
http://www.securityfocus.com/bid/93004
Common Vulnerability Exposure (CVE) ID: CVE-2016-7416
BugTraq ID: 93008
http://www.securityfocus.com/bid/93008
Common Vulnerability Exposure (CVE) ID: CVE-2016-7417
BugTraq ID: 93007
http://www.securityfocus.com/bid/93007
Common Vulnerability Exposure (CVE) ID: CVE-2016-7418
BugTraq ID: 93011
http://www.securityfocus.com/bid/93011

Copyright Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.120743
Category:	Amazon Linux Local Security Checks
Title:	Amazon Linux: Security Advisory (ALAS-2016-754)
Summary:	The remote host is missing an update for the 'php70' package(s) announced via the ALAS-2016-754 advisory.
Description:	Summary: The remote host is missing an update for the 'php70' package(s) announced via the ALAS-2016-754 advisory. Vulnerability Insight: ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata (CVE-2016-7412). Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call (CVE-2016-7413). The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c (CVE-2016-7414). ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument (CVE-2016-7416). ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data (CVE-2016-7417). The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call (CVE-2016-7418). Affected Software/OS: 'php70' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-7412 BugTraq ID: 93005 http://www.securityfocus.com/bid/93005 https://security.gentoo.org/glsa/201611-22 http://www.openwall.com/lists/oss-security/2016/09/15/10 RedHat Security Advisories: RHSA-2018:1296 https://access.redhat.com/errata/RHSA-2018:1296 http://www.securitytracker.com/id/1036836 Common Vulnerability Exposure (CVE) ID: CVE-2016-7413 BugTraq ID: 93006 http://www.securityfocus.com/bid/93006 Common Vulnerability Exposure (CVE) ID: CVE-2016-7414 BugTraq ID: 93004 http://www.securityfocus.com/bid/93004 Common Vulnerability Exposure (CVE) ID: CVE-2016-7416 BugTraq ID: 93008 http://www.securityfocus.com/bid/93008 Common Vulnerability Exposure (CVE) ID: CVE-2016-7417 BugTraq ID: 93007 http://www.securityfocus.com/bid/93007 Common Vulnerability Exposure (CVE) ID: CVE-2016-7418 BugTraq ID: 93011 http://www.securityfocus.com/bid/93011
Copyright	Copyright (C) 2016 Greenbone AG