Test ID:	1.3.6.1.4.1.25623.1.0.843071
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-3211-2)
Summary:	The remote host is missing an update for the 'php7.0' package(s) announced via the USN-3211-2 advisory.
Description:	Summary: The remote host is missing an update for the 'php7.0' package(s) announced via the USN-3211-2 advisory. Vulnerability Insight: USN-3211-1 fixed vulnerabilities in PHP by updating to the new 7.0.15 upstream release. PHP 7.0.15 introduced a regression when using MySQL with large blobs. This update fixes the problem with a backported fix. Original advisory details: It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7479) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9137) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9935) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9936) It was discovered that PHP incorrectly handled certain EXIF data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10158) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash or consume resources, resulting in a denial of service. (CVE-2016-10159) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-10160) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10161) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10162) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-5340) Affected Software/OS: 'php7.0' package(s) on Ubuntu 16.04, Ubuntu 16.10. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-10158 BugTraq ID: 95764 http://www.securityfocus.com/bid/95764 Debian Security Information: DSA-3783 (Google Search) http://www.debian.org/security/2017/dsa-3783 https://security.gentoo.org/glsa/201702-29 RedHat Security Advisories: RHSA-2018:1296 https://access.redhat.com/errata/RHSA-2018:1296 http://www.securitytracker.com/id/1037659 Common Vulnerability Exposure (CVE) ID: CVE-2016-10159 BugTraq ID: 95774 http://www.securityfocus.com/bid/95774 Common Vulnerability Exposure (CVE) ID: CVE-2016-10160 BugTraq ID: 95783 http://www.securityfocus.com/bid/95783 Common Vulnerability Exposure (CVE) ID: CVE-2016-10161 BugTraq ID: 95768 http://www.securityfocus.com/bid/95768 Common Vulnerability Exposure (CVE) ID: CVE-2016-10162 BugTraq ID: 95668 http://www.securityfocus.com/bid/95668 Common Vulnerability Exposure (CVE) ID: CVE-2016-7479 BugTraq ID: 95151 http://www.securityfocus.com/bid/95151 http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7 http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf https://bugs.php.net/bug.php?id=73092 https://www.youtube.com/watch?v=LDcaPstAuPk Common Vulnerability Exposure (CVE) ID: CVE-2016-9137 BugTraq ID: 93577 http://www.securityfocus.com/bid/93577 Debian Security Information: DSA-3698 (Google Search) http://www.debian.org/security/2016/dsa-3698 http://www.openwall.com/lists/oss-security/2016/11/01/2 Common Vulnerability Exposure (CVE) ID: CVE-2016-9935 BugTraq ID: 94846 http://www.securityfocus.com/bid/94846 Debian Security Information: DSA-3737 (Google Search) http://www.debian.org/security/2016/dsa-3737 http://www.openwall.com/lists/oss-security/2016/12/12/2 SuSE Security Announcement: openSUSE-SU-2016:3239 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html SuSE Security Announcement: openSUSE-SU-2017:0061 (Google Search) http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html SuSE Security Announcement: openSUSE-SU-2017:0081 (Google Search) http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html Common Vulnerability Exposure (CVE) ID: CVE-2016-9936 BugTraq ID: 94849 http://www.securityfocus.com/bid/94849 Common Vulnerability Exposure (CVE) ID: CVE-2017-5340 BugTraq ID: 95371 http://www.securityfocus.com/bid/95371
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.