Vulnerabilities > CVE-2016-5766 - Integer Overflow or Wraparound vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 4 | |
| OS | 13 | |
| OS | 3 | |
| OS | 1 | |
| Application | 1 | |
| Application | Php
| 40 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Forced Integer Overflow This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Nessus
NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2016-728.NASL description A stack consumption vulnerability in GD in PHP allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. (CVE-2015-8874) An integer overflow, leading to a heap-based buffer overflow was found in the imagecreatefromgd2() function of PHP last seen 2020-06-01 modified 2020-06-02 plugin id 92663 published 2016-08-02 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/92663 title Amazon Linux AMI : php55 / php56 (ALAS-2016-728) (httpoxy) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2016-728. # include("compat.inc"); if (description) { script_id(92663); script_version("2.9"); script_cvs_date("Date: 2018/04/18 15:09:36"); script_cve_id("CVE-2015-8874", "CVE-2016-5385", "CVE-2016-5766", "CVE-2016-5767", "CVE-2016-5768", "CVE-2016-5769", "CVE-2016-5770", "CVE-2016-5771", "CVE-2016-5772", "CVE-2016-5773"); script_xref(name:"ALAS", value:"2016-728"); script_name(english:"Amazon Linux AMI : php55 / php56 (ALAS-2016-728) (httpoxy)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "A stack consumption vulnerability in GD in PHP allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. (CVE-2015-8874) An integer overflow, leading to a heap-based buffer overflow was found in the imagecreatefromgd2() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application, using gd via a specially crafted GD2 image. (CVE-2016-5766) An integer overflow, leading to a heap-based buffer overflow was found in the gdImagePaletteToTrueColor() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application, using gd via a specially crafted image buffer. (CVE-2016-5767) A double free flaw was found in the mb_ereg_replace_callback() function of php which is used to perform regex search. This flaw could possibly cause a PHP application to crash. (CVE-2016-5768) The mcrypt_generic() and mdecrypt_generic() functions are prone to integer overflows, resulting in a heap-based overflow. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application. (CVE-2016-5769) A type confusion issue was found in the SPLFileObject fread() function. A remote attacker able to submit a specially crafted input to a PHP application, which uses this function, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application. (CVE-2016-5770) A use-after-free vulnerability that can occur when calling unserialize() on untrusted input was discovered. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application if the application unserializes untrusted input. (CVE-2016-5771 , CVE-2016-5773) A double free can occur in wddx_deserialize() when trying to deserialize malicious XML input from user's request. This flaw could possibly cause a PHP application to crash. (CVE-2016-5772) It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5385) (Updated on 2016-08-17: CVE-2016-5385 was fixed in this release but was not previously part of this errata)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2016-728.html" ); script_set_attribute( attribute:"solution", value: "Run 'yum update php55' to update your system. Run 'yum update php56' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-mssql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-mysqlnd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mssql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mysqlnd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-xmlrpc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2016/08/01"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"php55-5.5.38-1.116.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-bcmath-5.5.38-1.116.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-cli-5.5.38-1.116.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-common-5.5.38-1.116.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-dba-5.5.38-1.116.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-debuginfo-5.5.38-1.116.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-devel-5.5.38-1.116.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-embedded-5.5.38-1.116.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-enchant-5.5.38-1.116.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-fpm-5.5.38-1.116.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-gd-5.5.38-1.116.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-gmp-5.5.38-1.116.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-imap-5.5.38-1.116.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-intl-5.5.38-1.116.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-ldap-5.5.38-1.116.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-mbstring-5.5.38-1.116.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-mcrypt-5.5.38-1.116.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-mssql-5.5.38-1.116.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-mysqlnd-5.5.38-1.116.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-odbc-5.5.38-1.116.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-opcache-5.5.38-1.116.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-pdo-5.5.38-1.116.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-pgsql-5.5.38-1.116.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-process-5.5.38-1.116.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-pspell-5.5.38-1.116.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-recode-5.5.38-1.116.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-snmp-5.5.38-1.116.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-soap-5.5.38-1.116.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-tidy-5.5.38-1.116.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-xml-5.5.38-1.116.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-xmlrpc-5.5.38-1.116.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-5.6.24-1.126.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-bcmath-5.6.24-1.126.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-cli-5.6.24-1.126.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-common-5.6.24-1.126.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-dba-5.6.24-1.126.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-dbg-5.6.24-1.126.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-debuginfo-5.6.24-1.126.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-devel-5.6.24-1.126.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-embedded-5.6.24-1.126.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-enchant-5.6.24-1.126.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-fpm-5.6.24-1.126.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-gd-5.6.24-1.126.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-gmp-5.6.24-1.126.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-imap-5.6.24-1.126.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-intl-5.6.24-1.126.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-ldap-5.6.24-1.126.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-mbstring-5.6.24-1.126.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-mcrypt-5.6.24-1.126.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-mssql-5.6.24-1.126.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-mysqlnd-5.6.24-1.126.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-odbc-5.6.24-1.126.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-opcache-5.6.24-1.126.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-pdo-5.6.24-1.126.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-pgsql-5.6.24-1.126.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-process-5.6.24-1.126.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-pspell-5.6.24-1.126.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-recode-5.6.24-1.126.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-snmp-5.6.24-1.126.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-soap-5.6.24-1.126.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-tidy-5.6.24-1.126.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-xml-5.6.24-1.126.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-xmlrpc-5.6.24-1.126.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php55 / php55-bcmath / php55-cli / php55-common / php55-dba / etc"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-2317-1.NASL description This update for php5 fixes the following issues : - CVE-2016-10397: parse_url() can be bypassed to return fake host. (bsc#1047454) - CVE-2017-11143: An invalid free in the WDDX deserialization of booleanparameters could be used by attackers able to inject XML for deserialization tocrash the PHP interpreter. (bsc#1048097) - CVE-2017-11144: The opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash. (bsc#1048096) - CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to information leak. (bsc#1048112) - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could lead to information leak. (bsc#1048111) - CVE-2017-11147: The PHAR archive handler could beused by attackers supplying malicious archive files to crash the PHP interpreteror potentially disclose information. (bsc#1048094) - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting could lead to heap overflow (bsc#986386) - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() in Zend/zend_ini_parser.c (bsc#1050726) - CVE-2017-7890: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function could lead to denial of service (bsc#1050241) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-24 modified 2019-01-02 plugin id 120004 published 2019-01-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120004 title SUSE SLES12 Security Update : php5 (SUSE-SU-2017:2317-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2017:2317-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(120004); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/23"); script_cve_id("CVE-2016-10397", "CVE-2016-5766", "CVE-2017-11143", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11146", "CVE-2017-11147", "CVE-2017-11628", "CVE-2017-7890"); script_name(english:"SUSE SLES12 Security Update : php5 (SUSE-SU-2017:2317-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for php5 fixes the following issues : - CVE-2016-10397: parse_url() can be bypassed to return fake host. (bsc#1047454) - CVE-2017-11143: An invalid free in the WDDX deserialization of booleanparameters could be used by attackers able to inject XML for deserialization tocrash the PHP interpreter. (bsc#1048097) - CVE-2017-11144: The opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash. (bsc#1048096) - CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to information leak. (bsc#1048112) - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could lead to information leak. (bsc#1048111) - CVE-2017-11147: The PHAR archive handler could beused by attackers supplying malicious archive files to crash the PHP interpreteror potentially disclose information. (bsc#1048094) - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting could lead to heap overflow (bsc#986386) - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() in Zend/zend_ini_parser.c (bsc#1050726) - CVE-2017-7890: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function could lead to denial of service (bsc#1050241) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1047454" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1048094" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1048096" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1048097" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1048111" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1048112" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1050241" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1050726" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=986386" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-10397/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5766/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-11143/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-11144/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-11145/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-11146/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-11147/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-11628/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-7890/" ); # https://www.suse.com/support/update/announcement/2017/suse-su-20172317-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?dfa00ded" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1431=1 SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1431=1 SUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2017-1431=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-11628"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bcmath-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bz2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-calendar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ctype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ctype-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-curl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dom-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-enchant-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-exif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-exif-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fastcgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fastcgi-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fileinfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fileinfo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fpm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ftp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gettext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gettext-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-iconv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-iconv-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-imap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-intl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-json-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ldap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mbstring-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mcrypt-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mysql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-odbc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-opcache-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-openssl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pcntl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pcntl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pdo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pgsql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-phar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-phar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-posix"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-posix-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pspell-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-shmop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-shmop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-snmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-soap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sockets"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sockets-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sqlite-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-suhosin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-suhosin-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvmsg-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvsem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvsem-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvshm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvshm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-tokenizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-tokenizer-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-wddx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-wddx-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlreader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlreader-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlrpc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlwriter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlwriter-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xsl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xsl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zip-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zlib-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/08/07"); script_set_attribute(attribute:"patch_publication_date", value:"2017/08/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"0", reference:"apache2-mod_php5-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"apache2-mod_php5-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bcmath-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bcmath-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bz2-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bz2-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-calendar-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-calendar-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ctype-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ctype-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-curl-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-curl-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dba-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dba-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-debugsource-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dom-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dom-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-enchant-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-enchant-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-exif-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-exif-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fastcgi-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fastcgi-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fileinfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fileinfo-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fpm-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fpm-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ftp-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ftp-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gd-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gd-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gettext-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gettext-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gmp-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gmp-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-iconv-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-iconv-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-imap-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-imap-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-intl-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-intl-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-json-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-json-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ldap-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ldap-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mbstring-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mbstring-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mcrypt-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mcrypt-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mysql-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mysql-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-odbc-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-odbc-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-opcache-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-opcache-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-openssl-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-openssl-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pcntl-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pcntl-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pdo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pdo-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pgsql-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pgsql-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-phar-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-phar-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-posix-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-posix-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pspell-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pspell-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-shmop-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-shmop-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-snmp-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-snmp-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-soap-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-soap-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sockets-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sockets-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sqlite-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sqlite-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-suhosin-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-suhosin-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvmsg-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvmsg-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvsem-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvsem-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvshm-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvshm-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-tokenizer-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-tokenizer-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-wddx-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-wddx-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlreader-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlreader-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlrpc-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlrpc-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlwriter-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlwriter-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xsl-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xsl-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zip-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zip-debuginfo-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zlib-5.5.14-109.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zlib-debuginfo-5.5.14-109.5.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php5"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2016-2598.NASL description An update for php is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * A flaw was found in the way certain error conditions were handled by bzread () function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vulnerable function, could cause the application to crash or execute arbitrary code with the permissions of the user running the PHP application. (CVE-2016-5399) * An integer overflow flaw, leading to a heap-based buffer overflow was found in the imagecreatefromgd2() function of PHP last seen 2020-06-01 modified 2020-06-02 plugin id 94561 published 2016-11-04 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94561 title RHEL 7 : php (RHSA-2016:2598) NASL family CGI abuses NASL id PHP_5_6_23.NASL description According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.23. It is, therefore, affected by multiple vulnerabilities : - An invalid free flaw exists in the phar_extract_file() function within file ext/phar/phar_object.c that allows an unauthenticated, remote attacker to have an unspecified impact. (CVE-2016-4473) - An integer overflow condition exists in the _gd2GetHeader() function in file ext/gd/libgd/gd_gd2.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5766) - An integer overflow condition exists in the gdImagePaletteToTrueColor() function within file ext/gd/libgd/gd.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5767) - A double-free error exists in the _php_mb_regex_ereg_replace_exec() function within file ext/mbstring/php_mbregex.c when handling a failed callback execution. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5768) - An integer overflow condition exists within file ext/mcrypt/mcrypt.c due to improper validation of user-supplied input when handling data values. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5769) - An integer overflow condition exists within file ext/spl/spl_directory.c, triggered by an int/size_t type confusion error, that allows an unauthenticated, remote attacker to have an unspecified impact. (CVE-2016-5770) - A use-after-free error exists in the garbage collection algorithm within file ext/spl/spl_array.c. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-5771) - A double-free error exists in the php_wddx_process_data() function within file ext/wddx/wddx.c when handling specially crafted XML content. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5772) - A use-after-free error exists in the garbage collection algorithm within file ext/zip/php_zip.c. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-5773) - An integer overflow condition exists in the json_decode() and json_utf8_to_utf16() functions within file ext/standard/php_smart_str.h due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. - An out-of-bounds read error exists in the pass2_no_dither() function within file ext/gd/libgd/gd_topal.c that allows an unauthenticated, remote attacker to cause a denial of service condition or disclose memory contents. - An integer overflow condition exists within file ext/standard/string.c when handling string lengths due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to have an unspecified impact. - A NULL pointer dereference flaw exists in the _gdScaleVert() function within file ext/gd/libgd/gd_interpolation.c that is triggered when handling _gdContributionsCalc return values. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. - An integer overflow condition exists in multiple functions within file ext/standard/string.c when handling string values due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to have an unspecified impact. Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 91898 published 2016-07-01 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91898 title PHP 5.6.x < 5.6.23 Multiple Vulnerabilities NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2016-176-01.NASL description New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 91830 published 2016-06-27 reporter This script is Copyright (C) 2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/91830 title Slackware 14.0 / 14.1 / current : php (SSA:2016-176-01) NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-2303-1.NASL description This update for php7 fixes the following issues : - CVE-2016-10397: parse_url() can be bypassed to return fake host. (bsc#1047454) - CVE-2017-11142: Remoteattackers could cause a CPU consumption denial of service attack by injectinglong form variables, related to main/php_variables. (bsc#1048100) - CVE-2017-11144: The opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash. (bsc#1048096) - CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to information leak. (bsc#1048112) - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could lead to information leak. (bsc#1048111) - CVE-2017-11147: The PHAR archive handler could beused by attackers supplying malicious archive files to crash the PHP interpreteror potentially disclose information. (bsc#1048094) - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() could lead to denial of service (bsc#1050726) - CVE-2017-7890: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function could lead to denial of service (bsc#1050241) - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow could lead to denial of service or code execution (bsc#986386) Other fixes : - Soap Request with References (bsc#1053645) - php7-pear should explicitly require php7-pear-Archive_Tar otherwise this dependency must be declared in every php7-pear-* package explicitly. [bnc#1052389] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-24 modified 2019-01-02 plugin id 120003 published 2019-01-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120003 title SUSE SLES12 Security Update : php7 (SUSE-SU-2017:2303-1) NASL family Scientific Linux Local Security Checks NASL id SL_20161103_PHP_ON_SL7_X.NASL description Security Fix(es) : - A flaw was found in the way certain error conditions were handled by bzread() function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vulnerable function, could cause the application to crash or execute arbitrary code with the permissions of the user running the PHP application. (CVE-2016-5399) - An integer overflow flaw, leading to a heap-based buffer overflow was found in the imagecreatefromgd2() function of PHP last seen 2020-03-18 modified 2016-12-15 plugin id 95854 published 2016-12-15 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95854 title Scientific Linux Security Update : php on SL7.x x86_64 (20161103) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-994.NASL description This update for php7 fixes the following issues : - CVE-2016-10397: parse_url() can be bypassed to return fake host. (bsc#1047454) - CVE-2017-11142: Remoteattackers could cause a CPU consumption denial of service attack by injectinglong form variables, related to main/php_variables. (bsc#1048100) - CVE-2017-11144: The opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash. (bsc#1048096) - CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to information leak. (bsc#1048112) - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could lead to information leak. (bsc#1048111) - CVE-2017-11147: The PHAR archive handler could beused by attackers supplying malicious archive files to crash the PHP interpreteror potentially disclose information. (bsc#1048094) - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() could lead to denial of service (bsc#1050726) - CVE-2017-7890: Buffer over-read from uninitialized data in gdImageCreateFromGifCtx function could lead to denial of service (bsc#1050241) - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow could lead to denial of service or code execution (bsc#986386) Other fixes : - Soap Request with References (bsc#1053645) - php7-pear should explicitly require php7-pear-Archive_Tar otherwise this dependency must be declared in every php7-pear-* package explicitly. [bnc#1052389] This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2017-09-05 plugin id 102947 published 2017-09-05 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/102947 title openSUSE Security Update : php7 (openSUSE-2017-994) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_556D22865A5111E6A6C314DAE9D210B8.NASL description Pierre Joye reports : - fix php bug 72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766) - gd: Buffer over-read issue when parsing crafted TGA file (CVE-2016-6132) - Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207) - fix php bug 72494, invalid color index not handled, can lead to crash ( CVE-2016-6128) last seen 2020-06-01 modified 2020-06-02 plugin id 92740 published 2016-08-05 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92740 title FreeBSD : gd -- multiple vulnerabilities (556d2286-5a51-11e6-a6c3-14dae9d210b8) NASL family Fedora Local Security Checks NASL id FEDORA_2016-D126BB1B74.NASL description - fix for stack overflow with gdImageFillToBorder (CVE-2015-8874) - fix integer Overflow in _gd2GetHeader() (CVE-2016-5766) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-07-19 plugin id 92392 published 2016-07-19 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92392 title Fedora 23 : gd (2016-d126bb1b74) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3619.NASL description Several vulnerabilities were discovered in libgd2, a library for programmatic graphics creation and manipulation. A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using the libgd2 library (application crash), or potentially to execute arbitrary code with the privileges of the user running the application. last seen 2020-06-01 modified 2020-06-02 plugin id 92327 published 2016-07-18 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92327 title Debian DSA-3619-1 : libgd2 - security update NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-2013-1.NASL description php53 was updated to fix five security issues. These security issues were fixed : - CVE-2016-5769: mcrypt: Heap Overflow due to integer overflows (bsc#986388). - CVE-2015-8935: XSS in header() with Internet Explorer (bsc#986004). - CVE-2016-5772: Double Free Courruption in wddx_deserialize (bsc#986244). - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow (bsc#986386). - CVE-2016-5767: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow (bsc#986393). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 93282 published 2016-09-02 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93282 title SUSE SLES11 Security Update : php53 (SUSE-SU-2016:2013-1) NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL43267483.NASL description Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image. (CVE-2016-5766) last seen 2020-06-01 modified 2020-06-02 plugin id 100137 published 2017-05-12 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100137 title F5 Networks BIG-IP : PHP vulnerability (K43267483) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201612-09.NASL description The remote host is affected by the vulnerability described in GLSA-201612-09 (GD: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in GD. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 95524 published 2016-12-05 reporter This script is Copyright (C) 2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/95524 title GLSA-201612-09 : GD: Multiple vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3030-1.NASL description It was discovered that the GD library incorrectly handled memory when using gdImageScaleTwoPass(). A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2013-7456) It was discovered that the GD library incorrectly handled certain malformed XBM images. If a user or automated system were tricked into processing a specially crafted XBM image, an attacker could cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-5116) It was discovered that the GD library incorrectly handled memory when using _gd2GetHeader(). A remote attacker could possibly use this issue to cause a denial of service or possibly execute arbitrary code. (CVE-2016-5766) It was discovered that the GD library incorrectly handled certain color indexes. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-6128) It was discovered that the GD library incorrectly handled memory when encoding a GIF image. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-6161). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 92011 published 2016-07-12 reporter Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92011 title Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : libgd2 vulnerabilities (USN-3030-1) NASL family Fedora Local Security Checks NASL id FEDORA_2016-EC372BDDB9.NASL description 23 Jun 2016, **PHP 5.6.23** **Core:** - Fixed bug php#72275 (Integer Overflow in json_encode()/json_decode()/json_utf8_to_utf16()). (Stas) - Fixed bug php#72400 (Integer Overflow in addcslashes/addslashes). (Stas) - Fixed bug php#72403 (Integer Overflow in Length of String-typed ZVAL). (Stas) **GD:** - Fixed bug php#72298 (pass2_no_dither out-of-bounds access). (Stas) - Fixed bug php#72337 (invalid dimensions can lead to crash) (Pierre) - Fixed bug php#72339 (Integer Overflow in _gd2GetHeader() resulting in heap overflow). (Pierre) - Fixed bug php#72407 (NULL pointer Dereference at _gdScaleVert). (Stas) - Fixed bug php#72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow). (Pierre) **Intl:** - Fixed bug php#70484 (selectordinal doesn last seen 2020-06-05 modified 2016-07-15 plugin id 92300 published 2016-07-15 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92300 title Fedora 24 : php (2016-ec372bddb9) NASL family Fedora Local Security Checks NASL id FEDORA_2016-A4D48D6FD6.NASL description **Version 2.2.2** Security related fixes : - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow (CVE-2016-5767) - Stack overflow with gdImageFillToBorder (CVE-2015-8874) - Integer Overflow in _gd2GetHeader() resulting in heap overflow (CVE-2016-5766) - NULL pointer Dereference at _gdScaleVert - Integer Overflow in gdImagePaletteToTrueColor() in heap overflow Numerous other fixes have been applied. The scale and rotation functions have been greatly improved as well. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-07-15 plugin id 92275 published 2016-07-15 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92275 title Fedora 24 : gd (2016-a4d48d6fd6) NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-2522-1.NASL description This update for php53 fixes the several issues. These security issues were fixed : - CVE-2017-12933: The finish_nested_data function in ext/standard/var_unserializer.re was prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue could have had an unspecified impact on the integrity of PHP (bsc#1054430). - CVE-2017-11628: Stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could have caused a denial of service or potentially allowed executing code (bsc#1050726). - CVE-2017-7890: The GIF decoding function gdImageCreateFromGifCtx in the GD Graphics Library did not zero colorMap arrays use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information (bsc#1050241). - CVE-2016-5766: Integer overflow in the _gd2GetHeader in the GD Graphics Library (aka libgd) allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image (bsc#986386). - CVE-2017-11145: An error in the date extension last seen 2020-06-01 modified 2020-06-02 plugin id 103317 published 2017-09-19 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103317 title SUSE SLES11 Security Update : php53 (SUSE-SU-2017:2522-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2016-1063.NASL description According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way certain error conditions were handled by bzread() function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vulnerable function, could cause the application to crash or execute arbitrary code with the permissions of the user running the PHP application.(CVE-2016-5399) - An integer overflow flaw, leading to a heap-based buffer overflow was found in the imagecreatefromgd2() function of PHP last seen 2020-05-06 modified 2017-05-01 plugin id 99825 published 2017-05-01 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99825 title EulerOS 2.0 SP1 : php (EulerOS-SA-2016-1063) NASL family CGI abuses NASL id PHP_5_5_37.NASL description According to its banner, the version of PHP running on the remote web server is 5.5.x prior to 5.5.37. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists in the GD graphics library in the gdImageFillToBorder() function within file gd.c when handling crafted images that have an overly large negative coordinate. An unauthenticated, remote attacker can exploit this, via a crafted image, to crash processes linked against the library. (CVE-2015-8874) - An integer overflow condition exists in the _gd2GetHeader() function in file ext/gd/libgd/gd_gd2.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5766) - An integer overflow condition exists in the gdImagePaletteToTrueColor() function within file ext/gd/libgd/gd.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5767) - A double-free error exists in the _php_mb_regex_ereg_replace_exec() function within file ext/mbstring/php_mbregex.c when handling a failed callback execution. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5768) - An integer overflow condition exists within file ext/mcrypt/mcrypt.c due to improper validation of user-supplied input when handling data values. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5769) - An integer overflow condition exists within file ext/spl/spl_directory.c, triggered by an int/size_t type confusion error, that allows an unauthenticated, remote attacker to have an unspecified impact. (CVE-2016-5770) - A use-after-free error exists in the garbage collection algorithm within file ext/spl/spl_array.c. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-5771) - A double-free error exists in the php_wddx_process_data() function within file ext/wddx/wddx.c when handling specially crafted XML content. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5772) - A use-after-free error exists in the garbage collection algorithm within file ext/zip/php_zip.c. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-5773) - An integer overflow condition exists in the json_decode() and json_utf8_to_utf16() functions within file ext/standard/php_smart_str.h due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. - An out-of-bounds read error exists in the pass2_no_dither() function within file ext/gd/libgd/gd_topal.c that allows an unauthenticated, remote attacker to cause a denial of service condition or disclose memory contents. - An integer overflow condition exists within file ext/standard/string.c when handling string lengths due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to have an unspecified impact. - A NULL pointer dereference flaw exists in the _gdScaleVert() function within file ext/gd/libgd/gd_interpolation.c that is triggered when handling _gdContributionsCalc return values. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. - An integer overflow condition exists in the nl2br() function within file ext/standard/string.c when handling new_length values due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to have an unspecified impact. - An integer overflow condition exists in multiple functions within file ext/standard/string.c when handling string values due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to have an unspecified impact. Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 91897 published 2016-07-01 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91897 title PHP 5.5.x < 5.5.37 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-1010.NASL description This update for php5 fixes the following issues : - CVE-2016-10397: parse_url() can be bypassed to return fake host. (bsc#1047454) - CVE-2017-11143: An invalid free in the WDDX deserialization of booleanparameters could be used by attackers able to inject XML for deserialization tocrash the PHP interpreter. (bsc#1048097) - CVE-2017-11144: The opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash. (bsc#1048096) - CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to information leak. (bsc#1048112) - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could lead to information leak. (bsc#1048111) - CVE-2017-11147: The PHAR archive handler could beused by attackers supplying malicious archive files to crash the PHP interpreteror potentially disclose information. (bsc#1048094) - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting could lead to heap overflow (bsc#986386) - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() in Zend/zend_ini_parser.c (bsc#1050726) - CVE-2017-7890: Buffer over-read from uninitialized data in gdImageCreateFromGifCtx function could lead to denial of service (bsc#1050241) This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2017-09-06 plugin id 102966 published 2017-09-06 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/102966 title openSUSE Security Update : php5 (openSUSE-2017-1010) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-2080-1.NASL description php5 was updated to fix the following security issues : - CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener (bsc#991426). - CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE (bsc#991427). - CVE-2016-6289: Integer overflow leads to buffer overflow in virtual_file_ex (bsc#991428). - CVE-2016-6290: Use after free in unserialize() with Unexpected Session Deserialization (bsc#991429). - CVE-2016-5399: Improper error handling in bzread() (bsc#991430). - CVE-2016-6288: Buffer over-read in php_url_parse_ex (bsc#991433). - CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c (bsc#991437). - CVE-2016-5769: Mcrypt: Heap Overflow due to integer overflows (bsc#986388). - CVE-2015-8935: XSS in header() with Internet Explorer (bsc#986004). - CVE-2016-5772: Double free corruption in wddx_deserialize (bsc#986244). - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow (bsc#986386). - CVE-2016-5767: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow (bsc#986393). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 93293 published 2016-09-02 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93293 title SUSE SLES11 Security Update : php5 (SUSE-SU-2016:2080-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2016-2598.NASL description An update for php is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * A flaw was found in the way certain error conditions were handled by bzread () function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vulnerable function, could cause the application to crash or execute arbitrary code with the permissions of the user running the PHP application. (CVE-2016-5399) * An integer overflow flaw, leading to a heap-based buffer overflow was found in the imagecreatefromgd2() function of PHP last seen 2020-06-01 modified 2020-06-02 plugin id 95344 published 2016-11-28 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95344 title CentOS 7 : php (CESA-2016:2598) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2016-2598.NASL description From Red Hat Security Advisory 2016:2598 : An update for php is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * A flaw was found in the way certain error conditions were handled by bzread () function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vulnerable function, could cause the application to crash or execute arbitrary code with the permissions of the user running the PHP application. (CVE-2016-5399) * An integer overflow flaw, leading to a heap-based buffer overflow was found in the imagecreatefromgd2() function of PHP last seen 2020-06-01 modified 2020-06-02 plugin id 94717 published 2016-11-11 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94717 title Oracle Linux 7 : php (ELSA-2016-2598) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-534.NASL description - CVE-2016-5766 Integer Overflow in _gd2GetHeader() resulting in heap overflow. For Debian 7 last seen 2020-03-17 modified 2016-07-01 plugin id 91901 published 2016-07-01 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91901 title Debian DLA-534-1 : libgd2 security update NASL family CGI abuses NASL id PHP_7_0_8.NASL description According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.8. It is, therefore, affected by multiple vulnerabilities : - An invalid free flaw exists in the phar_extract_file() function within file ext/phar/phar_object.c that allows an unauthenticated, remote attacker to have an unspecified impact. (CVE-2016-4473) - An integer overflow condition exists in the _gd2GetHeader() function in file ext/gd/libgd/gd_gd2.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5766) - An integer overflow condition exists in the gdImagePaletteToTrueColor() function within file ext/gd/libgd/gd.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5767) - A double-free error exists in the _php_mb_regex_ereg_replace_exec() function within file ext/mbstring/php_mbregex.c when handling a failed callback execution. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5768) - An integer overflow condition exists within file ext/mcrypt/mcrypt.c due to improper validation of user-supplied input when handling data values. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5769) - An integer overflow condition exists within file ext/spl/spl_directory.c, triggered by an int/size_t type confusion error, that allows an unauthenticated, remote attacker to have an unspecified impact. (CVE-2016-5770) - A use-after-free error exists in the garbage collection algorithm within file ext/spl/spl_array.c. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-5771) - A double-free error exists in the php_wddx_process_data() function within file ext/wddx/wddx.c when handling specially crafted XML content. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5772) - A use-after-free error exists in the garbage collection algorithm within file ext/zip/php_zip.c. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-5773) - An integer overflow condition exists in the json_decode() and json_utf8_to_utf16() functions within file ext/standard/php_smart_str.h due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. - An out-of-bounds read error exists in the pass2_no_dither() function within file ext/gd/libgd/gd_topal.c that allows an unauthenticated, remote attacker to cause a denial of service condition or disclose memory contents. - An integer overflow condition exists within file ext/standard/string.c when handling string lengths due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to have an unspecified impact. - A NULL pointer dereference flaw exists in the _gdScaleVert() function within file ext/gd/libgd/gd_interpolation.c that is triggered when handling _gdContributionsCalc return values. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. - An integer overflow condition exists in the nl2br() function within file ext/standard/string.c when handling new_length values due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to have an unspecified impact. - An integer overflow condition exists in multiple functions within file ext/standard/string.c when handling string values due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to have an unspecified impact. Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 91899 published 2016-07-01 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91899 title PHP 7.0.x < 7.0.8 Multiple Vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2016-615F3BF06E.NASL description **LibGD 2.2.3 release** Security related fixes: This flaw is caused by loading data from external sources (file, custom ctx, etc) and are hard to validate before calling libgd APIs : - fix php bug php#72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766) - bug #248, fix Out-Of-Bounds Read in read_image_tga Using application provided parameters, in these cases invalid data causes the issues : - Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207) - fix php bug php#72494, invalid color index not handled, can lead to crash - improve color check for CropThreshold Important update : - gdImageCopyResampled has been improved. Better handling of images with alpha channel, also brings libgd in sync with php last seen 2020-06-05 modified 2016-07-25 plugin id 92532 published 2016-07-25 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92532 title Fedora 24 : gd (2016-615f3bf06e) NASL family Fedora Local Security Checks NASL id FEDORA_2016-99FBDC5C34.NASL description 23 Jun 2016, **PHP 5.6.23** **Core:** - Fixed bug php#72275 (Integer Overflow in json_encode()/json_decode()/json_utf8_to_utf16()). (Stas) - Fixed bug php#72400 (Integer Overflow in addcslashes/addslashes). (Stas) - Fixed bug php#72403 (Integer Overflow in Length of String-typed ZVAL). (Stas) **GD:** - Fixed bug php#72298 (pass2_no_dither out-of-bounds access). (Stas) - Fixed bug php#72337 (invalid dimensions can lead to crash) (Pierre) - Fixed bug php#72339 (Integer Overflow in _gd2GetHeader() resulting in heap overflow). (Pierre) - Fixed bug php#72407 (NULL pointer Dereference at _gdScaleVert). (Stas) - Fixed bug php#72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow). (Pierre) **Intl:** - Fixed bug php#70484 (selectordinal doesn last seen 2020-06-05 modified 2016-07-15 plugin id 92272 published 2016-07-15 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92272 title Fedora 22 : php (2016-99fbdc5c34) NASL family Fedora Local Security Checks NASL id FEDORA_2016-34A6B65583.NASL description 23 Jun 2016, **PHP 5.6.23** **Core:** - Fixed bug php#72275 (Integer Overflow in json_encode()/json_decode()/json_utf8_to_utf16()). (Stas) - Fixed bug php#72400 (Integer Overflow in addcslashes/addslashes). (Stas) - Fixed bug php#72403 (Integer Overflow in Length of String-typed ZVAL). (Stas) **GD:** - Fixed bug php#72298 (pass2_no_dither out-of-bounds access). (Stas) - Fixed bug php#72337 (invalid dimensions can lead to crash) (Pierre) - Fixed bug php#72339 (Integer Overflow in _gd2GetHeader() resulting in heap overflow). (Pierre) - Fixed bug php#72407 (NULL pointer Dereference at _gdScaleVert). (Stas) - Fixed bug php#72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow). (Pierre) **Intl:** - Fixed bug php#70484 (selectordinal doesn last seen 2020-06-05 modified 2016-07-15 plugin id 92239 published 2016-07-15 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92239 title Fedora 23 : php (2016-34a6b65583) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_66D77C583B1D11E68E82002590263BF5.NASL description The PHP Group reports : Please reference CVE/URL list for details last seen 2020-06-01 modified 2020-06-02 plugin id 91839 published 2016-06-27 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91839 title FreeBSD : php -- multiple vulnerabilities (66d77c58-3b1d-11e6-8e82-002590263bf5) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-844.NASL description Shotwell was updated to fix the following issues : - boo#958382: Shotwell did not perform TLS certificate verification when publishing photos to external services last seen 2020-06-05 modified 2016-03-23 plugin id 90108 published 2016-03-23 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/90108 title openSUSE Security Update : shotwell (openSUSE-2016-844) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-921.NASL description This update for php5 fixes the following issues : - It is possible to launch a web server with last seen 2020-06-05 modified 2016-08-04 plugin id 92714 published 2016-08-04 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/92714 title openSUSE Security Update : php5 (openSUSE-2016-921) (httpoxy)
Redhat
| advisories |
| ||||||||
| rpms |
|
References
- http://php.net/ChangeLog-7.php
- http://php.net/ChangeLog-5.php
- https://bugs.php.net/bug.php?id=72339
- http://www.openwall.com/lists/oss-security/2016/06/23/4
- http://github.com/php/php-src/commit/7722455726bec8c53458a32851d2a87982cf0eac?w=1
- http://www.debian.org/security/2016/dsa-3619
- https://libgd.github.io/release-2.2.3.html
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html
- http://www.ubuntu.com/usn/USN-3030-1
- https://security.gentoo.org/glsa/201612-09
- http://rhn.redhat.com/errata/RHSA-2016-2750.html
- http://rhn.redhat.com/errata/RHSA-2016-2598.html