Vulnerabilities > CVE-2017-7890 - Information Exposure vulnerability in PHP

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
php
CWE-200
nessus

Summary

The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.

Vulnerable Configurations

Part Description Count
Application
Php
844

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Nessus

  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1402.NASL
    descriptionAccording to the versions of the php packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c.(CVE-2019-9020) - In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in ext/phar/phar.c.(CVE-2018-20783) - An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences.(CVE-2019-9023) - An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c.(CVE-2019-9021) - An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data.(CVE-2019-9637) - An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.(CVE-2019-9024) - An integer overflow flaw, leading to a heap-based buffer overflow was found in the way libgd read some specially-crafted gd2 files. A remote attacker could use this flaw to crash an application compiled with libgd or in certain cases execute arbitrary code with the privileges of the user running that application.(CVE-2016-1016) - A null pointer dereference flaw was found in libgd. An attacker could use a specially-crafted .gd2 file to cause an application linked with libgd to crash, leading to denial of service.(CVE-2016-10167) - A data leak was found in gdImageCreateFromGifCtx() in GD Graphics Library used in PHP before 5.6.31 and 7.1.7. An attacker could craft a malicious GIF image and read up to 762 bytes from stack.(CVE-2017-7890) - gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.(CVE-2019-6977) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124905
    published2019-05-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124905
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : php (EulerOS-SA-2019-1402)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2317-1.NASL
    descriptionThis update for php5 fixes the following issues : - CVE-2016-10397: parse_url() can be bypassed to return fake host. (bsc#1047454) - CVE-2017-11143: An invalid free in the WDDX deserialization of booleanparameters could be used by attackers able to inject XML for deserialization tocrash the PHP interpreter. (bsc#1048097) - CVE-2017-11144: The opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash. (bsc#1048096) - CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to information leak. (bsc#1048112) - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could lead to information leak. (bsc#1048111) - CVE-2017-11147: The PHAR archive handler could beused by attackers supplying malicious archive files to crash the PHP interpreteror potentially disclose information. (bsc#1048094) - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting could lead to heap overflow (bsc#986386) - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() in Zend/zend_ini_parser.c (bsc#1050726) - CVE-2017-7890: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function could lead to denial of service (bsc#1050241) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-24
    modified2019-01-02
    plugin id120004
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120004
    titleSUSE SLES12 Security Update : php5 (SUSE-SU-2017:2317-1)
  • NASL familyCGI abuses
    NASL idPHP_5_6_31.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.31. It is, therefore, affected by the following vulnerabilities : - An out-of-bounds read error exists in the PCRE library in the compile_bracket_matchingpath() function within file pcre_jit_compile.c. An unauthenticated, remote attacker can exploit this, via a specially crafted regular expression, to crash a process linked to the library, resulting in a denial of service condition. (CVE-2017-6004) - An out-of-bounds read error exists in the GD Graphics Library (LibGD) in the gdImageCreateFromGifCtx() function within file gd_gif_in.c when handling a specially crafted GIF file. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-7890) - An out-of-bounds read error exists in Oniguruma in the match_at() function within file regexec.c. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-9224) - An out-of-bounds write error exists in Oniguruma in the next_state_val() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9226) - An out-of-bounds read error exists in Oniguruma in the mbc_enc_len() function within file utf8.c. An unauthenticated, remote attacker can exploit this to disclose memory contents or crash a process linked to the library. (CVE-2017-9227) - An out-of-bounds write error exists in Oniguruma in the bitset_set_range() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9228) - An invalid pointer deference flaw exists in Oniguruma in the left_adjust_char_head() function within file regexec.c during regular expression compilation. An unauthenticated, remote attacker can exploit this to crash a process linked to the library, resulting in a denial of service condition. (CVE-2017-9229) - A denial of service condition exists in PHP when handling overlarge POST requests. An unauthenticated, remote attacker can exploit this to exhaust available CPU resources. (CVE-2017-11142) - An extended invalid free error exists in PHP in the php_wddx_push_element() function within file ext/wddx/wddx.c when parsing empty boolean tags. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-11143) - A flaw exists in OpenSSL in the EVP_SealInit() function within file crypto/evp/p_seal.c due to returning an undocumented value of
    last seen2020-06-01
    modified2020-06-02
    plugin id101525
    published2017-07-13
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101525
    titlePHP 5.6.x < 5.6.31 Multiple Vulnerabilities
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1249.NASL
    descriptionAccording to the version of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.(CVE-2017-7890) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id117558
    published2018-09-18
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117558
    titleEulerOS Virtualization 2.5.0 : php (EulerOS-SA-2018-1249)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3938.NASL
    descriptionMatviy Kotoniy reported that the gdImageCreateFromGifCtx() function used to load images from GIF format files in libgd2, a library for programmatic graphics creation and manipulation, does not zero stack allocated color map buffers before their use, which may result in information disclosure if a specially crafted file is processed.
    last seen2020-06-01
    modified2020-06-02
    plugin id102445
    published2017-08-14
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102445
    titleDebian DSA-3938-1 : libgd2 - security update
  • NASL familyCGI abuses
    NASL idPHP_7_0_21.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.21. It is, therefore, affected by the following vulnerabilities : - An out-of-bounds read error exists in the PCRE library in the compile_bracket_matchingpath() function within file pcre_jit_compile.c. An unauthenticated, remote attacker can exploit this, via a specially crafted regular expression, to crash a process linked to the library, resulting in a denial of service condition. (CVE-2017-6004) - An out-of-bounds read error exists in the GD Graphics Library (LibGD) in the gdImageCreateFromGifCtx() function within file gd_gif_in.c when handling a specially crafted GIF file. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-7890) - An out-of-bounds read error exists in Oniguruma in the match_at() function within file regexec.c. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-9224) - An out-of-bounds write error exists in Oniguruma in the next_state_val() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9226) - An out-of-bounds read error exists in Oniguruma in the mbc_enc_len() function within file utf8.c. An unauthenticated, remote attacker can exploit this to disclose memory contents or crash a process linked to the library. (CVE-2017-9227) - An out-of-bounds write error exists in Oniguruma in the bitset_set_range() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9228) - An invalid pointer deference flaw exists in Oniguruma in the left_adjust_char_head() function within file regexec.c during regular expression compilation. An unauthenticated, remote attacker can exploit this to crash a process linked to the library, resulting in a denial of service condition. (CVE-2017-9229) - A flaw exists in OpenSSL in the EVP_SealInit() function within file crypto/evp/p_seal.c due to returning an undocumented value of
    last seen2020-04-30
    modified2017-07-13
    plugin id101526
    published2017-07-13
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101526
    titlePHP 7.0.x < 7.0.21 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2303-1.NASL
    descriptionThis update for php7 fixes the following issues : - CVE-2016-10397: parse_url() can be bypassed to return fake host. (bsc#1047454) - CVE-2017-11142: Remoteattackers could cause a CPU consumption denial of service attack by injectinglong form variables, related to main/php_variables. (bsc#1048100) - CVE-2017-11144: The opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash. (bsc#1048096) - CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to information leak. (bsc#1048112) - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could lead to information leak. (bsc#1048111) - CVE-2017-11147: The PHAR archive handler could beused by attackers supplying malicious archive files to crash the PHP interpreteror potentially disclose information. (bsc#1048094) - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() could lead to denial of service (bsc#1050726) - CVE-2017-7890: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function could lead to denial of service (bsc#1050241) - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow could lead to denial of service or code execution (bsc#986386) Other fixes : - Soap Request with References (bsc#1053645) - php7-pear should explicitly require php7-pear-Archive_Tar otherwise this dependency must be declared in every php7-pear-* package explicitly. [bnc#1052389] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-24
    modified2019-01-02
    plugin id120003
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120003
    titleSUSE SLES12 Security Update : php7 (SUSE-SU-2017:2303-1)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2017-867.NASL
    descriptionOut-of-bounds heap write in bitset_set_range() : An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it
    last seen2020-06-01
    modified2020-06-02
    plugin id102181
    published2017-08-04
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102181
    titleAmazon Linux AMI : php70 (ALAS-2017-867)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-994.NASL
    descriptionThis update for php7 fixes the following issues : - CVE-2016-10397: parse_url() can be bypassed to return fake host. (bsc#1047454) - CVE-2017-11142: Remoteattackers could cause a CPU consumption denial of service attack by injectinglong form variables, related to main/php_variables. (bsc#1048100) - CVE-2017-11144: The opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash. (bsc#1048096) - CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to information leak. (bsc#1048112) - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could lead to information leak. (bsc#1048111) - CVE-2017-11147: The PHAR archive handler could beused by attackers supplying malicious archive files to crash the PHP interpreteror potentially disclose information. (bsc#1048094) - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() could lead to denial of service (bsc#1050726) - CVE-2017-7890: Buffer over-read from uninitialized data in gdImageCreateFromGifCtx function could lead to denial of service (bsc#1050241) - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow could lead to denial of service or code execution (bsc#986386) Other fixes : - Soap Request with References (bsc#1053645) - php7-pear should explicitly require php7-pear-Archive_Tar otherwise this dependency must be declared in every php7-pear-* package explicitly. [bnc#1052389] This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2017-09-05
    plugin id102947
    published2017-09-05
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/102947
    titleopenSUSE Security Update : php7 (openSUSE-2017-994)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1055.NASL
    descriptionMatviy Kotoniy reported that the gdImageCreateFromGifCtx() function used to load images from GIF format files in libgd2, a library for programmatic graphics creation and manipulation, does not zero stack allocated color map buffers before their use, which may result in information disclosure if a specially crafted file is processed. For Debian 7
    last seen2020-03-17
    modified2017-08-14
    plugin id102440
    published2017-08-14
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102440
    titleDebian DLA-1055-1 : libgd2 security update
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1097.NASL
    descriptionAccording to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string.(CVE-2018-7584) - In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a
    last seen2020-05-06
    modified2018-05-02
    plugin id109495
    published2018-05-02
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109495
    titleEulerOS 2.0 SP2 : php (EulerOS-SA-2018-1097)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1096.NASL
    descriptionAccording to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string.(CVE-2018-7584) - In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a
    last seen2020-05-06
    modified2018-05-02
    plugin id109494
    published2018-05-02
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109494
    titleEulerOS 2.0 SP1 : php (EulerOS-SA-2018-1096)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-0406.NASL
    descriptionAn update for php is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * php: Buffer over-read from uninitialized data in gdImageCreateFromGifCtx function (CVE-2017-7890) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id107272
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107272
    titleCentOS 7 : php (CESA-2018:0406)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2018-108-01.NASL
    descriptionNew gd packages are available for Slackware 14.2 and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id109147
    published2018-04-19
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109147
    titleSlackware 14.2 / current : gd (SSA:2018-108-01)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2522-1.NASL
    descriptionThis update for php53 fixes the several issues. These security issues were fixed : - CVE-2017-12933: The finish_nested_data function in ext/standard/var_unserializer.re was prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue could have had an unspecified impact on the integrity of PHP (bsc#1054430). - CVE-2017-11628: Stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could have caused a denial of service or potentially allowed executing code (bsc#1050726). - CVE-2017-7890: The GIF decoding function gdImageCreateFromGifCtx in the GD Graphics Library did not zero colorMap arrays use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information (bsc#1050241). - CVE-2016-5766: Integer overflow in the _gd2GetHeader in the GD Graphics Library (aka libgd) allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image (bsc#986386). - CVE-2017-11145: An error in the date extension
    last seen2020-06-01
    modified2020-06-02
    plugin id103317
    published2017-09-19
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103317
    titleSUSE SLES11 Security Update : php53 (SUSE-SU-2017:2522-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0623-1.NASL
    descriptionThis update for gd fixes the following issues : CVE-2017-7890: Fixed a buffer over-read into uninitialized memory (bsc#1050241). CVE-2018-14553: Fixed a NULL pointer dereference in gdImageClone() (bsc#1165471). CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm() (bsc#1140120). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2020-03-10
    plugin id134366
    published2020-03-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134366
    titleSUSE SLED12 / SLES12 Security Update : gd (SUSE-SU-2020:0623-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-7CC0E6A5F5.NASL
    description**Version 2.2.5** - 2017-08-30 - **Security** - Double-free in gdImagePngPtr(). **CVE-2017-6362** - Buffer over-read into uninitialized memory. **CVE-2017-7890** - **Fixed** - Fix #109: XBM reading fails with printed error - Fix #338: Fatal and normal libjpeg/ibpng errors not distinguishable - Fix #357: 2.2.4: Segfault in test suite - Fix #386: gdImageGrayScale() may produce colors - Fix #406: webpng -i removes the transparent color - Fix Coverity #155475: Failure to restore alphaBlendingFlag - Fix Coverity #155476: potential resource leak - Fix several build issues and test failures - Fix and reenable optimized support for reading 1 bps TIFFs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-09-05
    plugin id102937
    published2017-09-05
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102937
    titleFedora 26 : gd (2017-7cc0e6a5f5)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-A69B0BB52D.NASL
    description**Version 2.2.5** - 2017-08-30 - **Security** - Double-free in gdImagePngPtr(). **CVE-2017-6362** - Buffer over-read into uninitialized memory. **CVE-2017-7890** - **Fixed** - Fix #109: XBM reading fails with printed error - Fix #338: Fatal and normal libjpeg/ibpng errors not distinguishable - Fix #357: 2.2.4: Segfault in test suite - Fix #386: gdImageGrayScale() may produce colors - Fix #406: webpng -i removes the transparent color - Fix Coverity #155475: Failure to restore alphaBlendingFlag - Fix Coverity #155476: potential resource leak - Fix several build issues and test failures - Fix and reenable optimized support for reading 1 bps TIFFs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-09-07
    plugin id102985
    published2017-09-07
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102985
    titleFedora 25 : gd (2017-a69b0bb52d)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-1010.NASL
    descriptionThis update for php5 fixes the following issues : - CVE-2016-10397: parse_url() can be bypassed to return fake host. (bsc#1047454) - CVE-2017-11143: An invalid free in the WDDX deserialization of booleanparameters could be used by attackers able to inject XML for deserialization tocrash the PHP interpreter. (bsc#1048097) - CVE-2017-11144: The opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash. (bsc#1048096) - CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to information leak. (bsc#1048112) - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could lead to information leak. (bsc#1048111) - CVE-2017-11147: The PHAR archive handler could beused by attackers supplying malicious archive files to crash the PHP interpreteror potentially disclose information. (bsc#1048094) - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting could lead to heap overflow (bsc#986386) - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() in Zend/zend_ini_parser.c (bsc#1050726) - CVE-2017-7890: Buffer over-read from uninitialized data in gdImageCreateFromGifCtx function could lead to denial of service (bsc#1050241) This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2017-09-06
    plugin id102966
    published2017-09-06
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/102966
    titleopenSUSE Security Update : php5 (openSUSE-2017-1010)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-0406.NASL
    descriptionAn update for php is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * php: Buffer over-read from uninitialized data in gdImageCreateFromGifCtx function (CVE-2017-7890) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id107188
    published2018-03-07
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107188
    titleRHEL 7 : php (RHSA-2018:0406)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3389-1.NASL
    descriptionA vulnerability was discovered in GD Graphics Library (aka libgd), as used in PHP that does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read bytes from the top of the stack. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id102493
    published2017-08-15
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102493
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.04 : libgd2 vulnerability (USN-3389-1)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0019_PHP.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has php packages installed that are affected by multiple vulnerabilities: - An integer overflow flaw, leading to a heap-based buffer overflow was found in the way libgd read some specially- crafted gd2 files. A remote attacker could use this flaw to crash an application compiled with libgd or in certain cases execute arbitrary code with the privileges of the user running that application. (CVE-2016-10168) - A null pointer dereference flaw was found in libgd. An attacker could use a specially-crafted .gd2 file to cause an application linked with libgd to crash, leading to denial of service. (CVE-2016-10167) - A data leak was found in gdImageCreateFromGifCtx() in GD Graphics Library used in PHP before 5.6.31 and 7.1.7. An attacker could craft a malicious GIF image and read up to 762 bytes from stack. (CVE-2017-7890) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127174
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127174
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : php Multiple Vulnerabilities (NS-SA-2019-0019)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-0406.NASL
    descriptionFrom Red Hat Security Advisory 2018:0406 : An update for php is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * php: Buffer over-read from uninitialized data in gdImageCreateFromGifCtx function (CVE-2017-7890) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id107204
    published2018-03-08
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107204
    titleOracle Linux 7 : php (ELSA-2018-0406)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-AC3DD4ECF8.NASL
    description**Version 2.2.5** - 2017-08-30 - **Security** - Double-free in gdImagePngPtr(). **CVE-2017-6362** - Buffer over-read into uninitialized memory. **CVE-2017-7890** - **Fixed** - Fix #109: XBM reading fails with printed error - Fix #338: Fatal and normal libjpeg/ibpng errors not distinguishable - Fix #357: 2.2.4: Segfault in test suite - Fix #386: gdImageGrayScale() may produce colors - Fix #406: webpng -i removes the transparent color - Fix Coverity #155475: Failure to restore alphaBlendingFlag - Fix Coverity #155476: potential resource leak - Fix several build issues and test failures - Fix and reenable optimized support for reading 1 bps TIFFs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-01-15
    plugin id105952
    published2018-01-15
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105952
    titleFedora 27 : gd (2017-ac3dd4ecf8)
  • NASL familyCGI abuses
    NASL idPHP_7_1_7.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.7. It is, therefore, affected by the following vulnerabilities : - An out-of-bounds read error exists in the GD Graphics Library (LibGD) in the gdImageCreateFromGifCtx() function within file gd_gif_in.c when handling a specially crafted GIF file. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-7890) - An out-of-bounds read error exists in Oniguruma in the match_at() function within file regexec.c. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-9224) - An out-of-bounds write error exists in Oniguruma in the next_state_val() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9226) - An out-of-bounds read error exists in Oniguruma in the mbc_enc_len() function within file utf8.c. An unauthenticated, remote attacker can exploit this to disclose memory contents or crash a process linked to the library. (CVE-2017-9227) - An out-of-bounds write error exists in Oniguruma in the bitset_set_range() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9228) - An invalid pointer deference flaw exists in Oniguruma in the left_adjust_char_head() function within file regexec.c during regular expression compilation. An unauthenticated, remote attacker can exploit this to crash a process linked to the library, resulting in a denial of service condition. (CVE-2017-9229) - A flaw exists in OpenSSL in the EVP_SealInit() function within file crypto/evp/p_seal.c due to returning an undocumented value of
    last seen2020-04-30
    modified2017-07-13
    plugin id101527
    published2017-07-13
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101527
    titlePHP 7.1.x < 7.1.7 Multiple Vulnerabilities
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_5033E2FC98EC4EF58E0B87CFBBC73081.NASL
    descriptionPHP developers report : The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.
    last seen2020-06-01
    modified2020-06-02
    plugin id103478
    published2017-09-27
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103478
    titleFreeBSD : php-gd and gd -- Buffer over-read into uninitialized memory (5033e2fc-98ec-4ef5-8e0b-87cfbbc73081)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20180306_PHP_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function (CVE-2017-7890)
    last seen2020-03-18
    modified2018-03-08
    plugin id107212
    published2018-03-08
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107212
    titleScientific Linux Security Update : php on SL7.x x86_64 (20180306)
  • NASL familyMisc.
    NASL idSECURITYCENTER_PHP_5_6_31.NASL
    descriptionThe Tenable SecurityCenter application installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities in the bundled version of PHP : - An out-of-bounds read error exists in the PCRE library in the compile_bracket_matchingpath() function within file pcre_jit_compile.c. An unauthenticated, remote attacker can exploit this, via a specially crafted regular expression, to crash a process linked to the library, resulting in a denial of service condition. (CVE-2017-6004) - An out-of-bounds read error exists in the GD Graphics Library (LibGD) in the gdImageCreateFromGifCtx() function within file gd_gif_in.c when handling a specially crafted GIF file. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-7890) - An out-of-bounds read error exists in Oniguruma in the match_at() function within file regexec.c. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-9224) - An out-of-bounds write error exists in Oniguruma in the next_state_val() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9226) - An out-of-bounds read error exists in Oniguruma in the mbc_enc_len() function within file utf8.c. An unauthenticated, remote attacker can exploit this to disclose memory contents or crash a process linked to the library. (CVE-2017-9227) - An out-of-bounds write error exists in Oniguruma in the bitset_set_range() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9228) - An invalid pointer deference flaw exists in Oniguruma in the left_adjust_char_head() function within file regexec.c during regular expression compilation. An unauthenticated, remote attacker can exploit this to crash a process linked to the library, resulting in a denial of service condition. (CVE-2017-9229) - A denial of service condition exists in PHP when handling overlarge POST requests. An unauthenticated, remote attacker can exploit this to exhaust available CPU resources. (CVE-2017-11142) - An extended invalid free error exists in PHP in the php_wddx_push_element() function within file ext/wddx/wddx.c when parsing empty boolean tags. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-11143) - A flaw exists in OpenSSL in the EVP_SealInit() function within file crypto/evp/p_seal.c due to returning an undocumented value of
    last seen2020-06-01
    modified2020-06-02
    plugin id103121
    published2017-09-12
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103121
    titleTenable SecurityCenter PHP < 5.6.31 Multiple Vulnerabilities (TNS-2017-12

Redhat

advisories
  • bugzilla
    id1473822
    titleCVE-2017-7890 php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentphp-ldap is earlier than 0:5.4.16-43.el7_4.1
            ovaloval:com.redhat.rhsa:tst:20180406001
          • commentphp-ldap is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195012
        • AND
          • commentphp-process is earlier than 0:5.4.16-43.el7_4.1
            ovaloval:com.redhat.rhsa:tst:20180406003
          • commentphp-process is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195028
        • AND
          • commentphp is earlier than 0:5.4.16-43.el7_4.1
            ovaloval:com.redhat.rhsa:tst:20180406005
          • commentphp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195018
        • AND
          • commentphp-xml is earlier than 0:5.4.16-43.el7_4.1
            ovaloval:com.redhat.rhsa:tst:20180406007
          • commentphp-xml is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195020
        • AND
          • commentphp-odbc is earlier than 0:5.4.16-43.el7_4.1
            ovaloval:com.redhat.rhsa:tst:20180406009
          • commentphp-odbc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195004
        • AND
          • commentphp-xmlrpc is earlier than 0:5.4.16-43.el7_4.1
            ovaloval:com.redhat.rhsa:tst:20180406011
          • commentphp-xmlrpc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195016
        • AND
          • commentphp-gd is earlier than 0:5.4.16-43.el7_4.1
            ovaloval:com.redhat.rhsa:tst:20180406013
          • commentphp-gd is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195008
        • AND
          • commentphp-pgsql is earlier than 0:5.4.16-43.el7_4.1
            ovaloval:com.redhat.rhsa:tst:20180406015
          • commentphp-pgsql is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195022
        • AND
          • commentphp-soap is earlier than 0:5.4.16-43.el7_4.1
            ovaloval:com.redhat.rhsa:tst:20180406017
          • commentphp-soap is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195010
        • AND
          • commentphp-cli is earlier than 0:5.4.16-43.el7_4.1
            ovaloval:com.redhat.rhsa:tst:20180406019
          • commentphp-cli is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195002
        • AND
          • commentphp-common is earlier than 0:5.4.16-43.el7_4.1
            ovaloval:com.redhat.rhsa:tst:20180406021
          • commentphp-common is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195014
        • AND
          • commentphp-pdo is earlier than 0:5.4.16-43.el7_4.1
            ovaloval:com.redhat.rhsa:tst:20180406023
          • commentphp-pdo is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195024
        • AND
          • commentphp-mysql is earlier than 0:5.4.16-43.el7_4.1
            ovaloval:com.redhat.rhsa:tst:20180406025
          • commentphp-mysql is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195006
        • AND
          • commentphp-recode is earlier than 0:5.4.16-43.el7_4.1
            ovaloval:com.redhat.rhsa:tst:20180406027
          • commentphp-recode is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195042
        • AND
          • commentphp-embedded is earlier than 0:5.4.16-43.el7_4.1
            ovaloval:com.redhat.rhsa:tst:20180406029
          • commentphp-embedded is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195046
        • AND
          • commentphp-dba is earlier than 0:5.4.16-43.el7_4.1
            ovaloval:com.redhat.rhsa:tst:20180406031
          • commentphp-dba is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195034
        • AND
          • commentphp-intl is earlier than 0:5.4.16-43.el7_4.1
            ovaloval:com.redhat.rhsa:tst:20180406033
          • commentphp-intl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195050
        • AND
          • commentphp-devel is earlier than 0:5.4.16-43.el7_4.1
            ovaloval:com.redhat.rhsa:tst:20180406035
          • commentphp-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195052
        • AND
          • commentphp-snmp is earlier than 0:5.4.16-43.el7_4.1
            ovaloval:com.redhat.rhsa:tst:20180406037
          • commentphp-snmp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195038
        • AND
          • commentphp-pspell is earlier than 0:5.4.16-43.el7_4.1
            ovaloval:com.redhat.rhsa:tst:20180406039
          • commentphp-pspell is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195026
        • AND
          • commentphp-enchant is earlier than 0:5.4.16-43.el7_4.1
            ovaloval:com.redhat.rhsa:tst:20180406041
          • commentphp-enchant is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195030
        • AND
          • commentphp-bcmath is earlier than 0:5.4.16-43.el7_4.1
            ovaloval:com.redhat.rhsa:tst:20180406043
          • commentphp-bcmath is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195048
        • AND
          • commentphp-mysqlnd is earlier than 0:5.4.16-43.el7_4.1
            ovaloval:com.redhat.rhsa:tst:20180406045
          • commentphp-mysqlnd is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20141013034
        • AND
          • commentphp-fpm is earlier than 0:5.4.16-43.el7_4.1
            ovaloval:com.redhat.rhsa:tst:20180406047
          • commentphp-fpm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20130514038
        • AND
          • commentphp-mbstring is earlier than 0:5.4.16-43.el7_4.1
            ovaloval:com.redhat.rhsa:tst:20180406049
          • commentphp-mbstring is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195044
    rhsa
    idRHSA-2018:0406
    released2018-03-06
    severityModerate
    titleRHSA-2018:0406: php security update (Moderate)
  • rhsa
    idRHSA-2018:1296
rpms
  • php-0:5.4.16-43.el7_4.1
  • php-bcmath-0:5.4.16-43.el7_4.1
  • php-cli-0:5.4.16-43.el7_4.1
  • php-common-0:5.4.16-43.el7_4.1
  • php-dba-0:5.4.16-43.el7_4.1
  • php-debuginfo-0:5.4.16-43.el7_4.1
  • php-devel-0:5.4.16-43.el7_4.1
  • php-embedded-0:5.4.16-43.el7_4.1
  • php-enchant-0:5.4.16-43.el7_4.1
  • php-fpm-0:5.4.16-43.el7_4.1
  • php-gd-0:5.4.16-43.el7_4.1
  • php-intl-0:5.4.16-43.el7_4.1
  • php-ldap-0:5.4.16-43.el7_4.1
  • php-mbstring-0:5.4.16-43.el7_4.1
  • php-mysql-0:5.4.16-43.el7_4.1
  • php-mysqlnd-0:5.4.16-43.el7_4.1
  • php-odbc-0:5.4.16-43.el7_4.1
  • php-pdo-0:5.4.16-43.el7_4.1
  • php-pgsql-0:5.4.16-43.el7_4.1
  • php-process-0:5.4.16-43.el7_4.1
  • php-pspell-0:5.4.16-43.el7_4.1
  • php-recode-0:5.4.16-43.el7_4.1
  • php-snmp-0:5.4.16-43.el7_4.1
  • php-soap-0:5.4.16-43.el7_4.1
  • php-xml-0:5.4.16-43.el7_4.1
  • php-xmlrpc-0:5.4.16-43.el7_4.1
  • rh-php70-php-0:7.0.27-1.el6
  • rh-php70-php-0:7.0.27-1.el7
  • rh-php70-php-bcmath-0:7.0.27-1.el6
  • rh-php70-php-bcmath-0:7.0.27-1.el7
  • rh-php70-php-cli-0:7.0.27-1.el6
  • rh-php70-php-cli-0:7.0.27-1.el7
  • rh-php70-php-common-0:7.0.27-1.el6
  • rh-php70-php-common-0:7.0.27-1.el7
  • rh-php70-php-dba-0:7.0.27-1.el6
  • rh-php70-php-dba-0:7.0.27-1.el7
  • rh-php70-php-dbg-0:7.0.27-1.el6
  • rh-php70-php-dbg-0:7.0.27-1.el7
  • rh-php70-php-debuginfo-0:7.0.27-1.el6
  • rh-php70-php-debuginfo-0:7.0.27-1.el7
  • rh-php70-php-devel-0:7.0.27-1.el6
  • rh-php70-php-devel-0:7.0.27-1.el7
  • rh-php70-php-embedded-0:7.0.27-1.el6
  • rh-php70-php-embedded-0:7.0.27-1.el7
  • rh-php70-php-enchant-0:7.0.27-1.el6
  • rh-php70-php-enchant-0:7.0.27-1.el7
  • rh-php70-php-fpm-0:7.0.27-1.el6
  • rh-php70-php-fpm-0:7.0.27-1.el7
  • rh-php70-php-gd-0:7.0.27-1.el6
  • rh-php70-php-gd-0:7.0.27-1.el7
  • rh-php70-php-gmp-0:7.0.27-1.el6
  • rh-php70-php-gmp-0:7.0.27-1.el7
  • rh-php70-php-imap-0:7.0.27-1.el6
  • rh-php70-php-intl-0:7.0.27-1.el6
  • rh-php70-php-intl-0:7.0.27-1.el7
  • rh-php70-php-json-0:7.0.27-1.el6
  • rh-php70-php-json-0:7.0.27-1.el7
  • rh-php70-php-ldap-0:7.0.27-1.el6
  • rh-php70-php-ldap-0:7.0.27-1.el7
  • rh-php70-php-mbstring-0:7.0.27-1.el6
  • rh-php70-php-mbstring-0:7.0.27-1.el7
  • rh-php70-php-mysqlnd-0:7.0.27-1.el6
  • rh-php70-php-mysqlnd-0:7.0.27-1.el7
  • rh-php70-php-odbc-0:7.0.27-1.el6
  • rh-php70-php-odbc-0:7.0.27-1.el7
  • rh-php70-php-opcache-0:7.0.27-1.el6
  • rh-php70-php-opcache-0:7.0.27-1.el7
  • rh-php70-php-pdo-0:7.0.27-1.el6
  • rh-php70-php-pdo-0:7.0.27-1.el7
  • rh-php70-php-pgsql-0:7.0.27-1.el6
  • rh-php70-php-pgsql-0:7.0.27-1.el7
  • rh-php70-php-process-0:7.0.27-1.el6
  • rh-php70-php-process-0:7.0.27-1.el7
  • rh-php70-php-pspell-0:7.0.27-1.el6
  • rh-php70-php-pspell-0:7.0.27-1.el7
  • rh-php70-php-recode-0:7.0.27-1.el6
  • rh-php70-php-recode-0:7.0.27-1.el7
  • rh-php70-php-snmp-0:7.0.27-1.el6
  • rh-php70-php-snmp-0:7.0.27-1.el7
  • rh-php70-php-soap-0:7.0.27-1.el6
  • rh-php70-php-soap-0:7.0.27-1.el7
  • rh-php70-php-tidy-0:7.0.27-1.el6
  • rh-php70-php-xml-0:7.0.27-1.el6
  • rh-php70-php-xml-0:7.0.27-1.el7
  • rh-php70-php-xmlrpc-0:7.0.27-1.el6
  • rh-php70-php-xmlrpc-0:7.0.27-1.el7
  • rh-php70-php-zip-0:7.0.27-1.el6
  • rh-php70-php-zip-0:7.0.27-1.el7