[RHSA-2016:2598-02] Moderate: php security and bug fix update

bugzilla at redhat.com bugzilla at redhat.com
Thu Nov 3 09:02:14 UTC 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: php security and bug fix update
Advisory ID:       RHSA-2016:2598-02
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2016-2598.html
Issue date:        2016-11-03
CVE Names:         CVE-2016-5399 CVE-2016-5766 CVE-2016-5767 
                   CVE-2016-5768 
=====================================================================

1. Summary:

An update for php is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.

Security Fix(es):

* A flaw was found in the way certain error conditions were handled by
bzread() function in PHP. An attacker could use this flaw to upload a
specially crafted bz2 archive which, when parsed via the vulnerable
function, could cause the application to crash or execute arbitrary code
with the permissions of the user running the PHP application.
(CVE-2016-5399)

* An integer overflow flaw, leading to a heap-based buffer overflow was
found in the imagecreatefromgd2() function of PHP's gd extension. A remote
attacker could use this flaw to crash a PHP application or execute
arbitrary code with the privileges of the user running that PHP application
using gd via a specially crafted GD2 image. (CVE-2016-5766)

* An integer overflow flaw, leading to a heap-based buffer overflow was
found in the gdImagePaletteToTrueColor() function of PHP's gd extension. A
remote attacker could use this flaw to crash a PHP application or execute
arbitrary code with the privileges of the user running that PHP application
using gd via a specially crafted image buffer. (CVE-2016-5767)

* A double free flaw was found in the mb_ereg_replace_callback() function
of php which is used to perform regex search. This flaw could possibly
cause a PHP application to crash. (CVE-2016-5768)

Red Hat would like to thank Hans Jerry Illikainen for reporting
CVE-2016-5399.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.3 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon must be restarted
for the update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1073388 - ext/openssl: default_md algo is MD5
1131979 - Segfault running ZendFramework test suite (php_wddx_serialize_var)
1289457 - httpd segfault in php_module_shutdown when opcache loaded twice
1291667 - No TLS1.1 or TLS1.2 support for php curl module
1297179 - PHP crashes with [core:notice] [pid 3864] AH00052: child pid 95199 exit signal Segmentation fault (11)
1344578 - Segmentation fault while header_register_callback
1351068 - CVE-2016-5766 gd: Integer Overflow in _gd2GetHeader() resulting in heap overflow
1351069 - CVE-2016-5767 gd: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
1351168 - CVE-2016-5768 php: Double free in _php_mb_regex_ereg_replace_exec
1358395 - CVE-2016-5399 php: Improper error handling in bzread()

6. Package List:

Red Hat Enterprise Linux Client Optional (v. 7):

Source:
php-5.4.16-42.el7.src.rpm

x86_64:
php-5.4.16-42.el7.x86_64.rpm
php-bcmath-5.4.16-42.el7.x86_64.rpm
php-cli-5.4.16-42.el7.x86_64.rpm
php-common-5.4.16-42.el7.x86_64.rpm
php-dba-5.4.16-42.el7.x86_64.rpm
php-debuginfo-5.4.16-42.el7.x86_64.rpm
php-devel-5.4.16-42.el7.x86_64.rpm
php-embedded-5.4.16-42.el7.x86_64.rpm
php-enchant-5.4.16-42.el7.x86_64.rpm
php-fpm-5.4.16-42.el7.x86_64.rpm
php-gd-5.4.16-42.el7.x86_64.rpm
php-intl-5.4.16-42.el7.x86_64.rpm
php-ldap-5.4.16-42.el7.x86_64.rpm
php-mbstring-5.4.16-42.el7.x86_64.rpm
php-mysql-5.4.16-42.el7.x86_64.rpm
php-mysqlnd-5.4.16-42.el7.x86_64.rpm
php-odbc-5.4.16-42.el7.x86_64.rpm
php-pdo-5.4.16-42.el7.x86_64.rpm
php-pgsql-5.4.16-42.el7.x86_64.rpm
php-process-5.4.16-42.el7.x86_64.rpm
php-pspell-5.4.16-42.el7.x86_64.rpm
php-recode-5.4.16-42.el7.x86_64.rpm
php-snmp-5.4.16-42.el7.x86_64.rpm
php-soap-5.4.16-42.el7.x86_64.rpm
php-xml-5.4.16-42.el7.x86_64.rpm
php-xmlrpc-5.4.16-42.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source:
php-5.4.16-42.el7.src.rpm

x86_64:
php-5.4.16-42.el7.x86_64.rpm
php-bcmath-5.4.16-42.el7.x86_64.rpm
php-cli-5.4.16-42.el7.x86_64.rpm
php-common-5.4.16-42.el7.x86_64.rpm
php-dba-5.4.16-42.el7.x86_64.rpm
php-debuginfo-5.4.16-42.el7.x86_64.rpm
php-devel-5.4.16-42.el7.x86_64.rpm
php-embedded-5.4.16-42.el7.x86_64.rpm
php-enchant-5.4.16-42.el7.x86_64.rpm
php-fpm-5.4.16-42.el7.x86_64.rpm
php-gd-5.4.16-42.el7.x86_64.rpm
php-intl-5.4.16-42.el7.x86_64.rpm
php-ldap-5.4.16-42.el7.x86_64.rpm
php-mbstring-5.4.16-42.el7.x86_64.rpm
php-mysql-5.4.16-42.el7.x86_64.rpm
php-mysqlnd-5.4.16-42.el7.x86_64.rpm
php-odbc-5.4.16-42.el7.x86_64.rpm
php-pdo-5.4.16-42.el7.x86_64.rpm
php-pgsql-5.4.16-42.el7.x86_64.rpm
php-process-5.4.16-42.el7.x86_64.rpm
php-pspell-5.4.16-42.el7.x86_64.rpm
php-recode-5.4.16-42.el7.x86_64.rpm
php-snmp-5.4.16-42.el7.x86_64.rpm
php-soap-5.4.16-42.el7.x86_64.rpm
php-xml-5.4.16-42.el7.x86_64.rpm
php-xmlrpc-5.4.16-42.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
php-5.4.16-42.el7.src.rpm

aarch64:
php-5.4.16-42.el7.aarch64.rpm
php-cli-5.4.16-42.el7.aarch64.rpm
php-common-5.4.16-42.el7.aarch64.rpm
php-debuginfo-5.4.16-42.el7.aarch64.rpm
php-gd-5.4.16-42.el7.aarch64.rpm
php-ldap-5.4.16-42.el7.aarch64.rpm
php-mysql-5.4.16-42.el7.aarch64.rpm
php-odbc-5.4.16-42.el7.aarch64.rpm
php-pdo-5.4.16-42.el7.aarch64.rpm
php-pgsql-5.4.16-42.el7.aarch64.rpm
php-process-5.4.16-42.el7.aarch64.rpm
php-recode-5.4.16-42.el7.aarch64.rpm
php-soap-5.4.16-42.el7.aarch64.rpm
php-xml-5.4.16-42.el7.aarch64.rpm
php-xmlrpc-5.4.16-42.el7.aarch64.rpm

ppc64:
php-5.4.16-42.el7.ppc64.rpm
php-cli-5.4.16-42.el7.ppc64.rpm
php-common-5.4.16-42.el7.ppc64.rpm
php-debuginfo-5.4.16-42.el7.ppc64.rpm
php-gd-5.4.16-42.el7.ppc64.rpm
php-ldap-5.4.16-42.el7.ppc64.rpm
php-mysql-5.4.16-42.el7.ppc64.rpm
php-odbc-5.4.16-42.el7.ppc64.rpm
php-pdo-5.4.16-42.el7.ppc64.rpm
php-pgsql-5.4.16-42.el7.ppc64.rpm
php-process-5.4.16-42.el7.ppc64.rpm
php-recode-5.4.16-42.el7.ppc64.rpm
php-soap-5.4.16-42.el7.ppc64.rpm
php-xml-5.4.16-42.el7.ppc64.rpm
php-xmlrpc-5.4.16-42.el7.ppc64.rpm

ppc64le:
php-5.4.16-42.el7.ppc64le.rpm
php-cli-5.4.16-42.el7.ppc64le.rpm
php-common-5.4.16-42.el7.ppc64le.rpm
php-debuginfo-5.4.16-42.el7.ppc64le.rpm
php-gd-5.4.16-42.el7.ppc64le.rpm
php-ldap-5.4.16-42.el7.ppc64le.rpm
php-mysql-5.4.16-42.el7.ppc64le.rpm
php-odbc-5.4.16-42.el7.ppc64le.rpm
php-pdo-5.4.16-42.el7.ppc64le.rpm
php-pgsql-5.4.16-42.el7.ppc64le.rpm
php-process-5.4.16-42.el7.ppc64le.rpm
php-recode-5.4.16-42.el7.ppc64le.rpm
php-soap-5.4.16-42.el7.ppc64le.rpm
php-xml-5.4.16-42.el7.ppc64le.rpm
php-xmlrpc-5.4.16-42.el7.ppc64le.rpm

s390x:
php-5.4.16-42.el7.s390x.rpm
php-cli-5.4.16-42.el7.s390x.rpm
php-common-5.4.16-42.el7.s390x.rpm
php-debuginfo-5.4.16-42.el7.s390x.rpm
php-gd-5.4.16-42.el7.s390x.rpm
php-ldap-5.4.16-42.el7.s390x.rpm
php-mysql-5.4.16-42.el7.s390x.rpm
php-odbc-5.4.16-42.el7.s390x.rpm
php-pdo-5.4.16-42.el7.s390x.rpm
php-pgsql-5.4.16-42.el7.s390x.rpm
php-process-5.4.16-42.el7.s390x.rpm
php-recode-5.4.16-42.el7.s390x.rpm
php-soap-5.4.16-42.el7.s390x.rpm
php-xml-5.4.16-42.el7.s390x.rpm
php-xmlrpc-5.4.16-42.el7.s390x.rpm

x86_64:
php-5.4.16-42.el7.x86_64.rpm
php-cli-5.4.16-42.el7.x86_64.rpm
php-common-5.4.16-42.el7.x86_64.rpm
php-debuginfo-5.4.16-42.el7.x86_64.rpm
php-gd-5.4.16-42.el7.x86_64.rpm
php-ldap-5.4.16-42.el7.x86_64.rpm
php-mysql-5.4.16-42.el7.x86_64.rpm
php-odbc-5.4.16-42.el7.x86_64.rpm
php-pdo-5.4.16-42.el7.x86_64.rpm
php-pgsql-5.4.16-42.el7.x86_64.rpm
php-process-5.4.16-42.el7.x86_64.rpm
php-recode-5.4.16-42.el7.x86_64.rpm
php-soap-5.4.16-42.el7.x86_64.rpm
php-xml-5.4.16-42.el7.x86_64.rpm
php-xmlrpc-5.4.16-42.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

aarch64:
php-bcmath-5.4.16-42.el7.aarch64.rpm
php-dba-5.4.16-42.el7.aarch64.rpm
php-debuginfo-5.4.16-42.el7.aarch64.rpm
php-devel-5.4.16-42.el7.aarch64.rpm
php-embedded-5.4.16-42.el7.aarch64.rpm
php-enchant-5.4.16-42.el7.aarch64.rpm
php-fpm-5.4.16-42.el7.aarch64.rpm
php-intl-5.4.16-42.el7.aarch64.rpm
php-mbstring-5.4.16-42.el7.aarch64.rpm
php-mysqlnd-5.4.16-42.el7.aarch64.rpm
php-pspell-5.4.16-42.el7.aarch64.rpm
php-snmp-5.4.16-42.el7.aarch64.rpm

ppc64:
php-bcmath-5.4.16-42.el7.ppc64.rpm
php-dba-5.4.16-42.el7.ppc64.rpm
php-debuginfo-5.4.16-42.el7.ppc64.rpm
php-devel-5.4.16-42.el7.ppc64.rpm
php-embedded-5.4.16-42.el7.ppc64.rpm
php-enchant-5.4.16-42.el7.ppc64.rpm
php-fpm-5.4.16-42.el7.ppc64.rpm
php-intl-5.4.16-42.el7.ppc64.rpm
php-mbstring-5.4.16-42.el7.ppc64.rpm
php-mysqlnd-5.4.16-42.el7.ppc64.rpm
php-pspell-5.4.16-42.el7.ppc64.rpm
php-snmp-5.4.16-42.el7.ppc64.rpm

ppc64le:
php-bcmath-5.4.16-42.el7.ppc64le.rpm
php-dba-5.4.16-42.el7.ppc64le.rpm
php-debuginfo-5.4.16-42.el7.ppc64le.rpm
php-devel-5.4.16-42.el7.ppc64le.rpm
php-embedded-5.4.16-42.el7.ppc64le.rpm
php-enchant-5.4.16-42.el7.ppc64le.rpm
php-fpm-5.4.16-42.el7.ppc64le.rpm
php-intl-5.4.16-42.el7.ppc64le.rpm
php-mbstring-5.4.16-42.el7.ppc64le.rpm
php-mysqlnd-5.4.16-42.el7.ppc64le.rpm
php-pspell-5.4.16-42.el7.ppc64le.rpm
php-snmp-5.4.16-42.el7.ppc64le.rpm

s390x:
php-bcmath-5.4.16-42.el7.s390x.rpm
php-dba-5.4.16-42.el7.s390x.rpm
php-debuginfo-5.4.16-42.el7.s390x.rpm
php-devel-5.4.16-42.el7.s390x.rpm
php-embedded-5.4.16-42.el7.s390x.rpm
php-enchant-5.4.16-42.el7.s390x.rpm
php-fpm-5.4.16-42.el7.s390x.rpm
php-intl-5.4.16-42.el7.s390x.rpm
php-mbstring-5.4.16-42.el7.s390x.rpm
php-mysqlnd-5.4.16-42.el7.s390x.rpm
php-pspell-5.4.16-42.el7.s390x.rpm
php-snmp-5.4.16-42.el7.s390x.rpm

x86_64:
php-bcmath-5.4.16-42.el7.x86_64.rpm
php-dba-5.4.16-42.el7.x86_64.rpm
php-debuginfo-5.4.16-42.el7.x86_64.rpm
php-devel-5.4.16-42.el7.x86_64.rpm
php-embedded-5.4.16-42.el7.x86_64.rpm
php-enchant-5.4.16-42.el7.x86_64.rpm
php-fpm-5.4.16-42.el7.x86_64.rpm
php-intl-5.4.16-42.el7.x86_64.rpm
php-mbstring-5.4.16-42.el7.x86_64.rpm
php-mysqlnd-5.4.16-42.el7.x86_64.rpm
php-pspell-5.4.16-42.el7.x86_64.rpm
php-snmp-5.4.16-42.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
php-5.4.16-42.el7.src.rpm

x86_64:
php-5.4.16-42.el7.x86_64.rpm
php-cli-5.4.16-42.el7.x86_64.rpm
php-common-5.4.16-42.el7.x86_64.rpm
php-debuginfo-5.4.16-42.el7.x86_64.rpm
php-gd-5.4.16-42.el7.x86_64.rpm
php-ldap-5.4.16-42.el7.x86_64.rpm
php-mysql-5.4.16-42.el7.x86_64.rpm
php-odbc-5.4.16-42.el7.x86_64.rpm
php-pdo-5.4.16-42.el7.x86_64.rpm
php-pgsql-5.4.16-42.el7.x86_64.rpm
php-process-5.4.16-42.el7.x86_64.rpm
php-recode-5.4.16-42.el7.x86_64.rpm
php-soap-5.4.16-42.el7.x86_64.rpm
php-xml-5.4.16-42.el7.x86_64.rpm
php-xmlrpc-5.4.16-42.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
php-bcmath-5.4.16-42.el7.x86_64.rpm
php-dba-5.4.16-42.el7.x86_64.rpm
php-debuginfo-5.4.16-42.el7.x86_64.rpm
php-devel-5.4.16-42.el7.x86_64.rpm
php-embedded-5.4.16-42.el7.x86_64.rpm
php-enchant-5.4.16-42.el7.x86_64.rpm
php-fpm-5.4.16-42.el7.x86_64.rpm
php-intl-5.4.16-42.el7.x86_64.rpm
php-mbstring-5.4.16-42.el7.x86_64.rpm
php-mysqlnd-5.4.16-42.el7.x86_64.rpm
php-pspell-5.4.16-42.el7.x86_64.rpm
php-snmp-5.4.16-42.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2016-5399
https://access.redhat.com/security/cve/CVE-2016-5766
https://access.redhat.com/security/cve/CVE-2016-5767
https://access.redhat.com/security/cve/CVE-2016-5768
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFYGv0TXlSAg2UNWIIRAp5HAJ9klb3/2rtiS6x3SPaFdGuYWwxEegCfafaI
5XgUajtsAnxecqRTeRWw5H4=
=G7qP
-----END PGP SIGNATURE-----





More information about the RHSA-announce mailing list