Oval Definition:oval:com.redhat.rhsa:def:20173221
Revision Date:2017-11-15Version:637
Title:RHSA-2017:3221: php security update (Moderate)
Description:PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

Security Fix(es):

  • A null pointer dereference flaw was found in libgd. An attacker could use a specially-crafted .gd2 file to cause an application linked with libgd to crash, leading to denial of service. (CVE-2016-10167)

  • An integer overflow flaw, leading to a heap-based buffer overflow was found in the way libgd read some specially-crafted gd2 files. A remote attacker could use this flaw to crash an application compiled with libgd or in certain cases execute arbitrary code with the privileges of the user running that application. (CVE-2016-10168)
    • Family:unixClass:patch
    Status:Reference(s):CVE-2016-10167
    CVE-2016-10168
    RHSA-2017:3221
    RHSA-2017:3221-00
    RHSA-2017:3221-03
    Platform(s):Red Hat Enterprise Linux 7
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • php is earlier than 0:5.4.16-43.el7_4
  • AND php is signed with Red Hat redhatrelease2 key
  • php-bcmath is earlier than 0:5.4.16-43.el7_4
  • AND php-bcmath is signed with Red Hat redhatrelease2 key
  • php-cli is earlier than 0:5.4.16-43.el7_4
  • AND php-cli is signed with Red Hat redhatrelease2 key
  • php-common is earlier than 0:5.4.16-43.el7_4
  • AND php-common is signed with Red Hat redhatrelease2 key
  • php-dba is earlier than 0:5.4.16-43.el7_4
  • AND php-dba is signed with Red Hat redhatrelease2 key
  • php-devel is earlier than 0:5.4.16-43.el7_4
  • AND php-devel is signed with Red Hat redhatrelease2 key
  • php-embedded is earlier than 0:5.4.16-43.el7_4
  • AND php-embedded is signed with Red Hat redhatrelease2 key
  • php-enchant is earlier than 0:5.4.16-43.el7_4
  • AND php-enchant is signed with Red Hat redhatrelease2 key
  • php-fpm is earlier than 0:5.4.16-43.el7_4
  • AND php-fpm is signed with Red Hat redhatrelease2 key
  • php-gd is earlier than 0:5.4.16-43.el7_4
  • AND php-gd is signed with Red Hat redhatrelease2 key
  • php-intl is earlier than 0:5.4.16-43.el7_4
  • AND php-intl is signed with Red Hat redhatrelease2 key
  • php-ldap is earlier than 0:5.4.16-43.el7_4
  • AND php-ldap is signed with Red Hat redhatrelease2 key
  • php-mbstring is earlier than 0:5.4.16-43.el7_4
  • AND php-mbstring is signed with Red Hat redhatrelease2 key
  • php-mysql is earlier than 0:5.4.16-43.el7_4
  • AND php-mysql is signed with Red Hat redhatrelease2 key
  • php-mysqlnd is earlier than 0:5.4.16-43.el7_4
  • AND php-mysqlnd is signed with Red Hat redhatrelease2 key
  • php-odbc is earlier than 0:5.4.16-43.el7_4
  • AND php-odbc is signed with Red Hat redhatrelease2 key
  • php-pdo is earlier than 0:5.4.16-43.el7_4
  • AND php-pdo is signed with Red Hat redhatrelease2 key
  • php-pgsql is earlier than 0:5.4.16-43.el7_4
  • AND php-pgsql is signed with Red Hat redhatrelease2 key
  • php-process is earlier than 0:5.4.16-43.el7_4
  • AND php-process is signed with Red Hat redhatrelease2 key
  • php-pspell is earlier than 0:5.4.16-43.el7_4
  • AND php-pspell is signed with Red Hat redhatrelease2 key
  • php-recode is earlier than 0:5.4.16-43.el7_4
  • AND php-recode is signed with Red Hat redhatrelease2 key
  • php-snmp is earlier than 0:5.4.16-43.el7_4
  • AND php-snmp is signed with Red Hat redhatrelease2 key
  • php-soap is earlier than 0:5.4.16-43.el7_4
  • AND php-soap is signed with Red Hat redhatrelease2 key
  • php-xml is earlier than 0:5.4.16-43.el7_4
  • AND php-xml is signed with Red Hat redhatrelease2 key
  • php-xmlrpc is earlier than 0:5.4.16-43.el7_4
  • AND php-xmlrpc is signed with Red Hat redhatrelease2 key
    • BACK