Debian Long Term Support / LTS Security Information / 2017 / Security Information -- DLA-818-1 php5

Debian Security Advisory

DLA-818-1 php5 -- LTS security update

Date Reported:

07 Feb 2017

Affected Packages:

php5

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2016-2554, CVE-2016-3141, CVE-2016-3142, CVE-2016-4342, CVE-2016-9934, CVE-2016-9935, CVE-2016-10158, CVE-2016-10159, CVE-2016-10160, CVE-2016-10161.

More information:

Several issues have been discovered in PHP (recursive acronym for PHP: Hypertext Preprocessor), a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML.

• CVE-2016-2554

  Stack-based buffer overflow in ext/phar/tar.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive.

• CVE-2016-3141

  Use-after-free vulnerability in wddx.c in the WDDX extension allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.

• CVE-2016-3142

  The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location.

• CVE-2016-4342

  ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive.

• CVE-2016-9934

  ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.

• CVE-2016-9935

  The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document.

• CVE-2016-10158

  The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1.

• CVE-2016-10159

  Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive.

• CVE-2016-10160

  Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.

• CVE-2016-10161

  The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call.

• BUG-71323

  Output of stream_get_meta_data can be falsified by its input

• BUG-70979

  Crash on bad SOAP request

• BUG-71039

  exec functions ignore length but look for NULL termination

• BUG-71459

  Integer overflow in iptcembed()

• BUG-71391

  NULL Pointer Dereference in phar_tar_setupmetadata()

• BUG-71335

  Type confusion vulnerability in WDDX packet deserialization

For Debian 7 Wheezy, these problems have been fixed in version 5.4.45-0+deb7u7.

We recommend that you upgrade your php5 packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS