Slackware Linux update for php
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2016-7416 CVE-2016-7412 CVE-2016-7414 CVE-2016-7417 CVE-2016-7411 CVE-2016-7413 CVE-2016-7418 |
| CWE-ID | CWE-284 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Slackware Linux Operating systems & Components / Operating system |
| Vendor | Slackware |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Arbitrary code execution
EUVDB-ID: #VU523
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-7416
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by memory corruption in local data handling that allows a malicious user to get access to the system and cause arbitrary code execution.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Update the affected package php.
Vulnerable software versionsSlackware Linux: 14.0 - 14.2
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:
- cpe:2.3:o:slackware:slackware_linux:14.1:*:*:*:*:*:*:
- cpe:2.3:o:slackware:slackware_linux:14.0:*:*:*:*:*:*:
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.449886
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Arbitrary code execution
EUVDB-ID: #VU524
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-7412
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by heap overflow during handling of BIT fields in mysqlnd that allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Update the affected package php.
Vulnerable software versionsSlackware Linux: 14.0 - 14.2
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:
- cpe:2.3:o:slackware:slackware_linux:14.1:*:*:*:*:*:*:
- cpe:2.3:o:slackware:slackware_linux:14.0:*:*:*:*:*:*:
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.449886
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Arbitrary code execution
EUVDB-ID: #VU525
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-7414
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by out-of-bounds memory error in phar_parse_zipfile() that allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Update the affected package php.
Vulnerable software versionsSlackware Linux: 14.0 - 14.2
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:
- cpe:2.3:o:slackware:slackware_linux:14.1:*:*:*:*:*:*:
- cpe:2.3:o:slackware:slackware_linux:14.0:*:*:*:*:*:*:
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.449886
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Arbitrary code execution
EUVDB-ID: #VU526
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-7417
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by unserializing SplArray that leads to memory corruption error and allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Update the affected package php.
Vulnerable software versionsSlackware Linux: 14.0 - 14.2
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:
- cpe:2.3:o:slackware:slackware_linux:14.1:*:*:*:*:*:*:
- cpe:2.3:o:slackware:slackware_linux:14.0:*:*:*:*:*:*:
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.449886
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Arbitrary code execution
EUVDB-ID: #VU529
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-7411
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by deserialized object destruction that may result in memory corruption error and allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Update the affected package php.
Vulnerable software versionsSlackware Linux: 14.0 - 14.2
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:
- cpe:2.3:o:slackware:slackware_linux:14.1:*:*:*:*:*:*:
- cpe:2.3:o:slackware:slackware_linux:14.0:*:*:*:*:*:*:
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.449886
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Arbitrary code execution
EUVDB-ID: #VU527
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-7413
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by use-after-free memory error in wddx_deserialize() that allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Update the affected package php.
Vulnerable software versionsSlackware Linux: 14.0 - 14.2
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:
- cpe:2.3:o:slackware:slackware_linux:14.1:*:*:*:*:*:*:
- cpe:2.3:o:slackware:slackware_linux:14.0:*:*:*:*:*:*:
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.449886
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Arbitrary code execution
EUVDB-ID: #VU528
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-7418
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by out-of-bounds memory read error in php_wddx_push_element() that allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Update the affected package php.
Vulnerable software versionsSlackware Linux: 14.0 - 14.2
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:
- cpe:2.3:o:slackware:slackware_linux:14.1:*:*:*:*:*:*:
- cpe:2.3:o:slackware:slackware_linux:14.0:*:*:*:*:*:*:
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.449886
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
