SB2018011105 - Debian update for php7.0

Description

This security bulletin contains information about 7 secuirty vulnerabilities.

1) Denial of service (CVE-ID: CVE-2017-11144)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function. A remote attacker can trigger a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.

Successful exploitation of the vulnerability results in denial of service.

2) Out-of-bounds read (CVE-ID: CVE-2017-11145)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to out-of-bounds read in timelib_meridian(). A remote attacker can read arbitrary data on the target system.

3) Stack-based buffer overflow (CVE-ID: CVE-2017-11628)

The vulnerability allows a remote attacker to cause DoS condition or potentially execute arbitrary code.

The weakness exists due to stack buffer overflow in PHP INI parsing API 2 when handling malicious input. A remote attacker can send specially crafted data, trigger stack buffer overflow in zend_ini_do_op() that may lead to out-of-bounds write, cause the application to crash or execute arbitrary code with web server privileges.

Successful exploitation of the vulnerability may result in system compromise.

4) Heap use-after-free error (CVE-ID: CVE-2017-12932)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to improper use of the hash API for key deletion in a situation with an invalid array size. A remote attacker can use untrusted data to trigger heap use-after-free error in ext/standard/var_unserializer.re and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

5) Deserialization of untrusted data (CVE-ID: CVE-2017-12933)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a buffer over-read while unserializing untrusted data in the finish_nested_data function in ext/standard/var_unserializer.re. A remote attacker can perform a denial of service attack.

6) Deserialization of untrusted data (CVE-ID: CVE-2017-12934)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h in ext/standard/var_unserializer.re. A remote attacker can trigger a use-after-free condition and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

7) Out-of-bounds read (CVE-ID: CVE-2017-16642)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read in timelib_meridian(). A remote attacker can cause the application to crash.

Remediation

Install update from vendor's website.

References

• https://bugs.php.net/bug.php?id=74651
• http://php.net/ChangeLog-5.php#5.6.32
• http://php.net/ChangeLog-7.php#7.0.21
• https://bugs.php.net/bug.php?id=74603
• https://bugs.php.net/bug.php?id=74103
• http://php.net/ChangeLog-5.php
• http://php.net/ChangeLog-7.php
• https://bugs.php.net/bug.php?id=74111
• https://bugs.php.net/bug.php?id=74101
• https://bugs.php.net/bug.php?id=75055