CloudLinux OS Blog

HardenedPHP for EasyApache 4 updated

HardenedPHP for EasyApache 4 updated

The new updated HardenedPHP for EasyApache 4 packages are available for download from our production repository.

NOTE: ea-php51 and ea-php52 has no PHP-FPM support. Please use mod_lsapi instead (http://docs.cloudlinux.com/index.html?mod_lsapi_installation.html).

ea-php51-php-5.1.6-6.cloudlinux

Changelog:

  • bug 72627: Memory Leakage In exif_process_IFD_in_TIFF (CVE-2016-7128);
  • Added check that soap.wsdl_cache_dir conforms to open_basedir (CVE-2013-1635);
  • bug 70081: SoapClient info leak / null pointer dereference via multiple type confusions (CVE-2015-8835);
  • Improve check for :memory: pseudo-filename in SQlite (CVE-2012-3365);
  • CVE-2016-10158 php: Wrong calculation in exif_convert_any_to_int function;
  • CVE-2016-10167 gd: DoS vulnerability in gdImageCreateFromGd2Ctx();
  • CVE-2016-10168 gd: Integer overflow in gd_io.c;
  • CVE-2016-4070 php: Integer overflow in php_raw_url_encode;
  • CVE-2016-7125 php: Session Data Injection Vulnerability;
  • CVE-2016-7126 php: select_colors write out-of-bounds;
  • CVE-2016-7127 php: imagegammacorrect allows arbitrary write access;
  • CVE-2016-7129 php: wddx_deserialize allows illegal memory access;
  • CVE-2016-7130 php: wddx_deserialize null dereference;
  • CVE-2016-7131 php: wddx_deserialize null dereference with invalid xml;
  • CVE-2016-7132 php: wddx_deserialize null dereference in php_wddx_pop_element;
  • CVE-2016-9933 php, gd: Stack overflow in gdImageFillToBorder on truecolor images;
  • CVE-2016-9935 php: Invalid read when wddx decodes empty boolean element;
  • CVE-2006-5465 PHP buffer overflow;
  • CVE-2006-7243 php: paths with NULL character were considered valid;
  • CVE-2007-0455 gd buffer overrun;
  • CVE-2007-1864 php libxmlrpc library overflow;
  • CVE-2007-2756 gd / php-gd ImageCreateFromPng infinite loop caused by truncated PNG;
  • CVE-2007-2872 php chunk_split integer overflow;
  • CVE-2007-3799 php cross-site cookie insertion;
  • CVE-2007-3996 php multiple integer overflows in gd;
  • CVE-2007-3998 php floating point exception inside wordwrap;
  • CVE-2007-4658 php money_format format string issue;
  • CVE-2007-4670 php malformed cookie handling;
  • CVE-2007-4782 php crash in glob() and fnmatch() functions;
  • CVE-2007-5898 php htmlentities/htmlspecialchars multibyte sequences;
  • CVE-2007-5899 php session ID leakage;
  • CVE-2008-2051 PHP multibyte shell escape flaw;
  • CVE-2008-3658 php: buffer overflow in the imageloadfont function in gd extension;
  • CVE-2008-3659 php: buffer overflow in memnstr;
  • CVE-2008-3660 php: FastCGI module DoS via multiple dots preceding the extension;
  • CVE-2008-5498 php: libgd imagerotate() array index error memory disclosure;
  • CVE-2008-5557 php: Heap-based buffer overflow in the mbstring extension via crafted string containing a HTML entity (arb code execution);
  • CVE-2008-5624 php: missing initialization of BG(page_uid) and BG(page_gid);
  • CVE-2008-5625 php: incorrect php_value order for Apache configuration;
  • CVE-2008-5814 php: XSS via PHP error messages;
  • CVE-2008-7068 php: dba_replace() file corruption vulnerability;
  • CVE-2009-2687 php: exif_read_data crash on corrupted JPEG files;
  • CVE-2009-3291 php: openssl extension: Incorrect verification of SSL certificate with NUL in name;
  • CVE-2009-3292 php: exif extension: Multiple missing sanity checks in EXIF file processing;
  • CVE-2009-3546 gd: insufficient input validation in _gdGetColors();
  • CVE-2009-4017 PHP: resource exhaustion attack via upload requests with lots of files;
  • CVE-2009-4142 php: htmlspecialchars() insufficient checking of input for multi-byte encodings;
  • CVE-2010-0397 php: NULL pointer dereference in XML-RPC extension;
  • CVE-2010-1128 php: LCG entropy weakness;
  • CVE-2010-1129 CVE-2010-1130 php: safe_mode / open_basedir security fixes in 5.2.13/5.3.2;
  • CVE-2010-1861 php: shm_put_var interruption vulnerability (MOPS-2010-009);
  • CVE-2010-1868 php: sqlite: use of uninitialized memory triggered by empty SQL query (MOPS-2010-012, MOPS-2010-013);
  • CVE-2010-1917 php: fnmatch long pattern stack memory exhaustion (MOPS-2010-021);
  • CVE-2010-2191 php: multiple interruption vulnerabilities (MOPS-2010-0[49,50,51,52,53,54,55]);
  • CVE-2010-2531 php: information leak vulnerability in var_export();
  • CVE-2010-3065 php: session serializer session data injection vulnerability (MOPS-2010-060);
  • CVE-2010-3870 php: XSS mitigation bypass via utf8_decode();
  • CVE-2011-0708 php: buffer over-read in Exif extension;
  • CVE-2011-1092 php: integer overflow in shmop_read();
  • CVE-2011-1148 php: use-after-free vulnerability in substr_replace();
  • CVE-2011-1466 php: Crash by converting serial day numbers (SDN) into Julian calendar;
  • CVE-2011-1469 php: DoS when using HTTP proxy with the FTP wrapper;
  • CVE-2011-1938 php: stack-based buffer overflow in socket_connect();
  • CVE-2011-2202 php: file path injection vulnerability in RFC1867 file upload filename;
  • CVE-2011-4566 php: integer overflow in exif_process_IFD_TAG() may lead to DoS or arbitrary memory disclosure;
  • CVE-2011-4885 php: hash table collisions CPU usage DoS (oCERT-2011-003);
  • CVE-2012-0830 php: remote code exec flaw introduced in the CVE-2011-4885 hashdos fix;
  • CVE-2012-1172 php: $_FILES array indexes corruption;
  • CVE-2012-1823 php: command line arguments injection when run in CGI mode (VU#520827);
  • CVE-2012-2336 php: incomplete CVE-2012-1823 fix - missing filtering of -T and -h;
  • CVE-2012-2688 php: Integer Signedness issues in _php_stream_scandir;
  • CVE-2012-3365 php: open_basedir bypass via SQLite functionality;
  • CVE-2013-1635 php, php53: Arbitrary locations file write due absent validation of soap.wsdl_cache_dir configuration directive value;
  • CVE-2013-6420 php: memory corruption in openssl_x509_parse();
  • CVE-2014-2497 gd: NULL pointer dereference in gdImageCreateFromXpm();
  • CVE-2014-3597 php: multiple buffer over-reads in php_parserr;
  • CVE-2014-3669 php: integer overflow in unserialize();
  • CVE-2014-3670 php: heap corruption issue in exif_thumbnail();
  • CVE-2014-8626 php: xmlrpc ISO8601 date format parsing buffer overflow;
  • CVE-2014-9425 php: Double-free in zend_ts_hash_graceful_destroy();
  • CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c;
  • CVE-2015-0235 glibc: __nss_hostname_digits_dots() heap-based buffer overflow;
  • CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name;
  • CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re;
  • CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4;
  • CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions;
  • CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions;
  • CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing;
  • CVE-2015-4024 php: multipart/form-data request parsing CPU usage DoS;
  • CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+;
  • CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character;
  • CVE-2015-4147 php: SoapClient's __call() type confusion through unserialize();
  • CVE-2015-4148 php: SoapClient's do_soap_call() type confusion after unserialize();
  • CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions;
  • CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods;
  • CVE-2015-4602 php: Incomplete Class unserialization type confusion;
  • CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize;
  • CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize;
  • CVE-2015-6835 php: use-after-free vulnerability in session deserializer;
  • CVE-2015-6836 php: SOAP serialize_function_call() type confusion;
  • CVE-2015-6837 CVE-2015-6838 php: NULL pointer dereference in XSLTProcessor class;
  • CVE-2015-8835 php: type confusion issue in Soap Client call() method;
  • CVE-2016-10161 php: Out-of-bounds heap read on unserialize in finish_nested_data();
  • CVE-2016-3074 php: Signedness vulnerability causing heap overflow in libgd;
  • CVE-2016-5094 php: Integer overflow in php_html_entities();
  • CVE-2016-5399 php: Improper error handling in bzread();
  • CVE-2016-5766 gd: Integer Overflow in _gd2GetHeader() resulting in heap overflow;
  • CVE-2016-5772 php: Double Free Corruption in wddx_deserialize;
  • CVE-2016-6288 php: Buffer over-read in php_url_parse_ex;
  • CVE-2016-6289 php: Integer overflow leads to buffer overflow in virtual_file_ex;
  • CVE-2016-6290 php: Use after free in unserialize() with Unexpected Session Deserialization;
  • CVE-2016-6296 php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c;
  • CVE-2016-7128 php: Memory Leakage In exif_process_IFD_in_TIFF;
  • CVE-2016-7418 php: Null pointer dereference in php_wddx_push_element;
  • bug 37368: Incorrect timestamp returned for strtotime();
  • bug 37514: strtotime doesn't assume year correctly;
  • bug 37850: Reference counting bug in SoapClient::__setSoapHeaders();
  • bug 38534: segmentation fault;
  • bug 40109: iptcembed fails on non-jfif jpegs;
  • bug 40467: Partial SOAP request sent when XSD sequence or choice include minOccurs=0;
  • bug 41004: minOccurs="0" and null class member variable;
  • bug 45706: Serializing of ArrayIterator extended Objects;
  • bug 47245: crash following mb_detect_encoding;
  • bug 65481: Shutdown segfault due to serialize;
  • bug 70661: Use After Free Vulnerability in WDDX Packet Deserialization;
  • bug 70728: Type Confusion Vulnerability in PHP_to_XMLRPC_worker();
  • bug 70741: Session WDDX Packet Deserialization Type Confusion Vulnerability;
  • bug 71039: exec functions ignore length but look for NULL termination;
  • bug 71459: Integer overflow in iptcembed();
  • bug 71587: Use-After-Free / Double-Free in WDDX Deserialize;
  • bug 72482: Illegal write/read access caused by gdImageAALine overflow;
  • bug 72771: ftps:// wrapper is vulnerable to protocol downgrade attack;
  • bug 72807: integer overflow in curl_escape caused heap corruption;
  • bug 72836: integer overflow in base64_decode caused heap corruption;
  • bug 72837: integer overflow in bzdecompress caused heap corruption;
  • bug 72849: integer overflow in urlencode caused heap corruption;
  • bug 72850: integer overflow in php_uuencode caused heap corruption;
  • bug 73017: memory corruption in wordwrap function;
  • bug 73073: CachingIterator null dereference when convert to string;
  • bug 73082: string length overflow in mb_encode_* function;
  • bug 73150: missing NULL check in dom_document_save_html;
  • bug 73208: integer overflow in imap_8bit caused heap corruption;
  • bug 73418: Integer Overflow in "_php_imap_mail" leads Heap Overflow;
  • bug 73452: Segfault (Regression for #69152);
  • EA-5807: enable php-tidy on rhel 6 and above;
  • EA-5946: force requirement of ea-libtidy instead of .so from BuildRequires ea-libtidy-devel;
  • Disabled automatic Requires generation for curl subpackage;
  • ALTPHP-306: LSPHP: Return response code and response status line in cgi/fcgi manner;
  • use ea-libcurl 7.53.1 instead of system curl package.

ea-php52-php-5.2.17-10.cloudlinux

Changelog:

  • bug 72627: Memory Leakage In exif_process_IFD_in_TIFF (CVE-2016-7128);
  • bug 70350: ZipArchive::extractTo allows for directory traversal when creating directories (CVE-2014-9767);
  • Disabled external entities loading (CVE-2013-1643, CVE-2013-1824);
  • Added check that soap.wsdl_cache_dir conforms to open_basedir (CVE-2013-1635);
  • bug 70081: SoapClient info leak / null pointer dereference via multiple type confusions (CVE-2015-8835);
  • Improve check for :memory: pseudo-filename in SQlite (CVE-2012-3365);
  • bug 73764: Crash while loading hostile phar archive (CVE-2016-10159);
  • bug 73768: Memory corruption when loading hostile phar (CVE-2016-10160);
  • bug 73825: Heap out of bounds read on unserialize in finish_nested_data() (CVE-2016-10161);
  • bug 68447: grapheme_extract take an extra trailing character;
  • bug 73737: FPE when parsing a tag format (CVE-2016-10158);
  • bug 73773: Seg fault when loading hostile phar;
  • bug 73868: Fix DOS vulnerability in gdImageCreateFromGd2Ctx();
  • bug 73869: Signed Integer Overflow gd_io.c;
  • CVE-2010-1861 php: shm_put_var interruption vulnerability (MOPS-2010-009);
  • CVE-2010-2191 php: multiple interruption vulnerabilities (MOPS-2010-0[49,50,51,52,53,54,55])
  • CVE-2011-0421 php/libzip: segfault with FL_UNCHANGED on empty archive in zip_name_locate();
  • CVE-2011-0708 php: buffer over-read in Exif extension;
  • CVE-2011-1092 php: integer overflow in shmop_read();
  • CVE-2011-1148 php: use-after-free vulnerability in substr_replace();
  • CVE-2011-1938 php: stack-based buffer overflow in socket_connect();
  • CVE-2011-2202 php: file path injection vulnerability in RFC1867 file upload filename;
  • CVE-2011-4566 php: integer overflow in exif_process_IFD_TAG() may lead to DoS or arbitrary memory disclosure;
  • CVE-2012-0830 php: remote code exec flaw introduced in the CVE-2011-4885 hashdos fix;
  • CVE-2012-1172 php: $_FILES array indexes corruption;
  • CVE-2012-1823 php: command line arguments injection when run in CGI mode (VU#520827);
  • CVE-2012-2311 php: incomplete CVE-2012-1823 fix - incorrect check for =;
  • CVE-2012-2336 php: incomplete CVE-2012-1823 fix - missing filtering of -T and -h;
  • CVE-2012-2386 php: Integer overflow leading to heap-buffer overflow in the Phar extension;
  • CVE-2013-4248 php: hostname check bypassing vulnerability in SSL client;
  • CVE-2013-6420 php: memory corruption in openssl_x509_parse();
  • CVE-2014-3597 php: multiple buffer over-reads in php_parserr;
  • CVE-2014-3668 php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime();
  • CVE-2014-3669 php: integer overflow in unserialize();
  • CVE-2014-3670 php: heap corruption issue in exif_thumbnail();
  • CVE-2014-4049 php: heap-based buffer overflow in DNS TXT record parsing;
  • CVE-2014-5120 php: gd extension NUL byte injection in file names;
  • CVE-2014-9425 php: Double-free in zend_ts_hash_graceful_destroy();
  • CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict();
  • CVE-2015-0235 glibc: __nss_hostname_digits_dots() heap-based buffer overflow;
  • CVE-2015-2301 php: use after free in phar_object.c;
  • CVE-2015-2326 pcre: heap buffer over-read in pcre_compile2() (8.37/23);
  • CVE-2015-2331 libzip: integer overflow when processing ZIP archives;
  • CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name;
  • CVE-2015-2783 php: buffer over-read in Phar metadata parsing;
  • CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re;
  • CVE-2015-3329 php: buffer overflow in phar_set_inode();
  • CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4;
  • CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions;
  • CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions;
  • CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name;
  • CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing;
  • CVE-2015-4024 php: multipart/form-data request parsing CPU usage DoS;
  • CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+;
  • CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character;
  • CVE-2015-4147 php: SoapClient's __call() type confusion through unserialize();
  • CVE-2015-4148 php: SoapClient's do_soap_call() type confusion after unserialize();
  • CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions;
  • CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods;
  • CVE-2015-4602 php: Incomplete Class unserialization type confusion;
  • CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize;
  • CVE-2015-5590 php: buffer overflow and stack smashing error in phar_fix_filepath;
  • CVE-2015-6833 php: Files from archive can be extracted outside of destination directory using phar;
  • CVE-2015-6835 php: use-after-free vulnerability in session deserializer;
  • CVE-2015-6836 php: SOAP serialize_function_call() type confusion;
  • CVE-2015-6837 CVE-2015-6838 php: NULL pointer dereference in XSLTProcessor class;
  • CVE-2015-8879 php: odbc_bindcols function mishandles driver behavior for SQL_WVARCHAR columns;
  • CVE-2016-3074 php: Signedness vulnerability causing heap overflow in libgd;
  • CVE-2016-4343 php: Uninitialized pointer in phar_make_dirstream();
  • CVE-2016-4537 CVE-2016-4538 php: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition;
  • CVE-2016-4540 CVE-2016-4541 php: OOB read in grapheme_stripos and grapheme_strpos when negative offset is used;
  • CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input;
  • CVE-2016-5093 php: improper nul termination leading to out-of-bounds read in get_icu_value_internal;
  • CVE-2016-5094 php: Integer overflow in php_html_entities();
  • CVE-2016-5399 php: Improper error handling in bzread();
  • CVE-2016-5766 gd: Integer Overflow in _gd2GetHeader() resulting in heap overflow;
  • CVE-2016-5772 php: Double Free Corruption in wddx_deserialize;
  • CVE-2016-6288 php: Buffer over-read in php_url_parse_ex;
  • CVE-2016-6289 php: Integer overflow leads to buffer overflow in virtual_file_ex;
  • CVE-2016-6290 php: Use after free in unserialize() with Unexpected Session Deserialization;
  • CVE-2016-6291 php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE;
  • CVE-2016-6294 php: Out-of-bounds access in locale_accept_from_http;
  • CVE-2016-6296 php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c;
  • CVE-2016-6297 php: Stack-based buffer overflow vulnerability in php_stream_zip_opener;
  • CVE-2016-7413 php: Use after free in wddx_deserialize;
  • CVE-2016-7414 php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile;
  • CVE-2016-7416 php: Stack based buffer overflow in msgfmt_format_message;
  • CVE-2016-7418 php: Null pointer dereference in php_wddx_push_element;
  • CVE-2016-8670 gd, php: Stack based buffer overflow in dynamicGetbuf;
  • EA-5807: enable php-tidy on rhel 6 and above;
  • EA-5946: force requirement of ea-libtidy instead of .so from BuildRequires ea-libtidy-devel;
  • Disabled automatic Requires generation for curl subpackage;
  • ALTPHP-306: LSPHP: Return response code and response status line in cgi/fcgi manner;
  • use ea-libcurl 7.53.1 instead of system curl package.

For installation:

yum clean all
yum update ea-profiles-cpanel

Install one of the profiles (allphp_cl, allphp_cl_lsapi, allphp-opcache_cl, allphp-opcache_cl) via the web interface or via the command line tool.

Topic: CloudLinux OS Blog , Tags: #easyapache4, #PHP Selector,

727 people viewed this

Comments

 
No comments yet

Leave your comment

Guest, Tuesday, 26 September 2017

Captcha Image