Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM0E3202F59A84E8C4C8A4554F29ADAF73DCE3E2C9294C34C05595AC9113B67930
HistoryJun 18, 2018 - 1:42 a.m.

Security Bulletin: A vulnerability in PHP affects PowerKVM

2018-06-1801:42:20
www.ibm.com
10

0.298 Low

EPSS

Percentile

96.9%

JSON

Summary

PowerKVM is affected by a vulnerability in PHP. IBM has now addressed this vulnerability.

Vulnerability Details

CVEID: CVE-2017-7890**
DESCRIPTION:** libgd could allow a remote attacker to obtain sensitive information, caused by the lack of initialization for colorMap arrays in the GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c. By using a specially-crafted GIF image, a local attacker could exploit this vulnerability to obtain sensitive information from the top of the stack.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/129822 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

Affected Products and Versions

PowerKVM 3.1

Remediation/Fixes

Customers can update PowerKVM systems by using “yum update”.

Fix images are made available via Fix Central. For version 3.1, see https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 13.

Workarounds and Mitigations

none

CPENameOperatorVersion
powerkvmeq3.1

Related

centos 1
ubuntu 2
openvas 20
nessus 36
ubuntucve 1
debian 3
prion 1
redhatcve 1
redhat 2
cvelist 1
oraclelinux 1
veracode 2
alpinelinux 1
osv 3
freebsd 1
cve 1
nvd 1
checkpoint_advisories 1
debiancve 1
slackware 1
fedora 3
f5 2
amazon 1
mageia 1
suse 2
cloudlinux 1
rosalinux 1
centos
centos
php security update
2018-03-10 01:07:54
ubuntu
ubuntu
GD vulnerability
2017-08-14 00:00:00
GD vulnerability
2017-08-14 00:00:00
openvas
openvas
CentOS Update for php CESA-2018:0406 centos7
2018-03-14 00:00:00
Ubuntu: Security Advisory (USN-3389-2)
2022-08-26 00:00:00
Debian: Security Advisory (DLA-1055-1)
2018-02-06 00:00:00
nessus
nessus
EulerOS Virtualization 2.5.0 : php (EulerOS-SA-2018-1249)
2018-09-18 00:00:00
RHEL 7 : php (RHSA-2018:0406)
2018-03-07 00:00:00
Oracle Linux 7 : php (ELSA-2018-0406)
2018-03-08 00:00:00
ubuntucve
ubuntucve
CVE-2017-7890
2017-08-02 00:00:00
debian
debian
[SECURITY] [DSA 3938-1] libgd2 security update
2017-08-12 12:37:19
[SECURITY] [DLA 1055-1] libgd2 security update
2017-08-12 21:36:16
[SECURITY] [DSA 3938-1] libgd2 security update
2017-08-12 12:37:19
prion
prion
Information disclosure
2017-08-02 19:29:00
redhatcve
redhatcve
CVE-2017-7890
2017-07-21 19:18:29
redhat
redhat
(RHSA-2018:0406) Moderate: php security update
2018-03-06 18:36:35
(RHSA-2018:1296) Moderate: rh-php70-php security, bug fix, and enhancement update
2018-05-03 03:21:11
cvelist
cvelist
CVE-2017-7890
2017-08-02 19:00:00
oraclelinux
oraclelinux
php security update
2018-03-07 00:00:00
veracode
veracode
Information Disclosure
2019-05-16 02:59:59
Use After Free
2019-05-16 02:59:58
alpinelinux
alpinelinux
CVE-2017-7890
2017-08-02 19:29:00
osv
osv
libgd2 - security update
2017-08-12 00:00:00
libgd2 - security update
2017-08-12 00:00:00
CVE-2017-7890
2017-08-02 19:29:00
freebsd
freebsd
php-gd and gd -- Buffer over-read into uninitialized memory
2017-08-02 00:00:00
cve
cve
CVE-2017-7890
2017-08-02 19:29:00
nvd
nvd
CVE-2017-7890
2017-08-02 19:29:00
checkpoint_advisories
checkpoint_advisories
PHP gdImageCreateFromGifCtx Out of Bounds Read (CVE-2017-7890)
2017-08-10 00:00:00
debiancve
debiancve
CVE-2017-7890
2017-08-02 19:29:00
slackware
slackware
[slackware-security] gd
2018-04-19 01:44:39
fedora
fedora
[SECURITY] Fedora 26 Update: gd-2.2.5-1.fc26
2017-09-02 22:27:10
[SECURITY] Fedora 25 Update: gd-2.2.5-1.fc25
2017-09-06 20:52:42
[SECURITY] Fedora 27 Update: gd-2.2.5-1.fc27
2017-09-30 07:21:04
f5
f5
K01709026 : PHP vulnerabilities CVE-2017-7890 and CVE-2017-9226
2017-08-07 00:00:00
PHP vulnerabilities CVE-2017-9226 and CVE-2017-7890
2017-08-08 00:03:00
amazon
amazon
Medium: php70
2017-08-03 20:38:00
mageia
mageia
Updated php and libgd packages fix security vulnerabilities
2017-08-08 01:16:24
suse
suse
Security update for php7 (important)
2017-09-04 12:07:53
Security update for php7 (important)
2017-08-30 19:30:52
cloudlinux
cloudlinux
Fix of 227 CVE
2020-10-15 12:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1950
2021-07-02 17:57:45

0.298 Low

EPSS

Percentile

96.9%

JSON
Related for 0E3202F59A84E8C4C8A4554F29ADAF73DCE3E2C9294C34C05595AC9113B67930
centos1ubuntu2openvas20nessus36ubuntucve1debian3prion1redhatcve1redhat2cvelist1oraclelinux1veracode2alpinelinux1osv3freebsd1cve1nvd1checkpoint_advisories1debiancve1slackware1fedora3f52amazon1mageia1suse2cloudlinux1rosalinux1