Use After Free

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: rh-php70-php (7.0.27). (BZ#1518843) Security Fix(es): * php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field (CVE-2016-7412) * php: Use after free in wddx_deserialize (CVE-2016-7413) * php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile (CVE-2016-7414) * php: Stack based buffer overflow in msgfmt_format_message (CVE-2016-7416) * php: Missing type check when unserializing SplArray (CVE-2016-7417) * php: Null pointer dereference in php_wddx_push_element (CVE-2016-7418) * php: Use-after-free vulnerability when resizing the ‘properties’ hash table of a serialized object (CVE-2016-7479) * php: Invalid read when wddx decodes empty boolean element (CVE-2016-9935) * php: Use After Free in unserialize() (CVE-2016-9936) * php: Wrong calculation in exif_convert_any_to_int function (CVE-2016-10158) * php: Integer overflow in phar_parse_pharfile (CVE-2016-10159) * php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive (CVE-2016-10160) * php: Out-of-bounds heap read on unserialize in finish_nested_data() (CVE-2016-10161) * php: Null pointer dereference when unserializing PHP object (CVE-2016-10162) * gd: DoS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167) * gd: Integer overflow in gd_io.c (CVE-2016-10168) * php: Use of uninitialized memory in unserialize() (CVE-2017-5340) * php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function (CVE-2017-7890) * oniguruma: Out-of-bounds stack read in match_at() during regular expression searching (CVE-2017-9224) * oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation (CVE-2017-9226) * oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching (CVE-2017-9227) * oniguruma: Out-of-bounds heap write in bitset_set_range() (CVE-2017-9228) * oniguruma: Invalid pointer dereference in left_adjust_char_head() (CVE-2017-9229) * php: Incorrect WDDX deserialization of boolean parameters leads to DoS (CVE-2017-11143) * php: Incorrect return value check of OpenSSL sealing function leads to crash (CVE-2017-11144) * php: Out-of-bounds read in phar_parse_pharfile (CVE-2017-11147) * php: Stack-based buffer over-read in msgfmt_parse_message function (CVE-2017-11362) * php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c (CVE-2017-11628) * php: heap use after free in ext/standard/var_unserializer.re (CVE-2017-12932) * php: heap use after free in ext/standard/var_unserializer.re (CVE-2017-12934) * php: reflected XSS in .phar 404 page (CVE-2018-5712) * php, gd: Stack overflow in gdImageFillToBorder on truecolor images (CVE-2016-9933) * php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow (CVE-2016-9934) * php: wddx_deserialize() heap out-of-bound read via php_parse_date() (CVE-2017-11145) * php: buffer over-read in finish_nested_data function (CVE-2017-12933) * php: Out-of-bound read in timelib_meridian() (CVE-2017-16642) * php: Denial of Service (DoS) via infinite loop in libgd gdImageCreateFromGifCtx function in ext/gd/libgd/gd_gif_in.c (CVE-2018-5711) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For details, see the Red Hat Software Collections 3.1 Release Notes linked from the References section.