{"id":"USN-3211-1","summary":"php7.0 vulnerabilities","details":"It was discovered that PHP incorrectly handled certain invalid objects when\nunserializing data. A remote attacker could use this issue to cause PHP to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2016-7479)\n\nIt was discovered that PHP incorrectly handled certain invalid objects when\nunserializing data. A remote attacker could use this issue to cause PHP to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2016-9137)\n\nIt was discovered that PHP incorrectly handled unserializing certain\nwddxPacket XML documents. A remote attacker could use this issue to cause\nPHP to crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2016-9935)\n\nIt was discovered that PHP incorrectly handled certain invalid objects when\nunserializing data. A remote attacker could use this issue to cause PHP to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2016-9936)\n\nIt was discovered that PHP incorrectly handled certain EXIF data. A remote\nattacker could use this issue to cause PHP to crash, resulting in a denial\nof service. (CVE-2016-10158)\n\nIt was discovered that PHP incorrectly handled certain PHAR archives. A\nremote attacker could use this issue to cause PHP to crash or consume\nresources, resulting in a denial of service. (CVE-2016-10159)\n\nIt was discovered that PHP incorrectly handled certain PHAR archives. A\nremote attacker could use this issue to cause PHP to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. (CVE-2016-10160)\n\nIt was discovered that PHP incorrectly handled certain invalid objects when\nunserializing data. A remote attacker could use this issue to cause PHP to\ncrash, resulting in a denial of service. (CVE-2016-10161)\n\nIt was discovered that PHP incorrectly handled unserializing certain\nwddxPacket XML documents. A remote attacker could use this issue to cause\nPHP to crash, resulting in a denial of service. (CVE-2016-10162)\n\nIt was discovered that PHP incorrectly handled certain invalid objects when\nunserializing data. A remote attacker could use this issue to cause PHP to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2017-5340)\n","modified":"2026-04-22T09:31:56.613928Z","published":"2017-02-23T16:28:50Z","related":["UBUNTU-CVE-2016-10158","UBUNTU-CVE-2016-10159","UBUNTU-CVE-2016-10160","UBUNTU-CVE-2016-10161","UBUNTU-CVE-2016-10162","UBUNTU-CVE-2016-7479","UBUNTU-CVE-2016-9137","UBUNTU-CVE-2016-9935","UBUNTU-CVE-2016-9936","UBUNTU-CVE-2017-5340"],"upstream":["CVE-2016-10158","CVE-2016-10159","CVE-2016-10160","CVE-2016-10161","CVE-2016-10162","CVE-2016-7479","CVE-2016-9137","CVE-2016-9935","CVE-2016-9936","CVE-2017-5340","UBUNTU-CVE-2016-10158","UBUNTU-CVE-2016-10159","UBUNTU-CVE-2016-10160","UBUNTU-CVE-2016-10161","UBUNTU-CVE-2016-10162","UBUNTU-CVE-2016-7479","UBUNTU-CVE-2016-9137","UBUNTU-CVE-2016-9935","UBUNTU-CVE-2016-9936","UBUNTU-CVE-2017-5340"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3211-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-7479"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-9137"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-9935"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-9936"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-10158"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-10159"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-10160"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-10161"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-10162"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-5340"}],"affected":[{"package":{"name":"php7.0","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/php7.0@7.0.15-0ubuntu0.16.04.2?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.0.15-0ubuntu0.16.04.2"}]}],"versions":["7.0.1-5","7.0.1-6","7.0.2-1","7.0.2-3","7.0.2-4","7.0.2-5","7.0.3-2","7.0.3-3","7.0.3-9ubuntu1","7.0.4-5ubuntu1","7.0.4-5ubuntu2","7.0.4-7ubuntu1","7.0.4-7ubuntu2","7.0.4-7ubuntu2.1","7.0.8-0ubuntu0.16.04.1","7.0.8-0ubuntu0.16.04.2","7.0.8-0ubuntu0.16.04.3","7.0.13-0ubuntu0.16.04.1","7.0.15-0ubuntu0.16.04.1"],"ecosystem_specific":{"binaries":[{"binary_name":"libapache2-mod-php7.0","binary_version":"7.0.15-0ubuntu0.16.04.2"},{"binary_name":"libphp7.0-embed","binary_version":"7.0.15-0ubuntu0.16.04.2"},{"binary_name":"php7.0","binary_version":"7.0.15-0ubuntu0.16.04.2"},{"binary_name":"php7.0-bcmath","binary_version":"7.0.15-0ubuntu0.16.04.2"},{"binary_name":"php7.0-bz2","binary_version":"7.0.15-0ubuntu0.16.04.2"},{"binary_name":"php7.0-cgi","binary_version":"7.0.15-0ubuntu0.16.04.2"},{"binary_name":"php7.0-cli","binary_version":"7.0.15-0ubuntu0.16.04.2"},{"binary_name":"php7.0-common","binary_version":"7.0.15-0ubuntu0.16.04.2"},{"binary_name":"php7.0-curl","binary_version":"7.0.15-0ubuntu0.16.04.2"},{"binary_name":"php7.0-dba","binary_version":"7.0.15-0ubuntu0.16.04.2"},{"binary_name":"php7.0-enchant","binary_version":"7.0.15-0ubuntu0.16.04.2"},{"binary_name":"php7.0-fpm","binary_version":"7.0.15-0ubuntu0.16.04.2"},{"binary_name":"php7.0-gd","binary_version":"7.0.15-0ubuntu0.16.04.2"},{"binary_name":"php7.0-gmp","binary_version":"7.0.15-0ubuntu0.16.04.2"},{"binary_name":"php7.0-imap","binary_version":"7.0.15-0ubuntu0.16.04.2"},{"binary_name":"php7.0-interbase","binary_version":"7.0.15-0ubuntu0.16.04.2"},{"binary_name":"php7.0-intl","binary_version":"7.0.15-0ubuntu0.16.04.2"},{"binary_name":"php7.0-json","binary_version":"7.0.15-0ubuntu0.16.04.2"},{"binary_name":"php7.0-ldap","binary_version":"7.0.15-0ubuntu0.16.04.2"},{"binary_name":"php7.0-mbstring","binary_version":"7.0.15-0ubuntu0.16.04.2"},{"binary_name":"php7.0-mcrypt","binary_version":"7.0.15-0ubuntu0.16.04.2"},{"binary_name":"php7.0-mysql","binary_version":"7.0.15-0ubuntu0.16.04.2"},{"binary_name":"php7.0-odbc","binary_version":"7.0.15-0ubuntu0.16.04.2"},{"binary_name":"php7.0-opcache","binary_version":"7.0.15-0ubuntu0.16.04.2"},{"binary_name":"php7.0-pgsql","binary_version":"7.0.15-0ubuntu0.16.04.2"},{"binary_name":"php7.0-phpdbg","binary_version":"7.0.15-0ubuntu0.16.04.2"},{"binary_name":"php7.0-pspell","binary_version":"7.0.15-0ubuntu0.16.04.2"},{"binary_name":"php7.0-readline","binary_version":"7.0.15-0ubuntu0.16.04.2"},{"binary_name":"php7.0-recode","binary_version":"7.0.15-0ubuntu0.16.04.2"},{"binary_name":"php7.0-snmp","binary_version":"7.0.15-0ubuntu0.16.04.2"},{"binary_name":"php7.0-soap","binary_version":"7.0.15-0ubuntu0.16.04.2"},{"binary_name":"php7.0-sqlite3","binary_version":"7.0.15-0ubuntu0.16.04.2"},{"binary_name":"php7.0-sybase","binary_version":"7.0.15-0ubuntu0.16.04.2"},{"binary_name":"php7.0-tidy","binary_version":"7.0.15-0ubuntu0.16.04.2"},{"binary_name":"php7.0-xml","binary_version":"7.0.15-0ubuntu0.16.04.2"},{"binary_name":"php7.0-xmlrpc","binary_version":"7.0.15-0ubuntu0.16.04.2"},{"binary_name":"php7.0-xsl","binary_version":"7.0.15-0ubuntu0.16.04.2"},{"binary_name":"php7.0-zip","binary_version":"7.0.15-0ubuntu0.16.04.2"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-7479"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-9137"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-9935"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-9936"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-10158"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-10159"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-10160"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-10161"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-10162"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2017-5340"}],"ecosystem":"Ubuntu:16.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3211-1.json"}}],"schema_version":"1.7.5"}