{"id":"USN-3211-2","summary":"php7.0 regression","details":"USN-3211-1 fixed vulnerabilities in PHP by updating to the new 7.0.15\nupstream release. PHP 7.0.15 introduced a regression when using MySQL with\nlarge blobs. This update fixes the problem with a backported fix.\n\nOriginal advisory details:\n\n It was discovered that PHP incorrectly handled certain invalid objects when\n unserializing data. A remote attacker could use this issue to cause PHP to\n crash, resulting in a denial of service, or possibly execute arbitrary\n code. (CVE-2016-7479)\n \n It was discovered that PHP incorrectly handled certain invalid objects when\n unserializing data. A remote attacker could use this issue to cause PHP to\n crash, resulting in a denial of service, or possibly execute arbitrary\n code. (CVE-2016-9137)\n \n It was discovered that PHP incorrectly handled unserializing certain\n wddxPacket XML documents. A remote attacker could use this issue to cause\n PHP to crash, resulting in a denial of service, or possibly execute\n arbitrary code. (CVE-2016-9935)\n \n It was discovered that PHP incorrectly handled certain invalid objects when\n unserializing data. A remote attacker could use this issue to cause PHP to\n crash, resulting in a denial of service, or possibly execute arbitrary\n code. (CVE-2016-9936)\n \n It was discovered that PHP incorrectly handled certain EXIF data. A remote\n attacker could use this issue to cause PHP to crash, resulting in a denial\n of service. (CVE-2016-10158)\n \n It was discovered that PHP incorrectly handled certain PHAR archives. A\n remote attacker could use this issue to cause PHP to crash or consume\n resources, resulting in a denial of service. (CVE-2016-10159)\n \n It was discovered that PHP incorrectly handled certain PHAR archives. A\n remote attacker could use this issue to cause PHP to crash, resulting in a\n denial of service, or possibly execute arbitrary code. (CVE-2016-10160)\n \n It was discovered that PHP incorrectly handled certain invalid objects when\n unserializing data. A remote attacker could use this issue to cause PHP to\n crash, resulting in a denial of service. (CVE-2016-10161)\n \n It was discovered that PHP incorrectly handled unserializing certain\n wddxPacket XML documents. A remote attacker could use this issue to cause\n PHP to crash, resulting in a denial of service. (CVE-2016-10162)\n \n It was discovered that PHP incorrectly handled certain invalid objects when\n unserializing data. A remote attacker could use this issue to cause PHP to\n crash, resulting in a denial of service, or possibly execute arbitrary\n code. (CVE-2017-5340)\n","modified":"2026-04-22T09:32:42.172376Z","published":"2017-03-02T14:40:07Z","references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3211-2"},{"type":"REPORT","url":"https://launchpad.net/bugs/1668017"}],"affected":[{"package":{"name":"php7.0","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/php7.0@7.0.15-0ubuntu0.16.04.4?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.0.15-0ubuntu0.16.04.4"}]}],"versions":["7.0.1-5","7.0.1-6","7.0.2-1","7.0.2-3","7.0.2-4","7.0.2-5","7.0.3-2","7.0.3-3","7.0.3-9ubuntu1","7.0.4-5ubuntu1","7.0.4-5ubuntu2","7.0.4-7ubuntu1","7.0.4-7ubuntu2","7.0.4-7ubuntu2.1","7.0.8-0ubuntu0.16.04.1","7.0.8-0ubuntu0.16.04.2","7.0.8-0ubuntu0.16.04.3","7.0.13-0ubuntu0.16.04.1","7.0.15-0ubuntu0.16.04.1","7.0.15-0ubuntu0.16.04.2"],"ecosystem_specific":{"binaries":[{"binary_name":"libapache2-mod-php7.0","binary_version":"7.0.15-0ubuntu0.16.04.4"},{"binary_name":"libphp7.0-embed","binary_version":"7.0.15-0ubuntu0.16.04.4"},{"binary_name":"php7.0","binary_version":"7.0.15-0ubuntu0.16.04.4"},{"binary_name":"php7.0-bcmath","binary_version":"7.0.15-0ubuntu0.16.04.4"},{"binary_name":"php7.0-bz2","binary_version":"7.0.15-0ubuntu0.16.04.4"},{"binary_name":"php7.0-cgi","binary_version":"7.0.15-0ubuntu0.16.04.4"},{"binary_name":"php7.0-cli","binary_version":"7.0.15-0ubuntu0.16.04.4"},{"binary_name":"php7.0-common","binary_version":"7.0.15-0ubuntu0.16.04.4"},{"binary_name":"php7.0-curl","binary_version":"7.0.15-0ubuntu0.16.04.4"},{"binary_name":"php7.0-dba","binary_version":"7.0.15-0ubuntu0.16.04.4"},{"binary_name":"php7.0-enchant","binary_version":"7.0.15-0ubuntu0.16.04.4"},{"binary_name":"php7.0-fpm","binary_version":"7.0.15-0ubuntu0.16.04.4"},{"binary_name":"php7.0-gd","binary_version":"7.0.15-0ubuntu0.16.04.4"},{"binary_name":"php7.0-gmp","binary_version":"7.0.15-0ubuntu0.16.04.4"},{"binary_name":"php7.0-imap","binary_version":"7.0.15-0ubuntu0.16.04.4"},{"binary_name":"php7.0-interbase","binary_version":"7.0.15-0ubuntu0.16.04.4"},{"binary_name":"php7.0-intl","binary_version":"7.0.15-0ubuntu0.16.04.4"},{"binary_name":"php7.0-json","binary_version":"7.0.15-0ubuntu0.16.04.4"},{"binary_name":"php7.0-ldap","binary_version":"7.0.15-0ubuntu0.16.04.4"},{"binary_name":"php7.0-mbstring","binary_version":"7.0.15-0ubuntu0.16.04.4"},{"binary_name":"php7.0-mcrypt","binary_version":"7.0.15-0ubuntu0.16.04.4"},{"binary_name":"php7.0-mysql","binary_version":"7.0.15-0ubuntu0.16.04.4"},{"binary_name":"php7.0-odbc","binary_version":"7.0.15-0ubuntu0.16.04.4"},{"binary_name":"php7.0-opcache","binary_version":"7.0.15-0ubuntu0.16.04.4"},{"binary_name":"php7.0-pgsql","binary_version":"7.0.15-0ubuntu0.16.04.4"},{"binary_name":"php7.0-phpdbg","binary_version":"7.0.15-0ubuntu0.16.04.4"},{"binary_name":"php7.0-pspell","binary_version":"7.0.15-0ubuntu0.16.04.4"},{"binary_name":"php7.0-readline","binary_version":"7.0.15-0ubuntu0.16.04.4"},{"binary_name":"php7.0-recode","binary_version":"7.0.15-0ubuntu0.16.04.4"},{"binary_name":"php7.0-snmp","binary_version":"7.0.15-0ubuntu0.16.04.4"},{"binary_name":"php7.0-soap","binary_version":"7.0.15-0ubuntu0.16.04.4"},{"binary_name":"php7.0-sqlite3","binary_version":"7.0.15-0ubuntu0.16.04.4"},{"binary_name":"php7.0-sybase","binary_version":"7.0.15-0ubuntu0.16.04.4"},{"binary_name":"php7.0-tidy","binary_version":"7.0.15-0ubuntu0.16.04.4"},{"binary_name":"php7.0-xml","binary_version":"7.0.15-0ubuntu0.16.04.4"},{"binary_name":"php7.0-xmlrpc","binary_version":"7.0.15-0ubuntu0.16.04.4"},{"binary_name":"php7.0-xsl","binary_version":"7.0.15-0ubuntu0.16.04.4"},{"binary_name":"php7.0-zip","binary_version":"7.0.15-0ubuntu0.16.04.4"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3211-2.json","cves_map":{"cves":[],"ecosystem":"Ubuntu:16.04:LTS"}}}],"schema_version":"1.7.5"}