====================================================================

                              CERT-Renater

                  Note d'Information No. 2016/VULN386
_____________________________________________________________________

DATE                : 14/11/2016

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running PHP versions prior to 5.6.28,
                          7.0.13.

=====================================================================
http://www.php.net/ChangeLog-5.php#5.6.28
http://www.php.net/ChangeLog-7.php#7.0.13
____________________________________________________________________

Version 5.6.28

10 Nov 2016

     Core:
         Fixed bug #73337 (try/catch not working with two exceptions
          inside a same operation).
     Bz2:
         Fixed bug #73356 (crash in bzcompress function).
     GD:
         Fixed bug #73213 (Integer overflow in imageline() with
          antialiasing).
         Fixed bug #73272 (imagescale() is not affected by, but affects
          imagesetinterpolation()).
         Fixed bug #73279 (Integer overflow in
          gdImageScaleBilinearPalette()).
         Fixed bug #73280 (Stack Buffer Overflow in GD dynamicGetbuf).
         Fixed bug #72482 (Illegal write/read access caused by
          gdImageAALine overflow).
         Fixed bug #72696 (imagefilltoborder stackoverflow on truecolor
          images).
     Imap:
         Fixed bug #73418 (Integer Overflow in "_php_imap_mail" leads
          Heap Overflow).
     SPL:
         Fixed bug #73144 (Use-after-free in ArrayObject
          Deserialization).
     SOAP:
         Fixed bug #73037 (SoapServer reports Bad Request when gzipped).
     SQLite3:
         Fixed bug #73333 (2147483647 is fetched as string).
     Standard:
         Fixed bug #73203 (passing additional_parameters causes mail to
          fail).
         Fixed bug #73188 (use after free in userspace streams).
         Fixed bug #73192 (parse_url return wrong hostname).
     Wddx:
         Fixed bug #73331 (NULL Pointer Dereference in WDDX Packet
          Deserialization with PDORow).

____________________________________________________________________

Version 7.0.13

10 Nov 2016

     Core:
         Fixed bug #73350 (Exception::__toString() cause circular
          references).
         Fixed bug #73181 (parse_str() without a second argument leads
          to crash).
         Fixed bug #66773 (Autoload with Opcache allows importing
          conflicting class name to namespace).
         Fixed bug #66862 ((Sub-)Namespaces unexpected behaviour).
         Fix pthreads detection when cross-compiling.
         Fixed bug #73337 (try/catch not working with two exceptions
          inside a same operation).
         Fixed bug #73338 (Exception thrown from error handler causes
          valgrind warnings (and crashes)).
         Fixed bug #73329 ((Float)"Nano" == NAN).
     GD:
         Fixed bug #73213 (Integer overflow in imageline() with
          antialiasing).
         Fixed bug #73272 (imagescale() is not affected by, but affects
          imagesetinterpolation()).
         Fixed bug #73279 (Integer overflow in
          gdImageScaleBilinearPalette()).
         Fixed bug #73280 (Stack Buffer Overflow in GD dynamicGetbuf).
         Fixed bug #72482 (Ilegal write/read access caused by
          gdImageAALine overflow).
         Fixed bug #72696 (imagefilltoborder stackoverflow on truecolor
          images).
     IMAP:
         Fixed bug #73418 (Integer Overflow in "_php_imap_mail" leads to
          crash).
     OCI8:
         Fixed bug #71148 (Bind reference overwritten on PHP 7).
     phpdbg:
         Properly allow for stdin input from a file.
         Add -s command line option / stdin command for reading script
          from stdin.
         Ignore non-executable opcodes in line mode of
          phpdbg_end_oplog().
         Fixed bug #70776 (Simple SIGINT does not have any effect with
          -rr).
         Fixed bug #71234 (INI files are loaded even invoked as -n
           --version).
     Session:
         Fixed bug #73273 (session_unset() empties values from all
          variables in which is $_session stored).
     SOAP:
         Fixed bug #73037 (SoapServer reports Bad Request when gzipped).
         Fixed bug #73237 (Nested object in "any" element overwrites
          other fields).
         Fixed bug #69137 (Peer verification fails when using a proxy
          with SoapClient)
     SQLite3:
         Fixed bug #73333 (2147483647 is fetched as string).
     Standard:
         Fixed bug #73203 (passing additional_parameters causes mail to
          fail).
         Fixed bug #71241 (array_replace_recursive sometimes mutates its
          parameters).
         Fixed bug #73192 (parse_url return wrong hostname).
     Wddx:
         Fixed bug #73331 (NULL Pointer Dereference in WDDX Packet
          Deserialization with PDORow).

==========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================