DATABASE RESOURCES PRICING ABOUT US

{"id": "ALPINE:CVE-2016-5766", "vendorId": null, "type": "alpinelinux", "bulletinFamily": "unix", "title": "CVE-2016-5766", "description": "Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.", "published": "2016-08-07T10:59:00", "modified": "2019-04-22T17:48:00", "epss": [{"cve": "CVE-2016-5766", "epss": 0.24576, "percentile": 0.96162, "modified": "2023-12-06"}], "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.8}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://security.alpinelinux.org/vuln/CVE-2016-5766", "reporter": "Alpine Linux Development Team", "references": [], "cvelist": ["CVE-2016-5766"], "immutableFields": [], "lastseen": "2023-12-06T16:15:38", "viewCount": 8, "enchantments": {"score": {"value": 8.2, "vector": "NONE"}, "dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2016-728", "ALAS2-2021-1577"]}, {"type": "centos", "idList": ["CESA-2016:2598", "CESA-2020:5443"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2016-0972"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:A337239F424A4FF8B4435FA8FCEBDE22"]}, {"type": "cloudlinux", "idList": ["CLSA-2020:1605798462"]}, {"type": "cve", "idList": ["CVE-2016-5766"]}, {"type": "debian", "idList": ["DEBIAN:DLA-534-1:EDA05", "DEBIAN:DSA-3619-1:222D2", "DEBIAN:DSA-3619-1:AC3EB"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-5766"]}, {"type": "f5", "idList": ["F5:K43267483", "SOL43267483"]}, {"type": "fedora", "idList": ["FEDORA:1851F608780A", "FEDORA:4BD9160779B7", "FEDORA:81A1A606D3EC", "FEDORA:A5EA7608B7C1", "FEDORA:BB1106070D49", "FEDORA:D4D5A605E1F0"]}, {"type": "fortinet", "idList": ["FG-IR-17-051"]}, {"type": "freebsd", "idList": ["556D2286-5A51-11E6-A6C3-14DAE9D210B8", "66D77C58-3B1D-11E6-8E82-002590263BF5"]}, {"type": "gentoo", "idList": ["GLSA-201612-09"]}, {"type": "ibm", "idList": ["BEA663E577CD827F2C7D9FD6A2E59A21D9CFC5D0A3B8F2D59E92BD24A5D6CCD7", "CA3DB267748FEDA044673A3E7FFA6B9A5493629747388C6C0E74CA01703CD7CD"]}, {"type": "mageia", "idList": ["MGASA-2016-0242"]}, {"type": "nessus", "idList": ["802010.PRM", "9393.PRM", "AL2_ALAS-2021-1577.NASL", "ALA_ALAS-2016-728.NASL", "CENTOS_RHSA-2016-2598.NASL", "CENTOS_RHSA-2020-5443.NASL", "DEBIAN_DLA-534.NASL", "DEBIAN_DSA-3619.NASL", "EULEROS_SA-2016-1063.NASL", "F5_BIGIP_SOL43267483.NASL", "FEDORA_2016-34A6B65583.NASL", "FEDORA_2016-615F3BF06E.NASL", "FEDORA_2016-99FBDC5C34.NASL", "FEDORA_2016-A4D48D6FD6.NASL", "FEDORA_2016-D126BB1B74.NASL", "FEDORA_2016-EC372BDDB9.NASL", "FREEBSD_PKG_556D22865A5111E6A6C314DAE9D210B8.NASL", "FREEBSD_PKG_66D77C583B1D11E68E82002590263BF5.NASL", "GENTOO_GLSA-201612-09.NASL", "NEWSTART_CGSL_NS-SA-2021-0034_GD.NASL", "NEWSTART_CGSL_NS-SA-2021-0182_GD.NASL", "OPENSUSE-2016-844.NASL", "OPENSUSE-2016-921.NASL", "OPENSUSE-2017-1010.NASL", "OPENSUSE-2017-994.NASL", "ORACLELINUX_ELSA-2016-2598.NASL", "ORACLELINUX_ELSA-2020-5443.NASL", "PHP_5_5_37.NASL", "PHP_5_6_23.NASL", "PHP_7_0_8.NASL", "REDHAT-RHSA-2016-2598.NASL", "REDHAT-RHSA-2020-5443.NASL", "SLACKWARE_SSA_2016-176-01.NASL", "SL_20161103_PHP_ON_SL7_X.NASL", "SL_20201215_GD_ON_SL7_X.NASL", "SUSE_SU-2016-2013-1.NASL", "SUSE_SU-2016-2080-1.NASL", "SUSE_SU-2017-2303-1.NASL", "SUSE_SU-2017-2317-1.NASL", "SUSE_SU-2017-2522-1.NASL", "UBUNTU_USN-3030-1.NASL", "WEB_APPLICATION_SCANNING_98813", "WEB_APPLICATION_SCANNING_98854"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310120717", "OPENVAS:1361412562310703619", "OPENVAS:1361412562310808491", "OPENVAS:1361412562310808545", "OPENVAS:1361412562310808546", "OPENVAS:1361412562310808572", "OPENVAS:1361412562310808787", "OPENVAS:1361412562310808788", "OPENVAS:1361412562310808847", "OPENVAS:1361412562310808963", "OPENVAS:1361412562310842827", "OPENVAS:1361412562310851364", "OPENVAS:1361412562310851607", "OPENVAS:1361412562310871700", "OPENVAS:1361412562311220161063", "OPENVAS:703619"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-2598", "ELSA-2020-5443"]}, {"type": "osv", "idList": ["OSV:DLA-534-1"]}, {"type": "prion", "idList": ["PRION:CVE-2016-5766"]}, {"type": "redhat", "idList": ["RHSA-2016:2598", "RHSA-2016:2750", "RHSA-2020:5443", "RHSA-2021:0607", "RHSA-2021:0778"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-5766"]}, {"type": "slackware", "idList": ["SSA-2016-176-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:1761-1", "OPENSUSE-SU-2017:2337-1", "SUSE-SU-2016:2013-1", "SUSE-SU-2016:2080-1", "SUSE-SU-2017:2303-1"]}, {"type": "ubuntu", "idList": ["USN-3030-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-5766"]}, {"type": "veracode", "idList": ["VERACODE:17736", "VERACODE:17738", "VERACODE:17739", "VERACODE:17740", "VERACODE:17752", "VERACODE:17753", "VERACODE:17754", "VERACODE:17755", "VERACODE:17756", "VERACODE:17757", "VERACODE:17758", "VERACODE:17759", "VERACODE:17761", "VERACODE:17762", "VERACODE:17763", "VERACODE:17764", "VERACODE:17765", "VERACODE:17770", "VERACODE:17771", "VERACODE:17772", "VERACODE:17773", "VERACODE:17774", "VERACODE:17775", "VERACODE:17776", "VERACODE:17777", "VERACODE:17778", "VERACODE:17781", "VERACODE:17782", "VERACODE:17783", "VERACODE:17784", "VERACODE:17785", "VERACODE:17786", "VERACODE:17787", "VERACODE:17788", "VERACODE:17789", "VERACODE:17790", "VERACODE:17791", "VERACODE:17792", "VERACODE:17794", "VERACODE:17795", "VERACODE:17796", "VERACODE:17797", "VERACODE:17798", "VERACODE:17799", "VERACODE:17800", "VERACODE:17801", "VERACODE:17802", "VERACODE:17803", "VERACODE:17804", "VERACODE:17805", "VERACODE:17806", "VERACODE:17807", "VERACODE:17808", "VERACODE:17809", "VERACODE:17810", "VERACODE:17811", "VERACODE:17812"]}]}, "vulnersScore": 8.2}, "_state": {"score": 1701879525, "dependencies": 1701891669}, "_internal": {"score_hash": "253954c2c2841adae7db038ae07bf9f3"}, "affectedPackage": [{"OS": "Alpine", "OSVersion": "3.2-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.2.1-r2", "operator": "lt", "packageName": "gd"}, {"OS": "Alpine", "OSVersion": "3.3-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.2.1-r2", "operator": "lt", "packageName": "gd"}, {"OS": "Alpine", "OSVersion": "3.4-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.2.3-r0", "operator": "lt", "packageName": "gd"}]}

{"nessus": [{"lastseen": "2023-11-29T19:37:34", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has gd packages installed that are affected by a vulnerability:\n\n - Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image. (CVE-2016-5766)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-27T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : gd Vulnerability (NS-SA-2021-0182)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5766"], "modified": "2023-11-27T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_core:gd", "p-cpe:/a:zte:cgsl_core:gd-debuginfo", "p-cpe:/a:zte:cgsl_core:gd-devel", "p-cpe:/a:zte:cgsl_core:gd-progs", "p-cpe:/a:zte:cgsl_main:gd", "p-cpe:/a:zte:cgsl_main:gd-debuginfo", "p-cpe:/a:zte:cgsl_main:gd-devel", "p-cpe:/a:zte:cgsl_main:gd-progs", "cpe:/o:zte:cgsl_core:5", "cpe:/o:zte:cgsl_main:5"], "id": "NEWSTART_CGSL_NS-SA-2021-0182_GD.NASL", "href": "https://www.tenable.com/plugins/nessus/154443", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0182. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154443);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/27\");\n\n script_cve_id(\"CVE-2016-5766\");\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : gd Vulnerability (NS-SA-2021-0182)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has gd packages installed that are affected by a\nvulnerability:\n\n - Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before\n 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to\n cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified\n other impact via crafted chunk dimensions in an image. (CVE-2016-5766)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0182\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2016-5766\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL gd packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5766\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:gd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:gd-progs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:gd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:gd-progs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_core:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:5\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL CORE 5.05': [\n 'gd-2.0.35-27.el7_9',\n 'gd-debuginfo-2.0.35-27.el7_9',\n 'gd-devel-2.0.35-27.el7_9',\n 'gd-progs-2.0.35-27.el7_9'\n ],\n 'CGSL MAIN 5.05': [\n 'gd-2.0.35-27.el7_9',\n 'gd-debuginfo-2.0.35-27.el7_9',\n 'gd-devel-2.0.35-27.el7_9',\n 'gd-progs-2.0.35-27.el7_9'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:40", "description": "The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2020:5443-1 advisory.\n\n - gd: Integer overflow in _gd2GetHeader() resulting in heap overflow (CVE-2016-5766)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-15T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : gd on SL7.x i686/x86_64 (2020:5443)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5766"], "modified": "2020-12-16T00:00:00", "cpe": ["cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:gd", "p-cpe:/a:fermilab:scientific_linux:gd-debuginfo", "p-cpe:/a:fermilab:scientific_linux:gd-devel", "p-cpe:/a:fermilab:scientific_linux:gd-progs"], "id": "SL_20201215_GD_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/144294", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144294);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/16\");\n\n script_cve_id(\"CVE-2016-5766\");\n script_xref(name:\"RHSA\", value:\"RHSA-2020:5443\");\n\n script_name(english:\"Scientific Linux Security Update : gd on SL7.x i686/x86_64 (2020:5443)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Scientific Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nSLSA-2020:5443-1 advisory.\n\n - gd: Integer overflow in _gd2GetHeader() resulting in heap overflow (CVE-2016-5766)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.scientificlinux.org/category/sl-errata/slsa-20205443-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5766\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fermilab:scientific_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gd-progs\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Scientific Linux' >!< release) audit(AUDIT_OS_NOT, 'Scientific Linux');\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Scientific Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Scientific Linux 7.x', 'Scientific Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Scientific Linux', cpu);\n\npkgs = [\n {'reference':'gd-2.0.35-27.el7_9', 'cpu':'i686', 'release':'SL7'},\n {'reference':'gd-2.0.35-27.el7_9', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'gd-debuginfo-2.0.35-27.el7_9', 'cpu':'i686', 'release':'SL7'},\n {'reference':'gd-debuginfo-2.0.35-27.el7_9', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'gd-devel-2.0.35-27.el7_9', 'cpu':'i686', 'release':'SL7'},\n {'reference':'gd-devel-2.0.35-27.el7_9', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'gd-progs-2.0.35-27.el7_9', 'cpu':'x86_64', 'release':'SL7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gd / gd-debuginfo / gd-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:01:43", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1577 advisory.\n\n - Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image. (CVE-2016-5766)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-01-08T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : gd (ALAS-2021-1577)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5766"], "modified": "2021-01-08T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:gd", "p-cpe:/a:amazon:linux:gd-debuginfo", "p-cpe:/a:amazon:linux:gd-devel", "p-cpe:/a:amazon:linux:gd-progs", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2021-1577.NASL", "href": "https://www.tenable.com/plugins/nessus/144807", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2021-1577.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144807);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/08\");\n\n script_cve_id(\"CVE-2016-5766\");\n script_xref(name:\"ALAS\", value:\"2021-1577\");\n\n script_name(english:\"Amazon Linux 2 : gd (ALAS-2021-1577)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a\nvulnerability as referenced in the ALAS2-2021-1577 advisory.\n\n - Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before\n 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to\n cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified\n other impact via crafted chunk dimensions in an image. (CVE-2016-5766)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2021-1577.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2016-5766\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update gd' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5766\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:gd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:gd-progs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'gd-2.0.35-27.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'gd-2.0.35-27.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'gd-2.0.35-27.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'gd-debuginfo-2.0.35-27.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'gd-debuginfo-2.0.35-27.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'gd-debuginfo-2.0.35-27.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'gd-devel-2.0.35-27.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'gd-devel-2.0.35-27.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'gd-devel-2.0.35-27.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'gd-progs-2.0.35-27.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'gd-progs-2.0.35-27.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'gd-progs-2.0.35-27.amzn2', 'cpu':'x86_64', 'release':'AL2'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gd / gd-debuginfo / gd-devel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:37", "description": "The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5443 advisory.\n\n - Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image. (CVE-2016-5766)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-16T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : gd (ELSA-2020-5443)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5766"], "modified": "2020-12-17T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:gd", "p-cpe:/a:oracle:linux:gd-devel", "p-cpe:/a:oracle:linux:gd-progs"], "id": "ORACLELINUX_ELSA-2020-5443.NASL", "href": "https://www.tenable.com/plugins/nessus/144331", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5443.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144331);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/17\");\n\n script_cve_id(\"CVE-2016-5766\");\n\n script_name(english:\"Oracle Linux 7 : gd (ELSA-2020-5443)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2020-5443 advisory.\n\n - Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before\n 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to\n cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified\n other impact via crafted chunk dimensions in an image. (CVE-2016-5766)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5443.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected gd, gd-devel and / or gd-progs packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5766\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gd-progs\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'gd-2.0.35-27.el7_9', 'cpu':'aarch64', 'release':'7'},\n {'reference':'gd-2.0.35-27.el7_9', 'cpu':'i686', 'release':'7'},\n {'reference':'gd-2.0.35-27.el7_9', 'cpu':'x86_64', 'release':'7'},\n {'reference':'gd-devel-2.0.35-27.el7_9', 'cpu':'aarch64', 'release':'7'},\n {'reference':'gd-devel-2.0.35-27.el7_9', 'cpu':'i686', 'release':'7'},\n {'reference':'gd-devel-2.0.35-27.el7_9', 'cpu':'x86_64', 'release':'7'},\n {'reference':'gd-progs-2.0.35-27.el7_9', 'cpu':'aarch64', 'release':'7'},\n {'reference':'gd-progs-2.0.35-27.el7_9', 'cpu':'x86_64', 'release':'7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gd / gd-devel / gd-progs');\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:54:40", "description": "Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image. (CVE-2016-5766)", "cvss3": {}, "published": "2017-05-12T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : PHP vulnerability (K43267483)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5766"], "modified": "2019-04-01T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL43267483.NASL", "href": "https://www.tenable.com/plugins/nessus/100137", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K43267483.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100137);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/04/01 9:30:05\");\n\n script_cve_id(\"CVE-2016-5766\");\n\n script_name(english:\"F5 Networks BIG-IP : PHP vulnerability (K43267483)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD\nGraphics Library (aka libgd) before 2.2.3, as used in PHP before\n5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote\nattackers to cause a denial of service (heap-based buffer overflow and\napplication crash) or possibly have unspecified other impact via\ncrafted chunk dimensions in an image. (CVE-2016-5766)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K43267483\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K43267483.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K43267483\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.6.0-11.6.1\",\"11.4.0-11.5.5\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"13.0.0\",\"12.1.2HF1\",\"11.6.2\",\"11.5.6\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.6.0-11.6.1\",\"11.4.0-11.5.5\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"13.0.0\",\"12.1.2HF1\",\"11.6.2\",\"11.5.6\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.6.0-11.6.1\",\"11.4.0-11.5.5\",\"11.2.1\",\"10.2.1-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"13.0.0\",\"12.1.2HF1\",\"11.6.2\",\"11.5.6\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.6.0-11.6.1\",\"11.4.0-11.5.5\",\"11.2.1\",\"10.2.1-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"13.0.0\",\"12.1.2HF1\",\"11.6.2\",\"11.5.6\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.6.0-11.6.1\",\"11.4.0-11.5.5\",\"11.2.1\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"13.0.0\",\"12.1.2HF1\",\"11.6.2\",\"11.5.6\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.6.0-11.6.1\",\"11.4.0-11.5.5\",\"11.2.1\",\"10.2.1-10.2.4\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.2\",\"11.5.6\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.6.0-11.6.1\",\"11.4.0-11.5.5\",\"11.2.1\",\"10.2.1-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"13.0.0\",\"12.1.2HF1\",\"11.6.2\",\"11.5.6\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.6.0-11.6.1\",\"11.4.0-11.5.5\",\"11.2.1\",\"10.2.1-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"13.0.0\",\"12.1.2HF1\",\"11.6.2\",\"11.5.6\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.6.0-11.6.1\",\"11.4.0-11.5.5\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"13.0.0\",\"12.1.2HF1\",\"11.6.2\",\"11.5.6\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:41", "description": "The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:5443 advisory.\n\n - gd: Integer overflow in _gd2GetHeader() resulting in heap overflow (CVE-2016-5766)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-17T00:00:00", "type": "nessus", "title": "CentOS 7 : gd (CESA-2020:5443)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5766"], "modified": "2020-12-21T00:00:00", "cpe": ["p-cpe:/a:centos:centos:gd", "p-cpe:/a:centos:centos:gd-devel", "p-cpe:/a:centos:centos:gd-progs", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2020-5443.NASL", "href": "https://www.tenable.com/plugins/nessus/144370", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5443 and\n# CentOS Errata and Security Advisory 2020:5443 respectively.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144370);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/21\");\n\n script_cve_id(\"CVE-2016-5766\");\n script_xref(name:\"RHSA\", value:\"2020:5443\");\n\n script_name(english:\"CentOS 7 : gd (CESA-2020:5443)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2020:5443 advisory.\n\n - gd: Integer overflow in _gd2GetHeader() resulting in heap overflow (CVE-2016-5766)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-announce/2020-December/048237.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?87738bdc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/190.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected gd, gd-devel and / or gd-progs packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5766\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(122, 190);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gd-progs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'gd-2.0.35-27.el7_9', 'sp':'9', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'gd-2.0.35-27.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'gd-devel-2.0.35-27.el7_9', 'sp':'9', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'gd-devel-2.0.35-27.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'gd-progs-2.0.35-27.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gd / gd-devel / gd-progs');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-29T14:27:35", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5443 advisory.\n\n - gd: Integer overflow in _gd2GetHeader() resulting in heap overflow (CVE-2016-5766)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-15T00:00:00", "type": "nessus", "title": "RHEL 7 : gd (RHSA-2020:5443)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5766"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:gd", "p-cpe:/a:redhat:enterprise_linux:gd-devel", "p-cpe:/a:redhat:enterprise_linux:gd-progs"], "id": "REDHAT-RHSA-2020-5443.NASL", "href": "https://www.tenable.com/plugins/nessus/144275", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5443. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144275);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\"CVE-2016-5766\");\n script_xref(name:\"RHSA\", value:\"2020:5443\");\n\n script_name(english:\"RHEL 7 : gd (RHSA-2020:5443)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:5443 advisory.\n\n - gd: Integer overflow in _gd2GetHeader() resulting in heap overflow (CVE-2016-5766)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2016-5766\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5443\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1351068\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected gd, gd-devel and / or gd-progs packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5766\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(122, 190);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gd-progs\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/os',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/os',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/os',\n 'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/os',\n 'content/fastrack/rhel/power/7/ppc64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'gd-2.0.35-27.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gd-devel-2.0.35-27.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gd-progs-2.0.35-27.el7_9', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gd-progs-2.0.35-27.el7_9', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gd-progs-2.0.35-27.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gd-progs-2.0.35-27.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gd / gd-devel / gd-progs');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:28:23", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has gd packages installed that are affected by a vulnerability:\n\n - Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image. (CVE-2016-5766)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-07T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : gd Vulnerability (NS-SA-2021-0034)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5766"], "modified": "2021-05-10T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2021-0034_GD.NASL", "href": "https://www.tenable.com/plugins/nessus/149337", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0034. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149337);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/10\");\n\n script_cve_id(\"CVE-2016-5766\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : gd Vulnerability (NS-SA-2021-0034)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has gd packages installed that are affected by a\nvulnerability:\n\n - Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before\n 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to\n cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified\n other impact via crafted chunk dimensions in an image. (CVE-2016-5766)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0034\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL gd packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5766\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.04': [\n 'gd-2.0.35-27.el7_9',\n 'gd-devel-2.0.35-27.el7_9',\n 'gd-progs-2.0.35-27.el7_9'\n ],\n 'CGSL MAIN 5.04': [\n 'gd-2.0.35-27.el7_9',\n 'gd-devel-2.0.35-27.el7_9',\n 'gd-progs-2.0.35-27.el7_9'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:40:09", "description": "- CVE-2016-5766 Integer Overflow in _gd2GetHeader() resulting in heap overflow.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 2.0.36~rc1~dfsg-6.1+deb7u4.\n\nWe recommend that you upgrade your libgd2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-07-01T00:00:00", "type": "nessus", "title": "Debian DLA-534-1 : libgd2 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5766"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libgd-tools", "p-cpe:/a:debian:debian_linux:libgd2-noxpm", "p-cpe:/a:debian:debian_linux:libgd2-noxpm-dev", "p-cpe:/a:debian:debian_linux:libgd2-xpm", "p-cpe:/a:debian:debian_linux:libgd2-xpm-dev", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-534.NASL", "href": "https://www.tenable.com/plugins/nessus/91901", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-534-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91901);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-5766\");\n\n script_name(english:\"Debian DLA-534-1 : libgd2 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - CVE-2016-5766 Integer Overflow in _gd2GetHeader()\n resulting in heap overflow.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n2.0.36~rc1~dfsg-6.1+deb7u4.\n\nWe recommend that you upgrade your libgd2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/06/msg00036.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libgd2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgd2-noxpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgd2-noxpm-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgd2-xpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgd2-xpm-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libgd-tools\", reference:\"2.0.36~rc1~dfsg-6.1+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgd2-noxpm\", reference:\"2.0.36~rc1~dfsg-6.1+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgd2-noxpm-dev\", reference:\"2.0.36~rc1~dfsg-6.1+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgd2-xpm\", reference:\"2.0.36~rc1~dfsg-6.1+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgd2-xpm-dev\", reference:\"2.0.36~rc1~dfsg-6.1+deb7u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:33:35", "description": "- fix for stack overflow with gdImageFillToBorder (CVE-2015-8874)\n\n - fix integer Overflow in _gd2GetHeader() (CVE-2016-5766)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-07-19T00:00:00", "type": "nessus", "title": "Fedora 23 : gd (2016-d126bb1b74)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8874", "CVE-2016-5766"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gd", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-D126BB1B74.NASL", "href": "https://www.tenable.com/plugins/nessus/92392", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-d126bb1b74.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92392);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-8874\", \"CVE-2016-5766\");\n script_xref(name:\"FEDORA\", value:\"2016-d126bb1b74\");\n\n script_name(english:\"Fedora 23 : gd (2016-d126bb1b74)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fix for stack overflow with gdImageFillToBorder\n (CVE-2015-8874)\n\n - fix integer Overflow in _gd2GetHeader() (CVE-2016-5766)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-d126bb1b74\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"gd-2.1.1-8.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:27:23", "description": "**Version 2.2.2**\n\nSecurity related fixes :\n\n - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow (CVE-2016-5767)\n\n - Stack overflow with gdImageFillToBorder (CVE-2015-8874)\n\n - Integer Overflow in _gd2GetHeader() resulting in heap overflow (CVE-2016-5766)\n\n - NULL pointer Dereference at _gdScaleVert\n\n - Integer Overflow in gdImagePaletteToTrueColor() in heap overflow\n\nNumerous other fixes have been applied. The scale and rotation functions have been greatly improved as well.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-07-15T00:00:00", "type": "nessus", "title": "Fedora 24 : gd (2016-a4d48d6fd6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8874", "CVE-2016-5766", "CVE-2016-5767"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gd", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-A4D48D6FD6.NASL", "href": "https://www.tenable.com/plugins/nessus/92275", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-a4d48d6fd6.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92275);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-8874\", \"CVE-2016-5766\", \"CVE-2016-5767\");\n script_xref(name:\"FEDORA\", value:\"2016-a4d48d6fd6\");\n\n script_name(english:\"Fedora 24 : gd (2016-a4d48d6fd6)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**Version 2.2.2**\n\nSecurity related fixes :\n\n - Integer Overflow in gdImagePaletteToTrueColor()\n resulting in heap overflow (CVE-2016-5767)\n\n - Stack overflow with gdImageFillToBorder (CVE-2015-8874)\n\n - Integer Overflow in _gd2GetHeader() resulting in heap\n overflow (CVE-2016-5766)\n\n - NULL pointer Dereference at _gdScaleVert\n\n - Integer Overflow in gdImagePaletteToTrueColor() in heap\n overflow\n\nNumerous other fixes have been applied. The scale and rotation\nfunctions have been greatly improved as well.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-a4d48d6fd6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"gd-2.2.2-1.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:02:17", "description": "From Red Hat Security Advisory 2016:2598 :\n\nAn update for php is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way certain error conditions were handled by bzread () function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vulnerable function, could cause the application to crash or execute arbitrary code with the permissions of the user running the PHP application.\n(CVE-2016-5399)\n\n* An integer overflow flaw, leading to a heap-based buffer overflow was found in the imagecreatefromgd2() function of PHP's gd extension.\nA remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application using gd via a specially crafted GD2 image.\n(CVE-2016-5766)\n\n* An integer overflow flaw, leading to a heap-based buffer overflow was found in the gdImagePaletteToTrueColor() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application using gd via a specially crafted image buffer. (CVE-2016-5767)\n\n* A double free flaw was found in the mb_ereg_replace_callback() function of php which is used to perform regex search. This flaw could possibly cause a PHP application to crash. (CVE-2016-5768)\n\nRed Hat would like to thank Hans Jerry Illikainen for reporting CVE-2016-5399.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "cvss3": {}, "published": "2016-11-11T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : php (ELSA-2016-2598)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5399", "CVE-2016-5766", "CVE-2016-5767", "CVE-2016-5768"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:php", "p-cpe:/a:oracle:linux:php-bcmath", "p-cpe:/a:oracle:linux:php-cli", "p-cpe:/a:oracle:linux:php-common", "p-cpe:/a:oracle:linux:php-dba", "p-cpe:/a:oracle:linux:php-devel", "p-cpe:/a:oracle:linux:php-embedded", "p-cpe:/a:oracle:linux:php-enchant", "p-cpe:/a:oracle:linux:php-fpm", "p-cpe:/a:oracle:linux:php-gd", "p-cpe:/a:oracle:linux:php-intl", "p-cpe:/a:oracle:linux:php-ldap", "p-cpe:/a:oracle:linux:php-mbstring", "p-cpe:/a:oracle:linux:php-mysql", "p-cpe:/a:oracle:linux:php-mysqlnd", "p-cpe:/a:oracle:linux:php-odbc", "p-cpe:/a:oracle:linux:php-pdo", "p-cpe:/a:oracle:linux:php-pgsql", "p-cpe:/a:oracle:linux:php-process", "p-cpe:/a:oracle:linux:php-pspell", "p-cpe:/a:oracle:linux:php-recode", "p-cpe:/a:oracle:linux:php-snmp", "p-cpe:/a:oracle:linux:php-soap", "p-cpe:/a:oracle:linux:php-xml", "p-cpe:/a:oracle:linux:php-xmlrpc", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2016-2598.NASL", "href": "https://www.tenable.com/plugins/nessus/94717", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:2598 and \n# Oracle Linux Security Advisory ELSA-2016-2598 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94717);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-5399\", \"CVE-2016-5766\", \"CVE-2016-5767\", \"CVE-2016-5768\");\n script_xref(name:\"RHSA\", value:\"2016:2598\");\n\n script_name(english:\"Oracle Linux 7 : php (ELSA-2016-2598)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:2598 :\n\nAn update for php is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way certain error conditions were handled by\nbzread () function in PHP. An attacker could use this flaw to upload a\nspecially crafted bz2 archive which, when parsed via the vulnerable\nfunction, could cause the application to crash or execute arbitrary\ncode with the permissions of the user running the PHP application.\n(CVE-2016-5399)\n\n* An integer overflow flaw, leading to a heap-based buffer overflow\nwas found in the imagecreatefromgd2() function of PHP's gd extension.\nA remote attacker could use this flaw to crash a PHP application or\nexecute arbitrary code with the privileges of the user running that\nPHP application using gd via a specially crafted GD2 image.\n(CVE-2016-5766)\n\n* An integer overflow flaw, leading to a heap-based buffer overflow\nwas found in the gdImagePaletteToTrueColor() function of PHP's gd\nextension. A remote attacker could use this flaw to crash a PHP\napplication or execute arbitrary code with the privileges of the user\nrunning that PHP application using gd via a specially crafted image\nbuffer. (CVE-2016-5767)\n\n* A double free flaw was found in the mb_ereg_replace_callback()\nfunction of php which is used to perform regex search. This flaw could\npossibly cause a PHP application to crash. (CVE-2016-5768)\n\nRed Hat would like to thank Hans Jerry Illikainen for reporting\nCVE-2016-5399.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-November/006482.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"php-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"php-bcmath-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"php-cli-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"php-common-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"php-dba-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"php-devel-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"php-embedded-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"php-enchant-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"php-fpm-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"php-gd-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"php-intl-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"php-ldap-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"php-mbstring-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"php-mysql-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"php-mysqlnd-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"php-odbc-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"php-pdo-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"php-pgsql-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"php-process-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"php-pspell-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"php-recode-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"php-snmp-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"php-soap-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"php-xml-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"php-xmlrpc-5.4.16-42.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:55:58", "description": "An update for php is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way certain error conditions were handled by bzread () function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vulnerable function, could cause the application to crash or execute arbitrary code with the permissions of the user running the PHP application.\n(CVE-2016-5399)\n\n* An integer overflow flaw, leading to a heap-based buffer overflow was found in the imagecreatefromgd2() function of PHP's gd extension.\nA remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application using gd via a specially crafted GD2 image.\n(CVE-2016-5766)\n\n* An integer overflow flaw, leading to a heap-based buffer overflow was found in the gdImagePaletteToTrueColor() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application using gd via a specially crafted image buffer. (CVE-2016-5767)\n\n* A double free flaw was found in the mb_ereg_replace_callback() function of php which is used to perform regex search. This flaw could possibly cause a PHP application to crash. (CVE-2016-5768)\n\nRed Hat would like to thank Hans Jerry Illikainen for reporting CVE-2016-5399.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "cvss3": {}, "published": "2016-11-04T00:00:00", "type": "nessus", "title": "RHEL 7 : php (RHSA-2016:2598)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5399", "CVE-2016-5766", "CVE-2016-5767", "CVE-2016-5768"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:php", "p-cpe:/a:redhat:enterprise_linux:php-bcmath", "p-cpe:/a:redhat:enterprise_linux:php-cli", "p-cpe:/a:redhat:enterprise_linux:php-common", "p-cpe:/a:redhat:enterprise_linux:php-dba", "p-cpe:/a:redhat:enterprise_linux:php-debuginfo", "p-cpe:/a:redhat:enterprise_linux:php-devel", "p-cpe:/a:redhat:enterprise_linux:php-embedded", "p-cpe:/a:redhat:enterprise_linux:php-enchant", "p-cpe:/a:redhat:enterprise_linux:php-fpm", "p-cpe:/a:redhat:enterprise_linux:php-gd", "p-cpe:/a:redhat:enterprise_linux:php-intl", "p-cpe:/a:redhat:enterprise_linux:php-ldap", "p-cpe:/a:redhat:enterprise_linux:php-mbstring", "p-cpe:/a:redhat:enterprise_linux:php-mysql", "p-cpe:/a:redhat:enterprise_linux:php-mysqlnd", "p-cpe:/a:redhat:enterprise_linux:php-odbc", "p-cpe:/a:redhat:enterprise_linux:php-pdo", "p-cpe:/a:redhat:enterprise_linux:php-pgsql", "p-cpe:/a:redhat:enterprise_linux:php-process", "p-cpe:/a:redhat:enterprise_linux:php-pspell", "p-cpe:/a:redhat:enterprise_linux:php-recode", "p-cpe:/a:redhat:enterprise_linux:php-snmp", "p-cpe:/a:redhat:enterprise_linux:php-soap", "p-cpe:/a:redhat:enterprise_linux:php-xml", "p-cpe:/a:redhat:enterprise_linux:php-xmlrpc", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2016-2598.NASL", "href": "https://www.tenable.com/plugins/nessus/94561", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2598. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94561);\n script_version(\"2.12\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2016-5399\", \"CVE-2016-5766\", \"CVE-2016-5767\", \"CVE-2016-5768\");\n script_xref(name:\"RHSA\", value:\"2016:2598\");\n\n script_name(english:\"RHEL 7 : php (RHSA-2016:2598)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for php is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way certain error conditions were handled by\nbzread () function in PHP. An attacker could use this flaw to upload a\nspecially crafted bz2 archive which, when parsed via the vulnerable\nfunction, could cause the application to crash or execute arbitrary\ncode with the permissions of the user running the PHP application.\n(CVE-2016-5399)\n\n* An integer overflow flaw, leading to a heap-based buffer overflow\nwas found in the imagecreatefromgd2() function of PHP's gd extension.\nA remote attacker could use this flaw to crash a PHP application or\nexecute arbitrary code with the privileges of the user running that\nPHP application using gd via a specially crafted GD2 image.\n(CVE-2016-5766)\n\n* An integer overflow flaw, leading to a heap-based buffer overflow\nwas found in the gdImagePaletteToTrueColor() function of PHP's gd\nextension. A remote attacker could use this flaw to crash a PHP\napplication or execute arbitrary code with the privileges of the user\nrunning that PHP application using gd via a specially crafted image\nbuffer. (CVE-2016-5767)\n\n* A double free flaw was found in the mb_ereg_replace_callback()\nfunction of php which is used to perform regex search. This flaw could\npossibly cause a PHP application to crash. (CVE-2016-5768)\n\nRed Hat would like to thank Hans Jerry Illikainen for reporting\nCVE-2016-5399.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:2598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5766\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5768\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:2598\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"php-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"php-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"php-bcmath-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"php-bcmath-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"php-cli-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"php-cli-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"php-common-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"php-common-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"php-dba-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"php-dba-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"php-debuginfo-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"php-debuginfo-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"php-devel-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"php-devel-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"php-embedded-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"php-embedded-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"php-enchant-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"php-enchant-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"php-fpm-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"php-fpm-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"php-gd-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"php-gd-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"php-intl-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"php-intl-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"php-ldap-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"php-ldap-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"php-mbstring-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"php-mbstring-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"php-mysql-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"php-mysql-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"php-mysqlnd-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"php-mysqlnd-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"php-odbc-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"php-odbc-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"php-pdo-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"php-pdo-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"php-pgsql-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"php-pgsql-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"php-process-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"php-process-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"php-pspell-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"php-pspell-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"php-recode-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"php-recode-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"php-snmp-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"php-snmp-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"php-soap-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"php-soap-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"php-xml-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"php-xml-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"php-xmlrpc-5.4.16-42.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"php-xmlrpc-5.4.16-42.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:55:37", "description": "According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in the way certain error conditions were handled by bzread() function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vulnerable function, could cause the application to crash or execute arbitrary code with the permissions of the user running the PHP application.(CVE-2016-5399)\n\n - An integer overflow flaw, leading to a heap-based buffer overflow was found in the imagecreatefromgd2() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application using gd via a specially crafted GD2 image.(CVE-2016-5766)\n\n - An integer overflow flaw, leading to a heap-based buffer overflow was found in the gdImagePaletteToTrueColor() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application using gd via a specially crafted image buffer.(CVE-2016-5767)\n\n - A double free flaw was found in the mb_ereg_replace_callback() function of php which is used to perform regex search. This flaw could possibly cause a PHP application to crash.(CVE-2016-5768)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-05-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : php (EulerOS-SA-2016-1063)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5399", "CVE-2016-5766", "CVE-2016-5767", "CVE-2016-5768"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:php", "p-cpe:/a:huawei:euleros:php-cli", "p-cpe:/a:huawei:euleros:php-common", "p-cpe:/a:huawei:euleros:php-gd", "p-cpe:/a:huawei:euleros:php-ldap", "p-cpe:/a:huawei:euleros:php-mysql", "p-cpe:/a:huawei:euleros:php-odbc", "p-cpe:/a:huawei:euleros:php-pdo", "p-cpe:/a:huawei:euleros:php-pgsql", "p-cpe:/a:huawei:euleros:php-process", "p-cpe:/a:huawei:euleros:php-recode", "p-cpe:/a:huawei:euleros:php-soap", "p-cpe:/a:huawei:euleros:php-xml", "p-cpe:/a:huawei:euleros:php-xmlrpc", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2016-1063.NASL", "href": "https://www.tenable.com/plugins/nessus/99825", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99825);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-5399\",\n \"CVE-2016-5766\",\n \"CVE-2016-5767\",\n \"CVE-2016-5768\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : php (EulerOS-SA-2016-1063)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the php packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in the way certain error conditions\n were handled by bzread() function in PHP. An attacker\n could use this flaw to upload a specially crafted bz2\n archive which, when parsed via the vulnerable function,\n could cause the application to crash or execute\n arbitrary code with the permissions of the user running\n the PHP application.(CVE-2016-5399)\n\n - An integer overflow flaw, leading to a heap-based\n buffer overflow was found in the imagecreatefromgd2()\n function of PHP's gd extension. A remote attacker could\n use this flaw to crash a PHP application or execute\n arbitrary code with the privileges of the user running\n that PHP application using gd via a specially crafted\n GD2 image.(CVE-2016-5766)\n\n - An integer overflow flaw, leading to a heap-based\n buffer overflow was found in the\n gdImagePaletteToTrueColor() function of PHP's gd\n extension. A remote attacker could use this flaw to\n crash a PHP application or execute arbitrary code with\n the privileges of the user running that PHP application\n using gd via a specially crafted image\n buffer.(CVE-2016-5767)\n\n - A double free flaw was found in the\n mb_ereg_replace_callback() function of php which is\n used to perform regex search. This flaw could possibly\n cause a PHP application to crash.(CVE-2016-5768)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1063\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d3973c99\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"php-5.4.16-42.h10\",\n \"php-cli-5.4.16-42.h10\",\n \"php-common-5.4.16-42.h10\",\n \"php-gd-5.4.16-42.h10\",\n \"php-ldap-5.4.16-42.h10\",\n \"php-mysql-5.4.16-42.h10\",\n \"php-odbc-5.4.16-42.h10\",\n \"php-pdo-5.4.16-42.h10\",\n \"php-pgsql-5.4.16-42.h10\",\n \"php-process-5.4.16-42.h10\",\n \"php-recode-5.4.16-42.h10\",\n \"php-soap-5.4.16-42.h10\",\n \"php-xml-5.4.16-42.h10\",\n \"php-xmlrpc-5.4.16-42.h10\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:41:06", "description": "Pierre Joye reports :\n\n- fix php bug 72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766)\n\n- gd: Buffer over-read issue when parsing crafted TGA file (CVE-2016-6132)\n\n- Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207)\n\n- fix php bug 72494, invalid color index not handled, can lead to crash ( CVE-2016-6128)", "cvss3": {}, "published": "2016-08-05T00:00:00", "type": "nessus", "title": "FreeBSD : gd -- multiple vulnerabilities (556d2286-5a51-11e6-a6c3-14dae9d210b8)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5766", "CVE-2016-6128", "CVE-2016-6132", "CVE-2016-6207"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:gd", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_556D22865A5111E6A6C314DAE9D210B8.NASL", "href": "https://www.tenable.com/plugins/nessus/92740", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92740);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-5766\", \"CVE-2016-6128\", \"CVE-2016-6132\", \"CVE-2016-6207\");\n\n script_name(english:\"FreeBSD : gd -- multiple vulnerabilities (556d2286-5a51-11e6-a6c3-14dae9d210b8)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Pierre Joye reports :\n\n- fix php bug 72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766)\n\n- gd: Buffer over-read issue when parsing crafted TGA file\n(CVE-2016-6132)\n\n- Integer overflow error within _gdContributionsAlloc()\n(CVE-2016-6207)\n\n- fix php bug 72494, invalid color index not handled, can lead to\ncrash ( CVE-2016-6128)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/libgd/libgd/releases/tag/gd-2.2.3\"\n );\n # https://vuxml.freebsd.org/freebsd/556d2286-5a51-11e6-a6c3-14dae9d210b8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0327fde6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:gd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"gd<2.2.3,1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:57:12", "description": "Security Fix(es) :\n\n - A flaw was found in the way certain error conditions were handled by bzread() function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vulnerable function, could cause the application to crash or execute arbitrary code with the permissions of the user running the PHP application. (CVE-2016-5399)\n\n - An integer overflow flaw, leading to a heap-based buffer overflow was found in the imagecreatefromgd2() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application using gd via a specially crafted GD2 image.\n (CVE-2016-5766)\n\n - An integer overflow flaw, leading to a heap-based buffer overflow was found in the gdImagePaletteToTrueColor() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application using gd via a specially crafted image buffer. (CVE-2016-5767)\n\n - A double free flaw was found in the mb_ereg_replace_callback() function of php which is used to perform regex search. This flaw could possibly cause a PHP application to crash. (CVE-2016-5768)\n\nAdditional Changes :", "cvss3": {}, "published": "2016-12-15T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : php on SL7.x x86_64 (20161103)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5399", "CVE-2016-5766", "CVE-2016-5767", "CVE-2016-5768"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:php", "p-cpe:/a:fermilab:scientific_linux:php-bcmath", "p-cpe:/a:fermilab:scientific_linux:php-cli", "p-cpe:/a:fermilab:scientific_linux:php-common", "p-cpe:/a:fermilab:scientific_linux:php-dba", "p-cpe:/a:fermilab:scientific_linux:php-debuginfo", "p-cpe:/a:fermilab:scientific_linux:php-devel", "p-cpe:/a:fermilab:scientific_linux:php-embedded", "p-cpe:/a:fermilab:scientific_linux:php-enchant", "p-cpe:/a:fermilab:scientific_linux:php-fpm", "p-cpe:/a:fermilab:scientific_linux:php-gd", "p-cpe:/a:fermilab:scientific_linux:php-intl", "p-cpe:/a:fermilab:scientific_linux:php-ldap", "p-cpe:/a:fermilab:scientific_linux:php-mbstring", "p-cpe:/a:fermilab:scientific_linux:php-mysql", "p-cpe:/a:fermilab:scientific_linux:php-mysqlnd", "p-cpe:/a:fermilab:scientific_linux:php-odbc", "p-cpe:/a:fermilab:scientific_linux:php-pdo", "p-cpe:/a:fermilab:scientific_linux:php-pgsql", "p-cpe:/a:fermilab:scientific_linux:php-process", "p-cpe:/a:fermilab:scientific_linux:php-pspell", "p-cpe:/a:fermilab:scientific_linux:php-recode", "p-cpe:/a:fermilab:scientific_linux:php-snmp", "p-cpe:/a:fermilab:scientific_linux:php-soap", "p-cpe:/a:fermilab:scientific_linux:php-xml", "p-cpe:/a:fermilab:scientific_linux:php-xmlrpc", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20161103_PHP_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/95854", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95854);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-5399\", \"CVE-2016-5766\", \"CVE-2016-5767\", \"CVE-2016-5768\");\n\n script_name(english:\"Scientific Linux Security Update : php on SL7.x x86_64 (20161103)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - A flaw was found in the way certain error conditions\n were handled by bzread() function in PHP. An attacker\n could use this flaw to upload a specially crafted bz2\n archive which, when parsed via the vulnerable function,\n could cause the application to crash or execute\n arbitrary code with the permissions of the user running\n the PHP application. (CVE-2016-5399)\n\n - An integer overflow flaw, leading to a heap-based buffer\n overflow was found in the imagecreatefromgd2() function\n of PHP's gd extension. A remote attacker could use this\n flaw to crash a PHP application or execute arbitrary\n code with the privileges of the user running that PHP\n application using gd via a specially crafted GD2 image.\n (CVE-2016-5766)\n\n - An integer overflow flaw, leading to a heap-based buffer\n overflow was found in the gdImagePaletteToTrueColor()\n function of PHP's gd extension. A remote attacker could\n use this flaw to crash a PHP application or execute\n arbitrary code with the privileges of the user running\n that PHP application using gd via a specially crafted\n image buffer. (CVE-2016-5767)\n\n - A double free flaw was found in the\n mb_ereg_replace_callback() function of php which is used\n to perform regex search. This flaw could possibly cause\n a PHP application to crash. (CVE-2016-5768)\n\nAdditional Changes :\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1612&L=scientific-linux-errata&F=&S=&P=6321\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1ca54de8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-bcmath-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-cli-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-common-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-dba-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-debuginfo-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-devel-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-embedded-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-enchant-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-fpm-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-gd-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-intl-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-ldap-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-mbstring-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-mysql-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-mysqlnd-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-odbc-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-pdo-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-pgsql-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-process-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-pspell-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-recode-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-snmp-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-soap-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-xml-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-xmlrpc-5.4.16-42.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:55:54", "description": "An update for php is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way certain error conditions were handled by bzread () function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vulnerable function, could cause the application to crash or execute arbitrary code with the permissions of the user running the PHP application.\n(CVE-2016-5399)\n\n* An integer overflow flaw, leading to a heap-based buffer overflow was found in the imagecreatefromgd2() function of PHP's gd extension.\nA remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application using gd via a specially crafted GD2 image.\n(CVE-2016-5766)\n\n* An integer overflow flaw, leading to a heap-based buffer overflow was found in the gdImagePaletteToTrueColor() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application using gd via a specially crafted image buffer. (CVE-2016-5767)\n\n* A double free flaw was found in the mb_ereg_replace_callback() function of php which is used to perform regex search. This flaw could possibly cause a PHP application to crash. (CVE-2016-5768)\n\nRed Hat would like to thank Hans Jerry Illikainen for reporting CVE-2016-5399.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "cvss3": {}, "published": "2016-11-28T00:00:00", "type": "nessus", "title": "CentOS 7 : php (CESA-2016:2598)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5399", "CVE-2016-5766", "CVE-2016-5767", "CVE-2016-5768"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:php", "p-cpe:/a:centos:centos:php-bcmath", "p-cpe:/a:centos:centos:php-cli", "p-cpe:/a:centos:centos:php-common", "p-cpe:/a:centos:centos:php-fpm", "p-cpe:/a:centos:centos:php-gd", "p-cpe:/a:centos:centos:php-intl", "p-cpe:/a:centos:centos:php-ldap", "p-cpe:/a:centos:centos:php-mbstring", "p-cpe:/a:centos:centos:php-mysql", "p-cpe:/a:centos:centos:php-mysqlnd", "p-cpe:/a:centos:centos:php-odbc", "p-cpe:/a:centos:centos:php-pdo", "p-cpe:/a:centos:centos:php-pgsql", "p-cpe:/a:centos:centos:php-process", "p-cpe:/a:centos:centos:php-pspell", "p-cpe:/a:centos:centos:php-recode", "p-cpe:/a:centos:centos:php-snmp", "p-cpe:/a:centos:centos:php-soap", "p-cpe:/a:centos:centos:php-xml", "p-cpe:/a:centos:centos:php-xmlrpc", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:php-dba", "p-cpe:/a:centos:centos:php-devel", "p-cpe:/a:centos:centos:php-embedded", "p-cpe:/a:centos:centos:php-enchant"], "id": "CENTOS_RHSA-2016-2598.NASL", "href": "https://www.tenable.com/plugins/nessus/95344", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2598 and \n# CentOS Errata and Security Advisory 2016:2598 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95344);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-5399\", \"CVE-2016-5766\", \"CVE-2016-5767\", \"CVE-2016-5768\");\n script_xref(name:\"RHSA\", value:\"2016:2598\");\n\n script_name(english:\"CentOS 7 : php (CESA-2016:2598)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for php is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way certain error conditions were handled by\nbzread () function in PHP. An attacker could use this flaw to upload a\nspecially crafted bz2 archive which, when parsed via the vulnerable\nfunction, could cause the application to crash or execute arbitrary\ncode with the permissions of the user running the PHP application.\n(CVE-2016-5399)\n\n* An integer overflow flaw, leading to a heap-based buffer overflow\nwas found in the imagecreatefromgd2() function of PHP's gd extension.\nA remote attacker could use this flaw to crash a PHP application or\nexecute arbitrary code with the privileges of the user running that\nPHP application using gd via a specially crafted GD2 image.\n(CVE-2016-5766)\n\n* An integer overflow flaw, leading to a heap-based buffer overflow\nwas found in the gdImagePaletteToTrueColor() function of PHP's gd\nextension. A remote attacker could use this flaw to crash a PHP\napplication or execute arbitrary code with the privileges of the user\nrunning that PHP application using gd via a specially crafted image\nbuffer. (CVE-2016-5767)\n\n* A double free flaw was found in the mb_ereg_replace_callback()\nfunction of php which is used to perform regex search. This flaw could\npossibly cause a PHP application to crash. (CVE-2016-5768)\n\nRed Hat would like to thank Hans Jerry Illikainen for reporting\nCVE-2016-5399.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2016-November/003423.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c4bb77a1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5768\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"php-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"php-bcmath-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"php-cli-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"php-common-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"php-dba-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"php-devel-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"php-embedded-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"php-enchant-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"php-fpm-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"php-gd-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"php-intl-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"php-ldap-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"php-mbstring-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"php-mysql-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"php-mysqlnd-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"php-odbc-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"php-pdo-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"php-pgsql-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"php-process-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"php-pspell-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"php-recode-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"php-snmp-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"php-soap-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"php-xml-5.4.16-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"php-xmlrpc-5.4.16-42.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:43:00", "description": "The remote host is affected by the vulnerability described in GLSA-201612-09 (GD: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in GD. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2016-12-05T00:00:00", "type": "nessus", "title": "GLSA-201612-09 : GD: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5766", "CVE-2016-6128", "CVE-2016-6132", "CVE-2016-6207", "CVE-2016-7568"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:gd", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201612-09.NASL", "href": "https://www.tenable.com/plugins/nessus/95524", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201612-09.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95524);\n script_version(\"3.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-5766\", \"CVE-2016-6128\", \"CVE-2016-6132\", \"CVE-2016-6207\", \"CVE-2016-7568\");\n script_xref(name:\"GLSA\", value:\"201612-09\");\n\n script_name(english:\"GLSA-201612-09 : GD: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201612-09\n(GD: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in GD. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201612-09\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All gd users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/gd-2.2.3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/gd\", unaffected:make_list(\"ge 2.2.3\"), vulnerable:make_list(\"lt 2.2.3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GD\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:33:34", "description": "**LibGD 2.2.3 release**\n\nSecurity related fixes: This flaw is caused by loading data from external sources (file, custom ctx, etc) and are hard to validate before calling libgd APIs :\n\n - fix php bug php#72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766)\n\n - bug #248, fix Out-Of-Bounds Read in read_image_tga\n\nUsing application provided parameters, in these cases invalid data causes the issues :\n\n - Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207)\n\n - fix php bug php#72494, invalid color index not handled, can lead to crash\n\n - improve color check for CropThreshold\n\nImportant update :\n\n - gdImageCopyResampled has been improved. Better handling of images with alpha channel, also brings libgd in sync with php's bundled gd.\n\nThis is a recommended update.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-07-25T00:00:00", "type": "nessus", "title": "Fedora 24 : gd (2016-615f3bf06e)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5766", "CVE-2016-6128", "CVE-2016-6132", "CVE-2016-6207", "CVE-2016-6214"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gd", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-615F3BF06E.NASL", "href": "https://www.tenable.com/plugins/nessus/92532", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-615f3bf06e.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92532);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-5766\", \"CVE-2016-6128\", \"CVE-2016-6132\", \"CVE-2016-6207\", \"CVE-2016-6214\");\n script_xref(name:\"FEDORA\", value:\"2016-615f3bf06e\");\n\n script_name(english:\"Fedora 24 : gd (2016-615f3bf06e)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**LibGD 2.2.3 release**\n\nSecurity related fixes: This flaw is caused by loading data from\nexternal sources (file, custom ctx, etc) and are hard to validate\nbefore calling libgd APIs :\n\n - fix php bug php#72339, Integer Overflow in _gd2GetHeader\n (CVE-2016-5766)\n\n - bug #248, fix Out-Of-Bounds Read in read_image_tga\n\nUsing application provided parameters, in these cases invalid data\ncauses the issues :\n\n - Integer overflow error within _gdContributionsAlloc()\n (CVE-2016-6207)\n\n - fix php bug php#72494, invalid color index not handled,\n can lead to crash\n\n - improve color check for CropThreshold\n\nImportant update :\n\n - gdImageCopyResampled has been improved. Better handling\n of images with alpha channel, also brings libgd in sync\n with php's bundled gd.\n\nThis is a recommended update.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-615f3bf06e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"gd-2.2.3-1.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:53:53", "description": "php53 was updated to fix five security issues. These security issues were fixed :\n\n - CVE-2016-5769: mcrypt: Heap Overflow due to integer overflows (bsc#986388).\n\n - CVE-2015-8935: XSS in header() with Internet Explorer (bsc#986004).\n\n - CVE-2016-5772: Double Free Courruption in wddx_deserialize (bsc#986244).\n\n - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow (bsc#986386).\n\n - CVE-2016-5767: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow (bsc#986393).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-09-02T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : php53 (SUSE-SU-2016:2013-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8935", "CVE-2016-5766", "CVE-2016-5767", "CVE-2016-5769", "CVE-2016-5772"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php53", "p-cpe:/a:novell:suse_linux:php53", "p-cpe:/a:novell:suse_linux:php53-bcmath", "p-cpe:/a:novell:suse_linux:php53-bz2", "p-cpe:/a:novell:suse_linux:php53-calendar", "p-cpe:/a:novell:suse_linux:php53-ctype", "p-cpe:/a:novell:suse_linux:php53-curl", "p-cpe:/a:novell:suse_linux:php53-dba", "p-cpe:/a:novell:suse_linux:php53-dom", "p-cpe:/a:novell:suse_linux:php53-exif", "p-cpe:/a:novell:suse_linux:php53-fastcgi", "p-cpe:/a:novell:suse_linux:php53-fileinfo", "p-cpe:/a:novell:suse_linux:php53-ftp", "p-cpe:/a:novell:suse_linux:php53-gd", "p-cpe:/a:novell:suse_linux:php53-gettext", "p-cpe:/a:novell:suse_linux:php53-gmp", "p-cpe:/a:novell:suse_linux:php53-iconv", "p-cpe:/a:novell:suse_linux:php53-intl", "p-cpe:/a:novell:suse_linux:php53-json", "p-cpe:/a:novell:suse_linux:php53-ldap", "p-cpe:/a:novell:suse_linux:php53-mbstring", "p-cpe:/a:novell:suse_linux:php53-mcrypt", "p-cpe:/a:novell:suse_linux:php53-mysql", "p-cpe:/a:novell:suse_linux:php53-odbc", "p-cpe:/a:novell:suse_linux:php53-openssl", "p-cpe:/a:novell:suse_linux:php53-pcntl", "p-cpe:/a:novell:suse_linux:php53-pdo", "p-cpe:/a:novell:suse_linux:php53-pear", "p-cpe:/a:novell:suse_linux:php53-pgsql", "p-cpe:/a:novell:suse_linux:php53-pspell", "p-cpe:/a:novell:suse_linux:php53-shmop", "p-cpe:/a:novell:suse_linux:php53-snmp", "p-cpe:/a:novell:suse_linux:php53-soap", "p-cpe:/a:novell:suse_linux:php53-suhosin", "p-cpe:/a:novell:suse_linux:php53-sysvmsg", "p-cpe:/a:novell:suse_linux:php53-sysvsem", "p-cpe:/a:novell:suse_linux:php53-sysvshm", "p-cpe:/a:novell:suse_linux:php53-tokenizer", "p-cpe:/a:novell:suse_linux:php53-wddx", "p-cpe:/a:novell:suse_linux:php53-xmlreader", "p-cpe:/a:novell:suse_linux:php53-xmlrpc", "p-cpe:/a:novell:suse_linux:php53-xmlwriter", "p-cpe:/a:novell:suse_linux:php53-xsl", "p-cpe:/a:novell:suse_linux:php53-zip", "p-cpe:/a:novell:suse_linux:php53-zlib", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-2013-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93282", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2013-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93282);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-8935\", \"CVE-2016-5766\", \"CVE-2016-5767\", \"CVE-2016-5769\", \"CVE-2016-5772\");\n\n script_name(english:\"SUSE SLES11 Security Update : php53 (SUSE-SU-2016:2013-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"php53 was updated to fix five security issues. These security issues\nwere fixed :\n\n - CVE-2016-5769: mcrypt: Heap Overflow due to integer\n overflows (bsc#986388).\n\n - CVE-2015-8935: XSS in header() with Internet Explorer\n (bsc#986004).\n\n - CVE-2016-5772: Double Free Courruption in\n wddx_deserialize (bsc#986244).\n\n - CVE-2016-5766: Integer Overflow in _gd2GetHeader()\n resulting in heap overflow (bsc#986386).\n\n - CVE-2016-5767: Integer Overflow in\n gdImagePaletteToTrueColor() resulting in heap overflow\n (bsc#986393).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986004\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8935/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5766/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5767/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5769/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5772/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162013-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?55c305da\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-php53-12683=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-php53-12683=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-php53-12683=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"apache2-mod_php53-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-bcmath-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-bz2-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-calendar-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-ctype-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-curl-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-dba-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-dom-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-exif-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-fastcgi-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-fileinfo-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-ftp-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-gd-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-gettext-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-gmp-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-iconv-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-intl-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-json-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-ldap-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-mbstring-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-mcrypt-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-mysql-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-odbc-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-openssl-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-pcntl-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-pdo-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-pear-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-pgsql-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-pspell-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-shmop-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-snmp-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-soap-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-suhosin-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-sysvmsg-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-sysvsem-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-sysvshm-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-tokenizer-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-wddx-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-xmlreader-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-xmlrpc-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-xmlwriter-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-xsl-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-zip-5.3.17-74.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-zlib-5.3.17-74.1\")) flag++;\n\n\nif (flag)\n{\n set_kb_item(name:'www/0/XSS', value:TRUE);\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php53\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:40:26", "description": "It was discovered that the GD library incorrectly handled memory when using gdImageScaleTwoPass(). A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2013-7456)\n\nIt was discovered that the GD library incorrectly handled certain malformed XBM images. If a user or automated system were tricked into processing a specially crafted XBM image, an attacker could cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-5116)\n\nIt was discovered that the GD library incorrectly handled memory when using _gd2GetHeader(). A remote attacker could possibly use this issue to cause a denial of service or possibly execute arbitrary code.\n(CVE-2016-5766)\n\nIt was discovered that the GD library incorrectly handled certain color indexes. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-6128)\n\nIt was discovered that the GD library incorrectly handled memory when encoding a GIF image. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-6161).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-07-12T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS : GD library vulnerabilities (USN-3030-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7456", "CVE-2016-5116", "CVE-2016-5766", "CVE-2016-6128", "CVE-2016-6161"], "modified": "2023-10-20T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libgd2-noxpm-dev", "p-cpe:/a:canonical:ubuntu_linux:libgd2-xpm-dev", "p-cpe:/a:canonical:ubuntu_linux:libgd3", "cpe:/o:canonical:ubuntu_linux:14.04:-:lts", "cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libgd-dev", "p-cpe:/a:canonical:ubuntu_linux:libgd-tools"], "id": "UBUNTU_USN-3030-1.NASL", "href": "https://www.tenable.com/plugins/nessus/92011", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3030-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92011);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2013-7456\",\n \"CVE-2016-5116\",\n \"CVE-2016-5766\",\n \"CVE-2016-6128\",\n \"CVE-2016-6161\"\n );\n script_xref(name:\"USN\", value:\"3030-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS : GD library vulnerabilities (USN-3030-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"It was discovered that the GD library incorrectly handled memory when\nusing gdImageScaleTwoPass(). A remote attacker could possibly use this\nissue to cause a denial of service. This issue only affected Ubuntu\n14.04 LTS. (CVE-2013-7456)\n\nIt was discovered that the GD library incorrectly handled certain\nmalformed XBM images. If a user or automated system were tricked into\nprocessing a specially crafted XBM image, an attacker could cause a\ndenial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu\n15.10 and Ubuntu 16.04 LTS. (CVE-2016-5116)\n\nIt was discovered that the GD library incorrectly handled memory when\nusing _gd2GetHeader(). A remote attacker could possibly use this issue\nto cause a denial of service or possibly execute arbitrary code.\n(CVE-2016-5766)\n\nIt was discovered that the GD library incorrectly handled certain\ncolor indexes. A remote attacker could possibly use this issue to\ncause a denial of service. This issue only affected Ubuntu 14.04 LTS,\nUbuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-6128)\n\nIt was discovered that the GD library incorrectly handled memory when\nencoding a GIF image. A remote attacker could possibly use this issue\nto cause a denial of service. (CVE-2016-6161).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-3030-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5766\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2016-5116\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgd2-noxpm-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgd2-xpm-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgd3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgd-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgd-tools\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('14.04' >< os_release || '16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04 / 16.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '14.04', 'pkgname': 'libgd-dev', 'pkgver': '2.1.0-3ubuntu0.2'},\n {'osver': '14.04', 'pkgname': 'libgd-tools', 'pkgver': '2.1.0-3ubuntu0.2'},\n {'osver': '14.04', 'pkgname': 'libgd2-noxpm-dev', 'pkgver': '2.1.0-3ubuntu0.2'},\n {'osver': '14.04', 'pkgname': 'libgd2-xpm-dev', 'pkgver': '2.1.0-3ubuntu0.2'},\n {'osver': '14.04', 'pkgname': 'libgd3', 'pkgver': '2.1.0-3ubuntu0.2'},\n {'osver': '16.04', 'pkgname': 'libgd-dev', 'pkgver': '2.1.1-4ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'libgd-tools', 'pkgver': '2.1.1-4ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'libgd3', 'pkgver': '2.1.1-4ubuntu0.16.04.2'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libgd-dev / libgd-tools / libgd2-noxpm-dev / libgd2-xpm-dev / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:54", "description": "According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.8. It is, therefore, affected by multiple vulnerabilities :\n\n - An integer overflow condition exists in the _gd2GetHeader() function in file ext/gd/libgd/gd_gd2.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5766)\n\n - A double-free error exists in the _php_mb_regex_ereg_replace_exec() function within file ext/mbstring/php_mbregex.c when handling a failed callback execution. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5768)\n\n - An integer overflow condition exists within file ext/mcrypt/mcrypt.c due to improper validation of user-supplied input when handling data values. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5769)\n\n - An integer overflow condition exists within file ext/spl/spl_directory.c, triggered by an int/size_t type confusion error, that allows an unauthenticated, remote attacker to have an unspecified impact. (CVE-2016-5770)\n\n - A use-after-free error exists in the garbage collection algorithm within file ext/spl/spl_array.c. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-5771)\n\n - A double-free error exists in the php_wddx_process_data() function within file ext/wddx/wddx.c when handling specially crafted XML content. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5772)\n\n - A use-after-free error exists in the garbage collection algorithm within file ext/zip/php_zip.c. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-5773)\n\n - An integer overflow condition exists in the json_decode() and json_utf8_to_utf16() functions within file ext/standard/php_smart_str.h due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.\n\n - An out-of-bounds read error exists in the pass2_no_dither() function within file ext/gd/libgd/gd_topal.c that allows an unauthenticated, remote attacker to cause a denial of service condition or disclose memory contents.\n\n - An integer overflow condition exists within file ext/standard/string.c when handling string lengths due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to have an unspecified impact.\n\n - A NULL pointer dereference flaw exists in the _gdScaleVert() function within file ext/gd/libgd/gd_interpolation.c that is triggered when handling _gdContributionsCalc return values. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.\n\n - An integer overflow condition exists in the nl2br() function within file ext/standard/string.c when handling new_length values due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to have an unspecified impact.\n\n - An integer overflow condition exists in multiple functions within file ext/standard/string.c when handling string values due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to have an unspecified impact.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-01-09T00:00:00", "type": "nessus", "title": "PHP 7.0.x < 7.0.8 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5766", "CVE-2016-5768", "CVE-2016-5769", "CVE-2016-5770", "CVE-2016-5771", "CVE-2016-5772", "CVE-2016-5773"], "modified": "2023-03-14T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98854", "href": "https://www.tenable.com/plugins/was/98854", "sourceData": "No source data", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:40:19", "description": "Several vulnerabilities were discovered in libgd2, a library for programmatic graphics creation and manipulation. A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using the libgd2 library (application crash), or potentially to execute arbitrary code with the privileges of the user running the application.", "cvss3": {}, "published": "2016-07-18T00:00:00", "type": "nessus", "title": "Debian DSA-3619-1 : libgd2 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5116", "CVE-2016-5766", "CVE-2016-6128", "CVE-2016-6132", "CVE-2016-6161", "CVE-2016-6214", "CVE-2016-6905"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libgd2", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3619.NASL", "href": "https://www.tenable.com/plugins/nessus/92327", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3619. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92327);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-5116\", \"CVE-2016-5766\", \"CVE-2016-6128\", \"CVE-2016-6132\", \"CVE-2016-6161\", \"CVE-2016-6214\", \"CVE-2016-6905\");\n script_xref(name:\"DSA\", value:\"3619\");\n\n script_name(english:\"Debian DSA-3619-1 : libgd2 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in libgd2, a library for\nprogrammatic graphics creation and manipulation. A remote attacker can\ntake advantage of these flaws to cause a denial-of-service against an\napplication using the libgd2 library (application crash), or\npotentially to execute arbitrary code with the privileges of the user\nrunning the application.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/libgd2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3619\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libgd2 packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 2.1.0-5+deb8u4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgd2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libgd-dbg\", reference:\"2.1.0-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgd-dev\", reference:\"2.1.0-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgd-tools\", reference:\"2.1.0-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgd2-noxpm-dev\", reference:\"2.1.0-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgd2-xpm-dev\", reference:\"2.1.0-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgd3\", reference:\"2.1.0-5+deb8u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:40:45", "description": "23 Jun 2016, **PHP 5.6.23**\n\n**Core:**\n\n - Fixed bug php#72275 (Integer Overflow in json_encode()/json_decode()/json_utf8_to_utf16()).\n (Stas)\n\n - Fixed bug php#72400 (Integer Overflow in addcslashes/addslashes). (Stas)\n\n - Fixed bug php#72403 (Integer Overflow in Length of String-typed ZVAL). (Stas)\n\n**GD:**\n\n - Fixed bug php#72298 (pass2_no_dither out-of-bounds access). (Stas)\n\n - Fixed bug php#72337 (invalid dimensions can lead to crash) (Pierre)\n\n - Fixed bug php#72339 (Integer Overflow in _gd2GetHeader() resulting in heap overflow). (Pierre)\n\n - Fixed bug php#72407 (NULL pointer Dereference at\n _gdScaleVert). (Stas)\n\n - Fixed bug php#72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow).\n (Pierre)\n\n**Intl:**\n\n - Fixed bug php#70484 (selectordinal doesn't work with named parameters). (Anatol)\n\n**mbstring:**\n\n - Fixed bug php#72402 (_php_mb_regex_ereg_replace_exec - double free). (Stas)\n\n**mcrypt:**\n\n - Fixed bug php#72455 (Heap Overflow due to integer overflows). (Stas)\n\n**Phar:**\n\n - Fixed bug php#72321 (invalid free in phar_extract_file()). (hji at dyntopia dot com)\n\n**SPL:**\n\n - Fixed bug php#72262 (int/size_t confusion in SplFileObject::fread). (Stas)\n\n - Fixed bug php#72433 (Use After Free Vulnerability in PHP's GC algorithm and unserialize). (Dmitry)\n\n**OpenSSL:**\n\n - Fixed bug php#72140 (segfault after calling ERR_free_strings()). (Jakub Zelenka)\n\n**WDDX:**\n\n - Fixed bug php#72340 (Double Free Courruption in wddx_deserialize). (Stas)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-07-15T00:00:00", "type": "nessus", "title": "Fedora 23 : php (2016-34a6b65583)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5766", "CVE-2016-5767", "CVE-2016-5768", "CVE-2016-5769", "CVE-2016-5770", "CVE-2016-5771", "CVE-2016-5772"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-34A6B65583.NASL", "href": "https://www.tenable.com/plugins/nessus/92239", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-34a6b65583.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92239);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-5766\", \"CVE-2016-5767\", \"CVE-2016-5768\", \"CVE-2016-5769\", \"CVE-2016-5770\", \"CVE-2016-5771\", \"CVE-2016-5772\");\n script_xref(name:\"FEDORA\", value:\"2016-34a6b65583\");\n\n script_name(english:\"Fedora 23 : php (2016-34a6b65583)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"23 Jun 2016, **PHP 5.6.23**\n\n**Core:**\n\n - Fixed bug php#72275 (Integer Overflow in\n json_encode()/json_decode()/json_utf8_to_utf16()).\n (Stas)\n\n - Fixed bug php#72400 (Integer Overflow in\n addcslashes/addslashes). (Stas)\n\n - Fixed bug php#72403 (Integer Overflow in Length of\n String-typed ZVAL). (Stas)\n\n**GD:**\n\n - Fixed bug php#72298 (pass2_no_dither out-of-bounds\n access). (Stas)\n\n - Fixed bug php#72337 (invalid dimensions can lead to\n crash) (Pierre)\n\n - Fixed bug php#72339 (Integer Overflow in _gd2GetHeader()\n resulting in heap overflow). (Pierre)\n\n - Fixed bug php#72407 (NULL pointer Dereference at\n _gdScaleVert). (Stas)\n\n - Fixed bug php#72446 (Integer Overflow in\n gdImagePaletteToTrueColor() resulting in heap overflow).\n (Pierre)\n\n**Intl:**\n\n - Fixed bug php#70484 (selectordinal doesn't work with\n named parameters). (Anatol)\n\n**mbstring:**\n\n - Fixed bug php#72402 (_php_mb_regex_ereg_replace_exec -\n double free). (Stas)\n\n**mcrypt:**\n\n - Fixed bug php#72455 (Heap Overflow due to integer\n overflows). (Stas)\n\n**Phar:**\n\n - Fixed bug php#72321 (invalid free in\n phar_extract_file()). (hji at dyntopia dot com)\n\n**SPL:**\n\n - Fixed bug php#72262 (int/size_t confusion in\n SplFileObject::fread). (Stas)\n\n - Fixed bug php#72433 (Use After Free Vulnerability in\n PHP's GC algorithm and unserialize). (Dmitry)\n\n**OpenSSL:**\n\n - Fixed bug php#72140 (segfault after calling\n ERR_free_strings()). (Jakub Zelenka)\n\n**WDDX:**\n\n - Fixed bug php#72340 (Double Free Courruption in\n wddx_deserialize). (Stas)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-34a6b65583\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"php-5.6.23-1.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:40:46", "description": "23 Jun 2016, **PHP 5.6.23**\n\n**Core:**\n\n - Fixed bug php#72275 (Integer Overflow in json_encode()/json_decode()/json_utf8_to_utf16()).\n (Stas)\n\n - Fixed bug php#72400 (Integer Overflow in addcslashes/addslashes). (Stas)\n\n - Fixed bug php#72403 (Integer Overflow in Length of String-typed ZVAL). (Stas)\n\n**GD:**\n\n - Fixed bug php#72298 (pass2_no_dither out-of-bounds access). (Stas)\n\n - Fixed bug php#72337 (invalid dimensions can lead to crash) (Pierre)\n\n - Fixed bug php#72339 (Integer Overflow in _gd2GetHeader() resulting in heap overflow). (Pierre)\n\n - Fixed bug php#72407 (NULL pointer Dereference at\n _gdScaleVert). (Stas)\n\n - Fixed bug php#72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow).\n (Pierre)\n\n**Intl:**\n\n - Fixed bug php#70484 (selectordinal doesn't work with named parameters). (Anatol)\n\n**mbstring:**\n\n - Fixed bug php#72402 (_php_mb_regex_ereg_replace_exec - double free). (Stas)\n\n**mcrypt:**\n\n - Fixed bug php#72455 (Heap Overflow due to integer overflows). (Stas)\n\n**Phar:**\n\n - Fixed bug php#72321 (invalid free in phar_extract_file()). (hji at dyntopia dot com)\n\n**SPL:**\n\n - Fixed bug php#72262 (int/size_t confusion in SplFileObject::fread). (Stas)\n\n - Fixed bug php#72433 (Use After Free Vulnerability in PHP's GC algorithm and unserialize). (Dmitry)\n\n**OpenSSL:**\n\n - Fixed bug php#72140 (segfault after calling ERR_free_strings()). (Jakub Zelenka)\n\n**WDDX:**\n\n - Fixed bug php#72340 (Double Free Courruption in wddx_deserialize). (Stas)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-07-15T00:00:00", "type": "nessus", "title": "Fedora 24 : php (2016-ec372bddb9)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5766", "CVE-2016-5767", "CVE-2016-5768", "CVE-2016-5769", "CVE-2016-5770", "CVE-2016-5771", "CVE-2016-5772"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-EC372BDDB9.NASL", "href": "https://www.tenable.com/plugins/nessus/92300", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-ec372bddb9.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92300);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-5766\", \"CVE-2016-5767\", \"CVE-2016-5768\", \"CVE-2016-5769\", \"CVE-2016-5770\", \"CVE-2016-5771\", \"CVE-2016-5772\");\n script_xref(name:\"FEDORA\", value:\"2016-ec372bddb9\");\n\n script_name(english:\"Fedora 24 : php (2016-ec372bddb9)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"23 Jun 2016, **PHP 5.6.23**\n\n**Core:**\n\n - Fixed bug php#72275 (Integer Overflow in\n json_encode()/json_decode()/json_utf8_to_utf16()).\n (Stas)\n\n - Fixed bug php#72400 (Integer Overflow in\n addcslashes/addslashes). (Stas)\n\n - Fixed bug php#72403 (Integer Overflow in Length of\n String-typed ZVAL). (Stas)\n\n**GD:**\n\n - Fixed bug php#72298 (pass2_no_dither out-of-bounds\n access). (Stas)\n\n - Fixed bug php#72337 (invalid dimensions can lead to\n crash) (Pierre)\n\n - Fixed bug php#72339 (Integer Overflow in _gd2GetHeader()\n resulting in heap overflow). (Pierre)\n\n - Fixed bug php#72407 (NULL pointer Dereference at\n _gdScaleVert). (Stas)\n\n - Fixed bug php#72446 (Integer Overflow in\n gdImagePaletteToTrueColor() resulting in heap overflow).\n (Pierre)\n\n**Intl:**\n\n - Fixed bug php#70484 (selectordinal doesn't work with\n named parameters). (Anatol)\n\n**mbstring:**\n\n - Fixed bug php#72402 (_php_mb_regex_ereg_replace_exec -\n double free). (Stas)\n\n**mcrypt:**\n\n - Fixed bug php#72455 (Heap Overflow due to integer\n overflows). (Stas)\n\n**Phar:**\n\n - Fixed bug php#72321 (invalid free in\n phar_extract_file()). (hji at dyntopia dot com)\n\n**SPL:**\n\n - Fixed bug php#72262 (int/size_t confusion in\n SplFileObject::fread). (Stas)\n\n - Fixed bug php#72433 (Use After Free Vulnerability in\n PHP's GC algorithm and unserialize). (Dmitry)\n\n**OpenSSL:**\n\n - Fixed bug php#72140 (segfault after calling\n ERR_free_strings()). (Jakub Zelenka)\n\n**WDDX:**\n\n - Fixed bug php#72340 (Double Free Courruption in\n wddx_deserialize). (Stas)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-ec372bddb9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"php-5.6.23-1.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:07", "description": "The specific version of PHP that the system is running is reportedly affected by the following vulnerabilities:\n\n- PHP contains an integer overflow condition in the json_decode() and json_utf8_to_utf16() functions in ext/standard/php_smart_str.h. The issue is triggered as user-supplied input is not properly validated. This may allow a remote attacker to cause a heap-based buffer overflow, causing a denial of service in a process linked against PHP or potentially allowing the execution of arbitrary code.\n\n- PHP contains an out-of-bounds read flaw in the pass2_no_dither() function in ext/gd/libgd/gd_topal.c that may allow a remote attacker to crash a process utilizing PHP or potentially disclose memory contents.\n\n- PHP contains an integer overflow condition in ext/standard/string.c. The issue is triggered as user-supplied input is not properly validated when handling string lengths. This may allow a remote attacker to have an unspecified impact.\n\n- PHP contains a double-free flaw in the _php_mb_regex_ereg_replace_exec() function in ext/mbstring/php_mbregex.c that is triggered when handling a failed callback execution. This may allow a remote attacker to potentially execute arbitrary code. (CVE-2016-5768)\n\n- PHP contains a NULL pointer dereference flaw in the _gdScaleVert() function in ext/gd/libgd/gd_interpolation.c that is triggered during the handling of _gdContributionsCalc return values. This may allow a remote attacker to cause a denial of service in a process linked against PHP.\n\n- PHP contains an integer overflow condition in ext/spl/spl_directory.c. The issue is triggered by an int/size_t confusion issue. This may allow a remote attacker to have an unspecified impact. (CVE-2016-5770)\n\n- PHP contains an integer overflow condition in ext/mcrypt/mcrypt.c. The issue is triggered as user-supplied input is not properly validated when handling data values. This may allow a remote attacker to cause a heap-based buffer overflow, resulting in a denial of service in a process linked against PHP or potentially allowing the execution of arbitrary code. (CVE-2016-5769)\n\n- PHP contains an integer overflow condition in the nl2br() function in ext/standard/string.c. The issue is triggered as user-supplied input is not properly validated when handling new_length values. This may allow a remote attacker to have an unspecified impact.\n\n- PHP contains an integer overflow condition in multiple functions in ext/standard/string.c. The issue is triggered as user-supplied input is not properly validated when handling string values. This may allow a remote attacker to have an unspecified impact.\n\n- PHP contains a double-free flaw in the php_wddx_process_data() function in ext/wddx/wddx.c that is triggered during the handling of specially crafted XML content. This may allow a remote attacker to potentially execute arbitrary code. (CVE-2016-5772)\n\n- PHP contains an integer overflow condition in the gdImagePaletteToTrueColor() function in ext/gd/libgd/gd.c. The issue is triggered as user-supplied input is not properly validated. This may allow a remote attacker to cause a heap-based buffer overflow, resulting in a denial of service in a process linked against PHP or potentially allowing the execution of arbitrary code. (CVE-2016-5767)\n\n- PHP contains an invalid free flaw in the phar_extract_file() function in ext/phar/phar_object.c. This may allow a remote attacker to have an unspecified impact. (CVE-2016-4473)\n\n- PHP contains an integer overflow condition in the _gd2GetHeader() function in ext/gd/libgd/gd_gd2.c. The issue is triggered as user-supplied input is not properly validated. This may allow a remote attacker to cause a heap-based buffer overflow, resulting in a denial of service in a process linked against PHP or potentially allowing the execution of arbitrary code. (CVE-2016-5766)", "cvss3": {}, "published": "2016-08-23T00:00:00", "type": "nessus", "title": "PHP < 5.5.37, 5.6.23, 7.0.8 Multiple Vulnerabilties", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4473", "CVE-2016-5766", "CVE-2016-5767", "CVE-2016-5768", "CVE-2016-5769", "CVE-2016-5770", "CVE-2016-5772"], "modified": "2016-08-23T00:00:00", "cpe": [], "id": "802010.PRM", "href": "https://www.tenable.com/plugins/lce/802010", "sourceData": "Binary data 802010.prm", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:39:41", "description": "23 Jun 2016, **PHP 5.6.23**\n\n**Core:**\n\n - Fixed bug php#72275 (Integer Overflow in json_encode()/json_decode()/json_utf8_to_utf16()).\n (Stas)\n\n - Fixed bug php#72400 (Integer Overflow in addcslashes/addslashes). (Stas)\n\n - Fixed bug php#72403 (Integer Overflow in Length of String-typed ZVAL). (Stas)\n\n**GD:**\n\n - Fixed bug php#72298 (pass2_no_dither out-of-bounds access). (Stas)\n\n - Fixed bug php#72337 (invalid dimensions can lead to crash) (Pierre)\n\n - Fixed bug php#72339 (Integer Overflow in _gd2GetHeader() resulting in heap overflow). (Pierre)\n\n - Fixed bug php#72407 (NULL pointer Dereference at\n _gdScaleVert). (Stas)\n\n - Fixed bug php#72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow).\n (Pierre)\n\n**Intl:**\n\n - Fixed bug php#70484 (selectordinal doesn't work with named parameters). (Anatol)\n\n**mbstring:**\n\n - Fixed bug php#72402 (_php_mb_regex_ereg_replace_exec - double free). (Stas)\n\n**mcrypt:**\n\n - Fixed bug php#72455 (Heap Overflow due to integer overflows). (Stas)\n\n**Phar:**\n\n - Fixed bug php#72321 (invalid free in phar_extract_file()). (hji at dyntopia dot com)\n\n**SPL:**\n\n - Fixed bug php#72262 (int/size_t confusion in SplFileObject::fread). (Stas)\n\n - Fixed bug php#72433 (Use After Free Vulnerability in PHP's GC algorithm and unserialize). (Dmitry)\n\n**OpenSSL:**\n\n - Fixed bug php#72140 (segfault after calling ERR_free_strings()). (Jakub Zelenka)\n\n**WDDX:**\n\n - Fixed bug php#72340 (Double Free Courruption in wddx_deserialize). (Stas)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-07-15T00:00:00", "type": "nessus", "title": "Fedora 22 : php (2016-99fbdc5c34)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5766", "CVE-2016-5767", "CVE-2016-5768", "CVE-2016-5769", "CVE-2016-5770", "CVE-2016-5771", "CVE-2016-5772"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2016-99FBDC5C34.NASL", "href": "https://www.tenable.com/plugins/nessus/92272", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-99fbdc5c34.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92272);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-5766\", \"CVE-2016-5767\", \"CVE-2016-5768\", \"CVE-2016-5769\", \"CVE-2016-5770\", \"CVE-2016-5771\", \"CVE-2016-5772\");\n script_xref(name:\"FEDORA\", value:\"2016-99fbdc5c34\");\n\n script_name(english:\"Fedora 22 : php (2016-99fbdc5c34)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"23 Jun 2016, **PHP 5.6.23**\n\n**Core:**\n\n - Fixed bug php#72275 (Integer Overflow in\n json_encode()/json_decode()/json_utf8_to_utf16()).\n (Stas)\n\n - Fixed bug php#72400 (Integer Overflow in\n addcslashes/addslashes). (Stas)\n\n - Fixed bug php#72403 (Integer Overflow in Length of\n String-typed ZVAL). (Stas)\n\n**GD:**\n\n - Fixed bug php#72298 (pass2_no_dither out-of-bounds\n access). (Stas)\n\n - Fixed bug php#72337 (invalid dimensions can lead to\n crash) (Pierre)\n\n - Fixed bug php#72339 (Integer Overflow in _gd2GetHeader()\n resulting in heap overflow). (Pierre)\n\n - Fixed bug php#72407 (NULL pointer Dereference at\n _gdScaleVert). (Stas)\n\n - Fixed bug php#72446 (Integer Overflow in\n gdImagePaletteToTrueColor() resulting in heap overflow).\n (Pierre)\n\n**Intl:**\n\n - Fixed bug php#70484 (selectordinal doesn't work with\n named parameters). (Anatol)\n\n**mbstring:**\n\n - Fixed bug php#72402 (_php_mb_regex_ereg_replace_exec -\n double free). (Stas)\n\n**mcrypt:**\n\n - Fixed bug php#72455 (Heap Overflow due to integer\n overflows). (Stas)\n\n**Phar:**\n\n - Fixed bug php#72321 (invalid free in\n phar_extract_file()). (hji at dyntopia dot com)\n\n**SPL:**\n\n - Fixed bug php#72262 (int/size_t confusion in\n SplFileObject::fread). (Stas)\n\n - Fixed bug php#72433 (Use After Free Vulnerability in\n PHP's GC algorithm and unserialize). (Dmitry)\n\n**OpenSSL:**\n\n - Fixed bug php#72140 (segfault after calling\n ERR_free_strings()). (Jakub Zelenka)\n\n**WDDX:**\n\n - Fixed bug php#72340 (Double Free Courruption in\n wddx_deserialize). (Stas)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-99fbdc5c34\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"php-5.6.23-1.fc22\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:39:21", "description": "New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.", "cvss3": {}, "published": "2016-06-27T00:00:00", "type": "nessus", "title": "Slackware 14.0 / 14.1 / current : php (SSA:2016-176-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5766", "CVE-2016-5767", "CVE-2016-5768", "CVE-2016-5769", "CVE-2016-5770", "CVE-2016-5771", "CVE-2016-5772", "CVE-2016-5773"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:php", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1"], "id": "SLACKWARE_SSA_2016-176-01.NASL", "href": "https://www.tenable.com/plugins/nessus/91830", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2016-176-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91830);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-5766\", \"CVE-2016-5767\", \"CVE-2016-5768\", \"CVE-2016-5769\", \"CVE-2016-5770\", \"CVE-2016-5771\", \"CVE-2016-5772\", \"CVE-2016-5773\");\n script_xref(name:\"SSA\", value:\"2016-176-01\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / current : php (SSA:2016-176-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New php packages are available for Slackware 14.0, 14.1, and -current\nto fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.418295\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b337a4ad\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"php\", pkgver:\"5.6.23\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.6.23\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"php\", pkgver:\"5.6.23\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.6.23\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"php\", pkgver:\"5.6.23\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.6.23\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:10", "description": "This update for php7 fixes the following issues :\n\n - CVE-2016-10397: parse_url() can be bypassed to return fake host. (bsc#1047454)\n\n - CVE-2017-11142: Remoteattackers could cause a CPU consumption denial of service attack by injectinglong form variables, related to main/php_variables.\n (bsc#1048100)\n\n - CVE-2017-11144: The opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash.\n (bsc#1048096)\n\n - CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to information leak.\n (bsc#1048112)\n\n - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could lead to information leak. (bsc#1048111)\n\n - CVE-2017-11147: The PHAR archive handler could beused by attackers supplying malicious archive files to crash the PHP interpreteror potentially disclose information.\n (bsc#1048094)\n\n - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() could lead to denial of service (bsc#1050726)\n\n - CVE-2017-7890: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function could lead to denial of service (bsc#1050241)\n\n - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow could lead to denial of service or code execution (bsc#986386) Other fixes :\n\n - Soap Request with References (bsc#1053645)\n\n - php7-pear should explicitly require php7-pear-Archive_Tar otherwise this dependency must be declared in every php7-pear-* package explicitly.\n [bnc#1052389]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-01-02T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : php7 (SUSE-SU-2017:2303-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10397", "CVE-2016-5766", "CVE-2017-11142", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11146", "CVE-2017-11147", "CVE-2017-11628", "CVE-2017-7890"], "modified": "2022-05-24T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php7", "p-cpe:/a:novell:suse_linux:apache2-mod_php7-debuginfo", "p-cpe:/a:novell:suse_linux:php7", "p-cpe:/a:novell:suse_linux:php7-bcmath", "p-cpe:/a:novell:suse_linux:php7-bcmath-debuginfo", "p-cpe:/a:novell:suse_linux:php7-bz2", "p-cpe:/a:novell:suse_linux:php7-bz2-debuginfo", "p-cpe:/a:novell:suse_linux:php7-calendar", "p-cpe:/a:novell:suse_linux:php7-calendar-debuginfo", "p-cpe:/a:novell:suse_linux:php7-ctype", "p-cpe:/a:novell:suse_linux:php7-ctype-debuginfo", "p-cpe:/a:novell:suse_linux:php7-curl", "p-cpe:/a:novell:suse_linux:php7-curl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-dba", "p-cpe:/a:novell:suse_linux:php7-dba-debuginfo", "p-cpe:/a:novell:suse_linux:php7-debuginfo", "p-cpe:/a:novell:suse_linux:php7-debugsource", "p-cpe:/a:novell:suse_linux:php7-dom", "p-cpe:/a:novell:suse_linux:php7-dom-debuginfo", "p-cpe:/a:novell:suse_linux:php7-enchant", "p-cpe:/a:novell:suse_linux:php7-pcntl", "p-cpe:/a:novell:suse_linux:php7-pcntl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-pdo", "p-cpe:/a:novell:suse_linux:php7-pdo-debuginfo", "p-cpe:/a:novell:suse_linux:php7-pgsql", "p-cpe:/a:novell:suse_linux:php7-pgsql-debuginfo", "p-cpe:/a:novell:suse_linux:php7-phar", "p-cpe:/a:novell:suse_linux:php7-phar-debuginfo", "p-cpe:/a:novell:suse_linux:php7-posix", "p-cpe:/a:novell:suse_linux:php7-posix-debuginfo", "p-cpe:/a:novell:suse_linux:php7-pspell", "p-cpe:/a:novell:suse_linux:php7-pspell-debuginfo", "p-cpe:/a:novell:suse_linux:php7-shmop", "p-cpe:/a:novell:suse_linux:php7-shmop-debuginfo", "p-cpe:/a:novell:suse_linux:php7-snmp", "p-cpe:/a:novell:suse_linux:php7-snmp-debuginfo", "p-cpe:/a:novell:suse_linux:php7-soap", "p-cpe:/a:novell:suse_linux:php7-soap-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sockets", "p-cpe:/a:novell:suse_linux:php7-sockets-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sqlite", "p-cpe:/a:novell:suse_linux:php7-sqlite-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sysvmsg", "p-cpe:/a:novell:suse_linux:php7-sysvmsg-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sysvsem", "p-cpe:/a:novell:suse_linux:php7-sysvsem-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sysvshm", "p-cpe:/a:novell:suse_linux:php7-sysvshm-debuginfo", "p-cpe:/a:novell:suse_linux:php7-tokenizer", "p-cpe:/a:novell:suse_linux:php7-tokenizer-debuginfo", "p-cpe:/a:novell:suse_linux:php7-wddx", "p-cpe:/a:novell:suse_linux:php7-wddx-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xmlreader", "p-cpe:/a:novell:suse_linux:php7-xmlreader-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xmlrpc", "p-cpe:/a:novell:suse_linux:php7-xmlrpc-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xmlwriter", "p-cpe:/a:novell:suse_linux:php7-xmlwriter-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xsl", "p-cpe:/a:novell:suse_linux:php7-xsl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-zip", "p-cpe:/a:novell:suse_linux:php7-zip-debuginfo", "p-cpe:/a:novell:suse_linux:php7-zlib", "p-cpe:/a:novell:suse_linux:php7-zlib-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:php7-ftp", "p-cpe:/a:novell:suse_linux:php7-ftp-debuginfo", "p-cpe:/a:novell:suse_linux:php7-gd", "p-cpe:/a:novell:suse_linux:php7-gd-debuginfo", "p-cpe:/a:novell:suse_linux:php7-gettext", "p-cpe:/a:novell:suse_linux:php7-gettext-debuginfo", "p-cpe:/a:novell:suse_linux:php7-gmp", "p-cpe:/a:novell:suse_linux:php7-gmp-debuginfo", "p-cpe:/a:novell:suse_linux:php7-iconv", "p-cpe:/a:novell:suse_linux:php7-iconv-debuginfo", "p-cpe:/a:novell:suse_linux:php7-imap", "p-cpe:/a:novell:suse_linux:php7-imap-debuginfo", "p-cpe:/a:novell:suse_linux:php7-intl", "p-cpe:/a:novell:suse_linux:php7-intl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-json", "p-cpe:/a:novell:suse_linux:php7-json-debuginfo", "p-cpe:/a:novell:suse_linux:php7-ldap", "p-cpe:/a:novell:suse_linux:php7-ldap-debuginfo", "p-cpe:/a:novell:suse_linux:php7-mbstring", "p-cpe:/a:novell:suse_linux:php7-mbstring-debuginfo", "p-cpe:/a:novell:suse_linux:php7-mcrypt", "p-cpe:/a:novell:suse_linux:php7-mcrypt-debuginfo", "p-cpe:/a:novell:suse_linux:php7-mysql", "p-cpe:/a:novell:suse_linux:php7-mysql-debuginfo", "p-cpe:/a:novell:suse_linux:php7-odbc", "p-cpe:/a:novell:suse_linux:php7-odbc-debuginfo", "p-cpe:/a:novell:suse_linux:php7-opcache", "p-cpe:/a:novell:suse_linux:php7-opcache-debuginfo", "p-cpe:/a:novell:suse_linux:php7-openssl", "p-cpe:/a:novell:suse_linux:php7-openssl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-enchant-debuginfo", "p-cpe:/a:novell:suse_linux:php7-exif", "p-cpe:/a:novell:suse_linux:php7-exif-debuginfo", "p-cpe:/a:novell:suse_linux:php7-fastcgi", "p-cpe:/a:novell:suse_linux:php7-fastcgi-debuginfo", "p-cpe:/a:novell:suse_linux:php7-fileinfo", "p-cpe:/a:novell:suse_linux:php7-fileinfo-debuginfo", "p-cpe:/a:novell:suse_linux:php7-fpm", "p-cpe:/a:novell:suse_linux:php7-fpm-debuginfo"], "id": "SUSE_SU-2017-2303-1.NASL", "href": "https://www.tenable.com/plugins/nessus/120003", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2303-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120003);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/24\");\n\n script_cve_id(\n \"CVE-2016-5766\",\n \"CVE-2016-10397\",\n \"CVE-2017-7890\",\n \"CVE-2017-11142\",\n \"CVE-2017-11144\",\n \"CVE-2017-11145\",\n \"CVE-2017-11146\",\n \"CVE-2017-11147\",\n \"CVE-2017-11628\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : php7 (SUSE-SU-2017:2303-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for php7 fixes the following issues :\n\n - CVE-2016-10397: parse_url() can be bypassed to return\n fake host. (bsc#1047454)\n\n - CVE-2017-11142: Remoteattackers could cause a CPU\n consumption denial of service attack by injectinglong\n form variables, related to main/php_variables.\n (bsc#1048100)\n\n - CVE-2017-11144: The opensslextension PEM sealing code\n did not check the return value of the OpenSSL\n sealingfunction, which could lead to a crash.\n (bsc#1048096)\n\n - CVE-2017-11145: Lack of bounds checks in\n timelib_meridian coud lead to information leak.\n (bsc#1048112)\n\n - CVE-2017-11146: Lack of bounds checks in\n timelib_meridian parse code could lead to information\n leak. (bsc#1048111)\n\n - CVE-2017-11147: The PHAR archive handler could beused by\n attackers supplying malicious archive files to crash the\n PHP interpreteror potentially disclose information.\n (bsc#1048094)\n\n - CVE-2017-11628: Stack-base dbuffer overflow in\n zend_ini_do_op() could lead to denial of service\n (bsc#1050726)\n\n - CVE-2017-7890: Buffer over-read from unitialized data in\n gdImageCreateFromGifCtx function could lead to denial of\n service (bsc#1050241)\n\n - CVE-2016-5766: Integer Overflow in _gd2GetHeader()\n resulting in heap overflow could lead to denial of\n service or code execution (bsc#986386) Other fixes :\n\n - Soap Request with References (bsc#1053645)\n\n - php7-pear should explicitly require\n php7-pear-Archive_Tar otherwise this dependency must be\n declared in every php7-pear-* package explicitly.\n [bnc#1052389]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048111\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048112\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=986386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2016-10397/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2016-5766/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-11142/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-11144/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-11145/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-11146/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-11147/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-11628/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-7890/\");\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172303-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9326f566\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2017-1417=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-1417=1\n\nSUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch\nSUSE-SLE-Module-Web-Scripting-12-2017-1417=1\n\nTo bring your system up-to-date, use 'zypper patch'.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11628\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2017-11147\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php7-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php7-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-bcmath-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-bcmath-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-bz2-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-bz2-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-calendar-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-calendar-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ctype-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ctype-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-curl-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-curl-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-dba-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-dba-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-debugsource-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-dom-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-dom-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-enchant-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-enchant-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-exif-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-exif-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fastcgi-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fastcgi-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fileinfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fileinfo-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fpm-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fpm-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ftp-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ftp-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gd-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gd-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gettext-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gettext-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gmp-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gmp-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-iconv-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-iconv-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-imap-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-imap-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-intl-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-intl-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-json-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-json-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ldap-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ldap-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mbstring-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mbstring-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mcrypt-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mcrypt-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mysql-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mysql-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-odbc-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-odbc-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-opcache-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-opcache-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-openssl-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-openssl-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pcntl-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pcntl-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pdo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pdo-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pgsql-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pgsql-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-phar-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-phar-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-posix-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-posix-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pspell-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pspell-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-shmop-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-shmop-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-snmp-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-snmp-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-soap-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-soap-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sockets-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sockets-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sqlite-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sqlite-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvmsg-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvmsg-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvsem-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvsem-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvshm-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvshm-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-tokenizer-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-tokenizer-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-wddx-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-wddx-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlreader-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlreader-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlrpc-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlrpc-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlwriter-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlwriter-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xsl-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xsl-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-zip-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-zip-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-zlib-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-zlib-debuginfo-7.0.7-50.9.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php7\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:39:04", "description": "According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.23. It is, therefore, affected by multiple vulnerabilities :\n\n - An invalid free flaw exists in the phar_extract_file() function within file ext/phar/phar_object.c that allows an unauthenticated, remote attacker to have an unspecified impact. (CVE-2016-4473)\n\n - An integer overflow condition exists in the\n _gd2GetHeader() function in file ext/gd/libgd/gd_gd2.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5766)\n\n - An integer overflow condition exists in the gdImagePaletteToTrueColor() function within file ext/gd/libgd/gd.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5767)\n\n - A double-free error exists in the\n _php_mb_regex_ereg_replace_exec() function within file ext/mbstring/php_mbregex.c when handling a failed callback execution. An unauthenticated, remote attacker can exploit this to execute arbitrary code.\n (CVE-2016-5768)\n\n - An integer overflow condition exists within file ext/mcrypt/mcrypt.c due to improper validation of user-supplied input when handling data values. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5769)\n\n - An integer overflow condition exists within file ext/spl/spl_directory.c, triggered by an int/size_t type confusion error, that allows an unauthenticated, remote attacker to have an unspecified impact.\n (CVE-2016-5770)\n\n - A use-after-free error exists in the garbage collection algorithm within file ext/spl/spl_array.c. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-5771)\n\n - A double-free error exists in the php_wddx_process_data() function within file ext/wddx/wddx.c when handling specially crafted XML content. An unauthenticated, remote attacker can exploit this to execute arbitrary code.\n (CVE-2016-5772)\n\n - A use-after-free error exists in the garbage collection algorithm within file ext/zip/php_zip.c. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-5773)\n\n - An integer overflow condition exists in the json_decode() and json_utf8_to_utf16() functions within file ext/standard/php_smart_str.h due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.\n\n - An out-of-bounds read error exists in the pass2_no_dither() function within file ext/gd/libgd/gd_topal.c that allows an unauthenticated, remote attacker to cause a denial of service condition or disclose memory contents.\n\n - An integer overflow condition exists within file ext/standard/string.c when handling string lengths due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to have an unspecified impact.\n\n - A NULL pointer dereference flaw exists in the\n _gdScaleVert() function within file ext/gd/libgd/gd_interpolation.c that is triggered when handling _gdContributionsCalc return values. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.\n\n - An integer overflow condition exists in multiple functions within file ext/standard/string.c when handling string values due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to have an unspecified impact.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-07-01T00:00:00", "type": "nessus", "title": "PHP 5.6.x < 5.6.23 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4473", "CVE-2016-5766", "CVE-2016-5767", "CVE-2016-5768", "CVE-2016-5769", "CVE-2016-5770", "CVE-2016-5771", "CVE-2016-5772", "CVE-2016-5773"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_6_23.NASL", "href": "https://www.tenable.com/plugins/nessus/91898", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91898);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2016-4473\",\n \"CVE-2016-5766\",\n \"CVE-2016-5767\",\n \"CVE-2016-5768\",\n \"CVE-2016-5769\",\n \"CVE-2016-5770\",\n \"CVE-2016-5771\",\n \"CVE-2016-5772\",\n \"CVE-2016-5773\"\n );\n\n script_name(english:\"PHP 5.6.x < 5.6.23 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of PHP running on the remote web server is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP running on the remote web\nserver is 5.6.x prior to 5.6.23. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An invalid free flaw exists in the phar_extract_file()\n function within file ext/phar/phar_object.c that allows\n an unauthenticated, remote attacker to have an\n unspecified impact. (CVE-2016-4473)\n\n - An integer overflow condition exists in the\n _gd2GetHeader() function in file ext/gd/libgd/gd_gd2.c\n due to improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2016-5766)\n\n - An integer overflow condition exists in the\n gdImagePaletteToTrueColor() function within file\n ext/gd/libgd/gd.c due to improper validation of\n user-supplied input. An unauthenticated, remote attacker\n can exploit this to cause a denial of service condition\n or the execution of arbitrary code. (CVE-2016-5767)\n\n - A double-free error exists in the\n _php_mb_regex_ereg_replace_exec() function within file\n ext/mbstring/php_mbregex.c when handling a failed\n callback execution. An unauthenticated, remote attacker\n can exploit this to execute arbitrary code.\n (CVE-2016-5768)\n\n - An integer overflow condition exists within file\n ext/mcrypt/mcrypt.c due to improper validation of\n user-supplied input when handling data values. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2016-5769)\n\n - An integer overflow condition exists within file\n ext/spl/spl_directory.c, triggered by an int/size_t\n type confusion error, that allows an unauthenticated,\n remote attacker to have an unspecified impact.\n (CVE-2016-5770)\n\n - A use-after-free error exists in the garbage collection\n algorithm within file ext/spl/spl_array.c. An\n unauthenticated, remote attacker can exploit this to\n dereference already freed memory, resulting in the\n execution of arbitrary code. (CVE-2016-5771)\n\n - A double-free error exists in the\n php_wddx_process_data() function within file\n ext/wddx/wddx.c when handling specially crafted XML\n content. An unauthenticated, remote attacker\n can exploit this to execute arbitrary code.\n (CVE-2016-5772)\n\n - A use-after-free error exists in the garbage collection\n algorithm within file ext/zip/php_zip.c. An\n unauthenticated, remote attacker can exploit this to\n dereference already freed memory, resulting in the\n execution of arbitrary code. (CVE-2016-5773)\n\n - An integer overflow condition exists in the\n json_decode() and json_utf8_to_utf16() functions within\n file ext/standard/php_smart_str.h due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this to cause a denial of\n service condition or the execution of arbitrary code.\n\n - An out-of-bounds read error exists in the\n pass2_no_dither() function within file\n ext/gd/libgd/gd_topal.c that allows an unauthenticated,\n remote attacker to cause a denial of service condition\n or disclose memory contents.\n\n - An integer overflow condition exists within file\n ext/standard/string.c when handling string lengths due\n to improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n have an unspecified impact.\n\n - A NULL pointer dereference flaw exists in the\n _gdScaleVert() function within file\n ext/gd/libgd/gd_interpolation.c that is triggered when\n handling _gdContributionsCalc return values. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition.\n\n - An integer overflow condition exists in multiple\n functions within file ext/standard/string.c when\n handling string values due to improper validation of\n user-supplied input. An unauthenticated, remote attacker\n can exploit this to have an unspecified impact.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-5.php#5.6.23\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 5.6.23 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-4473\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.6)?$\")\n audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^5\\.6\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.6.x\", port);\n\nif (version =~ \"^5\\.6\\.\" && ver_compare(ver:version, fix:\"5.6.23\", strict:FALSE) < 0){\n security_report_v4(\n port : port,\n extra :\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 5.6.23' +\n '\\n',\n severity:SECURITY_HOLE\n );\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T15:00:37", "description": "This update for php5 fixes the following issues :\n\n - CVE-2016-10397: parse_url() can be bypassed to return fake host. (bsc#1047454)\n\n - CVE-2017-11143: An invalid free in the WDDX deserialization of booleanparameters could be used by attackers able to inject XML for deserialization tocrash the PHP interpreter. (bsc#1048097)\n\n - CVE-2017-11144: The opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash.\n (bsc#1048096)\n\n - CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to information leak.\n (bsc#1048112)\n\n - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could lead to information leak. (bsc#1048111)\n\n - CVE-2017-11147: The PHAR archive handler could beused by attackers supplying malicious archive files to crash the PHP interpreteror potentially disclose information.\n (bsc#1048094)\n\n - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting could lead to heap overflow (bsc#986386)\n\n - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() in Zend/zend_ini_parser.c (bsc#1050726)\n\n - CVE-2017-7890: Buffer over-read from uninitialized data in gdImageCreateFromGifCtx function could lead to denial of service (bsc#1050241)\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {}, "published": "2017-09-06T00:00:00", "type": "nessus", "title": "openSUSE Security Update : php5 (openSUSE-2017-1010)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10397", "CVE-2016-5766", "CVE-2017-11143", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11146", "CVE-2017-11147", "CVE-2017-11628", "CVE-2017-7890"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2-mod_php5", "p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo", "p-cpe:/a:novell:opensuse:php5", "p-cpe:/a:novell:opensuse:php5-bcmath", "p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo", "p-cpe:/a:novell:opensuse:php5-bz2", "p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo", "p-cpe:/a:novell:opensuse:php5-bz2-debuginfo", "p-cpe:/a:novell:opensuse:php5-calendar", "p-cpe:/a:novell:opensuse:php5-calendar-debuginfo", "p-cpe:/a:novell:opensuse:php5-fileinfo", "p-cpe:/a:novell:opensuse:php5-ctype", "p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo", "p-cpe:/a:novell:opensuse:php5-ctype-debuginfo", "p-cpe:/a:novell:opensuse:php5-curl", "p-cpe:/a:novell:opensuse:php5-firebird", "p-cpe:/a:novell:opensuse:php5-curl-debuginfo", "p-cpe:/a:novell:opensuse:php5-dba", "p-cpe:/a:novell:opensuse:php5-dba-debuginfo", "p-cpe:/a:novell:opensuse:php5-debuginfo", "p-cpe:/a:novell:opensuse:php5-debugsource", "p-cpe:/a:novell:opensuse:php5-firebird-debuginfo", "p-cpe:/a:novell:opensuse:php5-devel", "p-cpe:/a:novell:opensuse:php5-dom", "p-cpe:/a:novell:opensuse:php5-fpm", "p-cpe:/a:novell:opensuse:php5-fpm-debuginfo", "p-cpe:/a:novell:opensuse:php5-dom-debuginfo", "p-cpe:/a:novell:opensuse:php5-ftp", "p-cpe:/a:novell:opensuse:php5-enchant", "p-cpe:/a:novell:opensuse:php5-enchant-debuginfo", "p-cpe:/a:novell:opensuse:php5-exif", "p-cpe:/a:novell:opensuse:php5-exif-debuginfo", "p-cpe:/a:novell:opensuse:php5-fastcgi", "p-cpe:/a:novell:opensuse:php5-mbstring", "p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo", "p-cpe:/a:novell:opensuse:php5-mcrypt", "p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo", "p-cpe:/a:novell:opensuse:php5-mssql", "p-cpe:/a:novell:opensuse:php5-mssql-debuginfo", "p-cpe:/a:novell:opensuse:php5-mysql", "p-cpe:/a:novell:opensuse:php5-mysql-debuginfo", "p-cpe:/a:novell:opensuse:php5-odbc", "p-cpe:/a:novell:opensuse:php5-odbc-debuginfo", "p-cpe:/a:novell:opensuse:php5-opcache", "p-cpe:/a:novell:opensuse:php5-opcache-debuginfo", "p-cpe:/a:novell:opensuse:php5-openssl", "p-cpe:/a:novell:opensuse:php5-openssl-debuginfo", "p-cpe:/a:novell:opensuse:php5-pcntl", "p-cpe:/a:novell:opensuse:php5-ftp-debuginfo", "p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo", "p-cpe:/a:novell:opensuse:php5-pdo", "p-cpe:/a:novell:opensuse:php5-gd", "p-cpe:/a:novell:opensuse:php5-pdo-debuginfo", "p-cpe:/a:novell:opensuse:php5-gd-debuginfo", "p-cpe:/a:novell:opensuse:php5-pear", "p-cpe:/a:novell:opensuse:php5-gettext", "p-cpe:/a:novell:opensuse:php5-pgsql", "p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo", "p-cpe:/a:novell:opensuse:php5-gettext-debuginfo", "p-cpe:/a:novell:opensuse:php5-phar", "p-cpe:/a:novell:opensuse:php5-phar-debuginfo", "p-cpe:/a:novell:opensuse:php5-posix", "p-cpe:/a:novell:opensuse:php5-posix-debuginfo", "p-cpe:/a:novell:opensuse:php5-pspell", "p-cpe:/a:novell:opensuse:php5-pspell-debuginfo", "p-cpe:/a:novell:opensuse:php5-readline", "p-cpe:/a:novell:opensuse:php5-readline-debuginfo", "p-cpe:/a:novell:opensuse:php5-shmop", "p-cpe:/a:novell:opensuse:php5-shmop-debuginfo", "p-cpe:/a:novell:opensuse:php5-gmp", "p-cpe:/a:novell:opensuse:php5-snmp", "p-cpe:/a:novell:opensuse:php5-snmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-gmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-soap", "p-cpe:/a:novell:opensuse:php5-iconv", "p-cpe:/a:novell:opensuse:php5-soap-debuginfo", "p-cpe:/a:novell:opensuse:php5-iconv-debuginfo", "p-cpe:/a:novell:opensuse:php5-sockets", "p-cpe:/a:novell:opensuse:php5-imap", "p-cpe:/a:novell:opensuse:php5-sockets-debuginfo", "p-cpe:/a:novell:opensuse:php5-sqlite", "p-cpe:/a:novell:opensuse:php5-imap-debuginfo", "p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:php5-intl", "p-cpe:/a:novell:opensuse:php5-suhosin", "p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo", "p-cpe:/a:novell:opensuse:php5-intl-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvmsg", "p-cpe:/a:novell:opensuse:php5-json", "p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvsem", "p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo", "p-cpe:/a:novell:opensuse:php5-json-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvshm", "p-cpe:/a:novell:opensuse:php5-ldap", "p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo", "p-cpe:/a:novell:opensuse:php5-ldap-debuginfo", "p-cpe:/a:novell:opensuse:php5-tidy", "p-cpe:/a:novell:opensuse:php5-tidy-debuginfo", "p-cpe:/a:novell:opensuse:php5-tokenizer", "p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo", "p-cpe:/a:novell:opensuse:php5-wddx", "p-cpe:/a:novell:opensuse:php5-wddx-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlreader", "p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlrpc", "p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlwriter", "p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo", "p-cpe:/a:novell:opensuse:php5-xsl", "p-cpe:/a:novell:opensuse:php5-xsl-debuginfo", "p-cpe:/a:novell:opensuse:php5-zip", "p-cpe:/a:novell:opensuse:php5-zip-debuginfo", "p-cpe:/a:novell:opensuse:php5-zlib", "p-cpe:/a:novell:opensuse:php5-zlib-debuginfo", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2017-1010.NASL", "href": "https://www.tenable.com/plugins/nessus/102966", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1010.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102966);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-10397\", \"CVE-2016-5766\", \"CVE-2017-11143\", \"CVE-2017-11144\", \"CVE-2017-11145\", \"CVE-2017-11146\", \"CVE-2017-11147\", \"CVE-2017-11628\", \"CVE-2017-7890\");\n\n script_name(english:\"openSUSE Security Update : php5 (openSUSE-2017-1010)\");\n script_summary(english:\"Check for the openSUSE-2017-1010 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for php5 fixes the following issues :\n\n - CVE-2016-10397: parse_url() can be bypassed to return\n fake host. (bsc#1047454)\n\n - CVE-2017-11143: An invalid free in the WDDX\n deserialization of booleanparameters could be used by\n attackers able to inject XML for deserialization tocrash\n the PHP interpreter. (bsc#1048097)\n\n - CVE-2017-11144: The opensslextension PEM sealing code\n did not check the return value of the OpenSSL\n sealingfunction, which could lead to a crash.\n (bsc#1048096)\n\n - CVE-2017-11145: Lack of bounds checks in\n timelib_meridian coud lead to information leak.\n (bsc#1048112)\n\n - CVE-2017-11146: Lack of bounds checks in\n timelib_meridian parse code could lead to information\n leak. (bsc#1048111)\n\n - CVE-2017-11147: The PHAR archive handler could beused by\n attackers supplying malicious archive files to crash the\n PHP interpreteror potentially disclose information.\n (bsc#1048094)\n\n - CVE-2016-5766: Integer Overflow in _gd2GetHeader()\n resulting could lead to heap overflow (bsc#986386)\n\n - CVE-2017-11628: Stack-base dbuffer overflow in\n zend_ini_do_op() in Zend/zend_ini_parser.c (bsc#1050726)\n\n - CVE-2017-7890: Buffer over-read from uninitialized data\n in gdImageCreateFromGifCtx function could lead to denial\n of service (bsc#1050241)\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1047454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986386\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-firebird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-mod_php5-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-mod_php5-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-bcmath-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-bcmath-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-bz2-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-bz2-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-calendar-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-calendar-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-ctype-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-ctype-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-curl-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-curl-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-dba-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-dba-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-debugsource-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-devel-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-dom-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-dom-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-enchant-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-enchant-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-exif-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-exif-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-fastcgi-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-fastcgi-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-fileinfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-fileinfo-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-firebird-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-firebird-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-fpm-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-fpm-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-ftp-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-ftp-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-gd-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-gd-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-gettext-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-gettext-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-gmp-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-gmp-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-iconv-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-iconv-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-imap-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-imap-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-intl-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-intl-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-json-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-json-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-ldap-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-ldap-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-mbstring-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-mbstring-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-mcrypt-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-mcrypt-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-mssql-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-mssql-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-mysql-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-mysql-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-odbc-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-odbc-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-opcache-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-opcache-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-openssl-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-openssl-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-pcntl-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-pcntl-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-pdo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-pdo-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-pear-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-pgsql-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-pgsql-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-phar-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-phar-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-posix-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-posix-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-pspell-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-pspell-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-readline-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-readline-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-shmop-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-shmop-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-snmp-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-snmp-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-soap-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-soap-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-sockets-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-sockets-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-sqlite-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-sqlite-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-suhosin-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-suhosin-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-sysvmsg-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-sysvmsg-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-sysvsem-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-sysvsem-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-sysvshm-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-sysvshm-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-tidy-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-tidy-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-tokenizer-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-tokenizer-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-wddx-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-wddx-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-xmlreader-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-xmlreader-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-xmlrpc-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-xmlrpc-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-xmlwriter-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-xmlwriter-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-xsl-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-xsl-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-zip-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-zip-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-zlib-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-zlib-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-mod_php5-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-mod_php5-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-bcmath-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-bcmath-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-bz2-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-bz2-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-calendar-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-calendar-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-ctype-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-ctype-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-curl-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-curl-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-dba-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-dba-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-debugsource-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-devel-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-dom-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-dom-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-enchant-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-enchant-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-exif-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-exif-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-fastcgi-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-fastcgi-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-fileinfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-fileinfo-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-firebird-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-firebird-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-fpm-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-fpm-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-ftp-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-ftp-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-gd-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-gd-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-gettext-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-gettext-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-gmp-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-gmp-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-iconv-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-iconv-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-imap-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-imap-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-intl-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-intl-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-json-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-json-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-ldap-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-ldap-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-mbstring-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-mbstring-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-mcrypt-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-mcrypt-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-mssql-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-mssql-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-mysql-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-mysql-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-odbc-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-odbc-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-opcache-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-opcache-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-openssl-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-openssl-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-pcntl-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-pcntl-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-pdo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-pdo-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-pear-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-pgsql-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-pgsql-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-phar-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-phar-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-posix-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-posix-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-pspell-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-pspell-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-readline-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-readline-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-shmop-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-shmop-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-snmp-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-snmp-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-soap-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-soap-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-sockets-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-sockets-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-sqlite-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-sqlite-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-suhosin-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-suhosin-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-sysvmsg-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-sysvmsg-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-sysvsem-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-sysvsem-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-sysvshm-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-sysvshm-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-tidy-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-tidy-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-tokenizer-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-tokenizer-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-wddx-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-wddx-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-xmlreader-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-xmlreader-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-xmlrpc-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-xmlrpc-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-xmlwriter-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-xmlwriter-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-xsl-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-xsl-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-zip-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-zip-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-zlib-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-zlib-debuginfo-5.5.14-82.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php5 / apache2-mod_php5-debuginfo / php5 / php5-bcmath / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:41:14", "description": "This update for php5 fixes the following issues :\n\n - It is possible to launch a web server with 'php -S localhost:8080' It used to be possible to set an arbitrary $HTTP_PROXY environment variable for request handlers -- like CGI scripts -- by including a specially crafted HTTP header in the request (CVE-2016-5385). As a result, these server components would potentially direct all their outgoing HTTP traffic through a malicious proxy server. This patch fixes the issue: the updated php server ignores such HTTP headers and never sets $HTTP_PROXY for sub-processes. (bnc#988486)\n\n - There was multiple cases where a remote attacker could trigger a double free and, given specific PHP code using callbacks, trigger code execution vectors.\n (bnc#986246,bnc#986244,CVE-2016-5768,CVE-2016-5772)\n\n - It was possible to inject header or content information (XSS) when a user was using internet explorer as the browser. (bnc#986004, CVE-2015-8935)\n\n - In several cases it was possible for a integer overflow to trigger an excessive memory allocation (bnc#986392, bnc#986388, bnc#986386, bnc#986393, CVE-2016-5770, CVE-2016-5769, CVE-2016-5766, CVE-2016-5767)\n\n - It was possible for an attacker to abuse the garbage collector to free a target array. At this point an attacker could craft a fake zval object and exploit the PHP process by taking over the EIP/RIP. (bnc#986391, CVE-2016-5771)\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {}, "published": "2016-08-04T00:00:00", "type": "nessus", "title": "openSUSE Security Update : php5 (openSUSE-2016-921) (httpoxy)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8935", "CVE-2016-5385", "CVE-2016-5766", "CVE-2016-5767", "CVE-2016-5768", "CVE-2016-5769", "CVE-2016-5770", "CVE-2016-5771", "CVE-2016-5772"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2-mod_php5", "p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo", "p-cpe:/a:novell:opensuse:php5", "p-cpe:/a:novell:opensuse:php5-bcmath", "p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo", "p-cpe:/a:novell:opensuse:php5-bz2", "p-cpe:/a:novell:opensuse:php5-bz2-debuginfo", "p-cpe:/a:novell:opensuse:php5-calendar", "p-cpe:/a:novell:opensuse:php5-calendar-debuginfo", "p-cpe:/a:novell:opensuse:php5-ctype", "p-cpe:/a:novell:opensuse:php5-ctype-debuginfo", "p-cpe:/a:novell:opensuse:php5-curl", "p-cpe:/a:novell:opensuse:php5-curl-debuginfo", "p-cpe:/a:novell:opensuse:php5-dba", "p-cpe:/a:novell:opensuse:php5-dba-debuginfo", "p-cpe:/a:novell:opensuse:php5-debuginfo", "p-cpe:/a:novell:opensuse:php5-debugsource", "p-cpe:/a:novell:opensuse:php5-devel", "p-cpe:/a:novell:opensuse:php5-dom", "p-cpe:/a:novell:opensuse:php5-dom-debuginfo", "p-cpe:/a:novell:opensuse:php5-enchant", "p-cpe:/a:novell:opensuse:php5-enchant-debuginfo", "p-cpe:/a:novell:opensuse:php5-exif", "p-cpe:/a:novell:opensuse:php5-exif-debuginfo", "p-cpe:/a:novell:opensuse:php5-fastcgi", "p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo", "p-cpe:/a:novell:opensuse:php5-fileinfo", "p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo", "p-cpe:/a:novell:opensuse:php5-firebird", "p-cpe:/a:novell:opensuse:php5-firebird-debuginfo", "p-cpe:/a:novell:opensuse:php5-fpm", "p-cpe:/a:novell:opensuse:php5-fpm-debuginfo", "p-cpe:/a:novell:opensuse:php5-ftp", "p-cpe:/a:novell:opensuse:php5-ftp-debuginfo", "p-cpe:/a:novell:opensuse:php5-gd", "p-cpe:/a:novell:opensuse:php5-gd-debuginfo", "p-cpe:/a:novell:opensuse:php5-gettext", "p-cpe:/a:novell:opensuse:php5-gettext-debuginfo", "p-cpe:/a:novell:opensuse:php5-gmp", "p-cpe:/a:novell:opensuse:php5-gmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-iconv", "p-cpe:/a:novell:opensuse:php5-iconv-debuginfo", "p-cpe:/a:novell:opensuse:php5-imap", "p-cpe:/a:novell:opensuse:php5-imap-debuginfo", "p-cpe:/a:novell:opensuse:php5-intl", "p-cpe:/a:novell:opensuse:php5-intl-debuginfo", "p-cpe:/a:novell:opensuse:php5-json", "p-cpe:/a:novell:opensuse:php5-json-debuginfo", "p-cpe:/a:novell:opensuse:php5-ldap", "p-cpe:/a:novell:opensuse:php5-ldap-debuginfo", "p-cpe:/a:novell:opensuse:php5-mbstring", "p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo", "p-cpe:/a:novell:opensuse:php5-mcrypt", "p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo", "p-cpe:/a:novell:opensuse:php5-mssql", "p-cpe:/a:novell:opensuse:php5-mssql-debuginfo", "p-cpe:/a:novell:opensuse:php5-mysql", "p-cpe:/a:novell:opensuse:php5-mysql-debuginfo", "p-cpe:/a:novell:opensuse:php5-odbc", "p-cpe:/a:novell:opensuse:php5-odbc-debuginfo", "p-cpe:/a:novell:opensuse:php5-opcache", "p-cpe:/a:novell:opensuse:php5-opcache-debuginfo", "p-cpe:/a:novell:opensuse:php5-openssl", "p-cpe:/a:novell:opensuse:php5-openssl-debuginfo", "p-cpe:/a:novell:opensuse:php5-pcntl", "p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo", "p-cpe:/a:novell:opensuse:php5-pdo", "p-cpe:/a:novell:opensuse:php5-pdo-debuginfo", "p-cpe:/a:novell:opensuse:php5-pear", "p-cpe:/a:novell:opensuse:php5-pgsql", "p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo", "p-cpe:/a:novell:opensuse:php5-phar", "p-cpe:/a:novell:opensuse:php5-phar-debuginfo", "p-cpe:/a:novell:opensuse:php5-posix", "p-cpe:/a:novell:opensuse:php5-posix-debuginfo", "p-cpe:/a:novell:opensuse:php5-pspell", "p-cpe:/a:novell:opensuse:php5-pspell-debuginfo", "p-cpe:/a:novell:opensuse:php5-readline", "p-cpe:/a:novell:opensuse:php5-readline-debuginfo", "p-cpe:/a:novell:opensuse:php5-shmop", "p-cpe:/a:novell:opensuse:php5-shmop-debuginfo", "p-cpe:/a:novell:opensuse:php5-snmp", "p-cpe:/a:novell:opensuse:php5-snmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-soap", "p-cpe:/a:novell:opensuse:php5-soap-debuginfo", "p-cpe:/a:novell:opensuse:php5-sockets", "p-cpe:/a:novell:opensuse:php5-sockets-debuginfo", "p-cpe:/a:novell:opensuse:php5-sqlite", "p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:php5-suhosin", "p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvmsg", "p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvsem", "p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvshm", "p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo", "p-cpe:/a:novell:opensuse:php5-tidy", "p-cpe:/a:novell:opensuse:php5-tidy-debuginfo", "p-cpe:/a:novell:opensuse:php5-tokenizer", "p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo", "p-cpe:/a:novell:opensuse:php5-wddx", "p-cpe:/a:novell:opensuse:php5-wddx-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlreader", "p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlrpc", "p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlwriter", "p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo", "p-cpe:/a:novell:opensuse:php5-xsl", "p-cpe:/a:novell:opensuse:php5-xsl-debuginfo", "p-cpe:/a:novell:opensuse:php5-zip", "p-cpe:/a:novell:opensuse:php5-zip-debuginfo", "p-cpe:/a:novell:opensuse:php5-zlib", "p-cpe:/a:novell:opensuse:php5-zlib-debuginfo", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-921.NASL", "href": "https://www.tenable.com/plugins/nessus/92714", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-921.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92714);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-8935\", \"CVE-2016-5385\", \"CVE-2016-5766\", \"CVE-2016-5767\", \"CVE-2016-5768\", \"CVE-2016-5769\", \"CVE-2016-5770\", \"CVE-2016-5771\", \"CVE-2016-5772\");\n\n script_name(english:\"openSUSE Security Update : php5 (openSUSE-2016-921) (httpoxy)\");\n script_summary(english:\"Check for the openSUSE-2016-921 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for php5 fixes the following issues :\n\n - It is possible to launch a web server with 'php -S\n localhost:8080' It used to be possible to set an\n arbitrary $HTTP_PROXY environment variable for request\n handlers -- like CGI scripts -- by including a specially\n crafted HTTP header in the request (CVE-2016-5385). As a\n result, these server components would potentially direct\n all their outgoing HTTP traffic through a malicious\n proxy server. This patch fixes the issue: the updated\n php server ignores such HTTP headers and never sets\n $HTTP_PROXY for sub-processes. (bnc#988486)\n\n - There was multiple cases where a remote attacker could\n trigger a double free and, given specific PHP code using\n callbacks, trigger code execution vectors.\n (bnc#986246,bnc#986244,CVE-2016-5768,CVE-2016-5772)\n\n - It was possible to inject header or content information\n (XSS) when a user was using internet explorer as the\n browser. (bnc#986004, CVE-2015-8935)\n\n - In several cases it was possible for a integer overflow\n to trigger an excessive memory allocation (bnc#986392,\n bnc#986388, bnc#986386, bnc#986393, CVE-2016-5770,\n CVE-2016-5769, CVE-2016-5766, CVE-2016-5767)\n\n - It was possible for an attacker to abuse the garbage\n collector to free a target array. At this point an\n attacker could craft a fake zval object and exploit the\n PHP process by taking over the EIP/RIP. (bnc#986391,\n CVE-2016-5771)\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986004\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986246\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986391\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=988486\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-firebird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/31\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"apache2-mod_php5-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"apache2-mod_php5-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-bcmath-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-bcmath-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-bz2-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-bz2-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-calendar-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-calendar-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-ctype-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-ctype-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-curl-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-curl-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-dba-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-dba-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-debugsource-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-devel-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-dom-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-dom-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-enchant-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-enchant-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-exif-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-exif-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-fastcgi-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-fastcgi-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-fileinfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-fileinfo-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-firebird-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-firebird-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-fpm-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-fpm-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-ftp-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-ftp-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-gd-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-gd-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-gettext-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-gettext-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-gmp-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-gmp-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-iconv-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-iconv-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-imap-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-imap-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-intl-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-intl-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-json-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-json-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-ldap-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-ldap-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-mbstring-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-mbstring-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-mcrypt-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-mcrypt-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-mssql-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-mssql-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-mysql-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-mysql-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-odbc-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-odbc-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-opcache-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-opcache-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-openssl-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-openssl-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-pcntl-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-pcntl-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-pdo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-pdo-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-pear-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-pgsql-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-pgsql-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-phar-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-phar-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-posix-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-posix-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-pspell-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-pspell-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-readline-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-readline-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-shmop-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-shmop-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-snmp-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-snmp-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-soap-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-soap-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-sockets-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-sockets-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-sqlite-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-sqlite-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-suhosin-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-suhosin-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-sysvmsg-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-sysvmsg-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-sysvsem-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-sysvsem-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-sysvshm-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-sysvshm-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-tidy-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-tidy-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-tokenizer-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-tokenizer-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-wddx-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-wddx-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-xmlreader-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-xmlreader-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-xmlrpc-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-xmlrpc-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-xmlwriter-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-xmlwriter-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-xsl-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-xsl-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-zip-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-zip-debuginfo-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-zlib-5.5.14-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-zlib-debuginfo-5.5.14-56.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php5 / apache2-mod_php5-debuginfo / php5 / php5-bcmath / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:54", "description": "This update for php5 fixes the following issues :\n\n - CVE-2016-10397: parse_url() can be bypassed to return fake host. (bsc#1047454)\n\n - CVE-2017-11143: An invalid free in the WDDX deserialization of booleanparameters could be used by attackers able to inject XML for deserialization tocrash the PHP interpreter. (bsc#1048097)\n\n - CVE-2017-11144: The opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash.\n (bsc#1048096)\n\n - CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to information leak.\n (bsc#1048112)\n\n - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could lead to information leak. (bsc#1048111)\n\n - CVE-2017-11147: The PHAR archive handler could beused by attackers supplying malicious archive files to crash the PHP interpreteror potentially disclose information.\n (bsc#1048094)\n\n - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting could lead to heap overflow (bsc#986386)\n\n - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() in Zend/zend_ini_parser.c (bsc#1050726)\n\n - CVE-2017-7890: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function could lead to denial of service (bsc#1050241)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-01-02T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : php5 (SUSE-SU-2017:2317-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10397", "CVE-2016-5766", "CVE-2017-11143", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11146", "CVE-2017-11147", "CVE-2017-11628", "CVE-2017-7890"], "modified": "2022-05-24T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php5", "p-cpe:/a:novell:suse_linux:apache2-mod_php5-debuginfo", "p-cpe:/a:novell:suse_linux:php5", "p-cpe:/a:novell:suse_linux:php5-bcmath", "p-cpe:/a:novell:suse_linux:php5-bcmath-debuginfo", "p-cpe:/a:novell:suse_linux:php5-bz2", "p-cpe:/a:novell:suse_linux:php5-bz2-debuginfo", "p-cpe:/a:novell:suse_linux:php5-calendar", "p-cpe:/a:novell:suse_linux:php5-calendar-debuginfo", "p-cpe:/a:novell:suse_linux:php5-ctype", "p-cpe:/a:novell:suse_linux:php5-ctype-debuginfo", "p-cpe:/a:novell:suse_linux:php5-curl", "p-cpe:/a:novell:suse_linux:php5-curl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-dba", "p-cpe:/a:novell:suse_linux:php5-dba-debuginfo", "p-cpe:/a:novell:suse_linux:php5-debuginfo", "p-cpe:/a:novell:suse_linux:php5-debugsource", "p-cpe:/a:novell:suse_linux:php5-dom", "p-cpe:/a:novell:suse_linux:php5-dom-debuginfo", "p-cpe:/a:novell:suse_linux:php5-enchant", "p-cpe:/a:novell:suse_linux:php5-enchant-debuginfo", "p-cpe:/a:novell:suse_linux:php5-exif", "p-cpe:/a:novell:suse_linux:php5-exif-debuginfo", "p-cpe:/a:novell:suse_linux:php5-fastcgi", "p-cpe:/a:novell:suse_linux:php5-fastcgi-debuginfo", "p-cpe:/a:novell:suse_linux:php5-fileinfo", "p-cpe:/a:novell:suse_linux:php5-fileinfo-debuginfo", "p-cpe:/a:novell:suse_linux:php5-fpm", "p-cpe:/a:novell:suse_linux:php5-fpm-debuginfo", "p-cpe:/a:novell:suse_linux:php5-ftp", "p-cpe:/a:novell:suse_linux:php5-ftp-debuginfo", "p-cpe:/a:novell:suse_linux:php5-gd", "p-cpe:/a:novell:suse_linux:php5-gd-debuginfo", "p-cpe:/a:novell:suse_linux:php5-gettext", "p-cpe:/a:novell:suse_linux:php5-json", "p-cpe:/a:novell:suse_linux:php5-gettext-debuginfo", "p-cpe:/a:novell:suse_linux:php5-gmp", "p-cpe:/a:novell:suse_linux:php5-gmp-debuginfo", "p-cpe:/a:novell:suse_linux:php5-json-debuginfo", "p-cpe:/a:novell:suse_linux:php5-iconv", "p-cpe:/a:novell:suse_linux:php5-iconv-debuginfo", "p-cpe:/a:novell:suse_linux:php5-imap", "p-cpe:/a:novell:suse_linux:php5-imap-debuginfo", "p-cpe:/a:novell:suse_linux:php5-intl", "p-cpe:/a:novell:suse_linux:php5-ldap", "p-cpe:/a:novell:suse_linux:php5-intl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-ldap-debuginfo", "p-cpe:/a:novell:suse_linux:php5-mbstring", "p-cpe:/a:novell:suse_linux:php5-sysvmsg", "p-cpe:/a:novell:suse_linux:php5-sysvmsg-debuginfo", "p-cpe:/a:novell:suse_linux:php5-mbstring-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sysvsem", "p-cpe:/a:novell:suse_linux:php5-mcrypt", "p-cpe:/a:novell:suse_linux:php5-sysvsem-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sysvshm", "p-cpe:/a:novell:suse_linux:php5-mcrypt-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sysvshm-debuginfo", "p-cpe:/a:novell:suse_linux:php5-mysql", "p-cpe:/a:novell:suse_linux:php5-tokenizer", "p-cpe:/a:novell:suse_linux:php5-mysql-debuginfo", "p-cpe:/a:novell:suse_linux:php5-tokenizer-debuginfo", "p-cpe:/a:novell:suse_linux:php5-wddx", "p-cpe:/a:novell:suse_linux:php5-odbc", "p-cpe:/a:novell:suse_linux:php5-wddx-debuginfo", "p-cpe:/a:novell:suse_linux:php5-odbc-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xmlreader", "p-cpe:/a:novell:suse_linux:php5-xmlreader-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xmlrpc", "p-cpe:/a:novell:suse_linux:php5-xmlrpc-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xmlwriter", "p-cpe:/a:novell:suse_linux:php5-opcache", "p-cpe:/a:novell:suse_linux:php5-xmlwriter-debuginfo", "p-cpe:/a:novell:suse_linux:php5-opcache-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xsl", "p-cpe:/a:novell:suse_linux:php5-openssl", "p-cpe:/a:novell:suse_linux:php5-xsl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-openssl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-zip", "p-cpe:/a:novell:suse_linux:php5-zip-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pcntl", "p-cpe:/a:novell:suse_linux:php5-zlib", "p-cpe:/a:novell:suse_linux:php5-pcntl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-zlib-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pdo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:php5-pdo-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pgsql", "p-cpe:/a:novell:suse_linux:php5-pgsql-debuginfo", "p-cpe:/a:novell:suse_linux:php5-phar", "p-cpe:/a:novell:suse_linux:php5-phar-debuginfo", "p-cpe:/a:novell:suse_linux:php5-posix", "p-cpe:/a:novell:suse_linux:php5-posix-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pspell", "p-cpe:/a:novell:suse_linux:php5-pspell-debuginfo", "p-cpe:/a:novell:suse_linux:php5-shmop", "p-cpe:/a:novell:suse_linux:php5-shmop-debuginfo", "p-cpe:/a:novell:suse_linux:php5-snmp", "p-cpe:/a:novell:suse_linux:php5-snmp-debuginfo", "p-cpe:/a:novell:suse_linux:php5-soap", "p-cpe:/a:novell:suse_linux:php5-soap-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sockets", "p-cpe:/a:novell:suse_linux:php5-sockets-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sqlite", "p-cpe:/a:novell:suse_linux:php5-sqlite-debuginfo", "p-cpe:/a:novell:suse_linux:php5-suhosin", "p-cpe:/a:novell:suse_linux:php5-suhosin-debuginfo"], "id": "SUSE_SU-2017-2317-1.NASL", "href": "https://www.tenable.com/plugins/nessus/120004", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2317-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120004);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/24\");\n\n script_cve_id(\n \"CVE-2016-5766\",\n \"CVE-2016-10397\",\n \"CVE-2017-7890\",\n \"CVE-2017-11143\",\n \"CVE-2017-11144\",\n \"CVE-2017-11145\",\n \"CVE-2017-11146\",\n \"CVE-2017-11147\",\n \"CVE-2017-11628\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : php5 (SUSE-SU-2017:2317-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for php5 fixes the following issues :\n\n - CVE-2016-10397: parse_url() can be bypassed to return\n fake host. (bsc#1047454)\n\n - CVE-2017-11143: An invalid free in the WDDX\n deserialization of booleanparameters could be used by\n attackers able to inject XML for deserialization tocrash\n the PHP interpreter. (bsc#1048097)\n\n - CVE-2017-11144: The opensslextension PEM sealing code\n did not check the return value of the OpenSSL\n sealingfunction, which could lead to a crash.\n (bsc#1048096)\n\n - CVE-2017-11145: Lack of bounds checks in\n timelib_meridian coud lead to information leak.\n (bsc#1048112)\n\n - CVE-2017-11146: Lack of bounds checks in\n timelib_meridian parse code could lead to information\n leak. (bsc#1048111)\n\n - CVE-2017-11147: The PHAR archive handler could beused by\n attackers supplying malicious archive files to crash the\n PHP interpreteror potentially disclose information.\n (bsc#1048094)\n\n - CVE-2016-5766: Integer Overflow in _gd2GetHeader()\n resulting could lead to heap overflow (bsc#986386)\n\n - CVE-2017-11628: Stack-base dbuffer overflow in\n zend_ini_do_op() in Zend/zend_ini_parser.c (bsc#1050726)\n\n - CVE-2017-7890: Buffer over-read from unitialized data in\n gdImageCreateFromGifCtx function could lead to denial of\n service (bsc#1050241)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048111\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048112\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=986386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2016-10397/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2016-5766/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-11143/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-11144/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-11145/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-11146/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-11147/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-11628/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-7890/\");\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172317-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dfa00ded\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2017-1431=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-1431=1\n\nSUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch\nSUSE-SLE-Module-Web-Scripting-12-2017-1431=1\n\nTo bring your system up-to-date, use 'zypper patch'.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11628\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2017-11147\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-suhosin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php5-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php5-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bcmath-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bcmath-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bz2-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bz2-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-calendar-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-calendar-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ctype-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ctype-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-curl-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-curl-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dba-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dba-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-debugsource-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dom-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dom-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-enchant-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-enchant-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-exif-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-exif-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fastcgi-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fastcgi-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fileinfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fileinfo-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fpm-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fpm-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ftp-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ftp-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gd-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gd-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gettext-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gettext-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gmp-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gmp-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-iconv-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-iconv-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-imap-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-imap-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-intl-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-intl-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-json-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-json-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ldap-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ldap-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mbstring-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mbstring-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mcrypt-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mcrypt-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mysql-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mysql-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-odbc-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-odbc-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-opcache-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-opcache-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-openssl-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-openssl-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pcntl-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pcntl-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pdo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pdo-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pgsql-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pgsql-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-phar-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-phar-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-posix-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-posix-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pspell-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pspell-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-shmop-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-shmop-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-snmp-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-snmp-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-soap-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-soap-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sockets-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sockets-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sqlite-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sqlite-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-suhosin-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-suhosin-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvmsg-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvmsg-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvsem-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvsem-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvshm-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvshm-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-tokenizer-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-tokenizer-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-wddx-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-wddx-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlreader-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlreader-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlrpc-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlrpc-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlwriter-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlwriter-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xsl-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xsl-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zip-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zip-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zlib-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zlib-debuginfo-5.5.14-109.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php5\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T15:01:04", "description": "This update for php7 fixes the following issues :\n\n - CVE-2016-10397: parse_url() can be bypassed to return fake host. (bsc#1047454)\n\n - CVE-2017-11142: Remoteattackers could cause a CPU consumption denial of service attack by injectinglong form variables, related to main/php_variables.\n (bsc#1048100)\n\n - CVE-2017-11144: The opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash.\n (bsc#1048096)\n\n - CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to information leak.\n (bsc#1048112)\n\n - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could lead to information leak. (bsc#1048111)\n\n - CVE-2017-11147: The PHAR archive handler could beused by attackers supplying malicious archive files to crash the PHP interpreteror potentially disclose information.\n (bsc#1048094)\n\n - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() could lead to denial of service (bsc#1050726)\n\n - CVE-2017-7890: Buffer over-read from uninitialized data in gdImageCreateFromGifCtx function could lead to denial of service (bsc#1050241)\n\n - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow could lead to denial of service or code execution (bsc#986386)\n\nOther fixes :\n\n - Soap Request with References (bsc#1053645)\n\n - php7-pear should explicitly require php7-pear-Archive_Tar otherwise this dependency must be declared in every php7-pear-* package explicitly.\n [bnc#1052389]\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {}, "published": "2017-09-05T00:00:00", "type": "nessus", "title": "openSUSE Security Update : php7 (openSUSE-2017-994)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10397", "CVE-2016-5766", "CVE-2017-11142", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11146", "CVE-2017-11147", "CVE-2017-11628", "CVE-2017-7890"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2-mod_php7", "p-cpe:/a:novell:opensuse:apache2-mod_php7-debuginfo", "p-cpe:/a:novell:opensuse:php7", "p-cpe:/a:novell:opensuse:php7-bcmath", "p-cpe:/a:novell:opensuse:php7-bcmath-debuginfo", "p-cpe:/a:novell:opensuse:php7-bz2", "p-cpe:/a:novell:opensuse:php7-bz2-debuginfo", "p-cpe:/a:novell:opensuse:php7-calendar", "p-cpe:/a:novell:opensuse:php7-mcrypt", "p-cpe:/a:novell:opensuse:php7-calendar-debuginfo", "p-cpe:/a:novell:opensuse:php7-mcrypt-debuginfo", "p-cpe:/a:novell:opensuse:php7-ctype", "p-cpe:/a:novell:opensuse:php7-mysql", "p-cpe:/a:novell:opensuse:php7-mysql-debuginfo", "p-cpe:/a:novell:opensuse:php7-odbc", "p-cpe:/a:novell:opensuse:php7-odbc-debuginfo", "p-cpe:/a:novell:opensuse:php7-ctype-debuginfo", "p-cpe:/a:novell:opensuse:php7-opcache", "p-cpe:/a:novell:opensuse:php7-opcache-debuginfo", "p-cpe:/a:novell:opensuse:php7-curl", "p-cpe:/a:novell:opensuse:php7-curl-debuginfo", "p-cpe:/a:novell:opensuse:php7-openssl", "p-cpe:/a:novell:opensuse:php7-openssl-debuginfo", "p-cpe:/a:novell:opensuse:php7-dba", "p-cpe:/a:novell:opensuse:php7-pcntl", "p-cpe:/a:novell:opensuse:php7-dba-debuginfo", "p-cpe:/a:novell:opensuse:php7-pcntl-debuginfo", "p-cpe:/a:novell:opensuse:php7-pdo", "p-cpe:/a:novell:opensuse:php7-debuginfo", "p-cpe:/a:novell:opensuse:php7-pdo-debuginfo", "p-cpe:/a:novell:opensuse:php7-pear", "p-cpe:/a:novell:opensuse:php7-debugsource", "p-cpe:/a:novell:opensuse:php7-pear-archive_tar", "p-cpe:/a:novell:opensuse:php7-devel", "p-cpe:/a:novell:opensuse:php7-pgsql", "p-cpe:/a:novell:opensuse:php7-pgsql-debuginfo", "p-cpe:/a:novell:opensuse:php7-dom", "p-cpe:/a:novell:opensuse:php7-phar", "p-cpe:/a:novell:opensuse:php7-dom-debuginfo", "p-cpe:/a:novell:opensuse:php7-phar-debuginfo", "p-cpe:/a:novell:opensuse:php7-posix", "p-cpe:/a:novell:opensuse:php7-posix-debuginfo", "p-cpe:/a:novell:opensuse:php7-pspell", "p-cpe:/a:novell:opensuse:php7-enchant", "p-cpe:/a:novell:opensuse:php7-pspell-debuginfo", "p-cpe:/a:novell:opensuse:php7-enchant-debuginfo", "p-cpe:/a:novell:opensuse:php7-readline", "p-cpe:/a:novell:opensuse:php7-exif", "p-cpe:/a:novell:opensuse:php7-readline-debuginfo", "p-cpe:/a:novell:opensuse:php7-exif-debuginfo", "p-cpe:/a:novell:opensuse:php7-shmop", "p-cpe:/a:novell:opensuse:php7-fastcgi", "p-cpe:/a:novell:opensuse:php7-shmop-debuginfo", "p-cpe:/a:novell:opensuse:php7-snmp", "p-cpe:/a:novell:opensuse:php7-fastcgi-debuginfo", "p-cpe:/a:novell:opensuse:php7-snmp-debuginfo", "p-cpe:/a:novell:opensuse:php7-fileinfo", "p-cpe:/a:novell:opensuse:php7-soap", "p-cpe:/a:novell:opensuse:php7-fileinfo-debuginfo", "p-cpe:/a:novell:opensuse:php7-soap-debuginfo", "p-cpe:/a:novell:opensuse:php7-firebird", "p-cpe:/a:novell:opensuse:php7-sockets", "p-cpe:/a:novell:opensuse:php7-sockets-debuginfo", "p-cpe:/a:novell:opensuse:php7-firebird-debuginfo", "p-cpe:/a:novell:opensuse:php7-sqlite", "p-cpe:/a:novell:opensuse:php7-fpm", "p-cpe:/a:novell:opensuse:php7-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:php7-sysvmsg", "p-cpe:/a:novell:opensuse:php7-sysvmsg-debuginfo", "p-cpe:/a:novell:opensuse:php7-sysvsem", "p-cpe:/a:novell:opensuse:php7-fpm-debuginfo", "p-cpe:/a:novell:opensuse:php7-sysvsem-debuginfo", "p-cpe:/a:novell:opensuse:php7-sysvshm", "p-cpe:/a:novell:opensuse:php7-ftp", "p-cpe:/a:novell:opensuse:php7-sysvshm-debuginfo", "p-cpe:/a:novell:opensuse:php7-ftp-debuginfo", "p-cpe:/a:novell:opensuse:php7-tidy", "p-cpe:/a:novell:opensuse:php7-gd", "p-cpe:/a:novell:opensuse:php7-tidy-debuginfo", "p-cpe:/a:novell:opensuse:php7-tokenizer", "p-cpe:/a:novell:opensuse:php7-gd-debuginfo", "p-cpe:/a:novell:opensuse:php7-tokenizer-debuginfo", "p-cpe:/a:novell:opensuse:php7-gettext", "p-cpe:/a:novell:opensuse:php7-wddx", "p-cpe:/a:novell:opensuse:php7-gettext-debuginfo", "p-cpe:/a:novell:opensuse:php7-wddx-debuginfo", "p-cpe:/a:novell:opensuse:php7-xmlreader", "p-cpe:/a:novell:opensuse:php7-gmp", "p-cpe:/a:novell:opensuse:php7-xmlreader-debuginfo", "p-cpe:/a:novell:opensuse:php7-gmp-debuginfo", "p-cpe:/a:novell:opensuse:php7-xmlrpc", "p-cpe:/a:novell:opensuse:php7-xmlrpc-debuginfo", "p-cpe:/a:novell:opensuse:php7-iconv", "p-cpe:/a:novell:opensuse:php7-xmlwriter", "p-cpe:/a:novell:opensuse:php7-iconv-debuginfo", "p-cpe:/a:novell:opensuse:php7-xmlwriter-debuginfo", "p-cpe:/a:novell:opensuse:php7-xsl", "p-cpe:/a:novell:opensuse:php7-xsl-debuginfo", "p-cpe:/a:novell:opensuse:php7-zip", "p-cpe:/a:novell:opensuse:php7-imap", "p-cpe:/a:novell:opensuse:php7-zip-debuginfo", "p-cpe:/a:novell:opensuse:php7-zlib", "p-cpe:/a:novell:opensuse:php7-imap-debuginfo", "p-cpe:/a:novell:opensuse:php7-intl", "p-cpe:/a:novell:opensuse:php7-zlib-debuginfo", "p-cpe:/a:novell:opensuse:php7-intl-debuginfo", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:php7-json", "p-cpe:/a:novell:opensuse:php7-json-debuginfo", "p-cpe:/a:novell:opensuse:php7-ldap", "p-cpe:/a:novell:opensuse:php7-ldap-debuginfo", "p-cpe:/a:novell:opensuse:php7-mbstring", "p-cpe:/a:novell:opensuse:php7-mbstring-debuginfo"], "id": "OPENSUSE-2017-994.NASL", "href": "https://www.tenable.com/plugins/nessus/102947", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-994.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102947);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-10397\", \"CVE-2016-5766\", \"CVE-2017-11142\", \"CVE-2017-11144\", \"CVE-2017-11145\", \"CVE-2017-11146\", \"CVE-2017-11147\", \"CVE-2017-11628\", \"CVE-2017-7890\");\n\n script_name(english:\"openSUSE Security Update : php7 (openSUSE-2017-994)\");\n script_summary(english:\"Check for the openSUSE-2017-994 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for php7 fixes the following issues :\n\n - CVE-2016-10397: parse_url() can be bypassed to return\n fake host. (bsc#1047454)\n\n - CVE-2017-11142: Remoteattackers could cause a CPU\n consumption denial of service attack by injectinglong\n form variables, related to main/php_variables.\n (bsc#1048100)\n\n - CVE-2017-11144: The opensslextension PEM sealing code\n did not check the return value of the OpenSSL\n sealingfunction, which could lead to a crash.\n (bsc#1048096)\n\n - CVE-2017-11145: Lack of bounds checks in\n timelib_meridian coud lead to information leak.\n (bsc#1048112)\n\n - CVE-2017-11146: Lack of bounds checks in\n timelib_meridian parse code could lead to information\n leak. (bsc#1048111)\n\n - CVE-2017-11147: The PHAR archive handler could beused by\n attackers supplying malicious archive files to crash the\n PHP interpreteror potentially disclose information.\n (bsc#1048094)\n\n - CVE-2017-11628: Stack-base dbuffer overflow in\n zend_ini_do_op() could lead to denial of service\n (bsc#1050726)\n\n - CVE-2017-7890: Buffer over-read from uninitialized data\n in gdImageCreateFromGifCtx function could lead to denial\n of service (bsc#1050241)\n\n - CVE-2016-5766: Integer Overflow in _gd2GetHeader()\n resulting in heap overflow could lead to denial of\n service or code execution (bsc#986386)\n\nOther fixes :\n\n - Soap Request with References (bsc#1053645)\n\n - php7-pear should explicitly require\n php7-pear-Archive_Tar otherwise this dependency must be\n declared in every php7-pear-* package explicitly.\n [bnc#1052389]\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1047454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052389\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1053645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986386\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php7 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-firebird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pear-Archive_Tar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-readline-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-tidy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-mod_php7-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-mod_php7-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-bcmath-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-bcmath-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-bz2-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-bz2-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-calendar-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-calendar-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-ctype-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-ctype-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-curl-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-curl-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-dba-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-dba-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-debugsource-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-devel-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-dom-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-dom-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-enchant-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-enchant-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-exif-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-exif-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-fastcgi-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-fastcgi-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-fileinfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-fileinfo-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-firebird-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-firebird-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-fpm-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-fpm-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-ftp-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-ftp-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-gd-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-gd-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-gettext-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-gettext-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-gmp-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-gmp-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-iconv-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-iconv-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-imap-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-imap-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-intl-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-intl-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-json-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-json-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-ldap-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-ldap-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-mbstring-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-mbstring-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-mcrypt-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-mcrypt-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-mysql-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-mysql-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-odbc-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-odbc-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-opcache-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-opcache-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-openssl-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-openssl-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-pcntl-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-pcntl-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-pdo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-pdo-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-pear-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-pear-Archive_Tar-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-pgsql-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-pgsql-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-phar-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-phar-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-posix-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-posix-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-pspell-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-pspell-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-readline-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-readline-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-shmop-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-shmop-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-snmp-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-snmp-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-soap-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-soap-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-sockets-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-sockets-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-sqlite-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-sqlite-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-sysvmsg-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-sysvmsg-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-sysvsem-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-sysvsem-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-sysvshm-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-sysvshm-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-tidy-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-tidy-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-tokenizer-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-tokenizer-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-wddx-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-wddx-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-xmlreader-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-xmlreader-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-xmlrpc-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-xmlrpc-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-xmlwriter-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-xmlwriter-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-xsl-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-xsl-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-zip-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-zip-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-zlib-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-zlib-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-mod_php7-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-mod_php7-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-bcmath-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-bcmath-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-bz2-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-bz2-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-calendar-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-calendar-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-ctype-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-ctype-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-curl-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-curl-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-dba-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-dba-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-debugsource-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-devel-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-dom-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-dom-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-enchant-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-enchant-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-exif-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-exif-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-fastcgi-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-fastcgi-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-fileinfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-fileinfo-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-firebird-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-firebird-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-fpm-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-fpm-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-ftp-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-ftp-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-gd-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-gd-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-gettext-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-gettext-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-gmp-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-gmp-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-iconv-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-iconv-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-imap-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-imap-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-intl-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-intl-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-json-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-json-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-ldap-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-ldap-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-mbstring-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-mbstring-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-mcrypt-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-mcrypt-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-mysql-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-mysql-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-odbc-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-odbc-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-opcache-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-opcache-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-openssl-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-openssl-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-pcntl-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-pcntl-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-pdo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-pdo-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-pear-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-pear-Archive_Tar-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-pgsql-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-pgsql-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-phar-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-phar-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-posix-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-posix-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-pspell-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-pspell-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-readline-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-readline-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-shmop-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-shmop-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-snmp-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-snmp-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-soap-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-soap-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-sockets-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-sockets-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-sqlite-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-sqlite-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-sysvmsg-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-sysvmsg-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-sysvsem-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-sysvsem-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-sysvshm-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-sysvshm-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-tidy-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-tidy-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-tokenizer-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-tokenizer-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-wddx-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-wddx-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-xmlreader-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-xmlreader-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-xmlrpc-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-xmlrpc-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-xmlwriter-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-xmlwriter-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-xsl-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-xsl-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-zip-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-zip-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-zlib-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-zlib-debuginfo-7.0.7-19.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php7 / apache2-mod_php7-debuginfo / php7 / php7-bcmath / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:40:26", "description": "According to its banner, the version of PHP running on the remote web server is 5.5.x prior to 5.5.37. It is, therefore, affected by multiple vulnerabilities :\n\n - A denial of service vulnerability exists in the GD graphics library in the gdImageFillToBorder() function within file gd.c when handling crafted images that have an overly large negative coordinate. An unauthenticated, remote attacker can exploit this, via a crafted image, to crash processes linked against the library.\n (CVE-2015-8874)\n\n - An integer overflow condition exists in the\n _gd2GetHeader() function in file ext/gd/libgd/gd_gd2.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5766)\n\n - An integer overflow condition exists in the gdImagePaletteToTrueColor() function within file ext/gd/libgd/gd.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5767)\n\n - A double-free error exists in the\n _php_mb_regex_ereg_replace_exec() function within file ext/mbstring/php_mbregex.c when handling a failed callback execution. An unauthenticated, remote attacker can exploit this to execute arbitrary code.\n (CVE-2016-5768)\n\n - An integer overflow condition exists within file ext/mcrypt/mcrypt.c due to improper validation of user-supplied input when handling data values. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5769)\n\n - An integer overflow condition exists within file ext/spl/spl_directory.c, triggered by an int/size_t type confusion error, that allows an unauthenticated, remote attacker to have an unspecified impact.\n (CVE-2016-5770)\n\n - A use-after-free error exists in the garbage collection algorithm within file ext/spl/spl_array.c. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-5771)\n\n - A double-free error exists in the php_wddx_process_data() function within file ext/wddx/wddx.c when handling specially crafted XML content. An unauthenticated, remote attacker can exploit this to execute arbitrary code.\n (CVE-2016-5772)\n\n - A use-after-free error exists in the garbage collection algorithm within file ext/zip/php_zip.c. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-5773)\n\n - An integer overflow condition exists in the json_decode() and json_utf8_to_utf16() functions within file ext/standard/php_smart_str.h due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.\n\n - An out-of-bounds read error exists in the pass2_no_dither() function within file ext/gd/libgd/gd_topal.c that allows an unauthenticated, remote attacker to cause a denial of service condition or disclose memory contents.\n\n - An integer overflow condition exists within file ext/standard/string.c when handling string lengths due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to have an unspecified impact.\n\n - A NULL pointer dereference flaw exists in the\n _gdScaleVert() function within file ext/gd/libgd/gd_interpolation.c that is triggered when handling _gdContributionsCalc return values. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.\n\n - An integer overflow condition exists in the nl2br() function within file ext/standard/string.c when handling new_length values due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to have an unspecified impact.\n\n - An integer overflow condition exists in multiple functions within file ext/standard/string.c when handling string values due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to have an unspecified impact.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-07-01T00:00:00", "type": "nessus", "title": "PHP 5.5.x < 5.5.37 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8874", "CVE-2016-5766", "CVE-2016-5767", "CVE-2016-5768", "CVE-2016-5769", "CVE-2016-5770", "CVE-2016-5771", "CVE-2016-5772", "CVE-2016-5773"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_5_37.NASL", "href": "https://www.tenable.com/plugins/nessus/91897", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91897);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2015-8874\",\n \"CVE-2016-5766\",\n \"CVE-2016-5767\",\n \"CVE-2016-5768\",\n \"CVE-2016-5769\",\n \"CVE-2016-5770\",\n \"CVE-2016-5771\",\n \"CVE-2016-5772\",\n \"CVE-2016-5773\"\n );\n script_bugtraq_id(\n 90714,\n 91393,\n 91395,\n 91396,\n 91397,\n 91398,\n 91399,\n 91401,\n 91403\n );\n\n script_name(english:\"PHP 5.5.x < 5.5.37 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of PHP running on the remote web server is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP running on the remote web\nserver is 5.5.x prior to 5.5.37. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A denial of service vulnerability exists in the GD\n graphics library in the gdImageFillToBorder() function\n within file gd.c when handling crafted images that have\n an overly large negative coordinate. An unauthenticated,\n remote attacker can exploit this, via a crafted image,\n to crash processes linked against the library.\n (CVE-2015-8874)\n\n - An integer overflow condition exists in the\n _gd2GetHeader() function in file ext/gd/libgd/gd_gd2.c\n due to improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2016-5766)\n\n - An integer overflow condition exists in the\n gdImagePaletteToTrueColor() function within file\n ext/gd/libgd/gd.c due to improper validation of\n user-supplied input. An unauthenticated, remote attacker\n can exploit this to cause a denial of service condition\n or the execution of arbitrary code. (CVE-2016-5767)\n\n - A double-free error exists in the\n _php_mb_regex_ereg_replace_exec() function within file\n ext/mbstring/php_mbregex.c when handling a failed\n callback execution. An unauthenticated, remote attacker\n can exploit this to execute arbitrary code.\n (CVE-2016-5768)\n\n - An integer overflow condition exists within file\n ext/mcrypt/mcrypt.c due to improper validation of\n user-supplied input when handling data values. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2016-5769)\n\n - An integer overflow condition exists within file\n ext/spl/spl_directory.c, triggered by an int/size_t\n type confusion error, that allows an unauthenticated,\n remote attacker to have an unspecified impact.\n (CVE-2016-5770)\n\n - A use-after-free error exists in the garbage collection\n algorithm within file ext/spl/spl_array.c. An\n unauthenticated, remote attacker can exploit this to\n dereference already freed memory, resulting in the\n execution of arbitrary code. (CVE-2016-5771)\n\n - A double-free error exists in the\n php_wddx_process_data() function within file\n ext/wddx/wddx.c when handling specially crafted XML\n content. An unauthenticated, remote attacker\n can exploit this to execute arbitrary code.\n (CVE-2016-5772)\n\n - A use-after-free error exists in the garbage collection\n algorithm within file ext/zip/php_zip.c. An\n unauthenticated, remote attacker can exploit this to\n dereference already freed memory, resulting in the\n execution of arbitrary code. (CVE-2016-5773)\n\n - An integer overflow condition exists in the\n json_decode() and json_utf8_to_utf16() functions within\n file ext/standard/php_smart_str.h due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this to cause a denial of\n service condition or the execution of arbitrary code.\n\n - An out-of-bounds read error exists in the\n pass2_no_dither() function within file\n ext/gd/libgd/gd_topal.c that allows an unauthenticated,\n remote attacker to cause a denial of service condition\n or disclose memory contents.\n\n - An integer overflow condition exists within file\n ext/standard/string.c when handling string lengths due\n to improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n have an unspecified impact.\n\n - A NULL pointer dereference flaw exists in the\n _gdScaleVert() function within file\n ext/gd/libgd/gd_interpolation.c that is triggered when\n handling _gdContributionsCalc return values. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition.\n\n - An integer overflow condition exists in the nl2br()\n function within file ext/standard/string.c when handling\n new_length values due to improper validation of\n user-supplied input. An unauthenticated, remote attacker\n can exploit this to have an unspecified impact.\n\n - An integer overflow condition exists in multiple\n functions within file ext/standard/string.c when\n handling string values due to improper validation of\n user-supplied input. An unauthenticated, remote attacker\n can exploit this to have an unspecified impact.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-5.php#5.5.37\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 5.5.37 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5768\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/01/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.5)?$\")\n audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^5\\.5\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.5.x\", port);\n\nif (version =~ \"^5\\.5\\.\" && ver_compare(ver:version, fix:\"5.5.37\", strict:FALSE) < 0){\n security_report_v4(\n port : port,\n extra :\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 5.5.37' +\n '\\n',\n severity:SECURITY_HOLE\n );\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:24:35", "description": "Shotwell was updated to fix the following issues :\n\n - boo#958382: Shotwell did not perform TLS certificate verification when publishing photos to external services", "cvss3": {}, "published": "2016-03-23T00:00:00", "type": "nessus", "title": "openSUSE Security Update : shotwell (openSUSE-2016-844)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8935", "CVE-2016-5766", "CVE-2016-5767", "CVE-2016-5768", "CVE-2016-5769", "CVE-2016-5770", "CVE-2016-5771", "CVE-2016-5772", "CVE-2016-5773"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2-mod_php5", "p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo", "p-cpe:/a:novell:opensuse:php5", "p-cpe:/a:novell:opensuse:php5-bcmath", "p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo", "p-cpe:/a:novell:opensuse:php5-bz2", "p-cpe:/a:novell:opensuse:php5-bz2-debuginfo", "p-cpe:/a:novell:opensuse:php5-calendar", "p-cpe:/a:novell:opensuse:php5-calendar-debuginfo", "p-cpe:/a:novell:opensuse:php5-ctype", "p-cpe:/a:novell:opensuse:php5-ctype-debuginfo", "p-cpe:/a:novell:opensuse:php5-curl", "p-cpe:/a:novell:opensuse:php5-curl-debuginfo", "p-cpe:/a:novell:opensuse:php5-dba", "p-cpe:/a:novell:opensuse:php5-dba-debuginfo", "p-cpe:/a:novell:opensuse:php5-debuginfo", "p-cpe:/a:novell:opensuse:php5-debugsource", "p-cpe:/a:novell:opensuse:php5-devel", "p-cpe:/a:novell:opensuse:php5-dom", "p-cpe:/a:novell:opensuse:php5-dom-debuginfo", "p-cpe:/a:novell:opensuse:php5-enchant", "p-cpe:/a:novell:opensuse:php5-enchant-debuginfo", "p-cpe:/a:novell:opensuse:php5-exif", "p-cpe:/a:novell:opensuse:php5-exif-debuginfo", "p-cpe:/a:novell:opensuse:php5-fastcgi", "p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo", "p-cpe:/a:novell:opensuse:php5-fileinfo", "p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo", "p-cpe:/a:novell:opensuse:php5-firebird", "p-cpe:/a:novell:opensuse:php5-firebird-debuginfo", "p-cpe:/a:novell:opensuse:php5-fpm", "p-cpe:/a:novell:opensuse:php5-fpm-debuginfo", "p-cpe:/a:novell:opensuse:php5-ftp", "p-cpe:/a:novell:opensuse:php5-ftp-debuginfo", "p-cpe:/a:novell:opensuse:php5-gd", "p-cpe:/a:novell:opensuse:php5-gd-debuginfo", "p-cpe:/a:novell:opensuse:php5-gettext", "p-cpe:/a:novell:opensuse:php5-gettext-debuginfo", "p-cpe:/a:novell:opensuse:php5-gmp", "p-cpe:/a:novell:opensuse:php5-gmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-iconv", "p-cpe:/a:novell:opensuse:php5-iconv-debuginfo", "p-cpe:/a:novell:opensuse:php5-imap", "p-cpe:/a:novell:opensuse:php5-imap-debuginfo", "p-cpe:/a:novell:opensuse:php5-intl", "p-cpe:/a:novell:opensuse:php5-intl-debuginfo", "p-cpe:/a:novell:opensuse:php5-json", "p-cpe:/a:novell:opensuse:php5-json-debuginfo", "p-cpe:/a:novell:opensuse:php5-ldap", "p-cpe:/a:novell:opensuse:php5-ldap-debuginfo", "p-cpe:/a:novell:opensuse:php5-mbstring", "p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo", "p-cpe:/a:novell:opensuse:php5-mcrypt", "p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo", "p-cpe:/a:novell:opensuse:php5-mssql", "p-cpe:/a:novell:opensuse:php5-mssql-debuginfo", "p-cpe:/a:novell:opensuse:php5-mysql", "p-cpe:/a:novell:opensuse:php5-mysql-debuginfo", "p-cpe:/a:novell:opensuse:php5-odbc", "p-cpe:/a:novell:opensuse:php5-odbc-debuginfo", "p-cpe:/a:novell:opensuse:php5-opcache", "p-cpe:/a:novell:opensuse:php5-opcache-debuginfo", "p-cpe:/a:novell:opensuse:php5-openssl", "p-cpe:/a:novell:opensuse:php5-openssl-debuginfo", "p-cpe:/a:novell:opensuse:php5-pcntl", "p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo", "p-cpe:/a:novell:opensuse:php5-pdo", "p-cpe:/a:novell:opensuse:php5-pdo-debuginfo", "p-cpe:/a:novell:opensuse:php5-pear", "p-cpe:/a:novell:opensuse:php5-pgsql", "p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo", "p-cpe:/a:novell:opensuse:php5-phar", "p-cpe:/a:novell:opensuse:php5-phar-debuginfo", "p-cpe:/a:novell:opensuse:php5-posix", "p-cpe:/a:novell:opensuse:php5-posix-debuginfo", "p-cpe:/a:novell:opensuse:php5-pspell", "p-cpe:/a:novell:opensuse:php5-pspell-debuginfo", "p-cpe:/a:novell:opensuse:php5-readline", "p-cpe:/a:novell:opensuse:php5-readline-debuginfo", "p-cpe:/a:novell:opensuse:php5-shmop", "p-cpe:/a:novell:opensuse:php5-shmop-debuginfo", "p-cpe:/a:novell:opensuse:php5-snmp", "p-cpe:/a:novell:opensuse:php5-snmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-soap", "p-cpe:/a:novell:opensuse:php5-soap-debuginfo", "p-cpe:/a:novell:opensuse:php5-sockets", "p-cpe:/a:novell:opensuse:php5-sockets-debuginfo", "p-cpe:/a:novell:opensuse:php5-sqlite", "p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:php5-suhosin", "p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvmsg", "p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvsem", "p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvshm", "p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo", "p-cpe:/a:novell:opensuse:php5-tidy", "p-cpe:/a:novell:opensuse:php5-tidy-debuginfo", "p-cpe:/a:novell:opensuse:php5-tokenizer", "p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo", "p-cpe:/a:novell:opensuse:php5-wddx", "p-cpe:/a:novell:opensuse:php5-wddx-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlreader", "p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlrpc", "p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlwriter", "p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo", "p-cpe:/a:novell:opensuse:php5-xsl", "p-cpe:/a:novell:opensuse:php5-xsl-debuginfo", "p-cpe:/a:novell:opensuse:php5-zip", "p-cpe:/a:novell:opensuse:php5-zip-debuginfo", "p-cpe:/a:novell:opensuse:php5-zlib", "p-cpe:/a:novell:opensuse:php5-zlib-debuginfo", "p-cpe:/a:novell:opensuse:shotwell", "p-cpe:/a:novell:opensuse:shotwell-debuginfo", "p-cpe:/a:novell:opensuse:shotwell-debugsource", "p-cpe:/a:novell:opensuse:shotwell-lang", "cpe:/o:novell:opensuse:13.2", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-844.NASL", "href": "https://www.tenable.com/plugins/nessus/90108", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-844.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90108);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-8935\", \"CVE-2016-5766\", \"CVE-2016-5767\", \"CVE-2016-5768\", \"CVE-2016-5769\", \"CVE-2016-5770\", \"CVE-2016-5771\", \"CVE-2016-5772\", \"CVE-2016-5773\");\n\n script_name(english:\"openSUSE Security Update : shotwell (openSUSE-2016-844)\");\n script_summary(english:\"Check for the openSUSE-2016-844 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Shotwell was updated to fix the following issues :\n\n - boo#958382: Shotwell did not perform TLS certificate\n verification when publishing photos to external services\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=958382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986004\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986246\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986247\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986391\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986393\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected shotwell packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-firebird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:shotwell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:shotwell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:shotwell-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:shotwell-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2|SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2 / 42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"apache2-mod_php5-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"apache2-mod_php5-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bcmath-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bcmath-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bz2-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bz2-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-calendar-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-calendar-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ctype-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ctype-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-curl-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-curl-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dba-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dba-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-debugsource-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-devel-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dom-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dom-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-enchant-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-enchant-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-exif-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-exif-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fastcgi-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fastcgi-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fileinfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fileinfo-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-firebird-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-firebird-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fpm-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fpm-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ftp-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ftp-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gd-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gd-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gettext-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gettext-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gmp-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gmp-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-iconv-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-iconv-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-imap-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-imap-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-intl-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-intl-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-json-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-json-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ldap-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ldap-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mbstring-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mbstring-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mcrypt-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mcrypt-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mssql-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mssql-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mysql-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mysql-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-odbc-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-odbc-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-opcache-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-opcache-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-openssl-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-openssl-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pcntl-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pcntl-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pdo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pdo-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pear-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pgsql-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pgsql-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-phar-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-phar-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-posix-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-posix-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pspell-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pspell-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-readline-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-readline-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-shmop-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-shmop-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-snmp-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-snmp-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-soap-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-soap-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sockets-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sockets-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sqlite-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sqlite-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-suhosin-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-suhosin-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvmsg-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvmsg-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvsem-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvsem-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvshm-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvshm-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tidy-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tidy-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tokenizer-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tokenizer-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-wddx-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-wddx-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlreader-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlreader-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlrpc-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlrpc-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlwriter-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlwriter-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xsl-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xsl-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zip-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zip-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zlib-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zlib-debuginfo-5.6.1-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"shotwell-0.22.0+git.20160103-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"shotwell-debuginfo-0.22.0+git.20160103-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"shotwell-debugsource-0.22.0+git.20160103-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"shotwell-lang-0.22.0+git.20160103-5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php5 / apache2-mod_php5-debuginfo / php5 / php5-bcmath / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:39:04", "description": "According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.8. It is, therefore, affected by multiple vulnerabilities :\n\n - An invalid free flaw exists in the phar_extract_file() function within file ext/phar/phar_object.c that allows an unauthenticated, remote attacker to have an unspecified impact. (CVE-2016-4473)\n\n - An integer overflow condition exists in the\n _gd2GetHeader() function in file ext/gd/libgd/gd_gd2.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5766)\n\n - An integer overflow condition exists in the gdImagePaletteToTrueColor() function within file ext/gd/libgd/gd.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5767)\n\n - A double-free error exists in the\n _php_mb_regex_ereg_replace_exec() function within file ext/mbstring/php_mbregex.c when handling a failed callback execution. An unauthenticated, remote attacker can exploit this to execute arbitrary code.\n (CVE-2016-5768)\n\n - An integer overflow condition exists within file ext/mcrypt/mcrypt.c due to improper validation of user-supplied input when handling data values. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5769)\n\n - An integer overflow condition exists within file ext/spl/spl_directory.c, triggered by an int/size_t type confusion error, that allows an unauthenticated, remote attacker to have an unspecified impact.\n (CVE-2016-5770)\n\n - A use-after-free error exists in the garbage collection algorithm within file ext/spl/spl_array.c. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-5771)\n\n - A double-free error exists in the php_wddx_process_data() function within file ext/wddx/wddx.c when handling specially crafted XML content. An unauthenticated, remote attacker can exploit this to execute arbitrary code.\n (CVE-2016-5772)\n\n - A use-after-free error exists in the garbage collection algorithm within file ext/zip/php_zip.c. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-5773)\n\n - An integer overflow condition exists in the json_decode() and json_utf8_to_utf16() functions within file ext/standard/php_smart_str.h due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.\n\n - An out-of-bounds read error exists in the pass2_no_dither() function within file ext/gd/libgd/gd_topal.c that allows an unauthenticated, remote attacker to cause a denial of service condition or disclose memory contents.\n\n - An integer overflow condition exists within file ext/standard/string.c when handling string lengths due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to have an unspecified impact.\n\n - A NULL pointer dereference flaw exists in the\n _gdScaleVert() function within file ext/gd/libgd/gd_interpolation.c that is triggered when handling _gdContributionsCalc return values. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.\n\n - An integer overflow condition exists in the nl2br() function within file ext/standard/string.c when handling new_length values due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to have an unspecified impact.\n\n - An integer overflow condition exists in multiple functions within file ext/standard/string.c when handling string values due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to have an unspecified impact.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-07-01T00:00:00", "type": "nessus", "title": "PHP 7.0.x < 7.0.8 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4473", "CVE-2016-5766", "CVE-2016-5767", "CVE-2016-5768", "CVE-2016-5769", "CVE-2016-5770", "CVE-2016-5771", "CVE-2016-5772", "CVE-2016-5773"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_7_0_8.NASL", "href": "https://www.tenable.com/plugins/nessus/91899", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91899);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2016-4473\",\n \"CVE-2016-5766\",\n \"CVE-2016-5767\",\n \"CVE-2016-5768\",\n \"CVE-2016-5769\",\n \"CVE-2016-5770\",\n \"CVE-2016-5771\",\n \"CVE-2016-5772\",\n \"CVE-2016-5773\"\n );\n script_bugtraq_id(91395, 98999);\n\n script_name(english:\"PHP 7.0.x < 7.0.8 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of PHP running on the remote web server is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP running on the remote web\nserver is 7.0.x prior to 7.0.8. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An invalid free flaw exists in the phar_extract_file()\n function within file ext/phar/phar_object.c that allows\n an unauthenticated, remote attacker to have an\n unspecified impact. (CVE-2016-4473)\n\n - An integer overflow condition exists in the\n _gd2GetHeader() function in file ext/gd/libgd/gd_gd2.c\n due to improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2016-5766)\n\n - An integer overflow condition exists in the\n gdImagePaletteToTrueColor() function within file\n ext/gd/libgd/gd.c due to improper validation of\n user-supplied input. An unauthenticated, remote attacker\n can exploit this to cause a denial of service condition\n or the execution of arbitrary code. (CVE-2016-5767)\n\n - A double-free error exists in the\n _php_mb_regex_ereg_replace_exec() function within file\n ext/mbstring/php_mbregex.c when handling a failed\n callback execution. An unauthenticated, remote attacker\n can exploit this to execute arbitrary code.\n (CVE-2016-5768)\n\n - An integer overflow condition exists within file\n ext/mcrypt/mcrypt.c due to improper validation of\n user-supplied input when handling data values. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2016-5769)\n\n - An integer overflow condition exists within file\n ext/spl/spl_directory.c, triggered by an int/size_t\n type confusion error, that allows an unauthenticated,\n remote attacker to have an unspecified impact.\n (CVE-2016-5770)\n\n - A use-after-free error exists in the garbage collection\n algorithm within file ext/spl/spl_array.c. An\n unauthenticated, remote attacker can exploit this to\n dereference already freed memory, resulting in the\n execution of arbitrary code. (CVE-2016-5771)\n\n - A double-free error exists in the\n php_wddx_process_data() function within file\n ext/wddx/wddx.c when handling specially crafted XML\n content. An unauthenticated, remote attacker\n can exploit this to execute arbitrary code.\n (CVE-2016-5772)\n\n - A use-after-free error exists in the garbage collection\n algorithm within file ext/zip/php_zip.c. An\n unauthenticated, remote attacker can exploit this to\n dereference already freed memory, resulting in the\n execution of arbitrary code. (CVE-2016-5773)\n\n - An integer overflow condition exists in the\n json_decode() and json_utf8_to_utf16() functions within\n file ext/standard/php_smart_str.h due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this to cause a denial of\n service condition or the execution of arbitrary code.\n\n - An out-of-bounds read error exists in the\n pass2_no_dither() function within file\n ext/gd/libgd/gd_topal.c that allows an unauthenticated,\n remote attacker to cause a denial of service condition\n or disclose memory contents.\n\n - An integer overflow condition exists within file\n ext/standard/string.c when handling string lengths due\n to improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n have an unspecified impact.\n\n - A NULL pointer dereference flaw exists in the\n _gdScaleVert() function within file\n ext/gd/libgd/gd_interpolation.c that is triggered when\n handling _gdContributionsCalc return values. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition.\n\n - An integer overflow condition exists in the nl2br()\n function within file ext/standard/string.c when handling\n new_length values due to improper validation of\n user-supplied input. An unauthenticated, remote attacker\n can exploit this to have an unspecified impact.\n\n - An integer overflow condition exists in multiple\n functions within file ext/standard/string.c when\n handling string values due to improper validation of\n user-supplied input. An unauthenticated, remote attacker\n can exploit this to have an unspecified impact.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-7.php#7.0.8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 7.0.8 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-4473\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nvcf::php::initialize();\n\nport = get_http_port(default:80, php:TRUE);\n\napp_info = vcf::php::get_app_info(port:port);\n\nconstraints = [\n { \"min_version\" : \"7.0.0alpha0\", \"fixed_version\" : \"7.0.8\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-21T14:13:52", "description": "According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.23. It is, therefore, affected by multiple vulnerabilities :\n\n - An invalid free flaw exists in the phar_extract_file() function within file ext/phar/phar_object.c that allows an unauthenticated, remote attacker to have an unspecified impact. (CVE-2016-4473)\n\n - An integer overflow condition exists in the _gd2GetHeader() function in file ext/gd/libgd/gd_gd2.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5766)\n\n - An integer overflow condition exists in the gdImagePaletteToTrueColor() function within file ext/gd/libgd/gd.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5767)\n\n - A double-free error exists in the _php_mb_regex_ereg_replace_exec() function within file ext/mbstring/php_mbregex.c when handling a failed callback execution. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5768)\n\n - An integer overflow condition exists within file ext/mcrypt/mcrypt.c due to improper validation of user-supplied input when handling data values. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5769)\n\n - An integer overflow condition exists within file ext/spl/spl_directory.c, triggered by an int/size_t type confusion error, that allows an unauthenticated, remote attacker to have an unspecified impact. (CVE-2016-5770)\n\n - A use-after-free error exists in the garbage collection algorithm within file ext/spl/spl_array.c. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-5771)\n\n - A double-free error exists in the php_wddx_process_data() function within file ext/wddx/wddx.c when handling specially crafted XML content. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5772)\n\n - A use-after-free error exists in the garbage collection algorithm within file ext/zip/php_zip.c. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-5773)\n\n - An integer overflow condition exists in the json_decode() and json_utf8_to_utf16() functions within file ext/standard/php_smart_str.h due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.\n\n - An out-of-bounds read error exists in the pass2_no_dither() function within file ext/gd/libgd/gd_topal.c that allows an unauthenticated, remote attacker to cause a denial of service condition or disclose memory contents.\n\n - An integer overflow condition exists within file ext/standard/string.c when handling string lengths due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to have an unspecified impact.\n\n - A NULL pointer dereference flaw exists in the _gdScaleVert() function within file ext/gd/libgd/gd_interpolation.c that is triggered when handling _gdContributionsCalc return values. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.\n\n - An integer overflow condition exists in multiple functions within file ext/standard/string.c when handling string values due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to have an unspecified impact.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-01-09T00:00:00", "type": "nessus", "title": "PHP 5.6.x < 5.6.23 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4473", "CVE-2016-5766", "CVE-2016-5767", "CVE-2016-5768", "CVE-2016-5769", "CVE-2016-5770", "CVE-2016-5771", "CVE-2016-5772", "CVE-2016-5773"], "modified": "2023-03-14T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98813", "href": "https://www.tenable.com/plugins/was/98813", "sourceData": "No source data", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:39:03", "description": "The PHP Group reports :\n\nPlease reference CVE/URL list for details", "cvss3": {}, "published": "2016-06-27T00:00:00", "type": "nessus", "title": "FreeBSD : php -- multiple vulnerabilities (66d77c58-3b1d-11e6-8e82-002590263bf5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8874", "CVE-2016-5766", "CVE-2016-5767", "CVE-2016-5768", "CVE-2016-5769", "CVE-2016-5770", "CVE-2016-5771", "CVE-2016-5772", "CVE-2016-5773"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:php55", "p-cpe:/a:freebsd:freebsd:php55-gd", "p-cpe:/a:freebsd:freebsd:php55-mbstring", "p-cpe:/a:freebsd:freebsd:php55-wddx", "p-cpe:/a:freebsd:freebsd:php55-zip", "p-cpe:/a:freebsd:freebsd:php56", "p-cpe:/a:freebsd:freebsd:php56-gd", "p-cpe:/a:freebsd:freebsd:php56-mbstring", "p-cpe:/a:freebsd:freebsd:php56-phar", "p-cpe:/a:freebsd:freebsd:php56-wddx", "p-cpe:/a:freebsd:freebsd:php56-zip", "p-cpe:/a:freebsd:freebsd:php70", "p-cpe:/a:freebsd:freebsd:php70-gd", "p-cpe:/a:freebsd:freebsd:php70-mbstring", "p-cpe:/a:freebsd:freebsd:php70-phar", "p-cpe:/a:freebsd:freebsd:php70-wddx", "p-cpe:/a:freebsd:freebsd:php70-zip", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_66D77C583B1D11E68E82002590263BF5.NASL", "href": "https://www.tenable.com/plugins/nessus/91839", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91839);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-8874\", \"CVE-2016-5766\", \"CVE-2016-5767\", \"CVE-2016-5768\", \"CVE-2016-5769\", \"CVE-2016-5770\", \"CVE-2016-5771\", \"CVE-2016-5772\", \"CVE-2016-5773\");\n\n script_name(english:\"FreeBSD : php -- multiple vulnerabilities (66d77c58-3b1d-11e6-8e82-002590263bf5)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The PHP Group reports :\n\nPlease reference CVE/URL list for details\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210502\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-5.php#5.5.37\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-5.php#5.6.23\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-7.php#7.0.8\"\n );\n # https://vuxml.freebsd.org/freebsd/66d77c58-3b1d-11e6-8e82-002590263bf5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?189bc37f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php55\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php55-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php55-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php55-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php55-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php56\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php56-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php56-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php56-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php56-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php56-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php70\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php70-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php70-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php70-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php70-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php70-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"php55<5.5.37\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php55-gd<5.5.37\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php55-mbstring<5.5.37\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php55-wddx<5.5.37\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php55-zip<5.5.37\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php56<5.6.23\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php56-gd<5.6.23\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php56-mbstring<5.6.23\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php56-phar<5.6.23\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php56-wddx<5.6.23\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php56-zip<5.6.23\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php70<7.0.8\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php70-gd<7.0.8\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php70-mbstring<7.0.8\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php70-phar<7.0.8\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php70-wddx<7.0.8\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php70-zip<7.0.8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T15:01:06", "description": "This update for php53 fixes the several issues. These security issues were fixed :\n\n - CVE-2017-12933: The finish_nested_data function in ext/standard/var_unserializer.re was prone to a buffer over-read while unserializing untrusted data.\n Exploitation of this issue could have had an unspecified impact on the integrity of PHP (bsc#1054430).\n\n - CVE-2017-11628: Stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could have caused a denial of service or potentially allowed executing code (bsc#1050726).\n\n - CVE-2017-7890: The GIF decoding function gdImageCreateFromGifCtx in the GD Graphics Library did not zero colorMap arrays use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information (bsc#1050241).\n\n - CVE-2016-5766: Integer overflow in the _gd2GetHeader in the GD Graphics Library (aka libgd) allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image (bsc#986386).\n\n - CVE-2017-11145: An error in the date extension's timelib_meridian parsing code could have been used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function (bsc#1048112).\n\n - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could have lead to information leak [bsc#1048111]\n\n - CVE-2016-10397: Incorrect handling of various URI components in the URL parser could have been used by attackers to bypass hostname-specific URL checks (bsc#1047454).\n\n - CVE-2017-11147: The PHAR archive handler could have been used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function (bsc#1048094).\n\n - CVE-2017-11144: The openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could have lead to a crash of the PHP interpreter (bsc#1048096).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-09-19T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : php53 (SUSE-SU-2017:2522-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10168", "CVE-2016-10397", "CVE-2016-5766", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11146", "CVE-2017-11147", "CVE-2017-11628", "CVE-2017-12933", "CVE-2017-7890"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php53", "p-cpe:/a:novell:suse_linux:php53", "p-cpe:/a:novell:suse_linux:php53-bcmath", "p-cpe:/a:novell:suse_linux:php53-bz2", "p-cpe:/a:novell:suse_linux:php53-calendar", "p-cpe:/a:novell:suse_linux:php53-ctype", "p-cpe:/a:novell:suse_linux:php53-curl", "p-cpe:/a:novell:suse_linux:php53-dba", "p-cpe:/a:novell:suse_linux:php53-dom", "p-cpe:/a:novell:suse_linux:php53-exif", "p-cpe:/a:novell:suse_linux:php53-fastcgi", "p-cpe:/a:novell:suse_linux:php53-fileinfo", "p-cpe:/a:novell:suse_linux:php53-ftp", "p-cpe:/a:novell:suse_linux:php53-gd", "p-cpe:/a:novell:suse_linux:php53-gettext", "p-cpe:/a:novell:suse_linux:php53-gmp", "p-cpe:/a:novell:suse_linux:php53-iconv", "p-cpe:/a:novell:suse_linux:php53-intl", "p-cpe:/a:novell:suse_linux:php53-json", "p-cpe:/a:novell:suse_linux:php53-ldap", "p-cpe:/a:novell:suse_linux:php53-mbstring", "p-cpe:/a:novell:suse_linux:php53-mcrypt", "p-cpe:/a:novell:suse_linux:php53-mysql", "p-cpe:/a:novell:suse_linux:php53-odbc", "p-cpe:/a:novell:suse_linux:php53-openssl", "p-cpe:/a:novell:suse_linux:php53-pcntl", "p-cpe:/a:novell:suse_linux:php53-pdo", "p-cpe:/a:novell:suse_linux:php53-pear", "p-cpe:/a:novell:suse_linux:php53-pgsql", "p-cpe:/a:novell:suse_linux:php53-pspell", "p-cpe:/a:novell:suse_linux:php53-shmop", "p-cpe:/a:novell:suse_linux:php53-snmp", "p-cpe:/a:novell:suse_linux:php53-soap", "p-cpe:/a:novell:suse_linux:php53-suhosin", "p-cpe:/a:novell:suse_linux:php53-sysvmsg", "p-cpe:/a:novell:suse_linux:php53-sysvsem", "p-cpe:/a:novell:suse_linux:php53-sysvshm", "p-cpe:/a:novell:suse_linux:php53-tokenizer", "p-cpe:/a:novell:suse_linux:php53-wddx", "p-cpe:/a:novell:suse_linux:php53-xmlreader", "p-cpe:/a:novell:suse_linux:php53-xmlrpc", "p-cpe:/a:novell:suse_linux:php53-xmlwriter", "p-cpe:/a:novell:suse_linux:php53-xsl", "p-cpe:/a:novell:suse_linux:php53-zip", "p-cpe:/a:novell:suse_linux:php53-zlib", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2017-2522-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103317", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2522-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103317);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-10168\", \"CVE-2016-10397\", \"CVE-2016-5766\", \"CVE-2017-11144\", \"CVE-2017-11145\", \"CVE-2017-11146\", \"CVE-2017-11147\", \"CVE-2017-11628\", \"CVE-2017-12933\", \"CVE-2017-7890\");\n\n script_name(english:\"SUSE SLES11 Security Update : php53 (SUSE-SU-2017:2522-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for php53 fixes the several issues. These security issues\nwere fixed :\n\n - CVE-2017-12933: The finish_nested_data function in\n ext/standard/var_unserializer.re was prone to a buffer\n over-read while unserializing untrusted data.\n Exploitation of this issue could have had an unspecified\n impact on the integrity of PHP (bsc#1054430).\n\n - CVE-2017-11628: Stack-based buffer overflow in the\n zend_ini_do_op() function in Zend/zend_ini_parser.c\n could have caused a denial of service or potentially\n allowed executing code (bsc#1050726).\n\n - CVE-2017-7890: The GIF decoding function\n gdImageCreateFromGifCtx in the GD Graphics Library did\n not zero colorMap arrays use. A specially crafted GIF\n image could use the uninitialized tables to read ~700\n bytes from the top of the stack, potentially disclosing\n sensitive information (bsc#1050241).\n\n - CVE-2016-5766: Integer overflow in the _gd2GetHeader in\n the GD Graphics Library (aka libgd) allowed remote\n attackers to cause a denial of service (heap-based\n buffer overflow and application crash) or possibly have\n unspecified other impact via crafted chunk dimensions in\n an image (bsc#986386).\n\n - CVE-2017-11145: An error in the date extension's\n timelib_meridian parsing code could have been used by\n attackers able to supply date strings to leak\n information from the interpreter, related to\n ext/date/lib/parse_date.c out-of-bounds reads affecting\n the php_parse_date function (bsc#1048112).\n\n - CVE-2017-11146: Lack of bounds checks in\n timelib_meridian parse code could have lead to\n information leak [bsc#1048111]\n\n - CVE-2016-10397: Incorrect handling of various URI\n components in the URL parser could have been used by\n attackers to bypass hostname-specific URL checks\n (bsc#1047454).\n\n - CVE-2017-11147: The PHAR archive handler could have been\n used by attackers supplying malicious archive files to\n crash the PHP interpreter or potentially disclose\n information due to a buffer over-read in the\n phar_parse_pharfile function (bsc#1048094).\n\n - CVE-2017-11144: The openssl extension PEM sealing code\n did not check the return value of the OpenSSL sealing\n function, which could have lead to a crash of the PHP\n interpreter (bsc#1048096).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054430\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10168/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10397/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5766/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11144/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11145/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11146/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11147/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11628/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12933/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7890/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172522-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cf3f2ab3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-php53-13282=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-php53-13282=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-php53-13282=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"apache2-mod_php53-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-bcmath-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-bz2-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-calendar-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-ctype-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-curl-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-dba-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-dom-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-exif-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-fastcgi-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-fileinfo-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-ftp-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-gd-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-gettext-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-gmp-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-iconv-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-intl-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-json-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-ldap-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-mbstring-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-mcrypt-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-mysql-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-odbc-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-openssl-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-pcntl-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-pdo-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-pear-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-pgsql-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-pspell-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-shmop-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-snmp-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-soap-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-suhosin-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-sysvmsg-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-sysvsem-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-sysvshm-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-tokenizer-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-wddx-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-xmlreader-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-xmlrpc-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-xmlwriter-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-xsl-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-zip-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-zlib-5.3.17-112.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php53\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:41:05", "description": "A stack consumption vulnerability in GD in PHP allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.\n(CVE-2015-8874)\n\nAn integer overflow, leading to a heap-based buffer overflow was found in the imagecreatefromgd2() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application, using gd via a specially crafted GD2 image.\n(CVE-2016-5766)\n\nAn integer overflow, leading to a heap-based buffer overflow was found in the gdImagePaletteToTrueColor() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application, using gd via a specially crafted image buffer.\n(CVE-2016-5767)\n\nA double free flaw was found in the mb_ereg_replace_callback() function of php which is used to perform regex search. This flaw could possibly cause a PHP application to crash. (CVE-2016-5768)\n\nThe mcrypt_generic() and mdecrypt_generic() functions are prone to integer overflows, resulting in a heap-based overflow. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application. (CVE-2016-5769)\n\nA type confusion issue was found in the SPLFileObject fread() function. A remote attacker able to submit a specially crafted input to a PHP application, which uses this function, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application. (CVE-2016-5770)\n\nA use-after-free vulnerability that can occur when calling unserialize() on untrusted input was discovered. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application if the application unserializes untrusted input. (CVE-2016-5771 , CVE-2016-5773)\n\nA double free can occur in wddx_deserialize() when trying to deserialize malicious XML input from user's request. This flaw could possibly cause a PHP application to crash. (CVE-2016-5772)\n\nIt was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request.\n(CVE-2016-5385)\n\n(Updated on 2016-08-17: CVE-2016-5385 was fixed in this release but was not previously part of this errata)", "cvss3": {}, "published": "2016-08-02T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : php55 / php56 (ALAS-2016-728) (httpoxy)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8874", "CVE-2016-5385", "CVE-2016-5766", "CVE-2016-5767", "CVE-2016-5768", "CVE-2016-5769", "CVE-2016-5770", "CVE-2016-5771", "CVE-2016-5772", "CVE-2016-5773"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:php55", "p-cpe:/a:amazon:linux:php55-bcmath", "p-cpe:/a:amazon:linux:php55-cli", "p-cpe:/a:amazon:linux:php56-fpm", "p-cpe:/a:amazon:linux:php55-common", "p-cpe:/a:amazon:linux:php55-dba", "p-cpe:/a:amazon:linux:php55-debuginfo", "p-cpe:/a:amazon:linux:php56-gd", "p-cpe:/a:amazon:linux:php55-devel", "p-cpe:/a:amazon:linux:php55-embedded", "p-cpe:/a:amazon:linux:php56-gmp", "p-cpe:/a:amazon:linux:php55-enchant", "p-cpe:/a:amazon:linux:php55-fpm", "p-cpe:/a:amazon:linux:php56-imap", "p-cpe:/a:amazon:linux:php55-gd", "p-cpe:/a:amazon:linux:php55-gmp", "p-cpe:/a:amazon:linux:php56-intl", "p-cpe:/a:amazon:linux:php55-imap", "p-cpe:/a:amazon:linux:php55-intl", "p-cpe:/a:amazon:linux:php56-ldap", "p-cpe:/a:amazon:linux:php55-ldap", "p-cpe:/a:amazon:linux:php56-mbstring", "p-cpe:/a:amazon:linux:php55-mbstring", "p-cpe:/a:amazon:linux:php55-mcrypt", "p-cpe:/a:amazon:linux:php56-mcrypt", "p-cpe:/a:amazon:linux:php55-mssql", "p-cpe:/a:amazon:linux:php56-mssql", "p-cpe:/a:amazon:linux:php55-mysqlnd", "p-cpe:/a:amazon:linux:php55-odbc", "p-cpe:/a:amazon:linux:php55-opcache", "p-cpe:/a:amazon:linux:php55-pdo", "p-cpe:/a:amazon:linux:php55-pgsql", "p-cpe:/a:amazon:linux:php56-mysqlnd", "p-cpe:/a:amazon:linux:php55-process", "p-cpe:/a:amazon:linux:php55-pspell", "p-cpe:/a:amazon:linux:php56-odbc", "p-cpe:/a:amazon:linux:php55-recode", "p-cpe:/a:amazon:linux:php55-snmp", "p-cpe:/a:amazon:linux:php56-opcache", "p-cpe:/a:amazon:linux:php55-soap", "p-cpe:/a:amazon:linux:php56-pdo", "p-cpe:/a:amazon:linux:php55-tidy", "p-cpe:/a:amazon:linux:php55-xml", "p-cpe:/a:amazon:linux:php55-xmlrpc", "p-cpe:/a:amazon:linux:php56-pgsql", "p-cpe:/a:amazon:linux:php56", "p-cpe:/a:amazon:linux:php56-process", "p-cpe:/a:amazon:linux:php56-bcmath", "p-cpe:/a:amazon:linux:php56-cli", "p-cpe:/a:amazon:linux:php56-pspell", "p-cpe:/a:amazon:linux:php56-common", "p-cpe:/a:amazon:linux:php56-recode", "p-cpe:/a:amazon:linux:php56-dba", "p-cpe:/a:amazon:linux:php56-dbg", "p-cpe:/a:amazon:linux:php56-snmp", "p-cpe:/a:amazon:linux:php56-debuginfo", "p-cpe:/a:amazon:linux:php56-devel", "p-cpe:/a:amazon:linux:php56-embedded", "p-cpe:/a:amazon:linux:php56-enchant", "p-cpe:/a:amazon:linux:php56-soap", "p-cpe:/a:amazon:linux:php56-tidy", "p-cpe:/a:amazon:linux:php56-xml", "p-cpe:/a:amazon:linux:php56-xmlrpc", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-728.NASL", "href": "https://www.tenable.com/plugins/nessus/92663", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-728.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92663);\n script_version(\"2.9\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2015-8874\", \"CVE-2016-5385\", \"CVE-2016-5766\", \"CVE-2016-5767\", \"CVE-2016-5768\", \"CVE-2016-5769\", \"CVE-2016-5770\", \"CVE-2016-5771\", \"CVE-2016-5772\", \"CVE-2016-5773\");\n script_xref(name:\"ALAS\", value:\"2016-728\");\n\n script_name(english:\"Amazon Linux AMI : php55 / php56 (ALAS-2016-728) (httpoxy)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A stack consumption vulnerability in GD in PHP allows remote attackers\nto cause a denial of service via a crafted imagefilltoborder call.\n(CVE-2015-8874)\n\nAn integer overflow, leading to a heap-based buffer overflow was found\nin the imagecreatefromgd2() function of PHP's gd extension. A remote\nattacker could use this flaw to crash a PHP application or execute\narbitrary code with the privileges of the user running that PHP\napplication, using gd via a specially crafted GD2 image.\n(CVE-2016-5766)\n\nAn integer overflow, leading to a heap-based buffer overflow was found\nin the gdImagePaletteToTrueColor() function of PHP's gd extension. A\nremote attacker could use this flaw to crash a PHP application or\nexecute arbitrary code with the privileges of the user running that\nPHP application, using gd via a specially crafted image buffer.\n(CVE-2016-5767)\n\nA double free flaw was found in the mb_ereg_replace_callback()\nfunction of php which is used to perform regex search. This flaw could\npossibly cause a PHP application to crash. (CVE-2016-5768)\n\nThe mcrypt_generic() and mdecrypt_generic() functions are prone to\ninteger overflows, resulting in a heap-based overflow. A remote\nattacker could use this flaw to crash a PHP application or execute\narbitrary code with the privileges of the user running that PHP\napplication. (CVE-2016-5769)\n\nA type confusion issue was found in the SPLFileObject fread()\nfunction. A remote attacker able to submit a specially crafted input\nto a PHP application, which uses this function, could use this flaw to\nexecute arbitrary code with the privileges of the user running that\nPHP application. (CVE-2016-5770)\n\nA use-after-free vulnerability that can occur when calling\nunserialize() on untrusted input was discovered. A remote attacker\ncould use this flaw to crash a PHP application or execute arbitrary\ncode with the privileges of the user running that PHP application if\nthe application unserializes untrusted input. (CVE-2016-5771 ,\nCVE-2016-5773)\n\nA double free can occur in wddx_deserialize() when trying to\ndeserialize malicious XML input from user's request. This flaw could\npossibly cause a PHP application to crash. (CVE-2016-5772)\n\nIt was discovered that PHP did not properly protect against the\nHTTP_PROXY variable name clash. A remote attacker could possibly use\nthis flaw to redirect HTTP requests performed by a PHP script to an\nattacker-controlled proxy via a malicious HTTP request.\n(CVE-2016-5385)\n\n(Updated on 2016-08-17: CVE-2016-5385 was fixed in this release but\nwas not previously part of this errata)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-728.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Run 'yum update php55' to update your system.\n\nRun 'yum update php56' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/01\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php55-5.5.38-1.116.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-bcmath-5.5.38-1.116.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-cli-5.5.38-1.116.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-common-5.5.38-1.116.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-dba-5.5.38-1.116.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-debuginfo-5.5.38-1.116.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-devel-5.5.38-1.116.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-embedded-5.5.38-1.116.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-enchant-5.5.38-1.116.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-fpm-5.5.38-1.116.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-gd-5.5.38-1.116.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-gmp-5.5.38-1.116.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-imap-5.5.38-1.116.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-intl-5.5.38-1.116.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-ldap-5.5.38-1.116.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-mbstring-5.5.38-1.116.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-mcrypt-5.5.38-1.116.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-mssql-5.5.38-1.116.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-mysqlnd-5.5.38-1.116.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-odbc-5.5.38-1.116.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-opcache-5.5.38-1.116.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-pdo-5.5.38-1.116.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-pgsql-5.5.38-1.116.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-process-5.5.38-1.116.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-pspell-5.5.38-1.116.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-recode-5.5.38-1.116.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-snmp-5.5.38-1.116.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-soap-5.5.38-1.116.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-tidy-5.5.38-1.116.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-xml-5.5.38-1.116.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-xmlrpc-5.5.38-1.116.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-5.6.24-1.126.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-bcmath-5.6.24-1.126.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-cli-5.6.24-1.126.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-common-5.6.24-1.126.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-dba-5.6.24-1.126.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-dbg-5.6.24-1.126.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-debuginfo-5.6.24-1.126.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-devel-5.6.24-1.126.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-embedded-5.6.24-1.126.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-enchant-5.6.24-1.126.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-fpm-5.6.24-1.126.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-gd-5.6.24-1.126.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-gmp-5.6.24-1.126.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-imap-5.6.24-1.126.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-intl-5.6.24-1.126.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-ldap-5.6.24-1.126.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mbstring-5.6.24-1.126.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mcrypt-5.6.24-1.126.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mssql-5.6.24-1.126.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mysqlnd-5.6.24-1.126.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-odbc-5.6.24-1.126.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-opcache-5.6.24-1.126.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-pdo-5.6.24-1.126.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-pgsql-5.6.24-1.126.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-process-5.6.24-1.126.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-pspell-5.6.24-1.126.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-recode-5.6.24-1.126.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-snmp-5.6.24-1.126.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-soap-5.6.24-1.126.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-tidy-5.6.24-1.126.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-xml-5.6.24-1.126.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-xmlrpc-5.6.24-1.126.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php55 / php55-bcmath / php55-cli / php55-common / php55-dba / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:54:14", "description": "php5 was updated to fix the following security issues :\n\n - CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener (bsc#991426).\n\n - CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE (bsc#991427).\n\n - CVE-2016-6289: Integer overflow leads to buffer overflow in virtual_file_ex (bsc#991428).\n\n - CVE-2016-6290: Use after free in unserialize() with Unexpected Session Deserialization (bsc#991429).\n\n - CVE-2016-5399: Improper error handling in bzread() (bsc#991430).\n\n - CVE-2016-6288: Buffer over-read in php_url_parse_ex (bsc#991433).\n\n - CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c (bsc#991437).\n\n - CVE-2016-5769: Mcrypt: Heap Overflow due to integer overflows (bsc#986388).\n\n - CVE-2015-8935: XSS in header() with Internet Explorer (bsc#986004).\n\n - CVE-2016-5772: Double free corruption in wddx_deserialize (bsc#986244).\n\n - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow (bsc#986386).\n\n - CVE-2016-5767: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow (bsc#986393).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-09-02T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : php5 (SUSE-SU-2016:2080-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8935", "CVE-2016-5399", "CVE-2016-5766", "CVE-2016-5767", "CVE-2016-5769", "CVE-2016-5772", "CVE-2016-6288", "CVE-2016-6289", "CVE-2016-6290", "CVE-2016-6291", "CVE-2016-6296", "CVE-2016-6297"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php5", "p-cpe:/a:novell:suse_linux:php5", "p-cpe:/a:novell:suse_linux:php5-bcmath", "p-cpe:/a:novell:suse_linux:php5-bz2", "p-cpe:/a:novell:suse_linux:php5-calendar", "p-cpe:/a:novell:suse_linux:php5-ctype", "p-cpe:/a:novell:suse_linux:php5-curl", "p-cpe:/a:novell:suse_linux:php5-dba", "p-cpe:/a:novell:suse_linux:php5-dbase", "p-cpe:/a:novell:suse_linux:php5-dom", "p-cpe:/a:novell:suse_linux:php5-exif", "p-cpe:/a:novell:suse_linux:php5-json", "p-cpe:/a:novell:suse_linux:php5-ldap", "p-cpe:/a:novell:suse_linux:php5-mbstring", "p-cpe:/a:novell:suse_linux:php5-mcrypt", "p-cpe:/a:novell:suse_linux:php5-mysql", "p-cpe:/a:novell:suse_linux:php5-odbc", "p-cpe:/a:novell:suse_linux:php5-openssl", "p-cpe:/a:novell:suse_linux:php5-pcntl", "p-cpe:/a:novell:suse_linux:php5-pdo", "p-cpe:/a:novell:suse_linux:php5-pear", "p-cpe:/a:novell:suse_linux:php5-pgsql", "p-cpe:/a:novell:suse_linux:php5-pspell", "p-cpe:/a:novell:suse_linux:php5-shmop", "p-cpe:/a:novell:suse_linux:php5-snmp", "p-cpe:/a:novell:suse_linux:php5-soap", "p-cpe:/a:novell:suse_linux:php5-fastcgi", "p-cpe:/a:novell:suse_linux:php5-ftp", "p-cpe:/a:novell:suse_linux:php5-gd", "p-cpe:/a:novell:suse_linux:php5-gettext", "p-cpe:/a:novell:suse_linux:php5-gmp", "p-cpe:/a:novell:suse_linux:php5-hash", "p-cpe:/a:novell:suse_linux:php5-iconv", "p-cpe:/a:novell:suse_linux:php5-suhosin", "p-cpe:/a:novell:suse_linux:php5-sysvmsg", "p-cpe:/a:novell:suse_linux:php5-sysvsem", "p-cpe:/a:novell:suse_linux:php5-sysvshm", "p-cpe:/a:novell:suse_linux:php5-tokenizer", "p-cpe:/a:novell:suse_linux:php5-wddx", "p-cpe:/a:novell:suse_linux:php5-xmlreader", "p-cpe:/a:novell:suse_linux:php5-xmlrpc", "p-cpe:/a:novell:suse_linux:php5-xmlwriter", "p-cpe:/a:novell:suse_linux:php5-xsl", "p-cpe:/a:novell:suse_linux:php5-zip", "p-cpe:/a:novell:suse_linux:php5-zlib", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-2080-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93293", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2080-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93293);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-8935\", \"CVE-2016-5399\", \"CVE-2016-5766\", \"CVE-2016-5767\", \"CVE-2016-5769\", \"CVE-2016-5772\", \"CVE-2016-6288\", \"CVE-2016-6289\", \"CVE-2016-6290\", \"CVE-2016-6291\", \"CVE-2016-6296\", \"CVE-2016-6297\");\n\n script_name(english:\"SUSE SLES11 Security Update : php5 (SUSE-SU-2016:2080-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"php5 was updated to fix the following security issues :\n\n - CVE-2016-6297: Stack-based buffer overflow vulnerability\n in php_stream_zip_opener (bsc#991426).\n\n - CVE-2016-6291: Out-of-bounds access in\n exif_process_IFD_in_MAKERNOTE (bsc#991427).\n\n - CVE-2016-6289: Integer overflow leads to buffer overflow\n in virtual_file_ex (bsc#991428).\n\n - CVE-2016-6290: Use after free in unserialize() with\n Unexpected Session Deserialization (bsc#991429).\n\n - CVE-2016-5399: Improper error handling in bzread()\n (bsc#991430).\n\n - CVE-2016-6288: Buffer over-read in php_url_parse_ex\n (bsc#991433).\n\n - CVE-2016-6296: Heap buffer overflow vulnerability in\n simplestring_addn in simplestring.c (bsc#991437).\n\n - CVE-2016-5769: Mcrypt: Heap Overflow due to integer\n overflows (bsc#986388).\n\n - CVE-2015-8935: XSS in header() with Internet Explorer\n (bsc#986004).\n\n - CVE-2016-5772: Double free corruption in\n wddx_deserialize (bsc#986244).\n\n - CVE-2016-5766: Integer Overflow in _gd2GetHeader()\n resulting in heap overflow (bsc#986386).\n\n - CVE-2016-5767: Integer Overflow in\n gdImagePaletteToTrueColor() resulting in heap overflow\n (bsc#986393).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986004\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991430\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8935/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5399/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5766/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5767/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5769/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5772/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6288/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6289/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6290/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6291/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6296/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6297/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162080-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?50764ab8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP2-LTSS:zypper in -t patch\nslessp2-php5-12696=1\n\nSUSE Linux Enterprise Debuginfo 11-SP2:zypper in -t patch\ndbgsp2-php5-12696=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"apache2-mod_php5-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-bcmath-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-bz2-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-calendar-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-ctype-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-curl-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-dba-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-dbase-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-dom-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-exif-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-fastcgi-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-ftp-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-gd-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-gettext-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-gmp-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-hash-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-iconv-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-json-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-ldap-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-mbstring-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-mcrypt-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-mysql-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-odbc-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-openssl-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-pcntl-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-pdo-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-pear-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-pgsql-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-pspell-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-shmop-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-snmp-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-soap-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-suhosin-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-sysvmsg-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-sysvsem-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-sysvshm-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-tokenizer-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-wddx-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-xmlreader-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-xmlrpc-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-xmlwriter-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-xsl-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-zip-5.2.14-0.7.30.89.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-zlib-5.2.14-0.7.30.89.1\")) flag++;\n\n\nif (flag)\n{\n set_kb_item(name:'www/0/XSS', value:TRUE);\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php5\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:03", "description": "Versions of PHP 5.5.x prior to 5.5.37, or 5.6.x prior to 5.6.23, or 7.0.x prior to 7.0.8 are vulnerable to the following issues :\n\n - PHP 'ext/mysqlnd/mysqlnd.c' contains a flaw that is due to the program failing to properly enforce the requirement of an SSL/TLS connection when the '--ssl client' option is used. This may allow a MitM (Man-in-the-Middle) attacker to downgrade the connection to plain HTTP when expected to be HTTPS. (CVE-2015-8838)\n - An integer overflow condition exists in the 'getFromIndex()'' and 'getFromName()' methods of 'ZipArchive'. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted ZIP file. This may allow an attacker to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (CVE-2016-3078)\n - An XXE (Xml eXternal Entity) injection and expansion flaw affects the 'libxml_disable_entity_loader()' function in the source file 'ext/libxml/libxml.c' in PHP-FPM that is triggered during the parsing of XML data. The issue is due to an incorrectly configured XML parser accepting XML external entities from an untrusted source. By sending specially crafted XML data, a remote attacker can gain access to sensitive information or cause a denial of service. (CVE-2015-8866)\n - An integer overflow condition exists in the 'php_filter_encode_url()' function in 'ext/filter/sanitizing_filters.c'. The issue is triggered as user-supplied input is not properly validated. This may allow a remote attacker to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (CVE-2016-4345)\n - An integer overflow condition exists in 'ext/standard/string.c'. The issue is triggered as user-supplied input is not properly validated. This may allow a remote attacker to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (CVE-2016-4346)\n - The program contains an out-of-bounds read flaw in 'ext/intl/grapheme/grapheme_string.c' that is triggered when handling negative offsets in 'zif_grapheme_stripos'. This may allow a remote attacker to crash a process utilizing the language or potentially disclose memory contents. (CVE-2016-4540, CVE-2016-4541)\n - An out-of-bounds read flaw exists in the 'php_str2num()' function in 'ext/bcmath/bcmath.c' that is triggered when accepting negative scales. This may allow a remote attacker to crash a process utilizing the language or potentially disclose memory contents. (CVE-2016-4537, CVE-2016-4538)\n - An out-of-bounds read flaw exists in the 'exif_read_data()' function in 'ext/exif/exif.c' that is triggered when handling exif headers. This may allow a remote attacker to crash a process utilizing the language or potentially disclose memory contents. (CVE-2016-4542, CVE-2016-4543, CVE-2016-4544)\n - A flaw in the 'xml_parse_into_struct()' function in 'ext/xml/xml.c' is triggered during the handling of a specially crafted XML content. This may allow a remote attacker to cause a denial of service. (CVE-2016-4539)\n - A double-free flaw exists in the 'php_formatted_print()' function in 'ext/standard/formatted_print.c'. This may allow an attacker to have an unspecified impact. (CVE-2015-8880)\n - A flaw exists in 'main/php_open_temporary_file.c' that is triggered as thread safety is not ensured during the handling of temporary directories. This may allow a remote attacker to cause a denial of service. (CVE-2015-8878)\n - An integer overflow flaw exists in the 'php_html_entities()' and 'php_filter_full_special_chars()' functions in 'ext/standard/html.c' that is triggered as input is not properly validated. This may allow a remote attacker to have an unspecified impact. No further details have been provided. (CVE-2016-5094, CVE-2016-5095)\n - An integer underflow issue exists in 'ext/standard/file.c' that is triggered as input is not properly validated. This may allow a remote attacker to cause a NULL write and cause a process linked against PHP to crash. (CVE-2016-5096)\n - An out-of-bounds read flaw exists in the '_gdContributionsCalc()' function in 'ext/gd/libgd/gd_interpolation.c'. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2013-7456)\n - An out-of-bounds read flaw exists in the 'get_icu_value_internal()' function within 'ext/intl/locale/locale_methods.c' that is triggered when handling user-supplied input. This may allow a remote attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-5093)\n - A flaw exists that allows a cross-site scripting (XSS) attack. This flaw exists because the 'header()' function does not filter input passed via HTTP headers before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (CVE-2015-8935)\n - A use-after-free error exists in the garbage collection algorithm in 'ext/zip/php_zip.c'. This may allow a remote attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-5773)\n - An integer overflow condition exists in the 'json_decode()' and 'json_utf8_to_utf16()' functions in 'ext/standard/php_smart_str.h'. The issue is triggered as user-supplied input is not properly validated. This may allow a remote attacker to cause a heap-based buffer overflow, causing a denial of service in a process linked against PHP or potentially allowing the execution of arbitrary code.\n - An out-of-bounds read flaw exists within the 'pass2_no_dither()' function inside 'ext/gd/libgd/gd_topal.c' that may allow a remote attacker to crash a process utilizing PHP or potentially disclose memory contents.\n - An integer overflow condition exists in 'ext/standard/string.c'. The issue is triggered as user-supplied input is not properly validated when handling string lengths. This may allow a remote attacker to have an unspecified impact.\n - A double-free flaw exists within the '_php_mb_regex_ereg_replace_exec()' function inside 'ext/mbstring/php_mbregex.c' that is triggered when handling a failed callback execution. This may allow a remote attacker to potentially execute arbitrary code. (CVE-2016-5768)\n - An integer overflow condition exists in 'ext/spl/spl_directory.c'. The issue is triggered by an 'int/size_t' confusion issue. This may allow a remote attacker to have an unspecified impact. (CVE-2016-5770)\n - An integer overflow condition exists in 'ext/mcrypt/mcrypt.c'. The issue is triggered as user-supplied input is not properly validated when handling data values. This may allow a remote attacker to cause a heap-based buffer overflow, resulting in a denial of service in a process linked against PHP or potentially allowing the execution of arbitrary code. (CVE-2016-5769)\n - An integer overflow condition exists within the 'nl2br()' function inside 'ext/standard/string.c'. The issue is triggered as user-supplied input is not properly validated when handling new_length values. This may allow a remote attacker to have an unspecified impact.\n - An integer overflow condition exists within multiple functions in 'ext/standard/string.c'. The issue is triggered as user-supplied input is not properly validated when handling string values. This may allow a remote attacker to have an unspecified impact.\n - A double-free flaw within the 'php_wddx_process_data()' function inside 'ext/wddx/wddx.c' that is triggered during the handling of specially crafted XML content. This may allow a remote attacker to potentially execute arbitrary code. (CVE-2016-5772)\n - An integer overflow condition exists witin the 'gdImagePaletteToTrueColor()' function inside 'ext/gd/libgd/gd.c'. The issue is triggered as user-supplied input is not properly validated. This may allow a remote attacker to cause a heap-based buffer overflow, resulting in a denial of service in a process linked against PHP or potentially allowing the execution of arbitrary code. (CVE-2016-5767)\n - An invalid free flaw exists within the 'phar_extract_file()' function inside 'ext/phar/phar_object.c'. This may allow a remote attacker to have an unspecified impact. (CVE-2016-4473)\n - An integer overflow condition exists within the '_gd2GetHeader()' function inside 'ext/gd/libgd/gd_gd2.c'. The issue is triggered as user-supplied input is not properly validated. This may allow a remote attacker to cause a heap-based buffer overflow, resulting in a denial of service in a process linked against PHP or potentially allowing the execution of arbitrary code. (CVE-2016-5766)\n - A use-after-free error exists within the garbage collection algorithm inside 'ext/spl/spl_array.c'. This may allow a remote attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-5771)", "cvss3": {}, "published": "2016-07-13T00:00:00", "type": "nessus", "title": "PHP 5.5.x < 5.5.37 / 5.6.x < 5.6.23 / 7.0.x < 7.0.8 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7456", "CVE-2015-8838", "CVE-2015-8866", "CVE-2015-8878", "CVE-2015-8880", "CVE-2015-8935", "CVE-2016-3078", "CVE-2016-4345", "CVE-2016-4346", "CVE-2016-4473", "CVE-2016-4537", "CVE-2016-4538", "CVE-2016-4539", "CVE-2016-4540", "CVE-2016-4541", "CVE-2016-4542", "CVE-2016-4543", "CVE-2016-4544", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5095", "CVE-2016-5096", "CVE-2016-5766", "CVE-2016-5767", "CVE-2016-5768", "CVE-2016-5769", "CVE-2016-5770", "CVE-2016-5771", "CVE-2016-5772", "CVE-2016-5773"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "9393.PRM", "href": "https://www.tenable.com/plugins/nnm/9393", "sourceData": "Binary data 9393.prm", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhatcve": [{"lastseen": "2021-10-13T19:56:16", "description": "An integer overflow flaw, leading to a heap-based buffer overflow was found in the imagecreatefromgd2() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application using gd via a specially crafted GD2 image.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-06-29T07:48:25", "type": "redhatcve", "title": "CVE-2016-5766", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5766"], "modified": "2021-10-13T17:21:26", "id": "RH:CVE-2016-5766", "href": "https://access.redhat.com/security/cve/cve-2016-5766", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2023-12-06T18:38:44", "description": "**Issue Overview:**\n\nAn integer overflow, leading to a heap-based buffer overflow was found in the imagecreatefromgd2() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application, using gd via a specially crafted GD2 image. (CVE-2016-5766)\n\n \n**Affected Packages:** \n\n\ngd\n\n \n**Note:**\n\nThis advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this [FAQ section](<../../faqs.html#clarify-al2-advisories>) for the difference between AL2 Core and AL2 Extras advisories. \n\n \n**Issue Correction:** \nRun _yum update gd_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 gd-2.0.35-27.amzn2.aarch64 \n \u00a0\u00a0\u00a0 gd-progs-2.0.35-27.amzn2.aarch64 \n \u00a0\u00a0\u00a0 gd-devel-2.0.35-27.amzn2.aarch64 \n \u00a0\u00a0\u00a0 gd-debuginfo-2.0.35-27.amzn2.aarch64 \n \n i686: \n \u00a0\u00a0\u00a0 gd-2.0.35-27.amzn2.i686 \n \u00a0\u00a0\u00a0 gd-progs-2.0.35-27.amzn2.i686 \n \u00a0\u00a0\u00a0 gd-devel-2.0.35-27.amzn2.i686 \n \u00a0\u00a0\u00a0 gd-debuginfo-2.0.35-27.amzn2.i686 \n \n src: \n \u00a0\u00a0\u00a0 gd-2.0.35-27.amzn2.src \n \n x86_64: \n \u00a0\u00a0\u00a0 gd-2.0.35-27.amzn2.x86_64 \n \u00a0\u00a0\u00a0 gd-progs-2.0.35-27.amzn2.x86_64 \n \u00a0\u00a0\u00a0 gd-devel-2.0.35-27.amzn2.x86_64 \n \u00a0\u00a0\u00a0 gd-debuginfo-2.0.35-27.amzn2.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2016-5766](<https://access.redhat.com/security/cve/CVE-2016-5766>)\n\nMitre: [CVE-2016-5766](<https://vulners.com/cve/CVE-2016-5766>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-01-05T23:34:00", "type": "amazon", "title": "Medium: gd", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5766"], "modified": "2021-01-07T17:00:00", "id": "ALAS2-2021-1577", "href": "https://alas.aws.amazon.com/AL2/ALAS-2021-1577.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-08T16:08:50", "description": "**Issue Overview:**\n\nA stack consumption vulnerability in GD in PHP allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. (CVE-2015-8874)\n\nAn integer overflow, leading to a heap-based buffer overflow was found in the imagecreatefromgd2() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application, using gd via a specially crafted GD2 image. (CVE-2016-5766)\n\nAn integer overflow, leading to a heap-based buffer overflow was found in the gdImagePaletteToTrueColor() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application, using gd via a specially crafted image buffer. (CVE-2016-5767)\n\nA double free flaw was found in the mb_ereg_replace_callback() function of php which is used to perform regex search. This flaw could possibly cause a PHP application to crash. (CVE-2016-5768)\n\nThe mcrypt_generic() and mdecrypt_generic() functions are prone to integer overflows, resulting in a heap-based overflow. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application. (CVE-2016-5769)\n\nA type confusion issue was found in the SPLFileObject fread() function. A remote attacker able to submit a specially crafted input to a PHP application, which uses this function, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application. (CVE-2016-5770)\n\nA use-after-free vulnerability that can occur when calling unserialize() on untrusted input was discovered. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application if the application unserializes untrusted input. (CVE-2016-5771, CVE-2016-5773)\n\nA double free can occur in wddx_deserialize() when trying to deserialize malicious XML input from user's request. This flaw could possibly cause a PHP application to crash. (CVE-2016-5772)\n\nIt was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5385)\n\n(Updated on 2016-08-17: CVE-2016-5385 was fixed in this release but was not previously part of this errata)\n\n \n**Affected Packages:** \n\n\nphp55, php56\n\n \n**Issue Correction:** \nRun _yum update php55_ to update your system. \nRun _yum update php56_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 php55-mbstring-5.5.38-1.116.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-tidy-5.5.38-1.116.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-cli-5.5.38-1.116.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-xmlrpc-5.5.38-1.116.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-pdo-5.5.38-1.116.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-debuginfo-5.5.38-1.116.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-opcache-5.5.38-1.116.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-odbc-5.5.38-1.116.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-recode-5.5.38-1.116.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-enchant-5.5.38-1.116.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-dba-5.5.38-1.116.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-fpm-5.5.38-1.116.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-embedded-5.5.38-1.116.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-gmp-5.5.38-1.116.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-soap-5.5.38-1.116.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-mcrypt-5.5.38-1.116.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-pgsql-5.5.38-1.116.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-imap-5.5.38-1.116.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-pspell-5.5.38-1.116.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-snmp-5.5.38-1.116.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-5.5.38-1.116.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-ldap-5.5.38-1.116.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-xml-5.5.38-1.116.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-devel-5.5.38-1.116.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-bcmath-5.5.38-1.116.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-mysqlnd-5.5.38-1.116.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-common-5.5.38-1.116.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-process-5.5.38-1.116.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-mssql-5.5.38-1.116.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-gd-5.5.38-1.116.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-intl-5.5.38-1.116.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-5.6.24-1.126.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-embedded-5.6.24-1.126.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-intl-5.6.24-1.126.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-cli-5.6.24-1.126.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-gd-5.6.24-1.126.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-soap-5.6.24-1.126.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-fpm-5.6.24-1.126.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-tidy-5.6.24-1.126.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-snmp-5.6.24-1.126.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-enchant-5.6.24-1.126.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-mbstring-5.6.24-1.126.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-debuginfo-5.6.24-1.126.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-gmp-5.6.24-1.126.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-dbg-5.6.24-1.126.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-mssql-5.6.24-1.126.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-bcmath-5.6.24-1.126.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-pspell-5.6.24-1.126.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-opcache-5.6.24-1.126.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-ldap-5.6.24-1.126.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-common-5.6.24-1.126.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-imap-5.6.24-1.126.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-process-5.6.24-1.126.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-recode-5.6.24-1.126.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-pgsql-5.6.24-1.126.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-devel-5.6.24-1.126.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-mcrypt-5.6.24-1.126.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-xmlrpc-5.6.24-1.126.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-odbc-5.6.24-1.126.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-pdo-5.6.24-1.126.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-xml-5.6.24-1.126.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-dba-5.6.24-1.126.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-mysqlnd-5.6.24-1.126.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 php55-5.5.38-1.116.amzn1.src \n \u00a0\u00a0\u00a0 php56-5.6.24-1.126.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 php55-odbc-5.5.38-1.116.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-mysqlnd-5.5.38-1.116.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-cli-5.5.38-1.116.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-soap-5.5.38-1.116.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-mssql-5.5.38-1.116.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-pgsql-5.5.38-1.116.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-gmp-5.5.38-1.116.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-xmlrpc-5.5.38-1.116.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-mcrypt-5.5.38-1.116.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-opcache-5.5.38-1.116.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-5.5.38-1.116.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-ldap-5.5.38-1.116.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-enchant-5.5.38-1.116.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-process-5.5.38-1.116.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-fpm-5.5.38-1.116.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-mbstring-5.5.38-1.116.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-tidy-5.5.38-1.116.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-xml-5.5.38-1.116.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-devel-5.5.38-1.116.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-pdo-5.5.38-1.116.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-intl-5.5.38-1.116.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-dba-5.5.38-1.116.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-gd-5.5.38-1.116.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-recode-5.5.38-1.116.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-imap-5.5.38-1.116.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-debuginfo-5.5.38-1.116.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-snmp-5.5.38-1.116.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-common-5.5.38-1.116.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-pspell-5.5.38-1.116.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-bcmath-5.5.38-1.116.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-embedded-5.5.38-1.116.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-ldap-5.6.24-1.126.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-gmp-5.6.24-1.126.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-odbc-5.6.24-1.126.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-common-5.6.24-1.126.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-xml-5.6.24-1.126.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-mbstring-5.6.24-1.126.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-intl-5.6.24-1.126.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-opcache-5.6.24-1.126.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-snmp-5.6.24-1.126.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-mssql-5.6.24-1.126.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-xmlrpc-5.6.24-1.126.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-embedded-5.6.24-1.126.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-5.6.24-1.126.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-pdo-5.6.24-1.126.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-pgsql-5.6.24-1.126.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-soap-5.6.24-1.126.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-bcmath-5.6.24-1.126.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-cli-5.6.24-1.126.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-tidy-5.6.24-1.126.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-recode-5.6.24-1.126.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-debuginfo-5.6.24-1.126.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-pspell-5.6.24-1.126.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-imap-5.6.24-1.126.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-mcrypt-5.6.24-1.126.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-dba-5.6.24-1.126.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-dbg-5.6.24-1.126.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-process-5.6.24-1.126.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-fpm-5.6.24-1.126.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-enchant-5.6.24-1.126.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-gd-5.6.24-1.126.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-mysqlnd-5.6.24-1.126.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-devel-5.6.24-1.126.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2015-8874](<https://access.redhat.com/security/cve/CVE-2015-8874>), [CVE-2016-5385](<https://access.redhat.com/security/cve/CVE-2016-5385>), [CVE-2016-5766](<https://access.redhat.com/security/cve/CVE-2016-5766>), [CVE-2016-5767](<https://access.redhat.com/security/cve/CVE-2016-5767>), [CVE-2016-5768](<https://access.redhat.com/security/cve/CVE-2016-5768>), [CVE-2016-5769](<https://access.redhat.com/security/cve/CVE-2016-5769>), [CVE-2016-5770](<https://access.redhat.com/security/cve/CVE-2016-5770>), [CVE-2016-5771](<https://access.redhat.com/security/cve/CVE-2016-5771>), [CVE-2016-5772](<https://access.redhat.com/security/cve/CVE-2016-5772>), [CVE-2016-5773](<https://access.redhat.com/security/cve/CVE-2016-5773>)\n\nMitre: [CVE-2015-8874](<https://vulners.com/cve/CVE-2015-8874>), [CVE-2016-5385](<https://vulners.com/cve/CVE-2016-5385>), [CVE-2016-5766](<https://vulners.com/cve/CVE-2016-5766>), [CVE-2016-5767](<https://vulners.com/cve/CVE-2016-5767>), [CVE-2016-5768](<https://vulners.com/cve/CVE-2016-5768>), [CVE-2016-5769](<https://vulners.com/cve/CVE-2016-5769>), [CVE-2016-5770](<https://vulners.com/cve/CVE-2016-5770>), [CVE-2016-5771](<https://vulners.com/cve/CVE-2016-5771>), [CVE-2016-5772](<https://vulners.com/cve/CVE-2016-5772>), [CVE-2016-5773](<https://vulners.com/cve/CVE-2016-5773>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-08-01T13:30:00", "type": "amazon", "title": "Medium: php55, php56", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8874", "CVE-2016-5385", "CVE-2016-5766", "CVE-2016-5767", "CVE-2016-5768", "CVE-2016-5769", "CVE-2016-5770", "CVE-2016-5771", "CVE-2016-5772", "CVE-2016-5773"], "modified": "2016-08-17T13:30:00", "id": "ALAS-2016-728", "href": "https://alas.aws.amazon.com/ALAS-2016-728.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2023-12-06T15:55:12", "description": "Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD\nGraphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37,\n5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause\na denial of service (heap-based buffer overflow and application crash) or\npossibly have unspecified other impact via crafted chunk dimensions in an\nimage.\n\n#### Bugs\n\n * <https://bugs.php.net/bug.php?id=72339>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | php uses the system libgd2 \n[sbeattie](<https://launchpad.net/~sbeattie>) | PEAR issues should go against php-pear as of xenial\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-06-24T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5766", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5766"], "modified": "2016-06-24T00:00:00", "id": "UB:CVE-2016-5766", "href": "https://ubuntu.com/security/CVE-2016-5766", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T11:40:16", "description": "A code execution vulnerability exists in LibGD. The vulnerability is due to an integer overflow leading to a heap buffer overflow. A remote attacker can exploit this flaw by getting the target application to process a crafted malicious GD2 file. Successful exploitation could result in code execution in the security context of the user process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-11-01T00:00:00", "type": "checkpoint_advisories", "title": "GD Library LibGD Integer Overflow (CVE-2016-5766)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5766"], "modified": "2016-11-08T00:00:00", "id": "CPAI-2016-0972", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "prion": [{"lastseen": "2023-11-22T03:36:07", "description": "Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-08-07T10:59:00", "type": "prion", "title": "Integer overflow", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5766"], "modified": "2019-04-22T17:48:00", "id": "PRION:CVE-2016-5766", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2016-5766", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2023-12-06T19:28:39", "description": "Package : libgd2\nVersion : 2.0.36~rc1~dfsg-6.1+deb7u4\nCVE ID : CVE-2016-5766\n\n * CVE-2016-5766\n Integer Overflow in _gd2GetHeader() resulting in heap overflow.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n2.0.36~rc1~dfsg-6.1+deb7u4.\n\nWe recommend that you upgrade your libgd2 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-06-29T20:25:55", "type": "debian", "title": "[SECURITY] [DLA 534-1] libgd2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5766"], "modified": "2016-06-29T20:25:55", "id": "DEBIAN:DLA-534-1:EDA05", "href": "https://lists.debian.org/debian-lts-announce/2016/06/msg00036.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T22:28:51", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3619-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJuly 15, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libgd2\nCVE ID : CVE-2016-5116 CVE-2016-5766 CVE-2016-6128 CVE-2016-6132 \n CVE-2016-6161 CVE-2016-6214\nDebian Bug : 829014 829062 829694\n\nSeveral vulnerabilities were discovered in libgd2, a library for\nprogrammatic graphics creation and manipulation. A remote attacker can\ntake advantage of these flaws to cause a denial-of-service against an\napplication using the libgd2 library (application crash), or potentially\nto execute arbitrary code with the privileges of the user running the\napplication.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2.1.0-5+deb8u4.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.2.2-29-g3c2b605-1 or earlier.\n\nWe recommend that you upgrade your libgd2 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2016-07-15T15:43:38", "type": "debian", "title": "[SECURITY] [DSA 3619-1] libgd2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5116", "CVE-2016-5766", "CVE-2016-6128", "CVE-2016-6132", "CVE-2016-6161", "CVE-2016-6214"], "modified": "2016-07-15T15:43:38", "id": "DEBIAN:DSA-3619-1:AC3EB", "href": "https://lists.debian.org/debian-security-announce/2016/msg00197.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-07T11:30:58", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3619-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJuly 15, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libgd2\nCVE ID : CVE-2016-5116 CVE-2016-5766 CVE-2016-6128 CVE-2016-6132 \n CVE-2016-6161 CVE-2016-6214\nDebian Bug : 829014 829062 829694\n\nSeveral vulnerabilities were discovered in libgd2, a library for\nprogrammatic graphics creation and manipulation. A remote attacker can\ntake advantage of these flaws to cause a denial-of-service against an\napplication using the libgd2 library (application crash), or potentially\nto execute arbitrary code with the privileges of the user running the\napplication.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2.1.0-5+deb8u4.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.2.2-29-g3c2b605-1 or earlier.\n\nWe recommend that you upgrade your libgd2 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2016-07-15T15:43:38", "type": "debian", "title": "[SECURITY] [DSA 3619-1] libgd2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5116", "CVE-2016-5766", "CVE-2016-6128", "CVE-2016-6132", "CVE-2016-6161", "CVE-2016-6214"], "modified": "2016-07-15T15:43:38", "id": "DEBIAN:DSA-3619-1:222D2", "href": "https://lists.debian.org/debian-security-announce/2016/msg00197.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2021-07-28T14:24:42", "description": "[2.0.35-27]\n- Fix CVE-2016-5766\n- Resolves: #1356813\n- Upstream patch: https://github.com/libgd/libgd/commit/aba3db8", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-12-16T00:00:00", "type": "oraclelinux", "title": "gd security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5766"], "modified": "2020-12-16T00:00:00", "id": "ELSA-2020-5443", "href": "http://linux.oracle.com/errata/ELSA-2020-5443.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:24:25", "description": "[5.4.16-42]\n- bz2: fix improper error handling in bzread() CVE-2016-5399\n[5.4.16-41]\n- gd: fix integer overflow in _gd2GetHeader() resulting in\n heap overflow CVE-2016-5766\n- gd: fix integer overflow in gdImagePaletteToTrueColor()\n resulting in heap overflow CVE-2016-5767\n- mbstring: fix double free in _php_mb_regex_ereg_replace_exec\n CVE-2016-5768\n[5.4.16-40]\n- don't set environmental variable based on user supplied Proxy\n request header CVE-2016-5385\n[5.4.16-39]\n- fix segmentation fault in header_register_callback #1344578\n[5.4.16-38]\n- curl: add options to enable TLS #1291667\n- mysqli: fix segfault in mysqli_stmt::bind_result() when\n link is closed #1096800\n- fpm: fix incorrectly defined SCRIPT_NAME variable when\n using Apache #1138563\n- core: fix segfault when a zend_extension is loaded twice #1289457\n- openssl: change default_md algo from MD5 to SHA1 #1073388\n- wddx: fix segfault in php_wddx_serialize_var #1131979\n[5.4.16-37]\n- session: fix segfault in session with rfc1867 #1297179", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-11-09T00:00:00", "type": "oraclelinux", "title": "php security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5385", "CVE-2016-5399", "CVE-2016-5766", "CVE-2016-5767", "CVE-2016-5768"], "modified": "2016-11-09T00:00:00", "id": "ELSA-2016-2598", "href": "http://linux.oracle.com/errata/ELSA-2016-2598.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2023-12-06T22:41:49", "description": "GD is an open source code library for the dynamic creation of images by programmers. GD creates PNG, JPEG, GIF, WebP, XPM, BMP images, among other formats. \n\nSecurity Fix(es):\n\n* gd: Integer overflow in _gd2GetHeader() resulting in heap overflow (CVE-2016-5766)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-15T09:02:05", "type": "redhat", "title": "(RHSA-2020:5443) Moderate: gd security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5766"], "modified": "2020-12-15T10:18:03", "id": "RHSA-2020:5443", "href": "https://access.redhat.com/errata/RHSA-2020:5443", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-10-20T10:38:44", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nSecurity Fix(es):\n\n* A flaw was found in the way certain error conditions were handled by bzread() function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vulnerable function, could cause the application to crash or execute arbitrary code with the permissions of the user running the PHP application. (CVE-2016-5399)\n\n* An integer overflow flaw, leading to a heap-based buffer overflow was found in the imagecreatefromgd2() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application using gd via a specially crafted GD2 image. (CVE-2016-5766)\n\n* An integer overflow flaw, leading to a heap-based buffer overflow was found in the gdImagePaletteToTrueColor() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application using gd via a specially crafted image buffer. (CVE-2016-5767)\n\n* A double free flaw was found in the mb_ereg_replace_callback() function of php which is used to perform regex search. This flaw could possibly cause a PHP application to crash. (CVE-2016-5768)\n\nRed Hat would like to thank Hans Jerry Illikainen for reporting CVE-2016-5399.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-11-03T06:07:16", "type": "redhat", "title": "(RHSA-2016:2598) Moderate: php security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5399", "CVE-2016-5766", "CVE-2016-5767", "CVE-2016-5768"], "modified": "2018-04-11T23:33:25", "id": "RHSA-2016:2598", "href": "https://access.redhat.com/errata/RHSA-2016:2598", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T22:41:43", "description": "Red Hat Advanced Cluster Management for Kubernetes 2.1.3 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix several bugs and security issues. See the following Release Notes documentation,\nwhich will be updated shortly for this release, for additional details about this\nrelease:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.1/html/release_notes/\n\nSecurity fix:\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation. (CVE-2021-3121)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nBug fixes:\n\n* Moving from Patched ACM 2.1.x CSV to Default Results in Degraded Cluster (BZ #1906142)\n* Managed Cluster in RHACM stays in Pending Import state (BZ#1894778)\n* RHACM 2.1.0 Custom CA/Cert not working with observability component (BZ#1906542) \n* Policy Standards, Categories and Controls value listing is not consistent across pages (BZ#1896399) \n* Page gets blanks when YAML editor is cleared in policy creation page (BZ#1901447) \n* Content for a page with invalid namespace in URL keeps on loading (BZ#1903580)\n* Missing git repo secret causes multicluster-operators-hub-subscription to crash (BZ#1918799)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-02-17T16:49:27", "type": "redhat", "title": "(RHSA-2021:0607) Moderate: Red Hat Advanced Cluster Management 2.1.3 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5766", "CVE-2019-25013", "CVE-2020-10029", "CVE-2020-10543", "CVE-2020-10878", "CVE-2020-12723", "CVE-2020-15436", "CVE-2020-1971", "CVE-2020-29573", "CVE-2020-35513", "CVE-2020-8564", "CVE-2021-3121"], "modified": "2021-02-17T16:50:16", "id": "RHSA-2021:0607", "href": "https://access.redhat.com/errata/RHSA-2021:0607", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-07T18:41:39", "description": "Security Fix(es):\n\n* Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253\n* Upgraded to a more recent version of nginx to address CVE-2019-20372\n* Upgraded to a more recent version of autobahn to address CVE-2020-35678\n* Upgraded to a more recent version of jquery to address CVE-2020-11022 and CVE-2020-11023\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T15:06:59", "type": "redhat", "title": "(RHSA-2021:0778) Important: Red Hat Ansible Tower 3.6.7-1 - Container security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5766", "CVE-2018-20843", "CVE-2019-11719", "CVE-2019-11727", "CVE-2019-11756", "CVE-2019-12749", "CVE-2019-14866", "CVE-2019-15903", "CVE-2019-17006", "CVE-2019-17023", "CVE-2019-17498", "CVE-2019-19956", "CVE-2019-20372", "CVE-2019-20388", "CVE-2019-20907", "CVE-2020-10543", "CVE-2020-10878", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-12243", "CVE-2020-12400", "CVE-2020-12401", "CVE-2020-12402", "CVE-2020-12403", "CVE-2020-12723", "CVE-2020-1971", "CVE-2020-35678", "CVE-2020-6829", "CVE-2020-7595", "CVE-2020-8177", "CVE-2021-20178", "CVE-2021-20180", "CVE-2021-20191", "CVE-2021-20228", "CVE-2021-20253"], "modified": "2021-03-09T15:08:46", "id": "RHSA-2021:0778", "href": "https://access.redhat.com/errata/RHSA-2021:0778", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-10-20T12:38:48", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. The memcache, mongo, and XDebug extensions are also included.\n\nThe rh-php56 Software Collection has been upgraded to version 5.6.25, which provides a number of bug fixes and enhancements over the previous version. (BZ#1356157, BZ#1365401)\n\nSecurity Fixes in the rh-php56-php component:\n\n* Several Moderate and Low impact security issues were found in PHP. Under certain circumstances, these issues could cause PHP to crash, disclose portions of its memory, execute arbitrary code, or impact PHP application integrity. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-7456, CVE-2014-9767, CVE-2015-8835, CVE-2015-8865, CVE-2015-8866, CVE-2015-8867, CVE-2015-8873, CVE-2015-8874, CVE-2015-8876, CVE-2015-8877, CVE-2015-8879, CVE-2016-1903, CVE-2016-2554, CVE-2016-3074, CVE-2016-3141, CVE-2016-3142, CVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4073, CVE-2016-4342, CVE-2016-4343, CVE-2016-4473, CVE-2016-4537, CVE-2016-4538, CVE-2016-4539, CVE-2016-4540, CVE-2016-4541, CVE-2016-4542, CVE-2016-4543, CVE-2016-4544, CVE-2016-5093, CVE-2016-5094, CVE-2016-5096, CVE-2016-5114, CVE-2016-5399, CVE-2016-5766, CVE-2016-5767, CVE-2016-5768, CVE-2016-5770, CVE-2016-5771, CVE-2016-5772, CVE-2016-5773, CVE-2016-6128, CVE-2016-6207, CVE-2016-6288, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296, CVE-2016-6297, CVE-2016-7124, CVE-2016-7125, CVE-2016-7126, CVE-2016-7127, CVE-2016-7128, CVE-2016-7129, CVE-2016-7130, CVE-2016-7131, CVE-2016-7132)\n\n* Multiple flaws were found in the PCRE library included with the rh-php56-php packages for Red Hat Enterprise Linux 6. A specially crafted regular expression could cause PHP to crash or, possibly, execute arbitrary code. (CVE-2015-2325, CVE-2015-2326, CVE-2015-2327, CVE-2015-2328, CVE-2015-3210, CVE-2015-3217, CVE-2015-5073, CVE-2015-8381, CVE-2015-8383, CVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8388, CVE-2015-8391, CVE-2015-8392, CVE-2015-8395)\n\nRed Hat would like to thank Hans Jerry Illikainen for reporting CVE-2016-3074, CVE-2016-4473, and CVE-2016-5399.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-11-15T11:13:31", "type": "redhat", "title": "(RHSA-2016:2750) Moderate: rh-php56 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7456", "CVE-2014-9767", "CVE-2015-2325", "CVE-2015-2326", "CVE-2015-2327", "CVE-2015-2328", "CVE-2015-3210", "CVE-2015-3217", "CVE-2015-5073", "CVE-2015-8381", "CVE-2015-8383", "CVE-2015-8384", "CVE-2015-8385", "CVE-2015-8386", "CVE-2015-8388", "CVE-2015-8391", "CVE-2015-8392", "CVE-2015-8395", "CVE-2015-8835", "CVE-2015-8865", "CVE-2015-8866", "CVE-2015-8867", "CVE-2015-8873", "CVE-2015-8874", "CVE-2015-8876", "CVE-2015-8877", "CVE-2015-8879", "CVE-2015-8935", "CVE-2016-1903", "CVE-2016-2554", "CVE-2016-3074", "CVE-2016-3141", "CVE-2016-3142", "CVE-2016-4070", "CVE-2016-4071", "CVE-2016-4072", "CVE-2016-4073", "CVE-2016-4342", "CVE-2016-4343", "CVE-2016-4473", "CVE-2016-4537", "CVE-2016-4538", "CVE-2016-4539", "CVE-2016-4540", "CVE-2016-4541", "CVE-2016-4542", "CVE-2016-4543", "CVE-2016-4544", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5096", "CVE-2016-5114", "CVE-2016-5399", "CVE-2016-5766", "CVE-2016-5767", "CVE-2016-5768", "CVE-2016-5770", "CVE-2016-5771", "CVE-2016-5772", "CVE-2016-5773", "CVE-2016-6128", "CVE-2016-6207", "CVE-2016-6288", "CVE-2016-6289", "CVE-2016-6290", "CVE-2016-6291", "CVE-2016-6292", "CVE-2016-6294", "CVE-2016-6295", "CVE-2016-6296", "CVE-2016-6297", "CVE-2016-7124", "CVE-2016-7125", "CVE-2016-7126", "CVE-2016-7127", "CVE-2016-7128", "CVE-2016-7129", "CVE-2016-7130", "CVE-2016-7131", "CVE-2016-7132"], "modified": "2018-06-12T21:28:23", "id": "RHSA-2016:2750", "href": "https://access.redhat.com/errata/RHSA-2016:2750", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2023-12-06T19:03:50", "description": "**CentOS Errata and Security Advisory** CESA-2020:5443\n\n\nGD is an open source code library for the dynamic creation of images by programmers. GD creates PNG, JPEG, GIF, WebP, XPM, BMP images, among other formats. \n\nSecurity Fix(es):\n\n* gd: Integer overflow in _gd2GetHeader() resulting in heap overflow (CVE-2016-5766)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2020-December/086028.html\n\n**Affected packages:**\ngd\ngd-devel\ngd-progs\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2020:5443", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-18T00:26:17", "type": "centos", "title": "gd security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5766"], "modified": "2020-12-18T00:26:17", "id": "CESA-2020:5443", "href": "https://lists.centos.org/pipermail/centos-announce/2020-December/086028.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T19:44:01", "description": "**CentOS Errata and Security Advisory** CESA-2016:2598\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nSecurity Fix(es):\n\n* A flaw was found in the way certain error conditions were handled by bzread() function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vulnerable function, could cause the application to crash or execute arbitrary code with the permissions of the user running the PHP application. (CVE-2016-5399)\n\n* An integer overflow flaw, leading to a heap-based buffer overflow was found in the imagecreatefromgd2() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application using gd via a specially crafted GD2 image. (CVE-2016-5766)\n\n* An integer overflow flaw, leading to a heap-based buffer overflow was found in the gdImagePaletteToTrueColor() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application using gd via a specially crafted image buffer. (CVE-2016-5767)\n\n* A double free flaw was found in the mb_ereg_replace_callback() function of php which is used to perform regex search. This flaw could possibly cause a PHP application to crash. (CVE-2016-5768)\n\nRed Hat would like to thank Hans Jerry Illikainen for reporting CVE-2016-5399.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-cr-announce/2016-November/029693.html\n\n**Affected packages:**\nphp\nphp-bcmath\nphp-cli\nphp-common\nphp-dba\nphp-devel\nphp-embedded\nphp-enchant\nphp-fpm\nphp-gd\nphp-intl\nphp-ldap\nphp-mbstring\nphp-mysql\nphp-mysqlnd\nphp-odbc\nphp-pdo\nphp-pgsql\nphp-process\nphp-pspell\nphp-recode\nphp-snmp\nphp-soap\nphp-xml\nphp-xmlrpc\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2016:2598", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-11-25T15:41:35", "type": "centos", "title": "php security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5399", "CVE-2016-5766", "CVE-2016-5767", "CVE-2016-5768"], "modified": "2016-11-25T15:41:35", "id": "CESA-2016:2598", "href": "https://lists.centos.org/pipermail/centos-cr-announce/2016-November/029693.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2023-12-06T18:23:52", "description": "Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-08-07T10:59:00", "type": "debiancve", "title": "CVE-2016-5766", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5766"], "modified": "2016-08-07T10:59:00", "id": "DEBIANCVE:CVE-2016-5766", "href": "https://security-tracker.debian.org/tracker/CVE-2016-5766", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "f5": [{"lastseen": "2021-06-08T18:49:09", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to SOL21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems.\n\nMitigation\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-10-13T00:00:00", "type": "f5", "title": "SOL43267483 - PHP vulnerability CVE-2016-5766", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5766"], "modified": "2016-10-13T00:00:00", "id": "SOL43267483", "href": "http://support.f5.com/kb/en-us/solutions/public/k/43/sol43267483.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-10-31T20:03:04", "description": "\nF5 Product Development has assigned ID 601268 (BIG-IP), ID 608721 (BIG-IQ), and ID 608723 (Enterprise Manager) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H620618 on the **Diagnostics** &gt; **Identified** &gt; **Low** screen. \n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.5 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 HF1 \n11.6.2 \n11.5.6 | Low | PHP \nBIG-IP AAM | 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.5 | 13.0.0 \n12.1.2 HF1 \n11.6.2 \n11.5.6 | Low | PHP \nBIG-IP AFM | 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.5 | 13.0.0 \n12.1.2 HF1 \n11.6.2 \n11.5.6 | Low | PHP \nBIG-IP Analytics | 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.5 \n11.2.1 | 13.0.0 \n12.1.2 HF1 \n11.6.2 \n11.5.6 | Low | PHP \nBIG-IP APM | 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.5 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 HF1 \n11.6.2 \n11.5.6 | Low | PHP \nBIG-IP ASM | 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.5 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 HF1 \n11.6.2 \n11.5.6 | Low | PHP \nBIG-IP DNS | 12.0.0 - 12.1.2 | 13.0.0 \n12.1.2 HF1 | Low | PHP \nBIG-IP Edge Gateway | 11.2.1 \n10.2.1 - 10.2.4 | None | Low | PHP \nBIG-IP GTM | 11.6.0 - 11.6.1 \n11.4.0 - 11.5.5 \n11.2.1 \n10.2.1 - 10.2.4 | 11.6.2 \n11.5.6 | Low | PHP \nBIG-IP Link Controller | 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.5 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 HF1 \n11.6.2 \n11.5.6 | Low | PHP \nBIG-IP PEM | 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.5 | 13.0.0 \n12.1.2 HF1 \n11.6.2 \n11.5.6 | Low | PHP \nBIG-IP PSM | 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4 | None | Low | PHP \nBIG-IP WebAccelerator | 11.2.1 \n10.2.1 - 10.2.4 | None | Low | PHP \nBIG-IP WOM | 11.2.1 \n10.2.1 - 10.2.4 | None | Low | PHP \nBIG-IP WebSafe | 12.0.0 - 12.1.2 | 13.0.0 \n12.1.2 HF1 | Low | PHP \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | 3.1.1 | None | Low | PHP \nFirePass | None | 7.0.0 | Not vulnerable | None \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Low | PHP \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Low | PHP \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Low | PHP \nBIG-IQ ADC | 4.5.0 | None | Low | PHP \nBIG-IQ Centralized Management | 5.0.0 - 5.1.0 \n4.6.0 | None | Low | PHP \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Low | PHP \nF5 iWorkflow | None | 2.0.0 | Not vulnerable | None \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nTraffix SDC | None | 5.0.0 \n4.0.0 - 4.4.0 | Not vulnerable | None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n\nMitigation\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-10-13T23:44:00", "type": "f5", "title": "PHP vulnerability CVE-2016-5766", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5766"], "modified": "2018-04-16T20:18:00", "id": "F5:K43267483", "href": "https://support.f5.com/csp/article/K43267483", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-07-21T08:13:25", "description": "\n* [CVE-2016-5766](https://security-tracker.debian.org/tracker/CVE-2016-5766)\nInteger Overflow in \\_gd2GetHeader() resulting in heap overflow.\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n2.0.36~rc1~dfsg-6.1+deb7u4.\n\n\nWe recommend that you upgrade your libgd2 packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-06-29T00:00:00", "type": "osv", "title": "libgd2 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5766"], "modified": "2022-07-21T05:54:31", "id": "OSV:DLA-534-1", "href": "https://osv.dev/vulnerability/DLA-534-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-12-06T14:46:58", "description": "Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-08-07T10:59:00", "type": "cve", "title": "CVE-2016-5766", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5766"], "modified": "2019-04-22T17:48:00", "cpe": ["cpe:/o:freebsd:freebsd:9.3", "cpe:/o:freebsd:freebsd:10.0", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:freebsd:freebsd:8.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:fedoraproject:fedora:23", "cpe:/o:freebsd:freebsd:9.0", "cpe:/a:libgd:libgd:2.2.2", "cpe:/o:freebsd:freebsd:10.1", "cpe:/o:redhat:openshift:2.0", "cpe:/o:freebsd:freebsd:8.2", "cpe:/o:freebsd:freebsd:8.3", "cpe:/o:freebsd:freebsd:9.1", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:freebsd:freebsd:10.3", "cpe:/o:fedoraproject:fedora:22", "cpe:/o:fedoraproject:fedora:24", "cpe:/o:redhat:enterprise_linux:6.0", "cpe:/o:freebsd:freebsd:10.2", "cpe:/o:freebsd:freebsd:8.1", "cpe:/o:freebsd:freebsd:8.4", "cpe:/o:freebsd:freebsd:9.2"], "id": "CVE-2016-5766", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5766", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:freebsd:freebsd:8.1:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:8.4:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:9.3:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:10.1:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:9.1:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:10.3:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:openshift:2.0:*:enterprise:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:8.2:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:8.3:*:*:*:*:*:*:*", "cpe:2.3:a:libgd:libgd:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:9.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:10.2:*:*:*:*:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "description": "The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the formats accepted for inline images by most browsers. Note that gd is not a paint program. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-18T21:03:22", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: gd-2.1.1-8.fc23", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8874", "CVE-2016-5766"], "modified": "2016-07-18T21:03:22", "id": "FEDORA:A5EA7608B7C1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BOABDOKQKUJ4AQLPAG2VN4O6J6JO3JKC/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the formats accepted for inline images by most browsers. Note that gd is not a paint program. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-06-27T18:41:03", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: gd-2.2.2-1.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8874", "CVE-2016-5766", "CVE-2016-5767"], "modified": "2016-06-27T18:41:03", "id": "FEDORA:BB1106070D49", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4A7JQBF22MYDUWX4UPACSQY6S3GU4VSB/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the formats accepted for inline images by most browsers. Note that gd is not a paint program. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-24T20:22:04", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: gd-2.2.3-1.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5766", "CVE-2016-6128", "CVE-2016-6132", "CVE-2016-6207", "CVE-2016-6214"], "modified": "2016-07-24T20:22:04", "id": "FEDORA:81A1A606D3EC", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MSXVGJW7WQDN7OQB3VNQONCXYGFAD4FP/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-02T19:28:47", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: php-5.6.23-1.fc22", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5766", "CVE-2016-5767", "CVE-2016-5768", "CVE-2016-5769", "CVE-2016-5770", "CVE-2016-5771", "CVE-2016-5772"], "modified": "2016-07-02T19:28:47", "id": "FEDORA:4BD9160779B7", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5TR4XT6Y24IPHNEIUMD2SN7KHGW24KGM/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-02T19:34:49", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: php-5.6.23-1.fc23", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5766", "CVE-2016-5767", "CVE-2016-5768", "CVE-2016-5769", "CVE-2016-5770", "CVE-2016-5771", "CVE-2016-5772"], "modified": "2016-07-02T19:34:49", "id": "FEDORA:D4D5A605E1F0", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MYYFXVIGXS4C45YMQ56ZUGYAYS3MLJGI/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-02T15:45:25", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: php-5.6.23-1.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5766", "CVE-2016-5767", "CVE-2016-5768", "CVE-2016-5769", "CVE-2016-5770", "CVE-2016-5771", "CVE-2016-5772"], "modified": "2016-07-02T15:45:25", "id": "FEDORA:1851F608780A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PZAAWLM2BNVS5GCBF6MN3F33NXL6SV2S/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:35:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-08-02T00:00:00", "type": "openvas", "title": "Fedora Update for gd FEDORA-2016-d126bb1b74", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8874", "CVE-2016-5766"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310808847", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808847", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gd FEDORA-2016-d126bb1b74\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808847\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-02 10:57:43 +0530 (Tue, 02 Aug 2016)\");\n script_cve_id(\"CVE-2015-8874\", \"CVE-2016-5766\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for gd FEDORA-2016-d126bb1b74\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gd'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"gd on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-d126bb1b74\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOABDOKQKUJ4AQLPAG2VN4O6J6JO3JKC\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"gd\", rpm:\"gd~2.1.1~8.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:57", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-28T00:00:00", "type": "openvas", "title": "Fedora Update for gd FEDORA-2016-a4d48d6fd6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8874", "CVE-2016-5766", "CVE-2016-5767"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310808491", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808491", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gd FEDORA-2016-a4d48d6fd6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808491\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-28 06:03:21 +0200 (Tue, 28 Jun 2016)\");\n script_cve_id(\"CVE-2016-5767\", \"CVE-2015-8874\", \"CVE-2016-5766\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for gd FEDORA-2016-a4d48d6fd6\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gd'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"gd on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-a4d48d6fd6\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A7JQBF22MYDUWX4UPACSQY6S3GU4VSB\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"gd\", rpm:\"gd~2.2.2~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:34:16", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for php (EulerOS-SA-2016-1063)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5399", "CVE-2016-5768", "CVE-2016-5766", "CVE-2016-5767"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220161063", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220161063", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2016.1063\");\n script_version(\"2020-01-23T10:42:00+0000\");\n script_cve_id(\"CVE-2016-5399\", \"CVE-2016-5766\", \"CVE-2016-5767\", \"CVE-2016-5768\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:42:00 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:42:00 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for php (EulerOS-SA-2016-1063)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2016-1063\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1063\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'php' package(s) announced via the EulerOS-SA-2016-1063 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A flaw was found in the way certain error conditions were handled by bzread() function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vulnerable function, could cause the application to crash or execute arbitrary code with the permissions of the user running the PHP application.(CVE-2016-5399)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow was found in the imagecreatefromgd2() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application using gd via a specially crafted GD2 image.(CVE-2016-5766)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow was found in the gdImagePaletteToTrueColor() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application using gd via a specially crafted image buffer.(CVE-2016-5767)\n\nA double free flaw was found in the mb_ereg_replace_callback() function of php which is used to perform regex search. This flaw could possibly cause a PHP application to crash.(CVE-2016-5768)\");\n\n script_tag(name:\"affected\", value:\"'php' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"php\", rpm:\"php~5.4.16~42.h10\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.4.16~42.h10\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.4.16~42.h10\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.4.16~42.h10\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.4.16~42.h10\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.4.16~42.h10\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.4.16~42.h10\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.4.16~42.h10\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.4.16~42.h10\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~5.4.16~42.h10\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.4.16~42.h10\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.4.16~42.h10\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.4.16~42.h10\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.4.16~42.h10\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:20", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-11-04T00:00:00", "type": "openvas", "title": "RedHat Update for php RHSA-2016:2598-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5399", "CVE-2016-5768", "CVE-2016-5766", "CVE-2016-5767"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871700", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871700", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for php RHSA-2016:2598-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871700\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-04 05:42:23 +0100 (Fri, 04 Nov 2016)\");\n script_cve_id(\"CVE-2016-5399\", \"CVE-2016-5766\", \"CVE-2016-5767\", \"CVE-2016-5768\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for php RHSA-2016:2598-02\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"PHP is an HTML-embedded scripting language\ncommonly used with the Apache HTTP Server.\n\nSecurity Fix(es):\n\n * A flaw was found in the way certain error conditions were handled by\nbzread() function in PHP. An attacker could use this flaw to upload a\nspecially crafted bz2 archive which, when parsed via the vulnerable\nfunction, could cause the application to crash or execute arbitrary code\nwith the permissions of the user running the PHP application.\n(CVE-2016-5399)\n\n * An integer overflow flaw, leading to a heap-based buffer overflow was\nfound in the imagecreatefromgd2() function of PHP's gd extension. A remote\nattacker could use this flaw to crash a PHP application or execute\narbitrary code with the privileges of the user running that PHP application\nusing gd via a specially crafted GD2 image. (CVE-2016-5766)\n\n * An integer overflow flaw, leading to a heap-based buffer overflow was\nfound in the gdImagePaletteToTrueColor() function of PHP's gd extension. A\nremote attacker could use this flaw to crash a PHP application or execute\narbitrary code with the privileges of the user running that PHP application\nusing gd via a specially crafted image buffer. (CVE-2016-5767)\n\n * A double free flaw was found in the mb_ereg_replace_callback() function\nof php which is used to perform regex search. This flaw could possibly\ncause a PHP application to crash. (CVE-2016-5768)\n\nRed Hat would like to thank Hans Jerry Illikainen for reporting\nCVE-2016-5399.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\");\n script_tag(name:\"affected\", value:\"php on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:2598-02\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-November/msg00034.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.4.16~42.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.4.16~42.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.4.16~42.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-debuginfo\", rpm:\"php-debuginfo~5.4.16~42.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.4.16~42.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.4.16~42.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.4.16~42.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.4.16~42.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.4.16~42.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.4.16~42.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~5.4.16~42.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.4.16~42.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.4.16~42.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.4.16~42.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.4.16~42.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-07-12T00:00:00", "type": "openvas", "title": "Ubuntu Update for libgd2 USN-3030-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7456", "CVE-2016-6128", "CVE-2016-6161", "CVE-2016-5766", "CVE-2016-5116"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842827", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842827", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for libgd2 USN-3030-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842827\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-07-12 05:25:44 +0200 (Tue, 12 Jul 2016)\");\n script_cve_id(\"CVE-2013-7456\", \"CVE-2016-5116\", \"CVE-2016-5766\", \"CVE-2016-6128\", \"CVE-2016-6161\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for libgd2 USN-3030-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libgd2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the GD library\n incorrectly handled memory when using gdImageScaleTwoPass(). A remote attacker\n could possibly use this issue to cause a denial of service. This issue only\n affected Ubuntu 14.04 LTS. (CVE-2013-7456)\n\n It was discovered that the GD library incorrectly handled certain malformed\n XBM images. If a user or automated system were tricked into processing a\n specially crafted XBM image, an attacker could cause a denial of service.\n This issue only affected Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04\n LTS. (CVE-2016-5116)\n\n It was discovered that the GD library incorrectly handled memory when using\n _gd2GetHeader(). A remote attacker could possibly use this issue to cause a\n denial of service or possibly execute arbitrary code. (CVE-2016-5766)\n\n It was discovered that the GD library incorrectly handled certain color\n indexes. A remote attacker could possibly use this issue to cause a denial\n of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 15.10 and\n Ubuntu 16.04 LTS. (CVE-2016-6128)\n\n It was discovered that the GD library incorrectly handled memory when\n encoding a GIF image. A remote attacker could possibly use this issue to\n cause a denial of service. (CVE-2016-6161)\");\n script_tag(name:\"affected\", value:\"libgd2 on Ubuntu 16.04 LTS,\n Ubuntu 15.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3030-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3030-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|16\\.04 LTS|15\\.10|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libgd3:i386\", ver:\"2.1.0-3ubuntu0.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgd3:amd64\", ver:\"2.1.0-3ubuntu0.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libgd3:i386\", ver:\"2.1.1-4ubuntu0.16.04.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgd3:amd64\", ver:\"2.1.1-4ubuntu0.16.04.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libgd3:i386\", ver:\"2.1.1-4ubuntu0.15.10.2\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgd3:amd64\", ver:\"2.1.1-4ubuntu0.15.10.2\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libgd2-noxpm\", ver:\"2.0.36~rc1~dfsg-6ubuntu2.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgd2-xpm\", ver:\"2.0.36~rc1~dfsg-6ubuntu2.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-08-02T00:00:00", "type": "openvas", "title": "Fedora Update for gd FEDORA-2016-615f3bf06e", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6214", "CVE-2016-6128", "CVE-2016-6207", "CVE-2016-6132", "CVE-2016-5766"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310808963", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808963", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gd FEDORA-2016-615f3bf06e\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808963\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-02 10:57:10 +0530 (Tue, 02 Aug 2016)\");\n script_cve_id(\"CVE-2016-5766\", \"CVE-2016-6207\", \"CVE-2016-6214\", \"CVE-2016-6132\", \"CVE-2016-6128\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for gd FEDORA-2016-615f3bf06e\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gd'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"gd on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-615f3bf06e\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MSXVGJW7WQDN7OQB3VNQONCXYGFAD4FP\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"gd\", rpm:\"gd~2.2.3~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:12", "description": "This host is installed with PHP and is prone\n to multiple vulnerabilities.", "cvss3": {}, "published": "2016-08-17T00:00:00", "type": "openvas", "title": "PHP Multiple Vulnerabilities - 01 - Aug16 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5772", "CVE-2016-5768", "CVE-2016-5769", "CVE-2016-5773", "CVE-2016-5766", "CVE-2016-5767"], "modified": "2019-03-14T00:00:00", "id": "OPENVAS:1361412562310808787", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808787", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_mult_vuln01_aug16_win.nasl 14181 2019-03-14 12:59:41Z cfischer $\n#\n# PHP Multiple Vulnerabilities - 01 - Aug16 (Windows)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808787\");\n script_version(\"$Revision: 14181 $\");\n script_cve_id(\"CVE-2016-5773\", \"CVE-2016-5772\", \"CVE-2016-5769\", \"CVE-2016-5768\",\n \"CVE-2016-5766\", \"CVE-2016-5767\");\n script_bugtraq_id(91397, 91398, 91399, 91396, 91395);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:59:41 +0100 (Thu, 14 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-17 11:41:54 +0530 (Wed, 17 Aug 2016)\");\n script_name(\"PHP Multiple Vulnerabilities - 01 - Aug16 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - The 'php_zip.c' script in the zip extension improperly interacts with the\n unserialize implementation and garbage collection.\n\n - The php_wddx_process_data function in 'wddx.c' script in the WDDX extension\n mishandled data in a wddx_deserialize call.\n\n - The multiple integer overflows in 'mcrypt.c' script in the mcrypt extension.\n\n - The double free vulnerability in the '_php_mb_regex_ereg_replace_exec'\n function in 'php_mbregex.c' script in the mbstring extension.\n\n - An integer overflow in the '_gd2GetHeader' function in 'gd_gd2.c' script in\n the GD Graphics Library.\n\n - An integer overflow in the 'gdImageCreate' function in 'gd.c' script in the\n GD Graphics Library.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue allow\n remote attackers to cause a denial of service (buffer overflow and application\n crash) or possibly execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"PHP versions prior to 5.5.37, 5.6.x before\n 5.6.23, and 7.x before 7.0.8 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP version 5.5.37, or 5.6.23,\n or 7.0.8, or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-5.php\");\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-7.php\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_windows\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );\n\nif(version_is_less(version:phpVer, test_version:\"5.5.37\"))\n{\n fix = '5.5.37';\n VULN = TRUE;\n}\n\nelse if(phpVer =~ \"^5\\.6\")\n{\n if(version_in_range(version:phpVer, test_version:\"5.6.0\", test_version2:\"5.6.22\"))\n {\n fix = '5.6.23';\n VULN = TRUE;\n }\n}\n\nelse if(phpVer =~ \"^7\\.0\")\n{\n if(version_in_range(version:phpVer, test_version:\"7.0\", test_version2:\"7.0.7\"))\n {\n fix = '7.0.8';\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:phpVer, fixed_version:fix);\n security_message(data:report, port:phpPort);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:15", "description": "This host is installed with PHP and is prone\n to multiple vulnerabilities.", "cvss3": {}, "published": "2016-08-17T00:00:00", "type": "openvas", "title": "PHP Multiple Vulnerabilities - 01 - Aug16 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5772", "CVE-2016-5768", "CVE-2016-5769", "CVE-2016-5773", "CVE-2016-5766", "CVE-2016-5767"], "modified": "2018-11-20T00:00:00", "id": "OPENVAS:1361412562310808788", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808788", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_mult_vuln01_aug16_lin.nasl 12431 2018-11-20 09:21:00Z asteins $\n#\n# PHP Multiple Vulnerabilities - 01 - Aug16 (Linux)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808788\");\n script_version(\"$Revision: 12431 $\");\n script_cve_id(\"CVE-2016-5773\", \"CVE-2016-5772\", \"CVE-2016-5769\", \"CVE-2016-5768\",\n \"CVE-2016-5766\", \"CVE-2016-5767\");\n script_bugtraq_id(91397, 91398, 91399, 91396, 91395);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-20 10:21:00 +0100 (Tue, 20 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-17 12:07:10 +0530 (Wed, 17 Aug 2016)\");\n script_name(\"PHP Multiple Vulnerabilities - 01 - Aug16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - The 'php_zip.c' script in the zip extension improperly interacts with the\n unserialize implementation and garbage collection.\n\n - The php_wddx_process_data function in 'wddx.c' script in the WDDX extension\n mishandled data in a wddx_deserialize call.\n\n - The multiple integer overflows in 'mcrypt.c' script in the mcrypt extension.\n\n - The double free vulnerability in the '_php_mb_regex_ereg_replace_exec'\n function in 'php_mbregex.c' script in the mbstring extension.\n\n - An integer overflow in the '_gd2GetHeader' function in 'gd_gd2.c' script in\n the GD Graphics Library.\n\n - An integer overflow in the 'gdImageCreate' function in 'gd.c' script in the\n GD Graphics Library.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue allow\n remote attackers to cause a denial of service (buffer overflow and application\n crash) or possibly execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"PHP versions prior to 5.5.37, 5.6.x before\n 5.6.23, and 7.x before 7.0.8 on Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP version 5.5.37, or 5.6.23,\n or 7.0.8, or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-5.php\");\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-7.php\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_unixoide\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );\n\nif(version_is_less(version:phpVer, test_version:\"5.5.37\"))\n{\n fix = '5.5.37';\n VULN = TRUE;\n}\n\nelse if(phpVer =~ \"^5\\.6\")\n{\n if(version_in_range(version:phpVer, test_version:\"5.6.0\", test_version2:\"5.6.22\"))\n {\n fix = '5.6.23';\n VULN = TRUE;\n }\n}\n\nelse if(phpVer =~ \"^7\\.0\")\n{\n if(version_in_range(version:phpVer, test_version:\"7.0\", test_version2:\"7.0.7\"))\n {\n fix = '7.0.8';\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:phpVer, fixed_version:fix);\n security_message(data:report, port:phpPort);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:54:48", "description": "Several vulnerabilities were discovered\nin libgd2, a library for programmatic graphics creation and manipulation. A remote\nattacker can take advantage of these flaws to cause a denial-of-service against an\napplication using the libgd2 library (application crash), or potentially\nto execute arbitrary code with the privileges of the user running the\napplication.", "cvss3": {}, "published": "2016-07-15T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3619-1 (libgd2 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6214", "CVE-2016-6128", "CVE-2016-6161", "CVE-2016-6132", "CVE-2016-5766", "CVE-2016-5116"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703619", "href": "http://plugins.openvas.org/nasl.php?oid=703619", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3619.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3619-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703619);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-5116\", \"CVE-2016-5766\", \"CVE-2016-6128\", \"CVE-2016-6132\",\n \"CVE-2016-6161\", \"CVE-2016-6214\");\n script_name(\"Debian Security Advisory DSA 3619-1 (libgd2 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-07-15 00:00:00 +0200 (Fri, 15 Jul 2016)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3619.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"libgd2 on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 2.1.0-5+deb8u4.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.2.2-29-g3c2b605-1 or earlier.\n\nWe recommend that you upgrade your libgd2 packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities were discovered\nin libgd2, a library for programmatic graphics creation and manipulation. A remote\nattacker can take advantage of these flaws to cause a denial-of-service against an\napplication using the libgd2 library (application crash), or potentially\nto execute arbitrary code with the privileges of the user running the\napplication.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libgd-dbg:amd64\", ver:\"2.1.0-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgd-dbg:i386\", ver:\"2.1.0-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgd-dev:amd64\", ver:\"2.1.0-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgd-dev:i386\", ver:\"2.1.0-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libgd-tools\", ver:\"2.1.0-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgd2-noxpm-dev\", ver:\"2.1.0-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgd2-xpm-dev\", ver:\"2.1.0-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgd3:amd64\", ver:\"2.1.0-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgd3:i386\", ver:\"2.1.0-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:35:15", "description": "Several vulnerabilities were discovered\nin libgd2, a library for programmatic graphics creation and manipulation. A remote\nattacker can take advantage of these flaws to cause a denial-of-service against an\napplication using