Description
**Issue Overview:**
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11042)
A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.(CVE-2019-13224)
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11041)
**Affected Packages:**
php71, php73
**Issue Correction:**
Run _yum update php71_ to update your system.
Run _yum update php73_ to update your system.
**New Packages:**
i686:
php71-ldap-7.1.31-1.41.amzn1.i686
php71-mbstring-7.1.31-1.41.amzn1.i686
php71-devel-7.1.31-1.41.amzn1.i686
php71-cli-7.1.31-1.41.amzn1.i686
php71-mcrypt-7.1.31-1.41.amzn1.i686
php71-dba-7.1.31-1.41.amzn1.i686
php71-mysqlnd-7.1.31-1.41.amzn1.i686
php71-fpm-7.1.31-1.41.amzn1.i686
php71-embedded-7.1.31-1.41.amzn1.i686
php71-recode-7.1.31-1.41.amzn1.i686
php71-7.1.31-1.41.amzn1.i686
php71-opcache-7.1.31-1.41.amzn1.i686
php71-intl-7.1.31-1.41.amzn1.i686
php71-bcmath-7.1.31-1.41.amzn1.i686
php71-enchant-7.1.31-1.41.amzn1.i686
php71-tidy-7.1.31-1.41.amzn1.i686
php71-dbg-7.1.31-1.41.amzn1.i686
php71-debuginfo-7.1.31-1.41.amzn1.i686
php71-pspell-7.1.31-1.41.amzn1.i686
php71-gd-7.1.31-1.41.amzn1.i686
php71-xml-7.1.31-1.41.amzn1.i686
php71-pgsql-7.1.31-1.41.amzn1.i686
php71-snmp-7.1.31-1.41.amzn1.i686
php71-pdo-7.1.31-1.41.amzn1.i686
php71-odbc-7.1.31-1.41.amzn1.i686
php71-pdo-dblib-7.1.31-1.41.amzn1.i686
php71-common-7.1.31-1.41.amzn1.i686
php71-json-7.1.31-1.41.amzn1.i686
php71-imap-7.1.31-1.41.amzn1.i686
php71-gmp-7.1.31-1.41.amzn1.i686
php71-process-7.1.31-1.41.amzn1.i686
php71-xmlrpc-7.1.31-1.41.amzn1.i686
php71-soap-7.1.31-1.41.amzn1.i686
php73-xmlrpc-7.3.8-1.18.amzn1.i686
php73-bcmath-7.3.8-1.18.amzn1.i686
php73-pdo-7.3.8-1.18.amzn1.i686
php73-tidy-7.3.8-1.18.amzn1.i686
php73-gd-7.3.8-1.18.amzn1.i686
php73-common-7.3.8-1.18.amzn1.i686
php73-pdo-dblib-7.3.8-1.18.amzn1.i686
php73-dbg-7.3.8-1.18.amzn1.i686
php73-opcache-7.3.8-1.18.amzn1.i686
php73-process-7.3.8-1.18.amzn1.i686
php73-recode-7.3.8-1.18.amzn1.i686
php73-snmp-7.3.8-1.18.amzn1.i686
php73-gmp-7.3.8-1.18.amzn1.i686
php73-enchant-7.3.8-1.18.amzn1.i686
php73-cli-7.3.8-1.18.amzn1.i686
php73-7.3.8-1.18.amzn1.i686
php73-odbc-7.3.8-1.18.amzn1.i686
php73-embedded-7.3.8-1.18.amzn1.i686
php73-dba-7.3.8-1.18.amzn1.i686
php73-mysqlnd-7.3.8-1.18.amzn1.i686
php73-debuginfo-7.3.8-1.18.amzn1.i686
php73-devel-7.3.8-1.18.amzn1.i686
php73-mbstring-7.3.8-1.18.amzn1.i686
php73-pgsql-7.3.8-1.18.amzn1.i686
php73-xml-7.3.8-1.18.amzn1.i686
php73-fpm-7.3.8-1.18.amzn1.i686
php73-ldap-7.3.8-1.18.amzn1.i686
php73-imap-7.3.8-1.18.amzn1.i686
php73-pspell-7.3.8-1.18.amzn1.i686
php73-json-7.3.8-1.18.amzn1.i686
php73-intl-7.3.8-1.18.amzn1.i686
php73-soap-7.3.8-1.18.amzn1.i686
src:
php71-7.1.31-1.41.amzn1.src
php73-7.3.8-1.18.amzn1.src
x86_64:
php71-embedded-7.1.31-1.41.amzn1.x86_64
php71-dbg-7.1.31-1.41.amzn1.x86_64
php71-pspell-7.1.31-1.41.amzn1.x86_64
php71-devel-7.1.31-1.41.amzn1.x86_64
php71-dba-7.1.31-1.41.amzn1.x86_64
php71-process-7.1.31-1.41.amzn1.x86_64
php71-mcrypt-7.1.31-1.41.amzn1.x86_64
php71-xml-7.1.31-1.41.amzn1.x86_64
php71-bcmath-7.1.31-1.41.amzn1.x86_64
php71-mysqlnd-7.1.31-1.41.amzn1.x86_64
php71-common-7.1.31-1.41.amzn1.x86_64
php71-enchant-7.1.31-1.41.amzn1.x86_64
php71-intl-7.1.31-1.41.amzn1.x86_64
php71-7.1.31-1.41.amzn1.x86_64
php71-pdo-7.1.31-1.41.amzn1.x86_64
php71-debuginfo-7.1.31-1.41.amzn1.x86_64
php71-snmp-7.1.31-1.41.amzn1.x86_64
php71-xmlrpc-7.1.31-1.41.amzn1.x86_64
php71-mbstring-7.1.31-1.41.amzn1.x86_64
php71-pdo-dblib-7.1.31-1.41.amzn1.x86_64
php71-gmp-7.1.31-1.41.amzn1.x86_64
php71-json-7.1.31-1.41.amzn1.x86_64
php71-imap-7.1.31-1.41.amzn1.x86_64
php71-ldap-7.1.31-1.41.amzn1.x86_64
php71-tidy-7.1.31-1.41.amzn1.x86_64
php71-odbc-7.1.31-1.41.amzn1.x86_64
php71-fpm-7.1.31-1.41.amzn1.x86_64
php71-opcache-7.1.31-1.41.amzn1.x86_64
php71-soap-7.1.31-1.41.amzn1.x86_64
php71-recode-7.1.31-1.41.amzn1.x86_64
php71-pgsql-7.1.31-1.41.amzn1.x86_64
php71-cli-7.1.31-1.41.amzn1.x86_64
php71-gd-7.1.31-1.41.amzn1.x86_64
php73-odbc-7.3.8-1.18.amzn1.x86_64
php73-xml-7.3.8-1.18.amzn1.x86_64
php73-mysqlnd-7.3.8-1.18.amzn1.x86_64
php73-mbstring-7.3.8-1.18.amzn1.x86_64
php73-ldap-7.3.8-1.18.amzn1.x86_64
php73-recode-7.3.8-1.18.amzn1.x86_64
php73-devel-7.3.8-1.18.amzn1.x86_64
php73-embedded-7.3.8-1.18.amzn1.x86_64
php73-opcache-7.3.8-1.18.amzn1.x86_64
php73-7.3.8-1.18.amzn1.x86_64
php73-dbg-7.3.8-1.18.amzn1.x86_64
php73-common-7.3.8-1.18.amzn1.x86_64
php73-gd-7.3.8-1.18.amzn1.x86_64
php73-snmp-7.3.8-1.18.amzn1.x86_64
php73-enchant-7.3.8-1.18.amzn1.x86_64
php73-bcmath-7.3.8-1.18.amzn1.x86_64
php73-xmlrpc-7.3.8-1.18.amzn1.x86_64
php73-gmp-7.3.8-1.18.amzn1.x86_64
php73-tidy-7.3.8-1.18.amzn1.x86_64
php73-dba-7.3.8-1.18.amzn1.x86_64
php73-fpm-7.3.8-1.18.amzn1.x86_64
php73-pgsql-7.3.8-1.18.amzn1.x86_64
php73-cli-7.3.8-1.18.amzn1.x86_64
php73-pdo-dblib-7.3.8-1.18.amzn1.x86_64
php73-debuginfo-7.3.8-1.18.amzn1.x86_64
php73-process-7.3.8-1.18.amzn1.x86_64
php73-imap-7.3.8-1.18.amzn1.x86_64
php73-soap-7.3.8-1.18.amzn1.x86_64
php73-json-7.3.8-1.18.amzn1.x86_64
php73-pspell-7.3.8-1.18.amzn1.x86_64
php73-intl-7.3.8-1.18.amzn1.x86_64
php73-pdo-7.3.8-1.18.amzn1.x86_64
Affected Package
Related
{"id": "ALAS-2019-1283", "vendorId": null, "type": "amazon", "bulletinFamily": "unix", "title": "Low: php71, php73", "description": "**Issue Overview:**\n\nWhen PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11042)\n\nA use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.(CVE-2019-13224)\n\nWhen PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11041)\n\n \n**Affected Packages:** \n\n\nphp71, php73\n\n \n**Issue Correction:** \nRun _yum update php71_ to update your system. \nRun _yum update php73_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 php71-ldap-7.1.31-1.41.amzn1.i686 \n \u00a0\u00a0\u00a0 php71-mbstring-7.1.31-1.41.amzn1.i686 \n \u00a0\u00a0\u00a0 php71-devel-7.1.31-1.41.amzn1.i686 \n \u00a0\u00a0\u00a0 php71-cli-7.1.31-1.41.amzn1.i686 \n \u00a0\u00a0\u00a0 php71-mcrypt-7.1.31-1.41.amzn1.i686 \n \u00a0\u00a0\u00a0 php71-dba-7.1.31-1.41.amzn1.i686 \n \u00a0\u00a0\u00a0 php71-mysqlnd-7.1.31-1.41.amzn1.i686 \n \u00a0\u00a0\u00a0 php71-fpm-7.1.31-1.41.amzn1.i686 \n \u00a0\u00a0\u00a0 php71-embedded-7.1.31-1.41.amzn1.i686 \n \u00a0\u00a0\u00a0 php71-recode-7.1.31-1.41.amzn1.i686 \n \u00a0\u00a0\u00a0 php71-7.1.31-1.41.amzn1.i686 \n \u00a0\u00a0\u00a0 php71-opcache-7.1.31-1.41.amzn1.i686 \n \u00a0\u00a0\u00a0 php71-intl-7.1.31-1.41.amzn1.i686 \n \u00a0\u00a0\u00a0 php71-bcmath-7.1.31-1.41.amzn1.i686 \n \u00a0\u00a0\u00a0 php71-enchant-7.1.31-1.41.amzn1.i686 \n \u00a0\u00a0\u00a0 php71-tidy-7.1.31-1.41.amzn1.i686 \n \u00a0\u00a0\u00a0 php71-dbg-7.1.31-1.41.amzn1.i686 \n \u00a0\u00a0\u00a0 php71-debuginfo-7.1.31-1.41.amzn1.i686 \n \u00a0\u00a0\u00a0 php71-pspell-7.1.31-1.41.amzn1.i686 \n \u00a0\u00a0\u00a0 php71-gd-7.1.31-1.41.amzn1.i686 \n \u00a0\u00a0\u00a0 php71-xml-7.1.31-1.41.amzn1.i686 \n \u00a0\u00a0\u00a0 php71-pgsql-7.1.31-1.41.amzn1.i686 \n \u00a0\u00a0\u00a0 php71-snmp-7.1.31-1.41.amzn1.i686 \n \u00a0\u00a0\u00a0 php71-pdo-7.1.31-1.41.amzn1.i686 \n \u00a0\u00a0\u00a0 php71-odbc-7.1.31-1.41.amzn1.i686 \n \u00a0\u00a0\u00a0 php71-pdo-dblib-7.1.31-1.41.amzn1.i686 \n \u00a0\u00a0\u00a0 php71-common-7.1.31-1.41.amzn1.i686 \n \u00a0\u00a0\u00a0 php71-json-7.1.31-1.41.amzn1.i686 \n \u00a0\u00a0\u00a0 php71-imap-7.1.31-1.41.amzn1.i686 \n \u00a0\u00a0\u00a0 php71-gmp-7.1.31-1.41.amzn1.i686 \n \u00a0\u00a0\u00a0 php71-process-7.1.31-1.41.amzn1.i686 \n \u00a0\u00a0\u00a0 php71-xmlrpc-7.1.31-1.41.amzn1.i686 \n \u00a0\u00a0\u00a0 php71-soap-7.1.31-1.41.amzn1.i686 \n \u00a0\u00a0\u00a0 php73-xmlrpc-7.3.8-1.18.amzn1.i686 \n \u00a0\u00a0\u00a0 php73-bcmath-7.3.8-1.18.amzn1.i686 \n \u00a0\u00a0\u00a0 php73-pdo-7.3.8-1.18.amzn1.i686 \n \u00a0\u00a0\u00a0 php73-tidy-7.3.8-1.18.amzn1.i686 \n \u00a0\u00a0\u00a0 php73-gd-7.3.8-1.18.amzn1.i686 \n \u00a0\u00a0\u00a0 php73-common-7.3.8-1.18.amzn1.i686 \n \u00a0\u00a0\u00a0 php73-pdo-dblib-7.3.8-1.18.amzn1.i686 \n \u00a0\u00a0\u00a0 php73-dbg-7.3.8-1.18.amzn1.i686 \n \u00a0\u00a0\u00a0 php73-opcache-7.3.8-1.18.amzn1.i686 \n \u00a0\u00a0\u00a0 php73-process-7.3.8-1.18.amzn1.i686 \n \u00a0\u00a0\u00a0 php73-recode-7.3.8-1.18.amzn1.i686 \n \u00a0\u00a0\u00a0 php73-snmp-7.3.8-1.18.amzn1.i686 \n \u00a0\u00a0\u00a0 php73-gmp-7.3.8-1.18.amzn1.i686 \n \u00a0\u00a0\u00a0 php73-enchant-7.3.8-1.18.amzn1.i686 \n \u00a0\u00a0\u00a0 php73-cli-7.3.8-1.18.amzn1.i686 \n \u00a0\u00a0\u00a0 php73-7.3.8-1.18.amzn1.i686 \n \u00a0\u00a0\u00a0 php73-odbc-7.3.8-1.18.amzn1.i686 \n \u00a0\u00a0\u00a0 php73-embedded-7.3.8-1.18.amzn1.i686 \n \u00a0\u00a0\u00a0 php73-dba-7.3.8-1.18.amzn1.i686 \n \u00a0\u00a0\u00a0 php73-mysqlnd-7.3.8-1.18.amzn1.i686 \n \u00a0\u00a0\u00a0 php73-debuginfo-7.3.8-1.18.amzn1.i686 \n \u00a0\u00a0\u00a0 php73-devel-7.3.8-1.18.amzn1.i686 \n \u00a0\u00a0\u00a0 php73-mbstring-7.3.8-1.18.amzn1.i686 \n \u00a0\u00a0\u00a0 php73-pgsql-7.3.8-1.18.amzn1.i686 \n \u00a0\u00a0\u00a0 php73-xml-7.3.8-1.18.amzn1.i686 \n \u00a0\u00a0\u00a0 php73-fpm-7.3.8-1.18.amzn1.i686 \n \u00a0\u00a0\u00a0 php73-ldap-7.3.8-1.18.amzn1.i686 \n \u00a0\u00a0\u00a0 php73-imap-7.3.8-1.18.amzn1.i686 \n \u00a0\u00a0\u00a0 php73-pspell-7.3.8-1.18.amzn1.i686 \n \u00a0\u00a0\u00a0 php73-json-7.3.8-1.18.amzn1.i686 \n \u00a0\u00a0\u00a0 php73-intl-7.3.8-1.18.amzn1.i686 \n \u00a0\u00a0\u00a0 php73-soap-7.3.8-1.18.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 php71-7.1.31-1.41.amzn1.src \n \u00a0\u00a0\u00a0 php73-7.3.8-1.18.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 php71-embedded-7.1.31-1.41.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php71-dbg-7.1.31-1.41.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php71-pspell-7.1.31-1.41.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php71-devel-7.1.31-1.41.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php71-dba-7.1.31-1.41.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php71-process-7.1.31-1.41.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php71-mcrypt-7.1.31-1.41.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php71-xml-7.1.31-1.41.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php71-bcmath-7.1.31-1.41.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php71-mysqlnd-7.1.31-1.41.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php71-common-7.1.31-1.41.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php71-enchant-7.1.31-1.41.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php71-intl-7.1.31-1.41.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php71-7.1.31-1.41.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php71-pdo-7.1.31-1.41.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php71-debuginfo-7.1.31-1.41.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php71-snmp-7.1.31-1.41.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php71-xmlrpc-7.1.31-1.41.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php71-mbstring-7.1.31-1.41.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php71-pdo-dblib-7.1.31-1.41.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php71-gmp-7.1.31-1.41.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php71-json-7.1.31-1.41.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php71-imap-7.1.31-1.41.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php71-ldap-7.1.31-1.41.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php71-tidy-7.1.31-1.41.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php71-odbc-7.1.31-1.41.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php71-fpm-7.1.31-1.41.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php71-opcache-7.1.31-1.41.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php71-soap-7.1.31-1.41.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php71-recode-7.1.31-1.41.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php71-pgsql-7.1.31-1.41.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php71-cli-7.1.31-1.41.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php71-gd-7.1.31-1.41.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php73-odbc-7.3.8-1.18.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php73-xml-7.3.8-1.18.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php73-mysqlnd-7.3.8-1.18.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php73-mbstring-7.3.8-1.18.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php73-ldap-7.3.8-1.18.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php73-recode-7.3.8-1.18.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php73-devel-7.3.8-1.18.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php73-embedded-7.3.8-1.18.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php73-opcache-7.3.8-1.18.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php73-7.3.8-1.18.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php73-dbg-7.3.8-1.18.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php73-common-7.3.8-1.18.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php73-gd-7.3.8-1.18.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php73-snmp-7.3.8-1.18.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php73-enchant-7.3.8-1.18.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php73-bcmath-7.3.8-1.18.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php73-xmlrpc-7.3.8-1.18.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php73-gmp-7.3.8-1.18.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php73-tidy-7.3.8-1.18.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php73-dba-7.3.8-1.18.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php73-fpm-7.3.8-1.18.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php73-pgsql-7.3.8-1.18.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php73-cli-7.3.8-1.18.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php73-pdo-dblib-7.3.8-1.18.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php73-debuginfo-7.3.8-1.18.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php73-process-7.3.8-1.18.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php73-imap-7.3.8-1.18.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php73-soap-7.3.8-1.18.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php73-json-7.3.8-1.18.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php73-pspell-7.3.8-1.18.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php73-intl-7.3.8-1.18.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php73-pdo-7.3.8-1.18.amzn1.x86_64 \n \n \n", "published": "2019-09-13T22:53:00", "modified": "2019-09-18T21:35:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://alas.aws.amazon.com/ALAS-2019-1283.html", "reporter": "Amazon", "references": [], "cvelist": ["CVE-2019-11041", "CVE-2019-11042", "CVE-2019-13224"], "immutableFields": [], "lastseen": "2022-07-20T23:07:49", "viewCount": 111, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:1624", "ALSA-2020:3662"]}, {"type": "amazon", "idList": ["ALAS-2019-1284", "ALAS-2019-1295", "ALAS2-2019-1288"]}, {"type": "apple", "idList": ["APPLE:356155132BDE067E2049C0C5B87F5F09", "APPLE:F0DD36964D42DC3E67689751DBBFF908", "APPLE:HT210634", "APPLE:HT210722"]}, {"type": "cloudlinux", "idList": ["CLSA-2020:1605798462"]}, {"type": "cve", "idList": ["CVE-2019-11041", "CVE-2019-11042", "CVE-2019-13224"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1854-1:DE45B", "DEBIAN:DLA-1854-1:F6B60", "DEBIAN:DLA-1878-1:525E2", "DEBIAN:DLA-1878-1:D9A2D", "DEBIAN:DLA-2431-1:6BC5D", "DEBIAN:DLA-2431-1:BFD58", "DEBIAN:DSA-4527-1:75FBD", "DEBIAN:DSA-4529-1:9F947"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-11041", "DEBIANCVE:CVE-2019-11042", "DEBIANCVE:CVE-2019-13224"]}, {"type": "f5", "idList": ["F5:K00103182"]}, {"type": "fedora", "idList": ["FEDORA:2F0F460F096A", "FEDORA:609CD6153F40", "FEDORA:735A760C4528", "FEDORA:865A2609DE83", "FEDORA:D644860525AE", "FEDORA:E0B4F6075B3D", "FEDORA:E804C60D0D7B"]}, {"type": "freebsd", "idList": ["A8D87C7A-D1B1-11E9-A616-0992A4564E7C"]}, {"type": "gentoo", "idList": ["GLSA-201911-03"]}, {"type": "hackerone", "idList": ["H1:675578", "H1:675580"]}, {"type": "mageia", "idList": ["MGASA-2019-0218", "MGASA-2019-0253", "MGASA-2020-0029"]}, {"type": "nessus", "idList": ["AL2_ALAS-2019-1288.NASL", "ALA_ALAS-2019-1283.NASL", "ALA_ALAS-2019-1284.NASL", "ALA_ALAS-2019-1295.NASL", "CENTOS8_RHSA-2020-1624.NASL", "CENTOS8_RHSA-2020-3662.NASL", "DEBIAN_DLA-1854.NASL", "DEBIAN_DLA-1878.NASL", "DEBIAN_DSA-4527.NASL", "DEBIAN_DSA-4529.NASL", "EULEROS_SA-2019-1928.NASL", "EULEROS_SA-2019-2043.NASL", "EULEROS_SA-2019-2086.NASL", "EULEROS_SA-2019-2089.NASL", "EULEROS_SA-2019-2438.NASL", "EULEROS_SA-2020-1747.NASL", "EULEROS_SA-2020-1791.NASL", "EULEROS_SA-2020-2067.NASL", "EULEROS_SA-2020-2384.NASL", "EULEROS_SA-2021-1633.NASL", "EULEROS_SA-2021-1668.NASL", "FEDORA_2019-3F3D0953DB.NASL", "FEDORA_2019-5409BB5E68.NASL", "FEDORA_2019-EC40D89812.NASL", "FEDORA_2019-F07DB8F031.NASL", "FREEBSD_PKG_A8D87C7AD1B111E9A6160992A4564E7C.NASL", "GENTOO_GLSA-201911-03.NASL", "MACOS_HT210634.NASL", "MACOS_HT210722.NASL", "OPENSUSE-2019-2271.NASL", "OPENSUSE-2019-2272.NASL", "OPENSUSE-2021-1130.NASL", "OPENSUSE-2021-2575.NASL", "OPENSUSE-2021-2637.NASL", "OPENSUSE-2021-2795.NASL", "ORACLELINUX_ELSA-2020-3662.NASL", "ORACLELINUX_ELSA-2020-5861.NASL", "PHOTONOS_PHSA-2019-3_0-0024_ONIGURUMA.NASL", "PHP_7_1_31.NASL", "PHP_7_2_21.NASL", "PHP_7_3_8.NASL", "PHP_7_3_9.NASL", "PHP_7_4_0.NASL", "REDHAT-RHSA-2020-1624.NASL", "REDHAT-RHSA-2020-3662.NASL", "SECURITYCENTER_5_19_0_TNS_2021_08.NASL", "SECURITYCENTER_5_19_0_TNS_2021_14.NASL", "SUSE_SU-2019-14158-1.NASL", "SUSE_SU-2019-2243-1.NASL", "SUSE_SU-2019-2270-1.NASL", "SUSE_SU-2019-2503-1.NASL", "SUSE_SU-2020-0522-1.NASL", "SUSE_SU-2021-2564-1.NASL", "SUSE_SU-2021-2636-1.NASL", "SUSE_SU-2021-2637-1.NASL", "SUSE_SU-2021-2638-1.NASL", "SUSE_SU-2021-2795-1.NASL", "UBUNTU_USN-4097-1.NASL", "WEB_APPLICATION_SCANNING_98661", "WEB_APPLICATION_SCANNING_98662", "WEB_APPLICATION_SCANNING_98663", "WEB_APPLICATION_SCANNING_98682", "WEB_APPLICATION_SCANNING_98683", "WEB_APPLICATION_SCANNING_98684"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310108633", "OPENVAS:1361412562310108634", "OPENVAS:1361412562310142695", "OPENVAS:1361412562310142696", "OPENVAS:1361412562310704527", "OPENVAS:1361412562310704529", "OPENVAS:1361412562310815820", "OPENVAS:1361412562310844135", "OPENVAS:1361412562310852729", "OPENVAS:1361412562310876622", "OPENVAS:1361412562310876625", "OPENVAS:1361412562310876644", "OPENVAS:1361412562310876646", "OPENVAS:1361412562310877026", "OPENVAS:1361412562310877028", "OPENVAS:1361412562310877069", "OPENVAS:1361412562310891854", "OPENVAS:1361412562310891878", "OPENVAS:1361412562311220191928", "OPENVAS:1361412562311220192043", "OPENVAS:1361412562311220192086", "OPENVAS:1361412562311220192089", "OPENVAS:1361412562311220192438", "OPENVAS:1361412562311220201747", "OPENVAS:1361412562311220201791"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-1624", "ELSA-2020-3662", "ELSA-2020-5861"]}, {"type": "osv", "idList": ["OSV:DLA-1854-1", "OSV:DLA-1878-1", "OSV:DLA-2431-1", "OSV:DLA-2431-2", "OSV:DSA-4527-1", "OSV:DSA-4529-1"]}, {"type": "photon", "idList": ["PHSA-2019-0024", "PHSA-2019-0171", "PHSA-2019-3.0-0024"]}, {"type": "redhat", "idList": ["RHSA-2019:3299", "RHSA-2020:1624", "RHSA-2020:3662"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-11041", "RH:CVE-2019-11042", "RH:CVE-2019-13224"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:2271-1"]}, {"type": "symantec", "idList": ["SMNTC-109465", "SMNTC-109468"]}, {"type": "thn", "idList": ["THN:5483F752911D643A7A952FBFA7B4B7E4"]}, {"type": "threatpost", "idList": ["THREATPOST:F770D8B67D6B82405D9E85998887BDF3"]}, {"type": "ubuntu", "idList": ["USN-4088-1", "USN-4097-1", "USN-4097-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-11041", "UB:CVE-2019-11042", "UB:CVE-2019-13224"]}]}, "score": {"value": 3.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:1624", "ALSA-2020:3662"]}, {"type": "amazon", "idList": ["ALAS-2019-1284", "ALAS-2019-1295"]}, {"type": "apple", "idList": ["APPLE:356155132BDE067E2049C0C5B87F5F09", "APPLE:F0DD36964D42DC3E67689751DBBFF908", "APPLE:HT210634", "APPLE:HT210722"]}, {"type": "cve", "idList": ["CVE-2019-11041", "CVE-2019-11042", "CVE-2019-13224"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1854-1:F6B60", "DEBIAN:DLA-1878-1:D9A2D", "DEBIAN:DSA-4527-1:75FBD", "DEBIAN:DSA-4529-1:9F947"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-13224"]}, {"type": "f5", "idList": ["F5:K00103182"]}, {"type": "fedora", "idList": ["FEDORA:2F0F460F096A", "FEDORA:609CD6153F40", "FEDORA:735A760C4528", "FEDORA:865A2609DE83", "FEDORA:D644860525AE", "FEDORA:E0B4F6075B3D", "FEDORA:E804C60D0D7B"]}, {"type": "freebsd", "idList": ["A8D87C7A-D1B1-11E9-A616-0992A4564E7C"]}, {"type": "gentoo", "idList": ["GLSA-201911-03"]}, {"type": "hackerone", "idList": ["H1:675578", "H1:675580"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/AMAZON_LINUX-CVE-2019-11042/", "MSF:ILITIES/APPLE-OSX-APACHEMODPHP-CVE-2019-11042/", "MSF:ILITIES/CENTOS_LINUX-CVE-2019-11042/", "MSF:ILITIES/DEBIAN-CVE-2019-11042/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2019-11042/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2019-11042/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2019-11042/", "MSF:ILITIES/MACOSX-AIRPORT-AUTOMATIC-ASSOCIATION/", "MSF:ILITIES/ORACLE-SOLARIS-CVE-2019-11042/", "MSF:ILITIES/ORACLE_LINUX-CVE-2019-11042/", "MSF:ILITIES/PHP-CVE-2019-11042/", "MSF:ILITIES/REDHAT_LINUX-CVE-2019-11042/", "MSF:ILITIES/SUSE-CVE-2019-11042/", "MSF:ILITIES/UBUNTU-CVE-2019-11042/"]}, {"type": "nessus", "idList": ["AL2_ALAS-2019-1288.NASL", "ALA_ALAS-2019-1283.NASL", "ALA_ALAS-2019-1284.NASL", "ALA_ALAS-2019-1295.NASL", "DEBIAN_DLA-1854.NASL", "DEBIAN_DLA-1878.NASL", "DEBIAN_DSA-4527.NASL", "DEBIAN_DSA-4529.NASL", "EULEROS_SA-2019-2086.NASL", "EULEROS_SA-2019-2089.NASL", "FEDORA_2019-3F3D0953DB.NASL", "FEDORA_2019-5409BB5E68.NASL", "FEDORA_2019-EC40D89812.NASL", "FEDORA_2019-F07DB8F031.NASL", "FREEBSD_PKG_A8D87C7AD1B111E9A6160992A4564E7C.NASL", "GENTOO_GLSA-201911-03.NASL", "MACOS_HT210634.NASL", "MACOS_HT210722.NASL", "PHOTONOS_PHSA-2019-3_0-0024_ONIGURUMA.NASL", "REDHAT-RHSA-2020-1624.NASL", "REDHAT-RHSA-2020-3662.NASL", "SUSE_SU-2019-14158-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310108633", "OPENVAS:1361412562310108634", "OPENVAS:1361412562310142695", "OPENVAS:1361412562310142696", "OPENVAS:1361412562310704527", "OPENVAS:1361412562310704529", "OPENVAS:1361412562310844135", "OPENVAS:1361412562310852729", "OPENVAS:1361412562310876622", "OPENVAS:1361412562310876625", "OPENVAS:1361412562310876644", "OPENVAS:1361412562310876646", "OPENVAS:1361412562310891854", "OPENVAS:1361412562310891878"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-3662"]}, {"type": "photon", "idList": ["PHSA-2019-3.0-0024"]}, {"type": "redhat", "idList": ["RHSA-2020:3662"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:2271-1"]}, {"type": "thn", "idList": ["THN:5483F752911D643A7A952FBFA7B4B7E4"]}, {"type": "threatpost", "idList": ["THREATPOST:F770D8B67D6B82405D9E85998887BDF3"]}, {"type": "ubuntu", "idList": ["USN-4088-1", "USN-4097-1", "USN-4097-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-11041", "UB:CVE-2019-11042"]}]}, "exploitation": null, "vulnersScore": 3.2}, "_state": {"dependencies": 1659988328, "score": 1659871106}, "_internal": {"score_hash": "8b9a6f9f29ef50e2027ba9f8b49c17cc"}, "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-ldap-7.1.31-1.41.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-ldap"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-mbstring-7.1.31-1.41.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-mbstring"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-devel-7.1.31-1.41.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-devel"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-cli-7.1.31-1.41.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-cli"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-mcrypt-7.1.31-1.41.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-mcrypt"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-dba-7.1.31-1.41.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-dba"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-mysqlnd-7.1.31-1.41.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-mysqlnd"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-fpm-7.1.31-1.41.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-fpm"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-embedded-7.1.31-1.41.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-embedded"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-recode-7.1.31-1.41.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-recode"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-7.1.31-1.41.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-opcache-7.1.31-1.41.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-opcache"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-intl-7.1.31-1.41.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-intl"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-bcmath-7.1.31-1.41.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-bcmath"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-enchant-7.1.31-1.41.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-enchant"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-tidy-7.1.31-1.41.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-tidy"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-dbg-7.1.31-1.41.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-dbg"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-debuginfo-7.1.31-1.41.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-debuginfo"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-pspell-7.1.31-1.41.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-pspell"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-gd-7.1.31-1.41.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-gd"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-xml-7.1.31-1.41.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-xml"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-pgsql-7.1.31-1.41.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-pgsql"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-snmp-7.1.31-1.41.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-snmp"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-pdo-7.1.31-1.41.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-pdo"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-odbc-7.1.31-1.41.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-odbc"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-pdo-dblib-7.1.31-1.41.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-pdo-dblib"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-common-7.1.31-1.41.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-common"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-json-7.1.31-1.41.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-json"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-imap-7.1.31-1.41.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-imap"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-gmp-7.1.31-1.41.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-gmp"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-process-7.1.31-1.41.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-process"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-xmlrpc-7.1.31-1.41.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-xmlrpc"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-soap-7.1.31-1.41.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-soap"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-xmlrpc-7.3.8-1.18.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-xmlrpc"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-bcmath-7.3.8-1.18.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-bcmath"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-pdo-7.3.8-1.18.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-pdo"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-tidy-7.3.8-1.18.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-tidy"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-gd-7.3.8-1.18.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-gd"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-common-7.3.8-1.18.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-common"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-pdo-dblib-7.3.8-1.18.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-pdo-dblib"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-dbg-7.3.8-1.18.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-dbg"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-opcache-7.3.8-1.18.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-opcache"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-process-7.3.8-1.18.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-process"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-recode-7.3.8-1.18.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-recode"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-snmp-7.3.8-1.18.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-snmp"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-gmp-7.3.8-1.18.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-gmp"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-enchant-7.3.8-1.18.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-enchant"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-cli-7.3.8-1.18.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-cli"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-7.3.8-1.18.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-odbc-7.3.8-1.18.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-odbc"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-embedded-7.3.8-1.18.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-embedded"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-dba-7.3.8-1.18.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-dba"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-mysqlnd-7.3.8-1.18.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-mysqlnd"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-debuginfo-7.3.8-1.18.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-debuginfo"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-devel-7.3.8-1.18.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-devel"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-mbstring-7.3.8-1.18.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-mbstring"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-pgsql-7.3.8-1.18.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-pgsql"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-xml-7.3.8-1.18.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-xml"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-fpm-7.3.8-1.18.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-fpm"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-ldap-7.3.8-1.18.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-ldap"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-imap-7.3.8-1.18.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-imap"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-pspell-7.3.8-1.18.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-pspell"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-json-7.3.8-1.18.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-json"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-intl-7.3.8-1.18.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-intl"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-soap-7.3.8-1.18.amzn1.i686.rpm", "arch": "i686", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-soap"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-7.1.31-1.41.amzn1.src.rpm", "arch": "src", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-7.3.8-1.18.amzn1.src.rpm", "arch": "src", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-embedded-7.1.31-1.41.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-embedded"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-dbg-7.1.31-1.41.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-dbg"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-pspell-7.1.31-1.41.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-pspell"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-devel-7.1.31-1.41.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-devel"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-dba-7.1.31-1.41.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-dba"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-process-7.1.31-1.41.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-process"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-mcrypt-7.1.31-1.41.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-mcrypt"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-xml-7.1.31-1.41.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-xml"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-bcmath-7.1.31-1.41.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-bcmath"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-mysqlnd-7.1.31-1.41.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-mysqlnd"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-common-7.1.31-1.41.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-common"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-enchant-7.1.31-1.41.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-enchant"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-intl-7.1.31-1.41.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-intl"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-7.1.31-1.41.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-pdo-7.1.31-1.41.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-pdo"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-debuginfo-7.1.31-1.41.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-debuginfo"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-snmp-7.1.31-1.41.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-snmp"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-xmlrpc-7.1.31-1.41.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-xmlrpc"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-mbstring-7.1.31-1.41.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-mbstring"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-pdo-dblib-7.1.31-1.41.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-pdo-dblib"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-gmp-7.1.31-1.41.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-gmp"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-json-7.1.31-1.41.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-json"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-imap-7.1.31-1.41.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-imap"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-ldap-7.1.31-1.41.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-ldap"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-tidy-7.1.31-1.41.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-tidy"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-odbc-7.1.31-1.41.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-odbc"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-fpm-7.1.31-1.41.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-fpm"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-opcache-7.1.31-1.41.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-opcache"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-soap-7.1.31-1.41.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-soap"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-recode-7.1.31-1.41.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-recode"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-pgsql-7.1.31-1.41.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-pgsql"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-cli-7.1.31-1.41.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-cli"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php71-gd-7.1.31-1.41.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.1.31-1.41.amzn1", "operator": "lt", "packageName": "php71-gd"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-odbc-7.3.8-1.18.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-odbc"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-xml-7.3.8-1.18.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-xml"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-mysqlnd-7.3.8-1.18.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-mysqlnd"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-mbstring-7.3.8-1.18.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-mbstring"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-ldap-7.3.8-1.18.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-ldap"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-recode-7.3.8-1.18.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-recode"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-devel-7.3.8-1.18.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-devel"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-embedded-7.3.8-1.18.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-embedded"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-opcache-7.3.8-1.18.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-opcache"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-7.3.8-1.18.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-dbg-7.3.8-1.18.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-dbg"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-common-7.3.8-1.18.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-common"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-gd-7.3.8-1.18.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-gd"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-snmp-7.3.8-1.18.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-snmp"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-enchant-7.3.8-1.18.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-enchant"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-bcmath-7.3.8-1.18.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-bcmath"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-xmlrpc-7.3.8-1.18.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-xmlrpc"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-gmp-7.3.8-1.18.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-gmp"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-tidy-7.3.8-1.18.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-tidy"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-dba-7.3.8-1.18.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-dba"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-fpm-7.3.8-1.18.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-fpm"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-pgsql-7.3.8-1.18.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-pgsql"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-cli-7.3.8-1.18.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-cli"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-pdo-dblib-7.3.8-1.18.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-pdo-dblib"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-debuginfo-7.3.8-1.18.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-debuginfo"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-process-7.3.8-1.18.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-process"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-imap-7.3.8-1.18.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-imap"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-soap-7.3.8-1.18.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-soap"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-json-7.3.8-1.18.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-json"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-pspell-7.3.8-1.18.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-pspell"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-intl-7.3.8-1.18.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-intl"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "php73-pdo-7.3.8-1.18.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.3.8-1.18.amzn1", "operator": "lt", "packageName": "php73-pdo"}]}
{"nessus": [{"lastseen": "2022-07-25T16:00:53", "description": "When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11042)\n\nA use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.(CVE-2019-13224)\n\nWhen PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11041)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-09-19T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : php71 / php73 (ALAS-2019-1283)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11041", "CVE-2019-11042", "CVE-2019-13224"], "modified": "2019-12-27T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:php71", "p-cpe:/a:amazon:linux:php71-bcmath", "p-cpe:/a:amazon:linux:php71-cli", "p-cpe:/a:amazon:linux:php71-common", "p-cpe:/a:amazon:linux:php71-dba", "p-cpe:/a:amazon:linux:php71-dbg", "p-cpe:/a:amazon:linux:php71-debuginfo", "p-cpe:/a:amazon:linux:php71-devel", "p-cpe:/a:amazon:linux:php71-embedded", "p-cpe:/a:amazon:linux:php71-enchant", "p-cpe:/a:amazon:linux:php71-fpm", "p-cpe:/a:amazon:linux:php71-gd", "p-cpe:/a:amazon:linux:php71-gmp", "p-cpe:/a:amazon:linux:php71-imap", "p-cpe:/a:amazon:linux:php71-intl", "p-cpe:/a:amazon:linux:php71-json", "p-cpe:/a:amazon:linux:php71-ldap", "p-cpe:/a:amazon:linux:php71-mbstring", "p-cpe:/a:amazon:linux:php71-mcrypt", "p-cpe:/a:amazon:linux:php71-mysqlnd", "p-cpe:/a:amazon:linux:php71-odbc", "p-cpe:/a:amazon:linux:php71-opcache", "p-cpe:/a:amazon:linux:php71-pdo", "p-cpe:/a:amazon:linux:php71-pdo-dblib", "p-cpe:/a:amazon:linux:php71-pgsql", "p-cpe:/a:amazon:linux:php71-process", "p-cpe:/a:amazon:linux:php71-pspell", "p-cpe:/a:amazon:linux:php71-recode", "p-cpe:/a:amazon:linux:php71-snmp", "p-cpe:/a:amazon:linux:php71-soap", "p-cpe:/a:amazon:linux:php71-tidy", "p-cpe:/a:amazon:linux:php71-xml", "p-cpe:/a:amazon:linux:php71-xmlrpc", "p-cpe:/a:amazon:linux:php73", "p-cpe:/a:amazon:linux:php73-bcmath", "p-cpe:/a:amazon:linux:php73-cli", "p-cpe:/a:amazon:linux:php73-common", "p-cpe:/a:amazon:linux:php73-dba", "p-cpe:/a:amazon:linux:php73-dbg", "p-cpe:/a:amazon:linux:php73-debuginfo", "p-cpe:/a:amazon:linux:php73-devel", "p-cpe:/a:amazon:linux:php73-embedded", "p-cpe:/a:amazon:linux:php73-enchant", "p-cpe:/a:amazon:linux:php73-fpm", "p-cpe:/a:amazon:linux:php73-gd", "p-cpe:/a:amazon:linux:php73-gmp", "p-cpe:/a:amazon:linux:php73-imap", "p-cpe:/a:amazon:linux:php73-intl", "p-cpe:/a:amazon:linux:php73-json", "p-cpe:/a:amazon:linux:php73-ldap", "p-cpe:/a:amazon:linux:php73-mbstring", "p-cpe:/a:amazon:linux:php73-mysqlnd", "p-cpe:/a:amazon:linux:php73-odbc", "p-cpe:/a:amazon:linux:php73-opcache", "p-cpe:/a:amazon:linux:php73-pdo", "p-cpe:/a:amazon:linux:php73-pdo-dblib", "p-cpe:/a:amazon:linux:php73-pgsql", "p-cpe:/a:amazon:linux:php73-process", "p-cpe:/a:amazon:linux:php73-pspell", "p-cpe:/a:amazon:linux:php73-recode", "p-cpe:/a:amazon:linux:php73-snmp", "p-cpe:/a:amazon:linux:php73-soap", "p-cpe:/a:amazon:linux:php73-tidy", "p-cpe:/a:amazon:linux:php73-xml", "p-cpe:/a:amazon:linux:php73-xmlrpc", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2019-1283.NASL", "href": "https://www.tenable.com/plugins/nessus/129010", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2019-1283.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129010);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/27\");\n\n script_cve_id(\"CVE-2019-11041\", \"CVE-2019-11042\", \"CVE-2019-13224\");\n script_xref(name:\"ALAS\", value:\"2019-1283\");\n\n script_name(english:\"Amazon Linux AMI : php71 / php73 (ALAS-2019-1283)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"When PHP EXIF extension is parsing EXIF information from an image,\ne.g. via exif_read_data() function, in PHP versions 7.1.x below\n7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to\nsupply it with data what will cause it to read past the allocated\nbuffer. This may lead to information disclosure or\ncrash.(CVE-2019-11042)\n\nA use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2\nallows attackers to potentially cause information disclosure, denial\nof service, or possibly code execution by providing a crafted regular\nexpression. The attacker provides a pair of a regex pattern and a\nstring, with a multi-byte encoding that gets handled by\nonig_new_deluxe(). Oniguruma issues often affect Ruby, as well as\ncommon optional libraries for PHP and Rust.(CVE-2019-13224)\n\nWhen PHP EXIF extension is parsing EXIF information from an image,\ne.g. via exif_read_data() function, in PHP versions 7.1.x below\n7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to\nsupply it with data what will cause it to read past the allocated\nbuffer. This may lead to information disclosure or\ncrash.(CVE-2019-11041)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2019-1283.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Run 'yum update php71' to update your system.\n\nRun 'yum update php73' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php71\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php71-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php71-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php71-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php71-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php71-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php71-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php71-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php71-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php71-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php71-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php71-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php71-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php71-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php71-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php71-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php71-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php71-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php71-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php71-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php71-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php71-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php71-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php71-pdo-dblib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php71-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php71-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php71-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php71-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php71-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php71-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php71-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php71-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php71-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-pdo-dblib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php71-7.1.31-1.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php71-bcmath-7.1.31-1.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php71-cli-7.1.31-1.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php71-common-7.1.31-1.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php71-dba-7.1.31-1.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php71-dbg-7.1.31-1.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php71-debuginfo-7.1.31-1.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php71-devel-7.1.31-1.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php71-embedded-7.1.31-1.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php71-enchant-7.1.31-1.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php71-fpm-7.1.31-1.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php71-gd-7.1.31-1.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php71-gmp-7.1.31-1.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php71-imap-7.1.31-1.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php71-intl-7.1.31-1.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php71-json-7.1.31-1.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php71-ldap-7.1.31-1.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php71-mbstring-7.1.31-1.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php71-mcrypt-7.1.31-1.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php71-mysqlnd-7.1.31-1.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php71-odbc-7.1.31-1.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php71-opcache-7.1.31-1.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php71-pdo-7.1.31-1.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php71-pdo-dblib-7.1.31-1.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php71-pgsql-7.1.31-1.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php71-process-7.1.31-1.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php71-pspell-7.1.31-1.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php71-recode-7.1.31-1.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php71-snmp-7.1.31-1.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php71-soap-7.1.31-1.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php71-tidy-7.1.31-1.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php71-xml-7.1.31-1.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php71-xmlrpc-7.1.31-1.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-7.3.8-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-bcmath-7.3.8-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-cli-7.3.8-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-common-7.3.8-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-dba-7.3.8-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-dbg-7.3.8-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-debuginfo-7.3.8-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-devel-7.3.8-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-embedded-7.3.8-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-enchant-7.3.8-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-fpm-7.3.8-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-gd-7.3.8-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-gmp-7.3.8-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-imap-7.3.8-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-intl-7.3.8-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-json-7.3.8-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-ldap-7.3.8-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-mbstring-7.3.8-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-mysqlnd-7.3.8-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-odbc-7.3.8-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-opcache-7.3.8-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-pdo-7.3.8-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-pdo-dblib-7.3.8-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-pgsql-7.3.8-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-process-7.3.8-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-pspell-7.3.8-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-recode-7.3.8-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-snmp-7.3.8-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-soap-7.3.8-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-tidy-7.3.8-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-xml-7.3.8-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-xmlrpc-7.3.8-1.18.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php71 / php71-bcmath / php71-cli / php71-common / php71-dba / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-13T16:16:35", "description": "According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.31, 7.2.x prior to 7.2.21 or 7.3.x prior to 7.3.8. It is, therefore, affected by the following vulnerabilities:\n\n - A heap-based buffer overflow condition exists on exif_scan_thumbnail. An attacker can exploit this, to cause a denial of service condition or the execution of arbitrary code. (CVE-2019-11041)\n\n - A heap-based buffer overflow condition exists on exif_process_user_comment. An attacker can exploit this, to cause a denial of service condition or the execution of arbitrary code. (CVE-2019-11042)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}, "published": "2019-08-14T00:00:00", "type": "nessus", "title": "PHP 7.3.x < 7.3.8 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11041", "CVE-2019-11042"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98661", "href": "https://www.tenable.com/plugins/was/98661", "sourceData": "No source data", "cvss": {"score": 5.8, "vector": "CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-07-13T16:16:35", "description": "According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.31, 7.2.x prior to 7.2.21 or 7.3.x prior to 7.3.8. It is, therefore, affected by the following vulnerabilities:\n\n - A heap-based buffer overflow condition exists on exif_scan_thumbnail. An attacker can exploit this, to cause a denial of service condition or the execution of arbitrary code. (CVE-2019-11041)\n\n - A heap-based buffer overflow condition exists on exif_process_user_comment. An attacker can exploit this, to cause a denial of service condition or the execution of arbitrary code. (CVE-2019-11042)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}, "published": "2019-08-14T00:00:00", "type": "nessus", "title": "PHP 7.1.x < 7.1.31 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11041", "CVE-2019-11042"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98663", "href": "https://www.tenable.com/plugins/was/98663", "sourceData": "No source data", "cvss": {"score": 5.8, "vector": "CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-07-13T16:16:35", "description": "According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.31, 7.2.x prior to 7.2.21 or 7.3.x prior to 7.3.8. It is, therefore, affected by the following vulnerabilities:\n\n - A heap-based buffer overflow condition exists on exif_scan_thumbnail. An attacker can exploit this, to cause a denial of service condition or the execution of arbitrary code. (CVE-2019-11041)\n\n - A heap-based buffer overflow condition exists on exif_process_user_comment. An attacker can exploit this, to cause a denial of service condition or the execution of arbitrary code. (CVE-2019-11042)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}, "published": "2019-08-14T00:00:00", "type": "nessus", "title": "PHP 7.2.x < 7.2.21 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11041", "CVE-2019-11042"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98662", "href": "https://www.tenable.com/plugins/was/98662", "sourceData": "No source data", "cvss": {"score": 5.8, "vector": "CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-12T16:03:15", "description": "This update for php7 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail() (bsc#1146360).\n\n - CVE-2019-11042: Fixed heap buffer over-read in exif_process_user_comment() (bsc#1145095).\n\nNon-security issue fixed :\n\n - Drop -n from php invocation from pecl (bsc#1151793).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}, "published": "2019-10-07T00:00:00", "type": "nessus", "title": "openSUSE Security Update : php7 (openSUSE-2019-2271)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11041", "CVE-2019-11042"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2-mod_php7", "p-cpe:/a:novell:opensuse:apache2-mod_php7-debuginfo", "p-cpe:/a:novell:opensuse:php7", "p-cpe:/a:novell:opensuse:php7-bcmath", "p-cpe:/a:novell:opensuse:php7-bcmath-debuginfo", "p-cpe:/a:novell:opensuse:php7-bz2", "p-cpe:/a:novell:opensuse:php7-bz2-debuginfo", "p-cpe:/a:novell:opensuse:php7-calendar", "p-cpe:/a:novell:opensuse:php7-calendar-debuginfo", "p-cpe:/a:novell:opensuse:php7-ctype", "p-cpe:/a:novell:opensuse:php7-ctype-debuginfo", "p-cpe:/a:novell:opensuse:php7-curl", "p-cpe:/a:novell:opensuse:php7-curl-debuginfo", "p-cpe:/a:novell:opensuse:php7-dba", "p-cpe:/a:novell:opensuse:php7-dba-debuginfo", "p-cpe:/a:novell:opensuse:php7-debuginfo", "p-cpe:/a:novell:opensuse:php7-debugsource", "p-cpe:/a:novell:opensuse:php7-devel", "p-cpe:/a:novell:opensuse:php7-dom", "p-cpe:/a:novell:opensuse:php7-dom-debuginfo", "p-cpe:/a:novell:opensuse:php7-embed", "p-cpe:/a:novell:opensuse:php7-embed-debuginfo", "p-cpe:/a:novell:opensuse:php7-enchant", "p-cpe:/a:novell:opensuse:php7-enchant-debuginfo", "p-cpe:/a:novell:opensuse:php7-exif", "p-cpe:/a:novell:opensuse:php7-exif-debuginfo", "p-cpe:/a:novell:opensuse:php7-fastcgi", "p-cpe:/a:novell:opensuse:php7-fastcgi-debuginfo", "p-cpe:/a:novell:opensuse:php7-fileinfo", "p-cpe:/a:novell:opensuse:php7-fileinfo-debuginfo", "p-cpe:/a:novell:opensuse:php7-firebird", "p-cpe:/a:novell:opensuse:php7-firebird-debuginfo", "p-cpe:/a:novell:opensuse:php7-fpm", "p-cpe:/a:novell:opensuse:php7-fpm-debuginfo", "p-cpe:/a:novell:opensuse:php7-ftp", "p-cpe:/a:novell:opensuse:php7-ftp-debuginfo", "p-cpe:/a:novell:opensuse:php7-gd", "p-cpe:/a:novell:opensuse:php7-gd-debuginfo", "p-cpe:/a:novell:opensuse:php7-gettext", "p-cpe:/a:novell:opensuse:php7-gettext-debuginfo", "p-cpe:/a:novell:opensuse:php7-gmp", "p-cpe:/a:novell:opensuse:php7-gmp-debuginfo", "p-cpe:/a:novell:opensuse:php7-iconv", "p-cpe:/a:novell:opensuse:php7-iconv-debuginfo", "p-cpe:/a:novell:opensuse:php7-intl", "p-cpe:/a:novell:opensuse:php7-intl-debuginfo", "p-cpe:/a:novell:opensuse:php7-json", "p-cpe:/a:novell:opensuse:php7-json-debuginfo", "p-cpe:/a:novell:opensuse:php7-ldap", "p-cpe:/a:novell:opensuse:php7-ldap-debuginfo", "p-cpe:/a:novell:opensuse:php7-mbstring", "p-cpe:/a:novell:opensuse:php7-mbstring-debuginfo", "p-cpe:/a:novell:opensuse:php7-mysql", "p-cpe:/a:novell:opensuse:php7-mysql-debuginfo", "p-cpe:/a:novell:opensuse:php7-odbc", "p-cpe:/a:novell:opensuse:php7-odbc-debuginfo", "p-cpe:/a:novell:opensuse:php7-opcache", "p-cpe:/a:novell:opensuse:php7-opcache-debuginfo", "p-cpe:/a:novell:opensuse:php7-openssl", "p-cpe:/a:novell:opensuse:php7-openssl-debuginfo", "p-cpe:/a:novell:opensuse:php7-pcntl", "p-cpe:/a:novell:opensuse:php7-pcntl-debuginfo", "p-cpe:/a:novell:opensuse:php7-pdo", "p-cpe:/a:novell:opensuse:php7-pdo-debuginfo", "p-cpe:/a:novell:opensuse:php7-pear", "p-cpe:/a:novell:opensuse:php7-pear-Archive_Tar", "p-cpe:/a:novell:opensuse:php7-pgsql", "p-cpe:/a:novell:opensuse:php7-pgsql-debuginfo", "p-cpe:/a:novell:opensuse:php7-phar", "p-cpe:/a:novell:opensuse:php7-phar-debuginfo", "p-cpe:/a:novell:opensuse:php7-posix", "p-cpe:/a:novell:opensuse:php7-posix-debuginfo", "p-cpe:/a:novell:opensuse:php7-readline", "p-cpe:/a:novell:opensuse:php7-readline-debuginfo", "p-cpe:/a:novell:opensuse:php7-shmop", "p-cpe:/a:novell:opensuse:php7-shmop-debuginfo", "p-cpe:/a:novell:opensuse:php7-snmp", "p-cpe:/a:novell:opensuse:php7-snmp-debuginfo", "p-cpe:/a:novell:opensuse:php7-soap", "p-cpe:/a:novell:opensuse:php7-soap-debuginfo", "p-cpe:/a:novell:opensuse:php7-sockets", "p-cpe:/a:novell:opensuse:php7-sockets-debuginfo", "p-cpe:/a:novell:opensuse:php7-sodium", "p-cpe:/a:novell:opensuse:php7-sodium-debuginfo", "p-cpe:/a:novell:opensuse:php7-sqlite", "p-cpe:/a:novell:opensuse:php7-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:php7-sysvmsg", "p-cpe:/a:novell:opensuse:php7-sysvmsg-debuginfo", "p-cpe:/a:novell:opensuse:php7-sysvsem", "p-cpe:/a:novell:opensuse:php7-sysvsem-debuginfo", "p-cpe:/a:novell:opensuse:php7-sysvshm", "p-cpe:/a:novell:opensuse:php7-sysvshm-debuginfo", "p-cpe:/a:novell:opensuse:php7-tidy", "p-cpe:/a:novell:opensuse:php7-tidy-debuginfo", "p-cpe:/a:novell:opensuse:php7-tokenizer", "p-cpe:/a:novell:opensuse:php7-tokenizer-debuginfo", "p-cpe:/a:novell:opensuse:php7-wddx", "p-cpe:/a:novell:opensuse:php7-wddx-debuginfo", "p-cpe:/a:novell:opensuse:php7-xmlreader", "p-cpe:/a:novell:opensuse:php7-xmlreader-debuginfo", "p-cpe:/a:novell:opensuse:php7-xmlrpc", "p-cpe:/a:novell:opensuse:php7-xmlrpc-debuginfo", "p-cpe:/a:novell:opensuse:php7-xmlwriter", "p-cpe:/a:novell:opensuse:php7-xmlwriter-debuginfo", "p-cpe:/a:novell:opensuse:php7-xsl", "p-cpe:/a:novell:opensuse:php7-xsl-debuginfo", "p-cpe:/a:novell:opensuse:php7-zip", "p-cpe:/a:novell:opensuse:php7-zip-debuginfo", "p-cpe:/a:novell:opensuse:php7-zlib", "p-cpe:/a:novell:opensuse:php7-zlib-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-2271.NASL", "href": "https://www.tenable.com/plugins/nessus/129671", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2271.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129671);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2019-11041\", \"CVE-2019-11042\");\n\n script_name(english:\"openSUSE Security Update : php7 (openSUSE-2019-2271)\");\n script_summary(english:\"Check for the openSUSE-2019-2271 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for php7 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-11041: Fixed heap buffer over-read in\n exif_scan_thumbnail() (bsc#1146360).\n\n - CVE-2019-11042: Fixed heap buffer over-read in\n exif_process_user_comment() (bsc#1145095).\n\nNon-security issue fixed :\n\n - Drop -n from php invocation from pecl (bsc#1151793).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1145095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146360\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1151793\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php7 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-embed-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-firebird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pear-Archive_Tar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-readline-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sodium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sodium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-tidy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"apache2-mod_php7-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"apache2-mod_php7-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-bcmath-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-bcmath-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-bz2-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-bz2-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-calendar-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-calendar-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-ctype-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-ctype-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-curl-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-curl-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-dba-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-dba-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-debugsource-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-devel-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-dom-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-dom-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-embed-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-embed-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-enchant-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-enchant-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-exif-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-exif-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-fastcgi-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-fastcgi-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-fileinfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-fileinfo-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-firebird-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-firebird-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-fpm-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-fpm-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-ftp-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-ftp-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-gd-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-gd-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-gettext-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-gettext-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-gmp-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-gmp-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-iconv-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-iconv-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-intl-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-intl-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-json-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-json-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-ldap-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-ldap-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-mbstring-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-mbstring-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-mysql-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-mysql-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-odbc-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-odbc-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-opcache-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-opcache-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-openssl-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-openssl-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-pcntl-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-pcntl-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-pdo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-pdo-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-pear-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-pear-Archive_Tar-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-pgsql-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-pgsql-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-phar-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-phar-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-posix-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-posix-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-readline-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-readline-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-shmop-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-shmop-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-snmp-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-snmp-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-soap-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-soap-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-sockets-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-sockets-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-sodium-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-sodium-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-sqlite-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-sqlite-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-sysvmsg-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-sysvmsg-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-sysvsem-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-sysvsem-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-sysvshm-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-sysvshm-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-tidy-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-tidy-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-tokenizer-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-tokenizer-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-wddx-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-wddx-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-xmlreader-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-xmlreader-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-xmlrpc-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-xmlrpc-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-xmlwriter-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-xmlwriter-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-xsl-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-xsl-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-zip-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-zip-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-zlib-7.2.5-lp150.2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"php7-zlib-debuginfo-7.2.5-lp150.2.25.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php7 / apache2-mod_php7-debuginfo / php7 / php7-bcmath / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-12T16:03:51", "description": "This update for php7 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail() (bsc#1146360).\n\n - CVE-2019-11042: Fixed heap buffer over-read in exif_process_user_comment() (bsc#1145095).\n\nNon-security issue fixed :\n\n - Drop -n from php invocation from pecl (bsc#1151793).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}, "published": "2019-10-07T00:00:00", "type": "nessus", "title": "openSUSE Security Update : php7 (openSUSE-2019-2272)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11041", "CVE-2019-11042"], "modified": "2019-12-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2-mod_php7", "p-cpe:/a:novell:opensuse:apache2-mod_php7-debuginfo", "p-cpe:/a:novell:opensuse:php7", "p-cpe:/a:novell:opensuse:php7-bcmath", "p-cpe:/a:novell:opensuse:php7-bcmath-debuginfo", "p-cpe:/a:novell:opensuse:php7-bz2", "p-cpe:/a:novell:opensuse:php7-bz2-debuginfo", "p-cpe:/a:novell:opensuse:php7-calendar", "p-cpe:/a:novell:opensuse:php7-calendar-debuginfo", "p-cpe:/a:novell:opensuse:php7-ctype", "p-cpe:/a:novell:opensuse:php7-ctype-debuginfo", "p-cpe:/a:novell:opensuse:php7-curl", "p-cpe:/a:novell:opensuse:php7-curl-debuginfo", "p-cpe:/a:novell:opensuse:php7-dba", "p-cpe:/a:novell:opensuse:php7-dba-debuginfo", "p-cpe:/a:novell:opensuse:php7-debuginfo", "p-cpe:/a:novell:opensuse:php7-debugsource", "p-cpe:/a:novell:opensuse:php7-devel", "p-cpe:/a:novell:opensuse:php7-dom", "p-cpe:/a:novell:opensuse:php7-dom-debuginfo", "p-cpe:/a:novell:opensuse:php7-embed", "p-cpe:/a:novell:opensuse:php7-embed-debuginfo", "p-cpe:/a:novell:opensuse:php7-enchant", "p-cpe:/a:novell:opensuse:php7-enchant-debuginfo", "p-cpe:/a:novell:opensuse:php7-exif", "p-cpe:/a:novell:opensuse:php7-exif-debuginfo", "p-cpe:/a:novell:opensuse:php7-fastcgi", "p-cpe:/a:novell:opensuse:php7-fastcgi-debuginfo", "p-cpe:/a:novell:opensuse:php7-fileinfo", "p-cpe:/a:novell:opensuse:php7-fileinfo-debuginfo", "p-cpe:/a:novell:opensuse:php7-firebird", "p-cpe:/a:novell:opensuse:php7-firebird-debuginfo", "p-cpe:/a:novell:opensuse:php7-fpm", "p-cpe:/a:novell:opensuse:php7-fpm-debuginfo", "p-cpe:/a:novell:opensuse:php7-ftp", "p-cpe:/a:novell:opensuse:php7-ftp-debuginfo", "p-cpe:/a:novell:opensuse:php7-gd", "p-cpe:/a:novell:opensuse:php7-gd-debuginfo", "p-cpe:/a:novell:opensuse:php7-gettext", "p-cpe:/a:novell:opensuse:php7-gettext-debuginfo", "p-cpe:/a:novell:opensuse:php7-gmp", "p-cpe:/a:novell:opensuse:php7-gmp-debuginfo", "p-cpe:/a:novell:opensuse:php7-iconv", "p-cpe:/a:novell:opensuse:php7-iconv-debuginfo", "p-cpe:/a:novell:opensuse:php7-intl", "p-cpe:/a:novell:opensuse:php7-intl-debuginfo", "p-cpe:/a:novell:opensuse:php7-json", "p-cpe:/a:novell:opensuse:php7-json-debuginfo", "p-cpe:/a:novell:opensuse:php7-ldap", "p-cpe:/a:novell:opensuse:php7-ldap-debuginfo", "p-cpe:/a:novell:opensuse:php7-mbstring", "p-cpe:/a:novell:opensuse:php7-mbstring-debuginfo", "p-cpe:/a:novell:opensuse:php7-mysql", "p-cpe:/a:novell:opensuse:php7-mysql-debuginfo", "p-cpe:/a:novell:opensuse:php7-odbc", "p-cpe:/a:novell:opensuse:php7-odbc-debuginfo", "p-cpe:/a:novell:opensuse:php7-opcache", "p-cpe:/a:novell:opensuse:php7-opcache-debuginfo", "p-cpe:/a:novell:opensuse:php7-openssl", "p-cpe:/a:novell:opensuse:php7-openssl-debuginfo", "p-cpe:/a:novell:opensuse:php7-pcntl", "p-cpe:/a:novell:opensuse:php7-pcntl-debuginfo", "p-cpe:/a:novell:opensuse:php7-pdo", "p-cpe:/a:novell:opensuse:php7-pdo-debuginfo", "p-cpe:/a:novell:opensuse:php7-pear", "p-cpe:/a:novell:opensuse:php7-pear-Archive_Tar", "p-cpe:/a:novell:opensuse:php7-pgsql", "p-cpe:/a:novell:opensuse:php7-pgsql-debuginfo", "p-cpe:/a:novell:opensuse:php7-phar", "p-cpe:/a:novell:opensuse:php7-phar-debuginfo", "p-cpe:/a:novell:opensuse:php7-posix", "p-cpe:/a:novell:opensuse:php7-posix-debuginfo", "p-cpe:/a:novell:opensuse:php7-readline", "p-cpe:/a:novell:opensuse:php7-readline-debuginfo", "p-cpe:/a:novell:opensuse:php7-shmop", "p-cpe:/a:novell:opensuse:php7-shmop-debuginfo", "p-cpe:/a:novell:opensuse:php7-snmp", "p-cpe:/a:novell:opensuse:php7-snmp-debuginfo", "p-cpe:/a:novell:opensuse:php7-soap", "p-cpe:/a:novell:opensuse:php7-soap-debuginfo", "p-cpe:/a:novell:opensuse:php7-sockets", "p-cpe:/a:novell:opensuse:php7-sockets-debuginfo", "p-cpe:/a:novell:opensuse:php7-sodium", "p-cpe:/a:novell:opensuse:php7-sodium-debuginfo", "p-cpe:/a:novell:opensuse:php7-sqlite", "p-cpe:/a:novell:opensuse:php7-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:php7-sysvmsg", "p-cpe:/a:novell:opensuse:php7-sysvmsg-debuginfo", "p-cpe:/a:novell:opensuse:php7-sysvsem", "p-cpe:/a:novell:opensuse:php7-sysvsem-debuginfo", "p-cpe:/a:novell:opensuse:php7-sysvshm", "p-cpe:/a:novell:opensuse:php7-sysvshm-debuginfo", "p-cpe:/a:novell:opensuse:php7-tidy", "p-cpe:/a:novell:opensuse:php7-tidy-debuginfo", "p-cpe:/a:novell:opensuse:php7-tokenizer", "p-cpe:/a:novell:opensuse:php7-tokenizer-debuginfo", "p-cpe:/a:novell:opensuse:php7-wddx", "p-cpe:/a:novell:opensuse:php7-wddx-debuginfo", "p-cpe:/a:novell:opensuse:php7-xmlreader", "p-cpe:/a:novell:opensuse:php7-xmlreader-debuginfo", "p-cpe:/a:novell:opensuse:php7-xmlrpc", "p-cpe:/a:novell:opensuse:php7-xmlrpc-debuginfo", "p-cpe:/a:novell:opensuse:php7-xmlwriter", "p-cpe:/a:novell:opensuse:php7-xmlwriter-debuginfo", "p-cpe:/a:novell:opensuse:php7-xsl", "p-cpe:/a:novell:opensuse:php7-xsl-debuginfo", "p-cpe:/a:novell:opensuse:php7-zip", "p-cpe:/a:novell:opensuse:php7-zip-debuginfo", "p-cpe:/a:novell:opensuse:php7-zlib", "p-cpe:/a:novell:opensuse:php7-zlib-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2019-2272.NASL", "href": "https://www.tenable.com/plugins/nessus/129672", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2272.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129672);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/19\");\n\n script_cve_id(\"CVE-2019-11041\", \"CVE-2019-11042\");\n\n script_name(english:\"openSUSE Security Update : php7 (openSUSE-2019-2272)\");\n script_summary(english:\"Check for the openSUSE-2019-2272 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for php7 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-11041: Fixed heap buffer over-read in\n exif_scan_thumbnail() (bsc#1146360).\n\n - CVE-2019-11042: Fixed heap buffer over-read in\n exif_process_user_comment() (bsc#1145095).\n\nNon-security issue fixed :\n\n - Drop -n from php invocation from pecl (bsc#1151793).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1145095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146360\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1151793\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php7 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-embed-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-firebird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pear-Archive_Tar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-readline-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sodium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sodium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-tidy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"apache2-mod_php7-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"apache2-mod_php7-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-bcmath-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-bcmath-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-bz2-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-bz2-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-calendar-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-calendar-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-ctype-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-ctype-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-curl-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-curl-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-dba-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-dba-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-debugsource-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-devel-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-dom-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-dom-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-embed-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-embed-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-enchant-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-enchant-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-exif-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-exif-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-fastcgi-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-fastcgi-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-fileinfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-fileinfo-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-firebird-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-firebird-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-fpm-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-fpm-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-ftp-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-ftp-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-gd-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-gd-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-gettext-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-gettext-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-gmp-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-gmp-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-iconv-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-iconv-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-intl-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-intl-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-json-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-json-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-ldap-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-ldap-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-mbstring-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-mbstring-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-mysql-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-mysql-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-odbc-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-odbc-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-opcache-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-opcache-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-openssl-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-openssl-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-pcntl-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-pcntl-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-pdo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-pdo-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-pear-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-pear-Archive_Tar-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-pgsql-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-pgsql-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-phar-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-phar-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-posix-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-posix-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-readline-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-readline-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-shmop-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-shmop-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-snmp-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-snmp-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-soap-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-soap-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-sockets-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-sockets-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-sodium-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-sodium-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-sqlite-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-sqlite-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-sysvmsg-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-sysvmsg-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-sysvsem-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-sysvsem-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-sysvshm-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-sysvshm-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-tidy-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-tidy-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-tokenizer-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-tokenizer-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-wddx-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-wddx-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-xmlreader-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-xmlreader-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-xmlrpc-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-xmlrpc-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-xmlwriter-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-xmlwriter-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-xsl-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-xsl-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-zip-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-zip-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-zlib-7.2.5-lp151.6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-zlib-debuginfo-7.2.5-lp151.6.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php7 / apache2-mod_php7-debuginfo / php7 / php7-bcmath / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-12T16:02:44", "description": "This update for php7 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail() (bsc#1146360).\n\nCVE-2019-11042: Fixed heap buffer over-read in exif_process_user_comment() (bsc#1145095).\n\nNon-security issue fixed: Drop -n from php invocation from pecl (bsc#1151793).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}, "published": "2019-10-02T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : php7 (SUSE-SU-2019:2503-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11041", "CVE-2019-11042"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php7", "p-cpe:/a:novell:suse_linux:apache2-mod_php7-debuginfo", "p-cpe:/a:novell:suse_linux:php7", "p-cpe:/a:novell:suse_linux:php7-bcmath", "p-cpe:/a:novell:suse_linux:php7-bcmath-debuginfo", "p-cpe:/a:novell:suse_linux:php7-bz2", "p-cpe:/a:novell:suse_linux:php7-bz2-debuginfo", "p-cpe:/a:novell:suse_linux:php7-calendar", "p-cpe:/a:novell:suse_linux:php7-calendar-debuginfo", "p-cpe:/a:novell:suse_linux:php7-ctype", "p-cpe:/a:novell:suse_linux:php7-ctype-debuginfo", "p-cpe:/a:novell:suse_linux:php7-curl", "p-cpe:/a:novell:suse_linux:php7-curl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-dba", "p-cpe:/a:novell:suse_linux:php7-dba-debuginfo", "p-cpe:/a:novell:suse_linux:php7-debuginfo", "p-cpe:/a:novell:suse_linux:php7-debugsource", "p-cpe:/a:novell:suse_linux:php7-devel", "p-cpe:/a:novell:suse_linux:php7-dom", "p-cpe:/a:novell:suse_linux:php7-dom-debuginfo", "p-cpe:/a:novell:suse_linux:php7-embed", "p-cpe:/a:novell:suse_linux:php7-embed-debuginfo", "p-cpe:/a:novell:suse_linux:php7-enchant", "p-cpe:/a:novell:suse_linux:php7-enchant-debuginfo", "p-cpe:/a:novell:suse_linux:php7-exif", "p-cpe:/a:novell:suse_linux:php7-exif-debuginfo", "p-cpe:/a:novell:suse_linux:php7-fastcgi", "p-cpe:/a:novell:suse_linux:php7-fastcgi-debuginfo", "p-cpe:/a:novell:suse_linux:php7-fileinfo", "p-cpe:/a:novell:suse_linux:php7-fileinfo-debuginfo", "p-cpe:/a:novell:suse_linux:php7-fpm", "p-cpe:/a:novell:suse_linux:php7-fpm-debuginfo", "p-cpe:/a:novell:suse_linux:php7-ftp", "p-cpe:/a:novell:suse_linux:php7-ftp-debuginfo", "p-cpe:/a:novell:suse_linux:php7-gd", "p-cpe:/a:novell:suse_linux:php7-gd-debuginfo", "p-cpe:/a:novell:suse_linux:php7-gettext", "p-cpe:/a:novell:suse_linux:php7-gettext-debuginfo", "p-cpe:/a:novell:suse_linux:php7-gmp", "p-cpe:/a:novell:suse_linux:php7-gmp-debuginfo", "p-cpe:/a:novell:suse_linux:php7-iconv", "p-cpe:/a:novell:suse_linux:php7-iconv-debuginfo", "p-cpe:/a:novell:suse_linux:php7-intl", "p-cpe:/a:novell:suse_linux:php7-intl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-json", "p-cpe:/a:novell:suse_linux:php7-json-debuginfo", "p-cpe:/a:novell:suse_linux:php7-ldap", "p-cpe:/a:novell:suse_linux:php7-ldap-debuginfo", "p-cpe:/a:novell:suse_linux:php7-mbstring", "p-cpe:/a:novell:suse_linux:php7-mbstring-debuginfo", "p-cpe:/a:novell:suse_linux:php7-mysql", "p-cpe:/a:novell:suse_linux:php7-mysql-debuginfo", "p-cpe:/a:novell:suse_linux:php7-odbc", "p-cpe:/a:novell:suse_linux:php7-odbc-debuginfo", "p-cpe:/a:novell:suse_linux:php7-opcache", "p-cpe:/a:novell:suse_linux:php7-opcache-debuginfo", "p-cpe:/a:novell:suse_linux:php7-openssl", "p-cpe:/a:novell:suse_linux:php7-openssl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-pcntl", "p-cpe:/a:novell:suse_linux:php7-pcntl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-pdo", "p-cpe:/a:novell:suse_linux:php7-pdo-debuginfo", "p-cpe:/a:novell:suse_linux:php7-pgsql", "p-cpe:/a:novell:suse_linux:php7-pgsql-debuginfo", "p-cpe:/a:novell:suse_linux:php7-phar", "p-cpe:/a:novell:suse_linux:php7-phar-debuginfo", "p-cpe:/a:novell:suse_linux:php7-posix", "p-cpe:/a:novell:suse_linux:php7-posix-debuginfo", "p-cpe:/a:novell:suse_linux:php7-readline", "p-cpe:/a:novell:suse_linux:php7-readline-debuginfo", "p-cpe:/a:novell:suse_linux:php7-shmop", "p-cpe:/a:novell:suse_linux:php7-shmop-debuginfo", "p-cpe:/a:novell:suse_linux:php7-snmp", "p-cpe:/a:novell:suse_linux:php7-snmp-debuginfo", "p-cpe:/a:novell:suse_linux:php7-soap", "p-cpe:/a:novell:suse_linux:php7-soap-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sockets", "p-cpe:/a:novell:suse_linux:php7-sockets-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sodium", "p-cpe:/a:novell:suse_linux:php7-sodium-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sqlite", "p-cpe:/a:novell:suse_linux:php7-sqlite-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sysvmsg", "p-cpe:/a:novell:suse_linux:php7-sysvmsg-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sysvsem", "p-cpe:/a:novell:suse_linux:php7-sysvsem-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sysvshm", "p-cpe:/a:novell:suse_linux:php7-sysvshm-debuginfo", "p-cpe:/a:novell:suse_linux:php7-tidy", "p-cpe:/a:novell:suse_linux:php7-tidy-debuginfo", "p-cpe:/a:novell:suse_linux:php7-tokenizer", "p-cpe:/a:novell:suse_linux:php7-tokenizer-debuginfo", "p-cpe:/a:novell:suse_linux:php7-wddx", "p-cpe:/a:novell:suse_linux:php7-wddx-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xmlreader", "p-cpe:/a:novell:suse_linux:php7-xmlreader-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xmlrpc", "p-cpe:/a:novell:suse_linux:php7-xmlrpc-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xmlwriter", "p-cpe:/a:novell:suse_linux:php7-xmlwriter-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xsl", "p-cpe:/a:novell:suse_linux:php7-xsl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-zip", "p-cpe:/a:novell:suse_linux:php7-zip-debuginfo", "p-cpe:/a:novell:suse_linux:php7-zlib", "p-cpe:/a:novell:suse_linux:php7-zlib-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-2503-1.NASL", "href": "https://www.tenable.com/plugins/nessus/129527", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2503-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129527);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-11041\", \"CVE-2019-11042\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : php7 (SUSE-SU-2019:2503-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for php7 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail()\n(bsc#1146360).\n\nCVE-2019-11042: Fixed heap buffer over-read in\nexif_process_user_comment() (bsc#1145095).\n\nNon-security issue fixed: Drop -n from php invocation from pecl\n(bsc#1151793).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1145095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146360\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151793\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11041/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11042/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192503-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6001e767\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Web Scripting 15-SP1:zypper in -t\npatch SUSE-SLE-Module-Web-Scripting-15-SP1-2019-2503=1\n\nSUSE Linux Enterprise Module for Web Scripting 15:zypper in -t patch\nSUSE-SLE-Module-Web-Scripting-15-2019-2503=1\n\nSUSE Linux Enterprise Module for Packagehub Subpackages 15:zypper in\n-t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-2503=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2503=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-2503=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-embed-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-readline-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sodium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sodium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-tidy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"apache2-mod_php7-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"apache2-mod_php7-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-bcmath-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-bcmath-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-bz2-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-bz2-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-calendar-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-calendar-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-ctype-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-ctype-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-curl-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-curl-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-dba-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-dba-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-debugsource-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-devel-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-dom-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-dom-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-embed-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-embed-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-enchant-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-enchant-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-exif-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-exif-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-fastcgi-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-fastcgi-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-fileinfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-fileinfo-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-fpm-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-fpm-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-ftp-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-ftp-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-gd-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-gd-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-gettext-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-gettext-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-gmp-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-gmp-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-iconv-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-iconv-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-intl-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-intl-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-json-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-json-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-ldap-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-ldap-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-mbstring-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-mbstring-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-mysql-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-mysql-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-odbc-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-odbc-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-opcache-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-opcache-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-openssl-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-openssl-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-pcntl-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-pcntl-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-pdo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-pdo-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-pgsql-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-pgsql-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-phar-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-phar-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-posix-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-posix-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-readline-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-readline-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-shmop-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-shmop-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-snmp-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-snmp-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-soap-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-soap-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-sockets-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-sockets-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-sodium-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-sodium-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-sqlite-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-sqlite-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-sysvmsg-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-sysvmsg-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-sysvsem-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-sysvsem-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-sysvshm-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-sysvshm-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-tidy-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-tidy-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-tokenizer-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-tokenizer-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-wddx-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-wddx-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-xmlreader-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-xmlreader-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-xmlrpc-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-xmlrpc-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-xmlwriter-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-xmlwriter-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-xsl-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-xsl-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-zip-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-zip-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-zlib-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-zlib-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-mod_php7-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-mod_php7-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-bcmath-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-bcmath-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-bz2-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-bz2-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-calendar-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-calendar-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-ctype-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-ctype-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-curl-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-curl-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-dba-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-dba-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-debugsource-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-devel-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-dom-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-dom-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-embed-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-embed-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-enchant-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-enchant-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-exif-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-exif-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-fastcgi-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-fastcgi-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-fileinfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-fileinfo-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-fpm-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-fpm-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-ftp-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-ftp-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-gd-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-gd-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-gettext-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-gettext-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-gmp-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-gmp-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-iconv-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-iconv-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-intl-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-intl-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-json-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-json-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-ldap-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-ldap-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-mbstring-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-mbstring-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-mysql-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-mysql-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-odbc-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-odbc-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-opcache-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-opcache-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-openssl-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-openssl-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-pcntl-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-pcntl-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-pdo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-pdo-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-pgsql-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-pgsql-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-phar-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-phar-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-posix-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-posix-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-readline-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-readline-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-shmop-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-shmop-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-snmp-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-snmp-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-soap-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-soap-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-sockets-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-sockets-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-sodium-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-sodium-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-sqlite-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-sqlite-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-sysvmsg-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-sysvmsg-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-sysvsem-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-sysvsem-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-sysvshm-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-sysvshm-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-tidy-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-tidy-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-tokenizer-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-tokenizer-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-wddx-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-wddx-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-xmlreader-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-xmlreader-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-xmlrpc-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-xmlrpc-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-xmlwriter-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-xmlwriter-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-xsl-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-xsl-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-zip-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-zip-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-zlib-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-zlib-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"php7-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"php7-debugsource-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"php7-embed-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"php7-embed-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"php7-readline-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"php7-readline-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"php7-sodium-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"php7-sodium-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"php7-tidy-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"php7-tidy-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"php7-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"php7-debugsource-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"php7-embed-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"php7-embed-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"php7-readline-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"php7-readline-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"php7-sodium-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"php7-sodium-debuginfo-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"php7-tidy-7.2.5-4.40.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"php7-tidy-debuginfo-7.2.5-4.40.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php7\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-12T16:00:11", "description": "When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11042)\n\nWhen PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11041)", "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}, "published": "2019-09-19T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : php72 (ALAS-2019-1284)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11041", "CVE-2019-11042"], "modified": "2019-12-27T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:php72", "p-cpe:/a:amazon:linux:php72-bcmath", "p-cpe:/a:amazon:linux:php72-cli", "p-cpe:/a:amazon:linux:php72-common", "p-cpe:/a:amazon:linux:php72-dba", "p-cpe:/a:amazon:linux:php72-dbg", "p-cpe:/a:amazon:linux:php72-debuginfo", "p-cpe:/a:amazon:linux:php72-devel", "p-cpe:/a:amazon:linux:php72-embedded", "p-cpe:/a:amazon:linux:php72-enchant", "p-cpe:/a:amazon:linux:php72-fpm", "p-cpe:/a:amazon:linux:php72-gd", "p-cpe:/a:amazon:linux:php72-gmp", "p-cpe:/a:amazon:linux:php72-imap", "p-cpe:/a:amazon:linux:php72-intl", "p-cpe:/a:amazon:linux:php72-json", "p-cpe:/a:amazon:linux:php72-ldap", "p-cpe:/a:amazon:linux:php72-mbstring", "p-cpe:/a:amazon:linux:php72-mysqlnd", "p-cpe:/a:amazon:linux:php72-odbc", "p-cpe:/a:amazon:linux:php72-opcache", "p-cpe:/a:amazon:linux:php72-pdo", "p-cpe:/a:amazon:linux:php72-pdo-dblib", "p-cpe:/a:amazon:linux:php72-pgsql", "p-cpe:/a:amazon:linux:php72-process", "p-cpe:/a:amazon:linux:php72-pspell", "p-cpe:/a:amazon:linux:php72-recode", "p-cpe:/a:amazon:linux:php72-snmp", "p-cpe:/a:amazon:linux:php72-soap", "p-cpe:/a:amazon:linux:php72-tidy", "p-cpe:/a:amazon:linux:php72-xml", "p-cpe:/a:amazon:linux:php72-xmlrpc", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2019-1284.NASL", "href": "https://www.tenable.com/plugins/nessus/129011", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2019-1284.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129011);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/27\");\n\n script_cve_id(\"CVE-2019-11041\", \"CVE-2019-11042\");\n script_xref(name:\"ALAS\", value:\"2019-1284\");\n\n script_name(english:\"Amazon Linux AMI : php72 (ALAS-2019-1284)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"When PHP EXIF extension is parsing EXIF information from an image,\ne.g. via exif_read_data() function, in PHP versions 7.1.x below\n7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to\nsupply it with data what will cause it to read past the allocated\nbuffer. This may lead to information disclosure or\ncrash.(CVE-2019-11042)\n\nWhen PHP EXIF extension is parsing EXIF information from an image,\ne.g. via exif_read_data() function, in PHP versions 7.1.x below\n7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to\nsupply it with data what will cause it to read past the allocated\nbuffer. This may lead to information disclosure or\ncrash.(CVE-2019-11041)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2019-1284.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update php72' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-pdo-dblib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php72-7.2.21-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-bcmath-7.2.21-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-cli-7.2.21-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-common-7.2.21-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-dba-7.2.21-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-dbg-7.2.21-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-debuginfo-7.2.21-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-devel-7.2.21-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-embedded-7.2.21-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-enchant-7.2.21-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-fpm-7.2.21-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-gd-7.2.21-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-gmp-7.2.21-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-imap-7.2.21-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-intl-7.2.21-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-json-7.2.21-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-ldap-7.2.21-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-mbstring-7.2.21-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-mysqlnd-7.2.21-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-odbc-7.2.21-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-opcache-7.2.21-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-pdo-7.2.21-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-pdo-dblib-7.2.21-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-pgsql-7.2.21-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-process-7.2.21-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-pspell-7.2.21-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-recode-7.2.21-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-snmp-7.2.21-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-soap-7.2.21-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-tidy-7.2.21-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-xml-7.2.21-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-xmlrpc-7.2.21-1.15.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php72 / php72-bcmath / php72-cli / php72-common / php72-dba / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-12T15:56:02", "description": "**PHP version 7.2.21** (01 Aug 2019)\n\n**Date:**\n\n - Fixed bug php#69044 (discrepency between time and microtime). (krakjoe)\n\n**EXIF:**\n\n - Fixed bug php#78256 (heap-buffer-overflow on exif_process_user_comment). (CVE-2019-11042) (Stas)\n\n - Fixed bug php#78222 (heap-buffer-overflow on exif_scan_thumbnail). (CVE-2019-11041) (Stas)\n\n**Fileinfo:**\n\n - Fixed bug php#78183 (finfo_file shows wrong mime-type for .tga file). (Joshua Westerheide)\n\n**FTP:**\n\n - Fixed bug php#77124 (FTP with SSL memory leak). (Nikita)\n\n**Libxml:**\n\n - Fixed bug php#78279 (libxml_disable_entity_loader settings is shared between requests (cgi-fcgi)).\n (Nikita)\n\n**LiteSpeed:**\n\n - Updated to LiteSpeed SAPI V7.4.3 (increased response header count limit from 100 to 1000, added crash handler to cleanly shutdown PHP request, added CloudLinux mod_lsapi mode). (George Wang)\n\n - Fixed bug php#76058 (After 'POST data can't be buffered', using php://input makes huge tmp files).\n (George Wang)\n\n**Openssl:**\n\n - Fixed bug php#78231 (Segmentation fault upon stream_socket_accept of exported socket-to-stream).\n (Nikita)\n\n**OPcache:**\n\n - Fixed bug php#78189 (file cache strips last character of uname hash). (cmb)\n\n - Fixed bug php#78202 (Opcache stats for cache hits are capped at 32bit NUM). (cmb)\n\n - Fixed bug php#78291 (opcache_get_configuration doesn't list all directives). (Andrew Collington)\n\n**Phar:**\n\n - Fixed bug php#77919 (Potential UAF in Phar RSHUTDOWN).\n (cmb)\n\n**Phpdbg:**\n\n - Fixed bug php#78297 (Include unexistent file memory leak). (Nikita)\n\n**PDO_Sqlite:**\n\n - Fixed bug php#78192 (SegFault when reuse statement after schema has changed). (Vincent Quatrevieux)\n\n**Standard:**\n\n - Fixed bug php#78241 (touch() does not handle dates after 2038 in PHP 64-bit). (cmb)\n\n - Fixed bug php#78269 (password_hash uses weak options for argon2). (Remi)\n\n**XMLRPC:**\n\n - Fixed bug php#78173 (XML-RPC mutates immutable objects during encoding). (Asher Baker)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "Fedora 30 : php (2019-ec40d89812)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11041", "CVE-2019-11042"], "modified": "2020-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2019-EC40D89812.NASL", "href": "https://www.tenable.com/plugins/nessus/127535", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-ec40d89812.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127535);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/01/06\");\n\n script_cve_id(\"CVE-2019-11041\", \"CVE-2019-11042\");\n script_xref(name:\"FEDORA\", value:\"2019-ec40d89812\");\n\n script_name(english:\"Fedora 30 : php (2019-ec40d89812)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**PHP version 7.2.21** (01 Aug 2019)\n\n**Date:**\n\n - Fixed bug php#69044 (discrepency between time and\n microtime). (krakjoe)\n\n**EXIF:**\n\n - Fixed bug php#78256 (heap-buffer-overflow on\n exif_process_user_comment). (CVE-2019-11042) (Stas)\n\n - Fixed bug php#78222 (heap-buffer-overflow on\n exif_scan_thumbnail). (CVE-2019-11041) (Stas)\n\n**Fileinfo:**\n\n - Fixed bug php#78183 (finfo_file shows wrong mime-type\n for .tga file). (Joshua Westerheide)\n\n**FTP:**\n\n - Fixed bug php#77124 (FTP with SSL memory leak). (Nikita)\n\n**Libxml:**\n\n - Fixed bug php#78279 (libxml_disable_entity_loader\n settings is shared between requests (cgi-fcgi)).\n (Nikita)\n\n**LiteSpeed:**\n\n - Updated to LiteSpeed SAPI V7.4.3 (increased response\n header count limit from 100 to 1000, added crash handler\n to cleanly shutdown PHP request, added CloudLinux\n mod_lsapi mode). (George Wang)\n\n - Fixed bug php#76058 (After 'POST data can't be\n buffered', using php://input makes huge tmp files).\n (George Wang)\n\n**Openssl:**\n\n - Fixed bug php#78231 (Segmentation fault upon\n stream_socket_accept of exported socket-to-stream).\n (Nikita)\n\n**OPcache:**\n\n - Fixed bug php#78189 (file cache strips last character of\n uname hash). (cmb)\n\n - Fixed bug php#78202 (Opcache stats for cache hits are\n capped at 32bit NUM). (cmb)\n\n - Fixed bug php#78291 (opcache_get_configuration doesn't\n list all directives). (Andrew Collington)\n\n**Phar:**\n\n - Fixed bug php#77919 (Potential UAF in Phar RSHUTDOWN).\n (cmb)\n\n**Phpdbg:**\n\n - Fixed bug php#78297 (Include unexistent file memory\n leak). (Nikita)\n\n**PDO_Sqlite:**\n\n - Fixed bug php#78192 (SegFault when reuse statement after\n schema has changed). (Vincent Quatrevieux)\n\n**Standard:**\n\n - Fixed bug php#78241 (touch() does not handle dates after\n 2038 in PHP 64-bit). (cmb)\n\n - Fixed bug php#78269 (password_hash uses weak options for\n argon2). (Remi)\n\n**XMLRPC:**\n\n - Fixed bug php#78173 (XML-RPC mutates immutable objects\n during encoding). (Asher Baker)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-ec40d89812\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"php-7.3.8-1.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-12T15:56:05", "description": "Two heap buffer overflows were found in the EXIF parsing code of PHP, a widely-used open source general purpose scripting language.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 5.6.40+dfsg-0+deb8u5.\n\nWe recommend that you upgrade your php5 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}, "published": "2019-08-13T00:00:00", "type": "nessus", "title": "Debian DLA-1878-1 : php5 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11041", "CVE-2019-11042"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libapache2-mod-php5", "p-cpe:/a:debian:debian_linux:libapache2-mod-php5filter", "p-cpe:/a:debian:debian_linux:libphp5-embed", "p-cpe:/a:debian:debian_linux:php-pear", "p-cpe:/a:debian:debian_linux:php5", "p-cpe:/a:debian:debian_linux:php5-cgi", "p-cpe:/a:debian:debian_linux:php5-cli", "p-cpe:/a:debian:debian_linux:php5-common", "p-cpe:/a:debian:debian_linux:php5-curl", "p-cpe:/a:debian:debian_linux:php5-dbg", "p-cpe:/a:debian:debian_linux:php5-dev", "p-cpe:/a:debian:debian_linux:php5-enchant", "p-cpe:/a:debian:debian_linux:php5-fpm", "p-cpe:/a:debian:debian_linux:php5-gd", "p-cpe:/a:debian:debian_linux:php5-gmp", "p-cpe:/a:debian:debian_linux:php5-imap", "p-cpe:/a:debian:debian_linux:php5-interbase", "p-cpe:/a:debian:debian_linux:php5-intl", "p-cpe:/a:debian:debian_linux:php5-ldap", "p-cpe:/a:debian:debian_linux:php5-mcrypt", "p-cpe:/a:debian:debian_linux:php5-mysql", "p-cpe:/a:debian:debian_linux:php5-mysqlnd", "p-cpe:/a:debian:debian_linux:php5-odbc", "p-cpe:/a:debian:debian_linux:php5-pgsql", "p-cpe:/a:debian:debian_linux:php5-phpdbg", "p-cpe:/a:debian:debian_linux:php5-pspell", "p-cpe:/a:debian:debian_linux:php5-readline", "p-cpe:/a:debian:debian_linux:php5-recode", "p-cpe:/a:debian:debian_linux:php5-snmp", "p-cpe:/a:debian:debian_linux:php5-sqlite", "p-cpe:/a:debian:debian_linux:php5-sybase", "p-cpe:/a:debian:debian_linux:php5-tidy", "p-cpe:/a:debian:debian_linux:php5-xmlrpc", "p-cpe:/a:debian:debian_linux:php5-xsl", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1878.NASL", "href": "https://www.tenable.com/plugins/nessus/127820", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1878-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127820);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2019-11041\", \"CVE-2019-11042\");\n\n script_name(english:\"Debian DLA-1878-1 : php5 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two heap buffer overflows were found in the EXIF parsing code of PHP,\na widely-used open source general purpose scripting language.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n5.6.40+dfsg-0+deb8u5.\n\nWe recommend that you upgrade your php5 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/php5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libapache2-mod-php5filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libphp5-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-interbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-phpdbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libapache2-mod-php5\", reference:\"5.6.40+dfsg-0+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libapache2-mod-php5filter\", reference:\"5.6.40+dfsg-0+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libphp5-embed\", reference:\"5.6.40+dfsg-0+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php-pear\", reference:\"5.6.40+dfsg-0+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5\", reference:\"5.6.40+dfsg-0+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-cgi\", reference:\"5.6.40+dfsg-0+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-cli\", reference:\"5.6.40+dfsg-0+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-common\", reference:\"5.6.40+dfsg-0+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-curl\", reference:\"5.6.40+dfsg-0+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-dbg\", reference:\"5.6.40+dfsg-0+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-dev\", reference:\"5.6.40+dfsg-0+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-enchant\", reference:\"5.6.40+dfsg-0+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-fpm\", reference:\"5.6.40+dfsg-0+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-gd\", reference:\"5.6.40+dfsg-0+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-gmp\", reference:\"5.6.40+dfsg-0+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-imap\", reference:\"5.6.40+dfsg-0+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-interbase\", reference:\"5.6.40+dfsg-0+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-intl\", reference:\"5.6.40+dfsg-0+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-ldap\", reference:\"5.6.40+dfsg-0+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-mcrypt\", reference:\"5.6.40+dfsg-0+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-mysql\", reference:\"5.6.40+dfsg-0+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-mysqlnd\", reference:\"5.6.40+dfsg-0+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-odbc\", reference:\"5.6.40+dfsg-0+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-pgsql\", reference:\"5.6.40+dfsg-0+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-phpdbg\", reference:\"5.6.40+dfsg-0+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-pspell\", reference:\"5.6.40+dfsg-0+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-readline\", reference:\"5.6.40+dfsg-0+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-recode\", reference:\"5.6.40+dfsg-0+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-snmp\", reference:\"5.6.40+dfsg-0+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-sqlite\", reference:\"5.6.40+dfsg-0+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-sybase\", reference:\"5.6.40+dfsg-0+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-tidy\", reference:\"5.6.40+dfsg-0+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-xmlrpc\", reference:\"5.6.40+dfsg-0+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-xsl\", reference:\"5.6.40+dfsg-0+deb8u5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-12T15:56:05", "description": "According to its banner, the version of PHP running on the remote web server is 7.3.x prior to 7.3.8. It is, therefore, affected by buffer overflow vulnerabilities in exif_read_data and exif_scan_thumbnail functions.", "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "PHP 7.3.x < 7.3.8 Multiple Vulnerabilities.", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11041", "CVE-2019-11042"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_7_3_8.NASL", "href": "https://www.tenable.com/plugins/nessus/127132", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127132);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2019-11041\", \"CVE-2019-11042\");\n\n script_name(english:\"PHP 7.3.x < 7.3.8 Multiple Vulnerabilities.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP running on the remote web server is 7.3.x prior to 7.3.8. It is,\ntherefore, affected by buffer overflow vulnerabilities in exif_read_data and exif_scan_thumbnail functions.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.php.net/ChangeLog-7.php#7.3.8\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=78222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=78256\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 7.3.8 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('http.inc');\ninclude('vcf.inc');\ninclude('audit.inc');\n\nport = get_http_port(default:80, php:TRUE);\napp = 'PHP';\n\napp_info = vcf::get_app_info(app:app, port:port, webapp:TRUE);\n\nbackported = get_kb_item('www/php/' + port + '/' + app_info.version + '/backported');\nif ((report_paranoia < 2) && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, 'PHP ' + app_info.version + ' install');\n\nconstraints = [{'min_version':'7.3.0alpha1', 'fixed_version':'7.3.8'}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-12T15:56:05", "description": "It was discovered that PHP incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2019-11041, CVE-2019-11042).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}, "published": "2019-08-14T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : PHP vulnerabilities (USN-4097-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11041", "CVE-2019-11042"], "modified": "2020-09-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.0", "p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.2", "p-cpe:/a:canonical:ubuntu_linux:php7.0-cgi", "p-cpe:/a:canonical:ubuntu_linux:php7.0-cli", "p-cpe:/a:canonical:ubuntu_linux:php7.0-fpm", "p-cpe:/a:canonical:ubuntu_linux:php7.0-xmlrpc", "p-cpe:/a:canonical:ubuntu_linux:php7.2-cgi", "p-cpe:/a:canonical:ubuntu_linux:php7.2-cli", "p-cpe:/a:canonical:ubuntu_linux:php7.2-fpm", "p-cpe:/a:canonical:ubuntu_linux:php7.2-xmlrpc", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:19.04"], "id": "UBUNTU_USN-4097-1.NASL", "href": "https://www.tenable.com/plugins/nessus/127892", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4097-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127892);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2019-11041\", \"CVE-2019-11042\");\n script_xref(name:\"USN\", value:\"4097-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : PHP vulnerabilities (USN-4097-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that PHP incorrectly handled certain images. An\nattacker could possibly use this issue to cause a denial of service or\nexecute arbitrary code. (CVE-2019-11041, CVE-2019-11042).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4097-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|19\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04 / 19.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libapache2-mod-php7.0\", pkgver:\"7.0.33-0ubuntu0.16.04.6\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"php7.0-cgi\", pkgver:\"7.0.33-0ubuntu0.16.04.6\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"php7.0-cli\", pkgver:\"7.0.33-0ubuntu0.16.04.6\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"php7.0-fpm\", pkgver:\"7.0.33-0ubuntu0.16.04.6\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"php7.0-xmlrpc\", pkgver:\"7.0.33-0ubuntu0.16.04.6\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libapache2-mod-php7.2\", pkgver:\"7.2.19-0ubuntu0.18.04.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"php7.2-cgi\", pkgver:\"7.2.19-0ubuntu0.18.04.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"php7.2-cli\", pkgver:\"7.2.19-0ubuntu0.18.04.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"php7.2-fpm\", pkgver:\"7.2.19-0ubuntu0.18.04.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"php7.2-xmlrpc\", pkgver:\"7.2.19-0ubuntu0.18.04.2\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"libapache2-mod-php7.2\", pkgver:\"7.2.19-0ubuntu0.19.04.2\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"php7.2-cgi\", pkgver:\"7.2.19-0ubuntu0.19.04.2\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"php7.2-cli\", pkgver:\"7.2.19-0ubuntu0.19.04.2\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"php7.2-fpm\", pkgver:\"7.2.19-0ubuntu0.19.04.2\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"php7.2-xmlrpc\", pkgver:\"7.2.19-0ubuntu0.19.04.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libapache2-mod-php7.0 / libapache2-mod-php7.2 / php7.0-cgi / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-12T15:55:27", "description": "**PHP version 7.2.21** (01 Aug 2019)\n\n**Date:**\n\n - Fixed bug php#69044 (discrepency between time and microtime). (krakjoe)\n\n**EXIF:**\n\n - Fixed bug php#78256 (heap-buffer-overflow on exif_process_user_comment). (CVE-2019-11042) (Stas)\n\n - Fixed bug php#78222 (heap-buffer-overflow on exif_scan_thumbnail). (CVE-2019-11041) (Stas)\n\n**Fileinfo:**\n\n - Fixed bug php#78183 (finfo_file shows wrong mime-type for .tga file). (Joshua Westerheide)\n\n**FTP:**\n\n - Fixed bug php#77124 (FTP with SSL memory leak). (Nikita)\n\n**Libxml:**\n\n - Fixed bug php#78279 (libxml_disable_entity_loader settings is shared between requests (cgi-fcgi)).\n (Nikita)\n\n**LiteSpeed:**\n\n - Updated to LiteSpeed SAPI V7.4.3 (increased response header count limit from 100 to 1000, added crash handler to cleanly shutdown PHP request, added CloudLinux mod_lsapi mode). (George Wang)\n\n - Fixed bug php#76058 (After 'POST data can't be buffered', using php://input makes huge tmp files).\n (George Wang)\n\n**Openssl:**\n\n - Fixed bug php#78231 (Segmentation fault upon stream_socket_accept of exported socket-to-stream).\n (Nikita)\n\n**OPcache:**\n\n - Fixed bug php#78189 (file cache strips last character of uname hash). (cmb)\n\n - Fixed bug php#78202 (Opcache stats for cache hits are capped at 32bit NUM). (cmb)\n\n - Fixed bug php#78291 (opcache_get_configuration doesn't list all directives). (Andrew Collington)\n\n**Phar:**\n\n - Fixed bug php#77919 (Potential UAF in Phar RSHUTDOWN).\n (cmb)\n\n**Phpdbg:**\n\n - Fixed bug php#78297 (Include unexistent file memory leak). (Nikita)\n\n**PDO_Sqlite:**\n\n - Fixed bug php#78192 (SegFault when reuse statement after schema has changed). (Vincent Quatrevieux)\n\n**Standard:**\n\n - Fixed bug php#78241 (touch() does not handle dates after 2038 in PHP 64-bit). (cmb)\n\n - Fixed bug php#78269 (password_hash uses weak options for argon2). (Remi)\n\n**XMLRPC:**\n\n - Fixed bug php#78173 (XML-RPC mutates immutable objects during encoding). (Asher Baker)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "Fedora 29 : php (2019-f07db8f031)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11041", "CVE-2019-11042"], "modified": "2020-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2019-F07DB8F031.NASL", "href": "https://www.tenable.com/plugins/nessus/127537", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-f07db8f031.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127537);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/01/06\");\n\n script_cve_id(\"CVE-2019-11041\", \"CVE-2019-11042\");\n script_xref(name:\"FEDORA\", value:\"2019-f07db8f031\");\n\n script_name(english:\"Fedora 29 : php (2019-f07db8f031)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**PHP version 7.2.21** (01 Aug 2019)\n\n**Date:**\n\n - Fixed bug php#69044 (discrepency between time and\n microtime). (krakjoe)\n\n**EXIF:**\n\n - Fixed bug php#78256 (heap-buffer-overflow on\n exif_process_user_comment). (CVE-2019-11042) (Stas)\n\n - Fixed bug php#78222 (heap-buffer-overflow on\n exif_scan_thumbnail). (CVE-2019-11041) (Stas)\n\n**Fileinfo:**\n\n - Fixed bug php#78183 (finfo_file shows wrong mime-type\n for .tga file). (Joshua Westerheide)\n\n**FTP:**\n\n - Fixed bug php#77124 (FTP with SSL memory leak). (Nikita)\n\n**Libxml:**\n\n - Fixed bug php#78279 (libxml_disable_entity_loader\n settings is shared between requests (cgi-fcgi)).\n (Nikita)\n\n**LiteSpeed:**\n\n - Updated to LiteSpeed SAPI V7.4.3 (increased response\n header count limit from 100 to 1000, added crash handler\n to cleanly shutdown PHP request, added CloudLinux\n mod_lsapi mode). (George Wang)\n\n - Fixed bug php#76058 (After 'POST data can't be\n buffered', using php://input makes huge tmp files).\n (George Wang)\n\n**Openssl:**\n\n - Fixed bug php#78231 (Segmentation fault upon\n stream_socket_accept of exported socket-to-stream).\n (Nikita)\n\n**OPcache:**\n\n - Fixed bug php#78189 (file cache strips last character of\n uname hash). (cmb)\n\n - Fixed bug php#78202 (Opcache stats for cache hits are\n capped at 32bit NUM). (cmb)\n\n - Fixed bug php#78291 (opcache_get_configuration doesn't\n list all directives). (Andrew Collington)\n\n**Phar:**\n\n - Fixed bug php#77919 (Potential UAF in Phar RSHUTDOWN).\n (cmb)\n\n**Phpdbg:**\n\n - Fixed bug php#78297 (Include unexistent file memory\n leak). (Nikita)\n\n**PDO_Sqlite:**\n\n - Fixed bug php#78192 (SegFault when reuse statement after\n schema has changed). (Vincent Quatrevieux)\n\n**Standard:**\n\n - Fixed bug php#78241 (touch() does not handle dates after\n 2038 in PHP 64-bit). (cmb)\n\n - Fixed bug php#78269 (password_hash uses weak options for\n argon2). (Remi)\n\n**XMLRPC:**\n\n - Fixed bug php#78173 (XML-RPC mutates immutable objects\n during encoding). (Asher Baker)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-f07db8f031\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"php-7.2.21-1.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-12T15:55:27", "description": "According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.21. It is, therefore, affected by buffer overflow vulnerabilities in exif_read_data and exif_scan_thumbnail functions.", "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "PHP 7.2.x < 7.2.21 Multiple Vulnerabilities.", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11041", "CVE-2019-11042"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_7_2_21.NASL", "href": "https://www.tenable.com/plugins/nessus/127131", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127131);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2019-11041\", \"CVE-2019-11042\");\n\n script_name(english:\"PHP 7.2.x < 7.2.21 Multiple Vulnerabilities.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.21. It is,\ntherefore, affected by buffer overflow vulnerabilities in exif_read_data and exif_scan_thumbnail functions.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.php.net/ChangeLog-7.php#7.2.21\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=78222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=78256\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 7.2.21 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('http.inc');\ninclude('vcf.inc');\ninclude('audit.inc');\n\nport = get_http_port(default:80, php:TRUE);\napp = 'PHP';\n\napp_info = vcf::get_app_info(app:app, port:port, webapp:TRUE);\n\nbackported = get_kb_item('www/php/' + port + '/' + app_info.version + '/backported');\nif ((report_paranoia < 2) && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, 'PHP ' + app_info.version + ' install');\n\nconstraints = [{'min_version':'7.2.0alpha1', 'fixed_version':'7.2.21'}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-12T15:54:51", "description": "According to its banner, the version of PHP running on the remote web server is 7.3.x prior to 7.1.31. It is, therefore, affected by buffer overflow vulnerabilities in exif_read_data and exif_scan_thumbnail functions.", "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "PHP 7.1.x < 7.1.31 Multiple Vulnerabilities.", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11041", "CVE-2019-11042"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_7_1_31.NASL", "href": "https://www.tenable.com/plugins/nessus/127130", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127130);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2019-11041\", \"CVE-2019-11042\");\n\n script_name(english:\"PHP 7.1.x < 7.1.31 Multiple Vulnerabilities.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP running on the remote web server is 7.3.x prior to 7.1.31. It is,\ntherefore, affected by buffer overflow vulnerabilities in exif_read_data and exif_scan_thumbnail functions.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.php.net/ChangeLog-7.php#7.1.31\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=78222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=78256\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 7.1.31 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('http.inc');\ninclude('vcf.inc');\ninclude('audit.inc');\n\nport = get_http_port(default:80, php:TRUE);\napp = 'PHP';\n\napp_info = vcf::get_app_info(app:app, port:port, webapp:TRUE);\n\nbackported = get_kb_item('www/php/' + port + '/' + app_info.version + '/backported');\nif ((report_paranoia < 2) && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, 'PHP ' + app_info.version + ' install');\n\nconstraints = [{'min_version':'7.1.0alpha1', 'fixed_version':'7.1.31'}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-12T15:58:06", "description": "This update for php72 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail() (bsc#1146360).\n\nCVE-2019-11042: Fixed heap buffer over-read in exif_process_user_comment() (bsc#1145095).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}, "published": "2019-09-03T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : php72 (SUSE-SU-2019:2270-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11041", "CVE-2019-11042"], "modified": "2019-12-31T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php72", "p-cpe:/a:novell:suse_linux:apache2-mod_php72-debuginfo", "p-cpe:/a:novell:suse_linux:php72", "p-cpe:/a:novell:suse_linux:php72-bcmath", "p-cpe:/a:novell:suse_linux:php72-bcmath-debuginfo", "p-cpe:/a:novell:suse_linux:php72-bz2", "p-cpe:/a:novell:suse_linux:php72-bz2-debuginfo", "p-cpe:/a:novell:suse_linux:php72-calendar", "p-cpe:/a:novell:suse_linux:php72-calendar-debuginfo", "p-cpe:/a:novell:suse_linux:php72-ctype", "p-cpe:/a:novell:suse_linux:php72-ctype-debuginfo", "p-cpe:/a:novell:suse_linux:php72-curl", "p-cpe:/a:novell:suse_linux:php72-curl-debuginfo", "p-cpe:/a:novell:suse_linux:php72-dba", "p-cpe:/a:novell:suse_linux:php72-dba-debuginfo", "p-cpe:/a:novell:suse_linux:php72-debuginfo", "p-cpe:/a:novell:suse_linux:php72-debugsource", "p-cpe:/a:novell:suse_linux:php72-dom", "p-cpe:/a:novell:suse_linux:php72-dom-debuginfo", "p-cpe:/a:novell:suse_linux:php72-enchant", "p-cpe:/a:novell:suse_linux:php72-enchant-debuginfo", "p-cpe:/a:novell:suse_linux:php72-exif", "p-cpe:/a:novell:suse_linux:php72-exif-debuginfo", "p-cpe:/a:novell:suse_linux:php72-fastcgi", "p-cpe:/a:novell:suse_linux:php72-fastcgi-debuginfo", "p-cpe:/a:novell:suse_linux:php72-fileinfo", "p-cpe:/a:novell:suse_linux:php72-fileinfo-debuginfo", "p-cpe:/a:novell:suse_linux:php72-fpm", "p-cpe:/a:novell:suse_linux:php72-fpm-debuginfo", "p-cpe:/a:novell:suse_linux:php72-ftp", "p-cpe:/a:novell:suse_linux:php72-ftp-debuginfo", "p-cpe:/a:novell:suse_linux:php72-gd", "p-cpe:/a:novell:suse_linux:php72-gd-debuginfo", "p-cpe:/a:novell:suse_linux:php72-gettext", "p-cpe:/a:novell:suse_linux:php72-gettext-debuginfo", "p-cpe:/a:novell:suse_linux:php72-gmp", "p-cpe:/a:novell:suse_linux:php72-gmp-debuginfo", "p-cpe:/a:novell:suse_linux:php72-iconv", "p-cpe:/a:novell:suse_linux:php72-iconv-debuginfo", "p-cpe:/a:novell:suse_linux:php72-imap", "p-cpe:/a:novell:suse_linux:php72-imap-debuginfo", "p-cpe:/a:novell:suse_linux:php72-intl", "p-cpe:/a:novell:suse_linux:php72-intl-debuginfo", "p-cpe:/a:novell:suse_linux:php72-json", "p-cpe:/a:novell:suse_linux:php72-json-debuginfo", "p-cpe:/a:novell:suse_linux:php72-ldap", "p-cpe:/a:novell:suse_linux:php72-ldap-debuginfo", "p-cpe:/a:novell:suse_linux:php72-mbstring", "p-cpe:/a:novell:suse_linux:php72-mbstring-debuginfo", "p-cpe:/a:novell:suse_linux:php72-mysql", "p-cpe:/a:novell:suse_linux:php72-mysql-debuginfo", "p-cpe:/a:novell:suse_linux:php72-odbc", "p-cpe:/a:novell:suse_linux:php72-odbc-debuginfo", "p-cpe:/a:novell:suse_linux:php72-opcache", "p-cpe:/a:novell:suse_linux:php72-opcache-debuginfo", "p-cpe:/a:novell:suse_linux:php72-openssl", "p-cpe:/a:novell:suse_linux:php72-openssl-debuginfo", "p-cpe:/a:novell:suse_linux:php72-pcntl", "p-cpe:/a:novell:suse_linux:php72-pcntl-debuginfo", "p-cpe:/a:novell:suse_linux:php72-pdo", "p-cpe:/a:novell:suse_linux:php72-pdo-debuginfo", "p-cpe:/a:novell:suse_linux:php72-pgsql", "p-cpe:/a:novell:suse_linux:php72-pgsql-debuginfo", "p-cpe:/a:novell:suse_linux:php72-phar", "p-cpe:/a:novell:suse_linux:php72-phar-debuginfo", "p-cpe:/a:novell:suse_linux:php72-posix", "p-cpe:/a:novell:suse_linux:php72-posix-debuginfo", "p-cpe:/a:novell:suse_linux:php72-pspell", "p-cpe:/a:novell:suse_linux:php72-pspell-debuginfo", "p-cpe:/a:novell:suse_linux:php72-readline", "p-cpe:/a:novell:suse_linux:php72-readline-debuginfo", "p-cpe:/a:novell:suse_linux:php72-shmop", "p-cpe:/a:novell:suse_linux:php72-shmop-debuginfo", "p-cpe:/a:novell:suse_linux:php72-snmp", "p-cpe:/a:novell:suse_linux:php72-snmp-debuginfo", "p-cpe:/a:novell:suse_linux:php72-soap", "p-cpe:/a:novell:suse_linux:php72-soap-debuginfo", "p-cpe:/a:novell:suse_linux:php72-sockets", "p-cpe:/a:novell:suse_linux:php72-sockets-debuginfo", "p-cpe:/a:novell:suse_linux:php72-sqlite", "p-cpe:/a:novell:suse_linux:php72-sqlite-debuginfo", "p-cpe:/a:novell:suse_linux:php72-sysvmsg", "p-cpe:/a:novell:suse_linux:php72-sysvmsg-debuginfo", "p-cpe:/a:novell:suse_linux:php72-sysvsem", "p-cpe:/a:novell:suse_linux:php72-sysvsem-debuginfo", "p-cpe:/a:novell:suse_linux:php72-sysvshm", "p-cpe:/a:novell:suse_linux:php72-sysvshm-debuginfo", "p-cpe:/a:novell:suse_linux:php72-tidy", "p-cpe:/a:novell:suse_linux:php72-tidy-debuginfo", "p-cpe:/a:novell:suse_linux:php72-tokenizer", "p-cpe:/a:novell:suse_linux:php72-tokenizer-debuginfo", "p-cpe:/a:novell:suse_linux:php72-wddx", "p-cpe:/a:novell:suse_linux:php72-wddx-debuginfo", "p-cpe:/a:novell:suse_linux:php72-xmlreader", "p-cpe:/a:novell:suse_linux:php72-xmlreader-debuginfo", "p-cpe:/a:novell:suse_linux:php72-xmlrpc", "p-cpe:/a:novell:suse_linux:php72-xmlrpc-debuginfo", "p-cpe:/a:novell:suse_linux:php72-xmlwriter", "p-cpe:/a:novell:suse_linux:php72-xmlwriter-debuginfo", "p-cpe:/a:novell:suse_linux:php72-xsl", "p-cpe:/a:novell:suse_linux:php72-xsl-debuginfo", "p-cpe:/a:novell:suse_linux:php72-zip", "p-cpe:/a:novell:suse_linux:php72-zip-debuginfo", "p-cpe:/a:novell:suse_linux:php72-zlib", "p-cpe:/a:novell:suse_linux:php72-zlib-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-2270-1.NASL", "href": "https://www.tenable.com/plugins/nessus/128473", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2270-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128473);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2019-11041\", \"CVE-2019-11042\");\n\n script_name(english:\"SUSE SLES12 Security Update : php72 (SUSE-SU-2019:2270-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for php72 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail()\n(bsc#1146360).\n\nCVE-2019-11042: Fixed heap buffer over-read in\nexif_process_user_comment() (bsc#1145095).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1145095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146360\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11041/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11042/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192270-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a9ff575f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-2270=1\n\nSUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch\nSUSE-SLE-Module-Web-Scripting-12-2019-2270=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php72\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php72-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-readline-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-tidy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php72-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php72-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-bcmath-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-bcmath-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-bz2-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-bz2-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-calendar-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-calendar-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-ctype-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-ctype-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-curl-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-curl-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-dba-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-dba-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-debugsource-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-dom-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-dom-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-enchant-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-enchant-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-exif-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-exif-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-fastcgi-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-fastcgi-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-fileinfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-fileinfo-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-fpm-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-fpm-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-ftp-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-ftp-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-gd-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-gd-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-gettext-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-gettext-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-gmp-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-gmp-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-iconv-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-iconv-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-imap-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-imap-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-intl-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-intl-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-json-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-json-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-ldap-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-ldap-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-mbstring-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-mbstring-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-mysql-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-mysql-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-odbc-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-odbc-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-opcache-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-opcache-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-openssl-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-openssl-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-pcntl-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-pcntl-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-pdo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-pdo-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-pgsql-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-pgsql-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-phar-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-phar-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-posix-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-posix-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-pspell-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-pspell-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-readline-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-readline-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-shmop-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-shmop-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-snmp-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-snmp-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-soap-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-soap-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-sockets-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-sockets-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-sqlite-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-sqlite-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-sysvmsg-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-sysvmsg-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-sysvsem-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-sysvsem-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-sysvshm-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-sysvshm-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-tidy-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-tidy-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-tokenizer-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-tokenizer-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-wddx-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-wddx-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-xmlreader-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-xmlreader-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-xmlrpc-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-xmlrpc-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-xmlwriter-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-xmlwriter-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-xsl-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-xsl-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-zip-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-zip-debuginfo-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-zlib-7.2.5-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-zlib-debuginfo-7.2.5-1.23.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php72\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-12T15:58:49", "description": "According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer.\n This may lead to information disclosure or crash.(CVE-2019-11042)\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer.\n This may lead to information disclosure or crash.(CVE-2019-11041)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}, "published": "2019-09-30T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : php (EulerOS-SA-2019-2089)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11041", "CVE-2019-11042"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:php", "p-cpe:/a:huawei:euleros:php-cli", "p-cpe:/a:huawei:euleros:php-common", "p-cpe:/a:huawei:euleros:php-fpm", "p-cpe:/a:huawei:euleros:php-gd", "p-cpe:/a:huawei:euleros:php-ldap", "p-cpe:/a:huawei:euleros:php-odbc", "p-cpe:/a:huawei:euleros:php-pdo", "p-cpe:/a:huawei:euleros:php-process", "p-cpe:/a:huawei:euleros:php-recode", "p-cpe:/a:huawei:euleros:php-soap", "p-cpe:/a:huawei:euleros:php-xml", "p-cpe:/a:huawei:euleros:php-xmlrpc", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2089.NASL", "href": "https://www.tenable.com/plugins/nessus/129448", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129448);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-11041\",\n \"CVE-2019-11042\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : php (EulerOS-SA-2019-2089)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the php packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - When PHP EXIF extension is parsing EXIF information\n from an image, e.g. via exif_read_data() function, in\n PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and\n 7.3.x below 7.3.8 it is possible to supply it with data\n what will cause it to read past the allocated buffer.\n This may lead to information disclosure or\n crash.(CVE-2019-11042)\n\n - When PHP EXIF extension is parsing EXIF information\n from an image, e.g. via exif_read_data() function, in\n PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and\n 7.3.x below 7.3.8 it is possible to supply it with data\n what will cause it to read past the allocated buffer.\n This may lead to information disclosure or\n crash.(CVE-2019-11041)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2089\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?38399217\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"php-7.2.10-1.h6.eulerosv2r8\",\n \"php-cli-7.2.10-1.h6.eulerosv2r8\",\n \"php-common-7.2.10-1.h6.eulerosv2r8\",\n \"php-fpm-7.2.10-1.h6.eulerosv2r8\",\n \"php-gd-7.2.10-1.h6.eulerosv2r8\",\n \"php-ldap-7.2.10-1.h6.eulerosv2r8\",\n \"php-odbc-7.2.10-1.h6.eulerosv2r8\",\n \"php-pdo-7.2.10-1.h6.eulerosv2r8\",\n \"php-process-7.2.10-1.h6.eulerosv2r8\",\n \"php-recode-7.2.10-1.h6.eulerosv2r8\",\n \"php-soap-7.2.10-1.h6.eulerosv2r8\",\n \"php-xml-7.2.10-1.h6.eulerosv2r8\",\n \"php-xmlrpc-7.2.10-1.h6.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-04-12T16:18:56", "description": "According to its banner, the version of PHP running on the remote web server is 7.4.x prior to 7.4.0. It is, therefore, affected by multiple vulnerabilities including a buffer overflow", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-12-06T00:00:00", "type": "nessus", "title": "PHP 7.4.x < 7.4.0 Multiple Vulnerabilities.", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11041", "CVE-2019-11042", "CVE-2019-11043"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_7_4_0.NASL", "href": "https://www.tenable.com/plugins/nessus/131732", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131732);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2019-11041\", \"CVE-2019-11042\", \"CVE-2019-11043\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n\n script_name(english:\"PHP 7.4.x < 7.4.0 Multiple Vulnerabilities.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple\n vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP running on the \n remote web server is 7.4.x prior to 7.4.0. It is, therefore, affected by multiple vulnerabilities including a buffer\n overflow\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.php.net/ChangeLog-7.php#7.4\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=72530\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 7.4.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11043\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP-FPM Underflow RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('http.inc');\ninclude('vcf.inc');\n\nport = get_http_port(default:80, php:TRUE);\napp_info = vcf::get_app_info(app:'PHP', port:port, webapp:TRUE);\n\nbackported = get_kb_item('www/php/' + port + '/' + app_info.version + '/backported');\nif ((report_paranoia < 2) && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, 'PHP ' + app_info.version + ' install');\n\nconstraints = [{'min_version':'7.4.0alpha1', 'fixed_version':'7.4.0'}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-12T15:54:51", "description": "This update for php7 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm() (bsc#1140118).\n\nCVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail() (bsc#1146360).\n\nCVE-2019-11042: Fixed heap buffer over-read in exif_process_user_comment() (bsc#1145095).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}, "published": "2019-08-29T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : php7 (SUSE-SU-2019:2243-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11038", "CVE-2019-11041", "CVE-2019-11042"], "modified": "2019-12-31T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php7", "p-cpe:/a:novell:suse_linux:apache2-mod_php7-debuginfo", "p-cpe:/a:novell:suse_linux:php7", "p-cpe:/a:novell:suse_linux:php7-bcmath", "p-cpe:/a:novell:suse_linux:php7-bcmath-debuginfo", "p-cpe:/a:novell:suse_linux:php7-bz2", "p-cpe:/a:novell:suse_linux:php7-bz2-debuginfo", "p-cpe:/a:novell:suse_linux:php7-calendar", "p-cpe:/a:novell:suse_linux:php7-calendar-debuginfo", "p-cpe:/a:novell:suse_linux:php7-ctype", "p-cpe:/a:novell:suse_linux:php7-ctype-debuginfo", "p-cpe:/a:novell:suse_linux:php7-curl", "p-cpe:/a:novell:suse_linux:php7-curl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-dba", "p-cpe:/a:novell:suse_linux:php7-dba-debuginfo", "p-cpe:/a:novell:suse_linux:php7-debuginfo", "p-cpe:/a:novell:suse_linux:php7-debugsource", "p-cpe:/a:novell:suse_linux:php7-dom", "p-cpe:/a:novell:suse_linux:php7-dom-debuginfo", "p-cpe:/a:novell:suse_linux:php7-enchant", "p-cpe:/a:novell:suse_linux:php7-enchant-debuginfo", "p-cpe:/a:novell:suse_linux:php7-exif", "p-cpe:/a:novell:suse_linux:php7-exif-debuginfo", "p-cpe:/a:novell:suse_linux:php7-fastcgi", "p-cpe:/a:novell:suse_linux:php7-fastcgi-debuginfo", "p-cpe:/a:novell:suse_linux:php7-fileinfo", "p-cpe:/a:novell:suse_linux:php7-fileinfo-debuginfo", "p-cpe:/a:novell:suse_linux:php7-fpm", "p-cpe:/a:novell:suse_linux:php7-fpm-debuginfo", "p-cpe:/a:novell:suse_linux:php7-ftp", "p-cpe:/a:novell:suse_linux:php7-ftp-debuginfo", "p-cpe:/a:novell:suse_linux:php7-gd", "p-cpe:/a:novell:suse_linux:php7-gd-debuginfo", "p-cpe:/a:novell:suse_linux:php7-gettext", "p-cpe:/a:novell:suse_linux:php7-gettext-debuginfo", "p-cpe:/a:novell:suse_linux:php7-gmp", "p-cpe:/a:novell:suse_linux:php7-gmp-debuginfo", "p-cpe:/a:novell:suse_linux:php7-iconv", "p-cpe:/a:novell:suse_linux:php7-iconv-debuginfo", "p-cpe:/a:novell:suse_linux:php7-imap", "p-cpe:/a:novell:suse_linux:php7-imap-debuginfo", "p-cpe:/a:novell:suse_linux:php7-intl", "p-cpe:/a:novell:suse_linux:php7-intl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-json", "p-cpe:/a:novell:suse_linux:php7-json-debuginfo", "p-cpe:/a:novell:suse_linux:php7-ldap", "p-cpe:/a:novell:suse_linux:php7-ldap-debuginfo", "p-cpe:/a:novell:suse_linux:php7-mbstring", "p-cpe:/a:novell:suse_linux:php7-mbstring-debuginfo", "p-cpe:/a:novell:suse_linux:php7-mcrypt", "p-cpe:/a:novell:suse_linux:php7-mcrypt-debuginfo", "p-cpe:/a:novell:suse_linux:php7-mysql", "p-cpe:/a:novell:suse_linux:php7-mysql-debuginfo", "p-cpe:/a:novell:suse_linux:php7-odbc", "p-cpe:/a:novell:suse_linux:php7-odbc-debuginfo", "p-cpe:/a:novell:suse_linux:php7-opcache", "p-cpe:/a:novell:suse_linux:php7-opcache-debuginfo", "p-cpe:/a:novell:suse_linux:php7-openssl", "p-cpe:/a:novell:suse_linux:php7-openssl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-pcntl", "p-cpe:/a:novell:suse_linux:php7-pcntl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-pdo", "p-cpe:/a:novell:suse_linux:php7-pdo-debuginfo", "p-cpe:/a:novell:suse_linux:php7-pgsql", "p-cpe:/a:novell:suse_linux:php7-pgsql-debuginfo", "p-cpe:/a:novell:suse_linux:php7-phar", "p-cpe:/a:novell:suse_linux:php7-phar-debuginfo", "p-cpe:/a:novell:suse_linux:php7-posix", "p-cpe:/a:novell:suse_linux:php7-posix-debuginfo", "p-cpe:/a:novell:suse_linux:php7-pspell", "p-cpe:/a:novell:suse_linux:php7-pspell-debuginfo", "p-cpe:/a:novell:suse_linux:php7-shmop", "p-cpe:/a:novell:suse_linux:php7-shmop-debuginfo", "p-cpe:/a:novell:suse_linux:php7-snmp", "p-cpe:/a:novell:suse_linux:php7-snmp-debuginfo", "p-cpe:/a:novell:suse_linux:php7-soap", "p-cpe:/a:novell:suse_linux:php7-soap-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sockets", "p-cpe:/a:novell:suse_linux:php7-sockets-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sqlite", "p-cpe:/a:novell:suse_linux:php7-sqlite-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sysvmsg", "p-cpe:/a:novell:suse_linux:php7-sysvmsg-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sysvsem", "p-cpe:/a:novell:suse_linux:php7-sysvsem-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sysvshm", "p-cpe:/a:novell:suse_linux:php7-sysvshm-debuginfo", "p-cpe:/a:novell:suse_linux:php7-tokenizer", "p-cpe:/a:novell:suse_linux:php7-tokenizer-debuginfo", "p-cpe:/a:novell:suse_linux:php7-wddx", "p-cpe:/a:novell:suse_linux:php7-wddx-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xmlreader", "p-cpe:/a:novell:suse_linux:php7-xmlreader-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xmlrpc", "p-cpe:/a:novell:suse_linux:php7-xmlrpc-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xmlwriter", "p-cpe:/a:novell:suse_linux:php7-xmlwriter-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xsl", "p-cpe:/a:novell:suse_linux:php7-xsl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-zip", "p-cpe:/a:novell:suse_linux:php7-zip-debuginfo", "p-cpe:/a:novell:suse_linux:php7-zlib", "p-cpe:/a:novell:suse_linux:php7-zlib-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-2243-1.NASL", "href": "https://www.tenable.com/plugins/nessus/128317", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2243-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128317);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2019-11038\", \"CVE-2019-11041\", \"CVE-2019-11042\");\n\n script_name(english:\"SUSE SLES12 Security Update : php7 (SUSE-SU-2019:2243-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for php7 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-11038: Fixed a information disclosure in\ngdImageCreateFromXbm() (bsc#1140118).\n\nCVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail()\n(bsc#1146360).\n\nCVE-2019-11042: Fixed heap buffer over-read in\nexif_process_user_comment() (bsc#1145095).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1145095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146360\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11038/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11041/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11042/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192243-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d43e85de\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-2243=1\n\nSUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch\nSUSE-SLE-Module-Web-Scripting-12-2019-2243=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php7-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php7-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-bcmath-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-bcmath-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-bz2-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-bz2-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-calendar-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-calendar-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ctype-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ctype-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-curl-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-curl-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-dba-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-dba-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-debugsource-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-dom-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-dom-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-enchant-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-enchant-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-exif-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-exif-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fastcgi-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fastcgi-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fileinfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fileinfo-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fpm-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fpm-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ftp-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ftp-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gd-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gd-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gettext-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gettext-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gmp-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gmp-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-iconv-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-iconv-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-imap-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-imap-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-intl-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-intl-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-json-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-json-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ldap-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ldap-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mbstring-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mbstring-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mcrypt-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mcrypt-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mysql-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mysql-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-odbc-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-odbc-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-opcache-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-opcache-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-openssl-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-openssl-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pcntl-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pcntl-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pdo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pdo-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pgsql-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pgsql-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-phar-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-phar-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-posix-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-posix-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pspell-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pspell-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-shmop-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-shmop-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-snmp-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-snmp-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-soap-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-soap-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sockets-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sockets-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sqlite-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sqlite-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvmsg-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvmsg-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvsem-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvsem-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvshm-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvshm-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-tokenizer-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-tokenizer-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-wddx-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-wddx-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlreader-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlreader-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlrpc-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlrpc-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlwriter-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlwriter-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xsl-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xsl-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-zip-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-zip-debuginfo-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-zlib-7.0.7-50.85.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-zlib-debuginfo-7.0.7-50.85.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php7\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-12T15:19:38", "description": "The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2019:14158-1 advisory.\n\n - When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code. (CVE-2019-11038)\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. (CVE-2019-11041, CVE-2019-11042)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}, "published": "2021-06-10T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : php53 (SUSE-SU-2019:14158-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11038", "CVE-2019-11041", "CVE-2019-11042"], "modified": "2021-06-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php53", "p-cpe:/a:novell:suse_linux:php53", "p-cpe:/a:novell:suse_linux:php53-bcmath", "p-cpe:/a:novell:suse_linux:php53-bz2", "p-cpe:/a:novell:suse_linux:php53-calendar", "p-cpe:/a:novell:suse_linux:php53-ctype", "p-cpe:/a:novell:suse_linux:php53-curl", "p-cpe:/a:novell:suse_linux:php53-dba", "p-cpe:/a:novell:suse_linux:php53-dom", "p-cpe:/a:novell:suse_linux:php53-exif", "p-cpe:/a:novell:suse_linux:php53-fastcgi", "p-cpe:/a:novell:suse_linux:php53-fileinfo", "p-cpe:/a:novell:suse_linux:php53-ftp", "p-cpe:/a:novell:suse_linux:php53-gd", "p-cpe:/a:novell:suse_linux:php53-gettext", "p-cpe:/a:novell:suse_linux:php53-gmp", "p-cpe:/a:novell:suse_linux:php53-iconv", "p-cpe:/a:novell:suse_linux:php53-intl", "p-cpe:/a:novell:suse_linux:php53-json", "p-cpe:/a:novell:suse_linux:php53-ldap", "p-cpe:/a:novell:suse_linux:php53-mbstring", "p-cpe:/a:novell:suse_linux:php53-mcrypt", "p-cpe:/a:novell:suse_linux:php53-mysql", "p-cpe:/a:novell:suse_linux:php53-odbc", "p-cpe:/a:novell:suse_linux:php53-openssl", "p-cpe:/a:novell:suse_linux:php53-pcntl", "p-cpe:/a:novell:suse_linux:php53-pdo", "p-cpe:/a:novell:suse_linux:php53-pear", "p-cpe:/a:novell:suse_linux:php53-pgsql", "p-cpe:/a:novell:suse_linux:php53-pspell", "p-cpe:/a:novell:suse_linux:php53-shmop", "p-cpe:/a:novell:suse_linux:php53-snmp", "p-cpe:/a:novell:suse_linux:php53-soap", "p-cpe:/a:novell:suse_linux:php53-suhosin", "p-cpe:/a:novell:suse_linux:php53-sysvmsg", "p-cpe:/a:novell:suse_linux:php53-sysvsem", "p-cpe:/a:novell:suse_linux:php53-sysvshm", "p-cpe:/a:novell:suse_linux:php53-tokenizer", "p-cpe:/a:novell:suse_linux:php53-wddx", "p-cpe:/a:novell:suse_linux:php53-xmlreader", "p-cpe:/a:novell:suse_linux:php53-xmlrpc", "p-cpe:/a:novell:suse_linux:php53-xmlwriter", "p-cpe:/a:novell:suse_linux:php53-xsl", "p-cpe:/a:novell:suse_linux:php53-zip", "p-cpe:/a:novell:suse_linux:php53-zlib", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2019-14158-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150598", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2019:14158-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150598);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/10\");\n\n script_cve_id(\"CVE-2019-11038\", \"CVE-2019-11041\", \"CVE-2019-11042\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2019:14158-1\");\n script_xref(name:\"IAVB\", value:\"2019-B-0045-S\");\n script_xref(name:\"IAVA\", value:\"2019-A-0437-S\");\n script_xref(name:\"IAVB\", value:\"2019-B-0070-S\");\n\n script_name(english:\"SUSE SLES11 Security Update : php53 (SUSE-SU-2019:14158-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2019:14158-1 advisory.\n\n - When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in\n the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is\n possible to supply data that will cause the function to use the value of uninitialized variable. This may\n lead to disclosing contents of the stack that has been left there by previous code. (CVE-2019-11038)\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in\n PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with\n data what will cause it to read past the allocated buffer. This may lead to information disclosure or\n crash. (CVE-2019-11041, CVE-2019-11042)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1140118\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1145095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1146360\");\n # https://lists.suse.com/pipermail/sle-security-updates/2019-September/005875.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?93b190cb\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11042\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\npkgs = [\n {'reference':'apache2-mod_php53-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-bcmath-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-bz2-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-calendar-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-ctype-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-curl-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-dba-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-dom-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-exif-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-fastcgi-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-fileinfo-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-ftp-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-gd-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-gettext-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-gmp-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-iconv-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-intl-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-json-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-ldap-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-mbstring-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-mcrypt-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-mysql-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-odbc-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-openssl-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-pcntl-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-pdo-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-pear-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-pgsql-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-pspell-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-shmop-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-snmp-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-soap-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-suhosin-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-sysvmsg-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-sysvsem-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-sysvshm-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-tokenizer-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-wddx-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-xmlreader-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-xmlrpc-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-xmlwriter-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-xsl-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-zip-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-zlib-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'apache2-mod_php53-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-bcmath-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-bz2-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-calendar-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-ctype-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-curl-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-dba-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-dom-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-exif-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-fastcgi-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-fileinfo-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-ftp-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-gd-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-gettext-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-gmp-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-iconv-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-intl-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-json-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-ldap-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-mbstring-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-mcrypt-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-mysql-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-odbc-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-openssl-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-pcntl-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-pdo-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-pear-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-pgsql-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-pspell-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-shmop-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-snmp-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-soap-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-suhosin-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-sysvmsg-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-sysvsem-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-sysvshm-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-tokenizer-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-wddx-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-xmlreader-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-xmlrpc-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-xmlwriter-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-xsl-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-zip-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-zlib-5.3.17-112.71', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n exists_check = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release && exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n else if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2-mod_php53 / php53 / php53-bcmath / php53-bz2 / php53-calendar / etc');\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-11T15:43:43", "description": "Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: Missing sanitising in the EXIF extension and the iconv_mime_decode_headers() function could result in information disclosure or denial of service.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2019-09-20T00:00:00", "type": "nessus", "title": "Debian DSA-4527-1 : php7.3 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11036", "CVE-2019-11039", "CVE-2019-11040", "CVE-2019-11041", "CVE-2019-11042"], "modified": "2019-12-27T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:php7.3", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4527.NASL", "href": "https://www.tenable.com/plugins/nessus/129073", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4527. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129073);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/27\");\n\n script_cve_id(\"CVE-2019-11036\", \"CVE-2019-11039\", \"CVE-2019-11040\", \"CVE-2019-11041\", \"CVE-2019-11042\");\n script_xref(name:\"DSA\", value:\"4527\");\n\n script_name(english:\"Debian DSA-4527-1 : php7.3 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues were found in PHP, a widely-used open source\ngeneral purpose scripting language: Missing sanitising in the EXIF\nextension and the iconv_mime_decode_headers() function could result in\ninformation disclosure or denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/php7.3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/php7.3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4527\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the php7.3 packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 7.3.9-1~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"libapache2-mod-php7.3\", reference:\"7.3.9-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libphp7.3-embed\", reference:\"7.3.9-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3\", reference:\"7.3.9-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-bcmath\", reference:\"7.3.9-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-bz2\", reference:\"7.3.9-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-cgi\", reference:\"7.3.9-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-cli\", reference:\"7.3.9-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-common\", reference:\"7.3.9-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-curl\", reference:\"7.3.9-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-dba\", reference:\"7.3.9-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-dev\", reference:\"7.3.9-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-enchant\", reference:\"7.3.9-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-fpm\", reference:\"7.3.9-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-gd\", reference:\"7.3.9-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-gmp\", reference:\"7.3.9-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-imap\", reference:\"7.3.9-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-interbase\", reference:\"7.3.9-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-intl\", reference:\"7.3.9-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-json\", reference:\"7.3.9-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-ldap\", reference:\"7.3.9-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-mbstring\", reference:\"7.3.9-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-mysql\", reference:\"7.3.9-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-odbc\", reference:\"7.3.9-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-opcache\", reference:\"7.3.9-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-pgsql\", reference:\"7.3.9-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-phpdbg\", reference:\"7.3.9-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-pspell\", reference:\"7.3.9-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-readline\", reference:\"7.3.9-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-recode\", reference:\"7.3.9-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-snmp\", reference:\"7.3.9-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-soap\", reference:\"7.3.9-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-sqlite3\", reference:\"7.3.9-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-sybase\", reference:\"7.3.9-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-tidy\", reference:\"7.3.9-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-xml\", reference:\"7.3.9-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-xmlrpc\", reference:\"7.3.9-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-xsl\", reference:\"7.3.9-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-zip\", reference:\"7.3.9-1~deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-07-25T15:55:16", "description": "An update of the oniguruma package has been released.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-26T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Oniguruma PHSA-2019-3.0-0024", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13224"], "modified": "2020-01-02T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:oniguruma", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2019-3_0-0024_ONIGURUMA.NASL", "href": "https://www.tenable.com/plugins/nessus/128157", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-3.0-0024. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128157);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2019-13224\");\n\n script_name(english:\"Photon OS 3.0: Oniguruma PHSA-2019-3.0-0024\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the oniguruma package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-0024.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:oniguruma\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"oniguruma-6.9.0-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"oniguruma-debuginfo-6.9.0-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"oniguruma-devel-6.9.0-2.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"oniguruma\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-25T15:52:57", "description": "A use-after-free in onig_new_deluxe() in regext.c allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe().\n\nFor Debian 8 'Jessie', this problem has been fixed in version 5.9.5-3.2+deb8u2.\n\nWe recommend that you upgrade your libonig packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-07-19T00:00:00", "type": "nessus", "title": "Debian DLA-1854-1 : libonig security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13224"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libonig-dev", "p-cpe:/a:debian:debian_linux:libonig2", "p-cpe:/a:debian:debian_linux:libonig2-dbg", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1854.NASL", "href": "https://www.tenable.com/plugins/nessus/126793", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1854-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126793);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2019-13224\");\n\n script_name(english:\"Debian DLA-1854-1 : libonig security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A use-after-free in onig_new_deluxe() in regext.c allows attackers to\npotentially cause information disclosure, denial of service, or\npossibly code execution by providing a crafted regular expression. The\nattacker provides a pair of a regex pattern and a string, with a\nmulti-byte encoding that gets handled by onig_new_deluxe().\n\nFor Debian 8 'Jessie', this problem has been fixed in version\n5.9.5-3.2+deb8u2.\n\nWe recommend that you upgrade your libonig packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/07/msg00013.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/libonig\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected libonig-dev, libonig2, and libonig2-dbg packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libonig-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libonig2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libonig2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libonig-dev\", reference:\"5.9.5-3.2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libonig2\", reference:\"5.9.5-3.2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libonig2-dbg\", reference:\"5.9.5-3.2+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-25T16:02:04", "description": "According to its banner, the version of PHP running on the remote web server is 7.3.x prior to 7.3.9. It is, therefore, affected by multiple vulnerabilities including an unspecified heap buffer overflow.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-09-05T00:00:00", "type": "nessus", "title": "PHP 7.3.x < 7.3.9 Multiple Vulnerabilities.", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13224"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_7_3_9.NASL", "href": "https://www.tenable.com/plugins/nessus/128531", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128531);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2019-13224\");\n\n script_name(english:\"PHP 7.3.x < 7.3.9 Multiple Vulnerabilities.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP running on the remote web\nserver is 7.3.x prior to 7.3.9. It is, therefore, affected by multiple\nvulnerabilities including an unspecified heap buffer overflow.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.php.net/ChangeLog-7.php#7.3.9\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=78213\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 7.3.9 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('http.inc');\ninclude('vcf.inc');\ninclude('audit.inc');\n\nport = get_http_port(default:80, php:TRUE);\napp = 'PHP';\n\napp_info = vcf::get_app_info(app:app, port:port, webapp:TRUE);\n\nbackported = get_kb_item('www/php/' + port + '/' + app_info.version + '/backported');\nif ((report_paranoia < 2) && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, 'PHP ' + app_info.version + ' install');\n\nconstraints = [{'min_version':'7.3.0alpha1', 'fixed_version':'7.3.9'}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-13T16:18:28", "description": "According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.32, 7.2.x prior to 7.2.22 or 7.3.x prior to 7.3.9. It is, therefore, affected by multiple vulnerabilities including an unspecified heap buffer overflow.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-09-18T00:00:00", "type": "nessus", "title": "PHP 7.3.x < 7.3.9 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13224"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98682", "href": "https://www.tenable.com/plugins/was/98682", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-13T16:18:29", "description": "According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.32, 7.2.x prior to 7.2.22 or 7.3.x prior to 7.3.9. It is, therefore, affected by multiple vulnerabilities including an unspecified heap buffer overflow.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-09-18T00:00:00", "type": "nessus", "title": "PHP 7.1.x < 7.1.32 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13224"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98684", "href": "https://www.tenable.com/plugins/was/98684", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-13T16:18:27", "description": "According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.32, 7.2.x prior to 7.2.22 or 7.3.x prior to 7.3.9. It is, therefore, affected by multiple vulnerabilities including an unspecified heap buffer overflow.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-09-18T00:00:00", "type": "nessus", "title": "PHP 7.2.x < 7.2.22 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13224"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98683", "href": "https://www.tenable.com/plugins/was/98683", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-25T16:01:26", "description": "A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust. (CVE-2019-13224)\n\nA NULL pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.\n(CVE-2019-13225)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-09-20T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : oniguruma (ALAS-2019-1288)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13224", "CVE-2019-13225"], "modified": "2019-12-27T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:oniguruma", "p-cpe:/a:amazon:linux:oniguruma-debuginfo", "p-cpe:/a:amazon:linux:oniguruma-devel", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2019-1288.NASL", "href": "https://www.tenable.com/plugins/nessus/129067", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1288.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129067);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/27\");\n\n script_cve_id(\"CVE-2019-13224\", \"CVE-2019-13225\");\n script_xref(name:\"ALAS\", value:\"2019-1288\");\n\n script_name(english:\"Amazon Linux 2 : oniguruma (ALAS-2019-1288)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2\nallows attackers to potentially cause information disclosure, denial\nof service, or possibly code execution by providing a crafted regular\nexpression. The attacker provides a pair of a regex pattern and a\nstring, with a multi-byte encoding that gets handled by\nonig_new_deluxe(). Oniguruma issues often affect Ruby, as well as\ncommon optional libraries for PHP and Rust. (CVE-2019-13224)\n\nA NULL pointer Dereference in match_at() in regexec.c in Oniguruma\n6.9.2 allows attackers to potentially cause denial of service by\nproviding a crafted regular expression. Oniguruma issues often affect\nRuby, as well as common optional libraries for PHP and Rust.\n(CVE-2019-13225)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2019-1288.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update oniguruma' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:oniguruma\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:oniguruma-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:oniguruma-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"oniguruma-5.9.6-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"oniguruma-debuginfo-5.9.6-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"oniguruma-devel-5.9.6-1.amzn2.0.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"oniguruma / oniguruma-debuginfo / oniguruma-devel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-25T16:08:53", "description": "The remote host is affected by the vulnerability described in GLSA-201911-03 (Oniguruma: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Oniguruma. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker, by enticing a user to process a specially crafted string using an application linked against Oniguruma, could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-11-08T00:00:00", "type": "nessus", "title": "GLSA-201911-03 : Oniguruma: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13224", "CVE-2019-13225"], "modified": "2019-12-16T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:oniguruma", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201911-03.NASL", "href": "https://www.tenable.com/plugins/nessus/130635", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201911-03.\n#\n# The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130635);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/16\");\n\n script_cve_id(\"CVE-2019-13224\", \"CVE-2019-13225\");\n script_xref(name:\"GLSA\", value:\"201911-03\");\n\n script_name(english:\"GLSA-201911-03 : Oniguruma: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201911-03\n(Oniguruma: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Oniguruma. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker, by enticing a user to process a specially crafted\n string using an application linked against Oniguruma, could possibly\n execute arbitrary code with the privileges of the process or cause a\n Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201911-03\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Oniguruma users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/oniguruma-6.9.3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:oniguruma\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-libs/oniguruma\", unaffected:make_list(\"ge 6.9.3\"), vulnerable:make_list(\"lt 6.9.3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Oniguruma\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-25T16:03:30", "description": "A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust. (CVE-2019-13224)\n\nA NULL pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.\n(CVE-2019-13225)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-10-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : oniguruma (ALAS-2019-1295)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13224", "CVE-2019-13225"], "modified": "2019-12-23T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:oniguruma", "p-cpe:/a:amazon:linux:oniguruma-debuginfo", "p-cpe:/a:amazon:linux:oniguruma-devel", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2019-1295.NASL", "href": "https://www.tenable.com/plugins/nessus/129565", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2019-1295.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129565);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/23\");\n\n script_cve_id(\"CVE-2019-13224\", \"CVE-2019-13225\");\n script_xref(name:\"ALAS\", value:\"2019-1295\");\n\n script_name(english:\"Amazon Linux AMI : oniguruma (ALAS-2019-1295)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2\nallows attackers to potentially cause information disclosure, denial\nof service, or possibly code execution by providing a crafted regular\nexpression. The attacker provides a pair of a regex pattern and a\nstring, with a multi-byte encoding that gets handled by\nonig_new_deluxe(). Oniguruma issues often affect Ruby, as well as\ncommon optional libraries for PHP and Rust. (CVE-2019-13224)\n\nA NULL pointer Dereference in match_at() in regexec.c in Oniguruma\n6.9.2 allows attackers to potentially cause denial of service by\nproviding a crafted regular expression. Oniguruma issues often affect\nRuby, as well as common optional libraries for PHP and Rust.\n(CVE-2019-13225)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2019-1295.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update oniguruma' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:oniguruma\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:oniguruma-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:oniguruma-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"oniguruma-5.9.6-4.4.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"oniguruma-debuginfo-5.9.6-4.4.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"oniguruma-devel-5.9.6-4.4.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"oniguruma / oniguruma-debuginfo / oniguruma-devel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-25T15:56:11", "description": "Some security issues are found on oniguruma. This new rpm should fix these issues.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "Fedora 30 : oniguruma (2019-3f3d0953db)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13224", "CVE-2019-13225"], "modified": "2020-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:oniguruma", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2019-3F3D0953DB.NASL", "href": "https://www.tenable.com/plugins/nessus/127509", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-3f3d0953db.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127509);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/06\");\n\n script_cve_id(\"CVE-2019-13224\", \"CVE-2019-13225\");\n script_xref(name:\"FEDORA\", value:\"2019-3f3d0953db\");\n\n script_name(english:\"Fedora 30 : oniguruma (2019-3f3d0953db)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Some security issues are found on oniguruma. This new rpm should fix\nthese issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-3f3d0953db\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected oniguruma package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:oniguruma\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"oniguruma-6.9.2-2.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"oniguruma\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-25T15:57:01", "description": "Some security issues are found on oniguruma. This new rpm should fix these issues\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "Fedora 29 : oniguruma (2019-5409bb5e68)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13224", "CVE-2019-13225"], "modified": "2020-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:oniguruma", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2019-5409BB5E68.NASL", "href": "https://www.tenable.com/plugins/nessus/127510", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-5409bb5e68.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127510);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/06\");\n\n script_cve_id(\"CVE-2019-13224\", \"CVE-2019-13225\");\n script_xref(name:\"FEDORA\", value:\"2019-5409bb5e68\");\n\n script_name(english:\"Fedora 29 : oniguruma (2019-5409bb5e68)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Some security issues are found on oniguruma. This new rpm should fix\nthese issues\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-5409bb5e68\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected oniguruma package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:oniguruma\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"oniguruma-6.9.1-2.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"oniguruma\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-25T16:00:20", "description": "A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe().\n\nA NULL pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression.\n\nOniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-09-09T00:00:00", "type": "nessus", "title": "FreeBSD : oniguruma -- multiple vulnerabilities (a8d87c7a-d1b1-11e9-a616-0992a4564e7c)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13224", "CVE-2019-13225"], "modified": "2019-12-31T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:oniguruma", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_A8D87C7AD1B111E9A6160992A4564E7C.NASL", "href": "https://www.tenable.com/plugins/nessus/128588", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128588);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2019-13224\", \"CVE-2019-13225\");\n\n script_name(english:\"FreeBSD : oniguruma -- multiple vulnerabilities (a8d87c7a-d1b1-11e9-a616-0992a4564e7c)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2\nallows attackers to potentially cause information disclosure, denial\nof service, or possibly code execution by providing a crafted regular\nexpression. The attacker provides a pair of a regex pattern and a\nstring, with a multi-byte encoding that gets handled by\nonig_new_deluxe().\n\nA NULL pointer Dereference in match_at() in regexec.c in Oniguruma\n6.9.2 allows attackers to potentially cause denial of service by\nproviding a crafted regular expression.\n\nOniguruma issues often affect Ruby, as well as common optional\nlibraries for PHP and Rust.\"\n );\n # https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0a6650d4\"\n );\n # https://github.com/kkos/oniguruma/commit/c509265c5f6ae7264f7b8a8aae1cfa5fc59d108c\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c3002bf8\"\n );\n # https://vuxml.freebsd.org/freebsd/a8d87c7a-d1b1-11e9-a616-0992a4564e7c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9de3b339\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:oniguruma\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"oniguruma<6.9.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-11T15:44:05", "description": "Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: Missing sanitising in the EXIF extension and the iconv_mime_decode_headers() function could result in information disclosure or denial of service.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2019-09-23T00:00:00", "type": "nessus", "title": "Debian DSA-4529-1 : php7.0 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11034", "CVE-2019-11035", "CVE-2019-11036", "CVE-2019-11038", "CVE-2019-11039", "CVE-2019-11040", "CVE-2019-11041", "CVE-2019-11042"], "modified": "2019-12-27T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:php7.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4529.NASL", "href": "https://www.tenable.com/plugins/nessus/129107", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4529. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129107);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/27\");\n\n script_cve_id(\"CVE-2019-11034\", \"CVE-2019-11035\", \"CVE-2019-11036\", \"CVE-2019-11038\", \"CVE-2019-11039\", \"CVE-2019-11040\", \"CVE-2019-11041\", \"CVE-2019-11042\");\n script_xref(name:\"DSA\", value:\"4529\");\n\n script_name(english:\"Debian DSA-4529-1 : php7.0 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues were found in PHP, a widely-used open source\ngeneral purpose scripting language: Missing sanitising in the EXIF\nextension and the iconv_mime_decode_headers() function could result in\ninformation disclosure or denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/php7.0\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/php7.0\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4529\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the php7.0 packages.\n\nFor the oldstable distribution (stretch), these problems have been\nfixed in version 7.0.33-0+deb9u5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libapache2-mod-php7.0\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libphp7.0-embed\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-bcmath\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-bz2\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-cgi\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-cli\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-common\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-curl\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-dba\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-dev\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-enchant\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-fpm\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-gd\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-gmp\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-imap\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-interbase\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-intl\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-json\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-ldap\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-mbstring\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-mcrypt\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-mysql\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-odbc\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-opcache\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-pgsql\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-phpdbg\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-pspell\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-readline\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-recode\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-snmp\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-soap\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-sqlite3\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-sybase\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-tidy\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-xml\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-xmlrpc\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-xsl\", reference:\"7.0.33-0+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-zip\", reference:\"7.0.33-0+deb9u5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-12T15:58:11", "description": "According to the versions of the oniguruma package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.(CVE-2019-13224)\n\n - A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.(CVE-2019-13225)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.(CVE-2017-9228)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-09-30T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : oniguruma (EulerOS-SA-2019-2086)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9228", "CVE-2019-13224", "CVE-2019-13225"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:oniguruma", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2086.NASL", "href": "https://www.tenable.com/plugins/nessus/129445", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129445);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-9228\",\n \"CVE-2019-13224\",\n \"CVE-2019-13225\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : oniguruma (EulerOS-SA-2019-2086)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the oniguruma package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A use-after-free in onig_new_deluxe() in regext.c in\n Oniguruma 6.9.2 allows attackers to potentially cause\n information disclosure, denial of service, or possibly\n code execution by providing a crafted regular\n expression. The attacker provides a pair of a regex\n pattern and a string, with a multi-byte encoding that\n gets handled by onig_new_deluxe(). Oniguruma issues\n often affect Ruby, as well as common optional libraries\n for PHP and Rust.(CVE-2019-13224)\n\n - A NULL Pointer Dereference in match_at() in regexec.c\n in Oniguruma 6.9.2 allows attackers to potentially\n cause denial of service by providing a crafted regular\n expression. Oniguruma issues often affect Ruby, as well\n as common optional libraries for PHP and\n Rust.(CVE-2019-13225)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in\n Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP\n through 7.1.5. A heap out-of-bounds write occurs in\n bitset_set_range() during regular expression\n compilation due to an uninitialized variable from an\n incorrect state transition. An incorrect state\n transition in parse_char_class() could create an\n execution path that leaves a critical local variable\n uninitialized until it's used as an index, resulting in\n an out-of-bounds write memory\n corruption.(CVE-2017-9228)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2086\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d67741f3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected oniguruma packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:oniguruma\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"oniguruma-6.9.0-2.h2.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"oniguruma\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-29T16:30:33", "description": "This update for php5 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail() (bsc#1146360).\n\nCVE-2019-11042: Fixed heap buffer over-read in exif_process_user_comment() (bsc#1145095).\n\nCVE-2019-11043: Fixed possible remote code execution via env_path_info underflow in fpm_main.c (bsc#1154999).\n\nCVE-2019-11045: Fixed an issue with the PHP DirectoryIterator class that accepts filenames with embedded \\0 bytes (bsc#1159923).\n\nCVE-2019-11046: Fixed an out-of-bounds read in bc_shift_addsub (bsc#1159924).\n\nCVE-2019-11047: Fixed an information disclosure in exif_read_data (bsc#1159922).\n\nCVE-2019-11050: Fixed a buffer over-read in the EXIF extension (bsc#1159927).\n\nCVE-2020-7059: Fixed an out-of-bounds read in php_strip_tags_ex (bsc#1162629).\n\nCVE-2020-7060: Fixed a global buffer-overflow in mbfl_filt_conv_big5_wchar (bsc#1162632).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-03-02T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : php5 (SUSE-SU-2020:0522-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11041", "CVE-2019-11042", "CVE-2019-11043", "CVE-2019-11045", "CVE-2019-11046", "CVE-2019-11047", "CVE-2019-11050", "CVE-2020-7059", "CVE-2020-7060"], "modified": "2022-03-28T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php5", "p-cpe:/a:novell:suse_linux:apache2-mod_php5-debuginfo", "p-cpe:/a:novell:suse_linux:php5", "p-cpe:/a:novell:suse_linux:php5-bcmath", "p-cpe:/a:novell:suse_linux:php5-bcmath-debuginfo", "p-cpe:/a:novell:suse_linux:php5-bz2", "p-cpe:/a:novell:suse_linux:php5-bz2-debuginfo", "p-cpe:/a:novell:suse_linux:php5-calendar", "p-cpe:/a:novell:suse_linux:php5-calendar-debuginfo", "p-cpe:/a:novell:suse_linux:php5-ctype", "p-cpe:/a:novell:suse_linux:php5-ctype-debuginfo", "p-cpe:/a:novell:suse_linux:php5-curl", "p-cpe:/a:novell:suse_linux:php5-curl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-dba", "p-cpe:/a:novell:suse_linux:php5-dba-debuginfo", "p-cpe:/a:novell:suse_linux:php5-debuginfo", "p-cpe:/a:novell:suse_linux:php5-debugsource", "p-cpe:/a:novell:suse_linux:php5-dom", "p-cpe:/a:novell:suse_linux:php5-dom-debuginfo", "p-cpe:/a:novell:suse_linux:php5-enchant", "p-cpe:/a:novell:suse_linux:php5-enchant-debuginfo", "p-cpe:/a:novell:suse_linux:php5-exif", "p-cpe:/a:novell:suse_linux:php5-exif-debuginfo", "p-cpe:/a:novell:suse_linux:php5-fastcgi", "p-cpe:/a:novell:suse_linux:php5-fastcgi-debuginfo", "p-cpe:/a:novell:suse_linux:php5-fileinfo", "p-cpe:/a:novell:suse_linux:php5-fileinfo-debuginfo", "p-cpe:/a:novell:suse_linux:php5-fpm", "p-cpe:/a:novell:suse_linux:php5-fpm-debuginfo", "p-cpe:/a:novell:suse_linux:php5-ftp", "p-cpe:/a:novell:suse_linux:php5-ftp-debuginfo", "p-cpe:/a:novell:suse_linux:php5-gd", "p-cpe:/a:novell:suse_linux:php5-gd-debuginfo", "p-cpe:/a:novell:suse_linux:php5-gettext", "p-cpe:/a:novell:suse_linux:php5-gettext-debuginfo", "p-cpe:/a:novell:suse_linux:php5-gmp", "p-cpe:/a:novell:suse_linux:php5-gmp-debuginfo", "p-cpe:/a:novell:suse_linux:php5-iconv", "p-cpe:/a:novell:suse_linux:php5-iconv-debuginfo", "p-cpe:/a:novell:suse_linux:php5-imap", "p-cpe:/a:novell:suse_linux:php5-imap-debuginfo", "p-cpe:/a:novell:suse_linux:php5-intl", "p-cpe:/a:novell:suse_linux:php5-intl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-json", "p-cpe:/a:novell:suse_linux:php5-json-debuginfo", "p-cpe:/a:novell:suse_linux:php5-ldap", "p-cpe:/a:novell:suse_linux:php5-ldap-debuginfo", "p-cpe:/a:novell:suse_linux:php5-mbstring", "p-cpe:/a:novell:suse_linux:php5-mbstring-debuginfo", "p-cpe:/a:novell:suse_linux:php5-mcrypt", "p-cpe:/a:novell:suse_linux:php5-mcrypt-debuginfo", "p-cpe:/a:novell:suse_linux:php5-mysql", "p-cpe:/a:novell:suse_linux:php5-mysql-debuginfo", "p-cpe:/a:novell:suse_linux:php5-odbc", "p-cpe:/a:novell:suse_linux:php5-odbc-debuginfo", "p-cpe:/a:novell:suse_linux:php5-opcache", "p-cpe:/a:novell:suse_linux:php5-opcache-debuginfo", "p-cpe:/a:novell:suse_linux:php5-openssl", "p-cpe:/a:novell:suse_linux:php5-openssl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pcntl", "p-cpe:/a:novell:suse_linux:php5-pcntl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pdo", "p-cpe:/a:novell:suse_linux:php5-pdo-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pgsql", "p-cpe:/a:novell:suse_linux:php5-pgsql-debuginfo", "p-cpe:/a:novell:suse_linux:php5-phar", "p-cpe:/a:novell:suse_linux:php5-phar-debuginfo", "p-cpe:/a:novell:suse_linux:php5-posix", "p-cpe:/a:novell:suse_linux:php5-posix-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pspell", "p-cpe:/a:novell:suse_linux:php5-pspell-debuginfo", "p-cpe:/a:novell:suse_linux:php5-shmop", "p-cpe:/a:novell:suse_linux:php5-shmop-debuginfo", "p-cpe:/a:novell:suse_linux:php5-snmp", "p-cpe:/a:novell:suse_linux:php5-snmp-debuginfo", "p-cpe:/a:novell:suse_linux:php5-soap", "p-cpe:/a:novell:suse_linux:php5-soap-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sockets", "p-cpe:/a:novell:suse_linux:php5-sockets-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sqlite", "p-cpe:/a:novell:suse_linux:php5-sqlite-debuginfo", "p-cpe:/a:novell:suse_linux:php5-suhosin", "p-cpe:/a:novell:suse_linux:php5-suhosin-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sysvmsg", "p-cpe:/a:novell:suse_linux:php5-sysvmsg-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sysvsem", "p-cpe:/a:novell:suse_linux:php5-sysvsem-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sysvshm", "p-cpe:/a:novell:suse_linux:php5-sysvshm-debuginfo", "p-cpe:/a:novell:suse_linux:php5-tokenizer", "p-cpe:/a:novell:suse_linux:php5-tokenizer-debuginfo", "p-cpe:/a:novell:suse_linux:php5-wddx", "p-cpe:/a:novell:suse_linux:php5-wddx-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xmlreader", "p-cpe:/a:novell:suse_linux:php5-xmlreader-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xmlrpc", "p-cpe:/a:novell:suse_linux:php5-xmlrpc-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xmlwriter", "p-cpe:/a:novell:suse_linux:php5-xmlwriter-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xsl", "p-cpe:/a:novell:suse_linux:php5-xsl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-zip", "p-cpe:/a:novell:suse_linux:php5-zip-debuginfo", "p-cpe:/a:novell:suse_linux:php5-zlib", "p-cpe:/a:novell:suse_linux:php5-zlib-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-0522-1.NASL", "href": "https://www.tenable.com/plugins/nessus/134199", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:0522-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134199);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/28\");\n\n script_cve_id(\n \"CVE-2019-11041\",\n \"CVE-2019-11042\",\n \"CVE-2019-11043\",\n \"CVE-2019-11045\",\n \"CVE-2019-11046\",\n \"CVE-2019-11047\",\n \"CVE-2019-11050\",\n \"CVE-2020-7059\",\n \"CVE-2020-7060\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n\n script_name(english:\"SUSE SLES12 Security Update : php5 (SUSE-SU-2020:0522-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for php5 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail()\n(bsc#1146360).\n\nCVE-2019-11042: Fixed heap buffer over-read in\nexif_process_user_comment() (bsc#1145095).\n\nCVE-2019-11043: Fixed possible remote code execution via env_path_info\nunderflow in fpm_main.c (bsc#1154999).\n\nCVE-2019-11045: Fixed an issue with the PHP DirectoryIterator class\nthat accepts filenames with embedded \\0 bytes (bsc#1159923).\n\nCVE-2019-11046: Fixed an out-of-bounds read in bc_shift_addsub\n(bsc#1159924).\n\nCVE-2019-11047: Fixed an information disclosure in exif_read_data\n(bsc#1159922).\n\nCVE-2019-11050: Fixed a buffer over-read in the EXIF extension\n(bsc#1159927).\n\nCVE-2020-7059: Fixed an out-of-bounds read in php_strip_tags_ex\n(bsc#1162629).\n\nCVE-2020-7060: Fixed a global buffer-overflow in\nmbfl_filt_conv_big5_wchar (bsc#1162632).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1145095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146360\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159922\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159923\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159924\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159927\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1162629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1162632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11041/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11042/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11043/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11045/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11046/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11047/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11050/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-7059/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-7060/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20200522-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7e9a53cf\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2020-522=1\n\nSUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch\nSUSE-SLE-Module-Web-Scripting-12-2020-522=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11043\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP-FPM Underflow RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-suhosin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php5-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php5-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bcmath-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bcmath-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bz2-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bz2-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-calendar-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-calendar-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ctype-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ctype-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-curl-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-curl-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dba-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dba-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-debugsource-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dom-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dom-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-enchant-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-enchant-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-exif-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-exif-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fastcgi-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fastcgi-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fileinfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fileinfo-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fpm-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fpm-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ftp-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ftp-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gd-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gd-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gettext-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gettext-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gmp-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gmp-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-iconv-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-iconv-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-imap-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-imap-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-intl-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-intl-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-json-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-json-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ldap-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ldap-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mbstring-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mbstring-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mcrypt-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mcrypt-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mysql-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mysql-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-odbc-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-odbc-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-opcache-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-opcache-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-openssl-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-openssl-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pcntl-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pcntl-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pdo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pdo-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pgsql-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pgsql-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-phar-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-phar-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-posix-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-posix-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pspell-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pspell-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-shmop-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-shmop-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-snmp-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-snmp-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-soap-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-soap-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sockets-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sockets-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sqlite-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sqlite-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-suhosin-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-suhosin-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvmsg-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvmsg-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvsem-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvsem-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvshm-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvshm-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-tokenizer-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-tokenizer-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-wddx-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-wddx-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlreader-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlreader-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlrpc-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlrpc-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlwriter-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlwriter-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xsl-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xsl-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zip-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zip-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zlib-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zlib-debuginfo-5.5.14-109.68.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php5\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-25T18:54:55", "description": "The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-5861 advisory.\n\n - Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.\n (CVE-2018-12182)\n\n - A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust. (CVE-2019-13224)\n\n - A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust. (CVE-2019-13225)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-09-29T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : edk2 (ELSA-2020-5861)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12182", "CVE-2019-13224", "CVE-2019-13225", "CVE-2019-14553"], "modified": "2020-12-01T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:OVMF"], "id": "ORACLELINUX_ELSA-2020-5861.NASL", "href": "https://www.tenable.com/plugins/nessus/140930", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5861.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140930);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/01\");\n\n script_cve_id(\n \"CVE-2018-12182\",\n \"CVE-2019-13224\",\n \"CVE-2019-13225\",\n \"CVE-2019-14553\"\n );\n script_bugtraq_id(107648);\n\n script_name(english:\"Oracle Linux 7 : edk2 (ELSA-2020-5861)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2020-5861 advisory.\n\n - Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially\n enable escalation of privilege, information disclosure and/or denial of service via local access.\n (CVE-2018-12182)\n\n - A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause\n information disclosure, denial of service, or possibly code execution by providing a crafted regular\n expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that\n gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional\n libraries for PHP and Rust. (CVE-2019-13224)\n\n - A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially\n cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as\n well as common optional libraries for PHP and Rust. (CVE-2019-13225)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://linux.oracle.com/errata/ELSA-2020-5861.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected OVMF package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:OVMF\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\npkgs = [\n {'reference':'OVMF-1.3.2-1.el7', 'release':'7', 'epoch':'1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'OVMF');\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-22T17:43:14", "description": "According to the versions of the php packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened.(CVE-2015-5590)\n\n - Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted extract operation on a ZIP archive.(CVE-2016-6289)\n\n - php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object.(CVE-2016-5773)\n\n - spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.(CVE-2016-5771)\n\n - An out-of-bounds write flaw was found in the fpm_log_write() logging function of PHP's FastCGI Process Manager service. A remote attacker could repeatedly send maliciously crafted requests to force FPM to exhaust file system space, creating a denial of service and preventing further logging.(CVE-2016-5114)\n\n - Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer in the second argument.(CVE-2016-5096)\n\n - The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the _zero_,\n _one_, or _two_ global variable, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call.(CVE-2016-4538)\n\n - The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call.(CVE-2016-4537)\n\n - The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.(CVE-2015-8865)\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer.\n This may lead to information disclosure or crash.(CVE-2019-11040)\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer.\n This may lead to information disclosure or crash.(CVE-2019-11042)\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer.\n This may lead to information disclosure or crash.(CVE-2019-11041)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-09-17T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : php (EulerOS-SA-2019-1928)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5590", "CVE-2015-8865", "CVE-2016-4537", "CVE-2016-4538", "CVE-2016-5096", "CVE-2016-5114", "CVE-2016-5771", "CVE-2016-5773", "CVE-2016-6289", "CVE-2019-11040", "CVE-2019-11041", "CVE-2019-11042"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:php", "p-cpe:/a:huawei:euleros:php-cli", "p-cpe:/a:huawei:euleros:php-common", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2019-1928.NASL", "href": "https://www.tenable.com/plugins/nessus/128931", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128931);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2015-5590\",\n \"CVE-2015-8865\",\n \"CVE-2016-4537\",\n \"CVE-2016-4538\",\n \"CVE-2016-5096\",\n \"CVE-2016-5114\",\n \"CVE-2016-5771\",\n \"CVE-2016-5773\",\n \"CVE-2016-6289\",\n \"CVE-2019-11040\",\n \"CVE-2019-11041\",\n \"CVE-2019-11042\"\n );\n script_bugtraq_id(\n 75970\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : php (EulerOS-SA-2019-1928)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the php packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerabilities :\n\n - A flaw was found in the way the way PHP's Phar\n extension parsed Phar archives. A specially crafted\n archive could cause PHP to crash or, possibly, execute\n arbitrary code when opened.(CVE-2015-5590)\n\n - Integer overflow in the virtual_file_ex function in\n TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x\n before 5.6.24, and 7.x before 7.0.9 allows remote\n attackers to cause a denial of service (stack-based\n buffer overflow) or possibly have unspecified other\n impact via a crafted extract operation on a ZIP\n archive.(CVE-2016-6289)\n\n - php_zip.c in the zip extension in PHP before 5.5.37,\n 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly\n interacts with the unserialize implementation and\n garbage collection, which allows remote attackers to\n execute arbitrary code or cause a denial of service\n (use-after-free and application crash) via crafted\n serialized data containing a ZipArchive\n object.(CVE-2016-5773)\n\n - spl_array.c in the SPL extension in PHP before 5.5.37\n and 5.6.x before 5.6.23 improperly interacts with the\n unserialize implementation and garbage collection,\n which allows remote attackers to execute arbitrary code\n or cause a denial of service (use-after-free and\n application crash) via crafted serialized\n data.(CVE-2016-5771)\n\n - An out-of-bounds write flaw was found in the\n fpm_log_write() logging function of PHP's FastCGI\n Process Manager service. A remote attacker could\n repeatedly send maliciously crafted requests to force\n FPM to exhaust file system space, creating a denial of\n service and preventing further logging.(CVE-2016-5114)\n\n - Integer overflow in the fread function in\n ext/standard/file.c in PHP before 5.5.36 and 5.6.x\n before 5.6.22 allows remote attackers to cause a denial\n of service or possibly have unspecified other impact\n via a large integer in the second\n argument.(CVE-2016-5096)\n\n - The bcpowmod function in ext/bcmath/bcmath.c in PHP\n before 5.5.35, 5.6.x before 5.6.21, and 7.x before\n 7.0.6 modifies certain data structures without\n considering whether they are copies of the _zero_,\n _one_, or _two_ global variable, which allows remote\n attackers to cause a denial of service or possibly have\n unspecified other impact via a crafted\n call.(CVE-2016-4538)\n\n - The bcpowmod function in ext/bcmath/bcmath.c in PHP\n before 5.5.35, 5.6.x before 5.6.21, and 7.x before\n 7.0.6 accepts a negative integer for the scale\n argument, which allows remote attackers to cause a\n denial of service or possibly have unspecified other\n impact via a crafted call.(CVE-2016-4537)\n\n - The file_check_mem function in funcs.c in file before\n 5.23, as used in the Fileinfo component in PHP before\n 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5,\n mishandles continuation-level jumps, which allows\n context-dependent attackers to cause a denial of\n service (buffer overflow and application crash) or\n possibly execute arbitrary code via a crafted magic\n file.(CVE-2015-8865)\n\n - When PHP EXIF extension is parsing EXIF information\n from an image, e.g. via exif_read_data() function, in\n PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and\n 7.3.x below 7.3.6 it is possible to supply it with data\n what will cause it to read past the allocated buffer.\n This may lead to information disclosure or\n crash.(CVE-2019-11040)\n\n - When PHP EXIF extension is parsing EXIF information\n from an image, e.g. via exif_read_data() function, in\n PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and\n 7.3.x below 7.3.8 it is possible to supply it with data\n what will cause it to read past the allocated buffer.\n This may lead to information disclosure or\n crash.(CVE-2019-11042)\n\n - When PHP EXIF extension is parsing EXIF information\n from an image, e.g. via exif_read_data() function, in\n PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and\n 7.3.x below 7.3.8 it is possible to supply it with data\n what will cause it to read past the allocated buffer.\n This may lead to information disclosure or\n crash.(CVE-2019-11041)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1928\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?85a60e7f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5773\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"php-5.4.16-45.h14\",\n \"php-cli-5.4.16-45.h14\",\n \"php-common-5.4.16-45.h14\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-25T15:02:54", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:3662 advisory.\n\n - php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() (CVE-2019-11039)\n\n - php: Buffer over-read in exif_read_data() (CVE-2019-11040)\n\n - php: Heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041)\n\n - php: Heap buffer over-read in exif_process_user_comment() (CVE-2019-11042)\n\n - php: DirectoryIterator class accepts filenames with embedded \\0 byte and treats them as terminating at that byte (CVE-2019-11045)\n\n - php: Information disclosure in exif_read_data() (CVE-2019-11047)\n\n - php: Integer wraparounds when receiving multipart forms (CVE-2019-11048)\n\n - php: Out of bounds read when parsing EXIF information (CVE-2019-11050)\n\n - oniguruma: Use-after-free in onig_new_deluxe() in regext.c (CVE-2019-13224)\n\n - oniguruma: NULL pointer dereference in match_at() in regexec.c (CVE-2019-13225)\n\n - oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c (CVE-2019-16163)\n\n - oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c (CVE-2019-19203)\n\n - oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c (CVE-2019-19204)\n\n - oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c (CVE-2019-19246)\n\n - pcre: Out of bounds read in JIT mode when \\X is used in non-UTF mode (CVE-2019-20454)\n\n - php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059)\n\n - php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function (CVE-2020-7060)\n\n - php: NULL pointer dereference in PHP session upload progress (CVE-2020-7062)\n\n - php: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063)\n\n - php: Information disclosure in exif_read_data() function (CVE-2020-7064)\n\n - php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution (CVE-2020-7065)\n\n - php: Information disclosure in function get_headers (CVE-2020-7066)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-02-01T00:00:00", "type": "nessus", "title": "CentOS 8 : php:7.3 (CESA-2020:3662)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11039", "CVE-2019-11040", "CVE-2019-11041", "CVE-2019-11042", "CVE-2019-11045", "CVE-2019-11047", "CVE-2019-11048", "CVE-2019-11050", "CVE-2019-13224", "CVE-2019-13225", "CVE-2019-16163", "CVE-2019-19203", "CVE-2019-19204", "CVE-2019-19246", "CVE-2019-20454", "CVE-2020-7059", "CVE-2020-7060", "CVE-2020-7062", "CVE-2020-7063", "CVE-2020-7064", "CVE-2020-7065", "CVE-2020-7066"], "modified": "2021-03-23T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:apcu-panel", "p-cpe:/a:centos:centos:libzip", "p-cpe:/a:centos:centos:libzip-devel", "p-cpe:/a:centos:centos:libzip-tools", "p-cpe:/a:centos:centos:php", "p-cpe:/a:centos:centos:php-bcmath", "p-cpe:/a:centos:centos:php-cli", "p-cpe:/a:centos:centos:php-common", "p-cpe:/a:centos:centos:php-dba", "p-cpe:/a:centos:centos:php-dbg", "p-cpe:/a:centos:centos:php-devel", "p-cpe:/a:centos:centos:php-embedded", "p-cpe:/a:centos:centos:php-enchant", "p-cpe:/a:centos:centos:php-fpm", "p-cpe:/a:centos:centos:php-gd", "p-cpe:/a:centos:centos:php-gmp", "p-cpe:/a:centos:centos:php-intl", "p-cpe:/a:centos:centos:php-json", "p-cpe:/a:centos:centos:php-ldap", "p-cpe:/a:centos:centos:php-mbstring", "p-cpe:/a:centos:centos:php-mysqlnd", "p-cpe:/a:centos:centos:php-odbc", "p-cpe:/a:centos:centos:php-opcache", "p-cpe:/a:centos:centos:php-pdo", "p-cpe:/a:centos:centos:php-pear", "p-cpe:/a:centos:centos:php-pecl-apcu", "p-cpe:/a:centos:centos:php-pecl-apcu-devel", "p-cpe:/a:centos:centos:php-pecl-rrd", "p-cpe:/a:centos:centos:php-pecl-xdebug", "p-cpe:/a:centos:centos:php-pecl-zip", "p-cpe:/a:centos:centos:php-pgsql", "p-cpe:/a:centos:centos:php-process", "p-cpe:/a:centos:centos:php-recode", "p-cpe:/a:centos:centos:php-snmp", "p-cpe:/a:centos:centos:php-soap", "p-cpe:/a:centos:centos:php-xml", "p-cpe:/a:centos:centos:php-xmlrpc"], "id": "CENTOS8_RHSA-2020-3662.NASL", "href": "https://www.tenable.com/plugins/nessus/145957", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2020:3662. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145957);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/23\");\n\n script_cve_id(\n \"CVE-2019-11039\",\n \"CVE-2019-11040\",\n \"CVE-2019-11041\",\n \"CVE-2019-11042\",\n \"CVE-2019-11045\",\n \"CVE-2019-11047\",\n \"CVE-2019-11048\",\n \"CVE-2019-11050\",\n \"CVE-2019-13224\",\n \"CVE-2019-13225\",\n \"CVE-2019-16163\",\n \"CVE-2019-19203\",\n \"CVE-2019-19204\",\n \"CVE-2019-19246\",\n \"CVE-2019-20454\",\n \"CVE-2020-7059\",\n \"CVE-2020-7060\",\n \"CVE-2020-7062\",\n \"CVE-2020-7063\",\n \"CVE-2020-7064\",\n \"CVE-2020-7065\",\n \"CVE-2020-7066\"\n );\n script_bugtraq_id(108520, 108525);\n script_xref(name:\"RHSA\", value:\"2020:3662\");\n\n script_name(english:\"CentOS 8 : php:7.3 (CESA-2020:3662)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2020:3662 advisory.\n\n - php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() (CVE-2019-11039)\n\n - php: Buffer over-read in exif_read_data() (CVE-2019-11040)\n\n - php: Heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041)\n\n - php: Heap buffer over-read in exif_process_user_comment() (CVE-2019-11042)\n\n - php: DirectoryIterator class accepts filenames with embedded \\0 byte and treats them as terminating at\n that byte (CVE-2019-11045)\n\n - php: Information disclosure in exif_read_data() (CVE-2019-11047)\n\n - php: Integer wraparounds when receiving multipart forms (CVE-2019-11048)\n\n - php: Out of bounds read when parsing EXIF information (CVE-2019-11050)\n\n - oniguruma: Use-after-free in onig_new_deluxe() in regext.c (CVE-2019-13224)\n\n - oniguruma: NULL pointer dereference in match_at() in regexec.c (CVE-2019-13225)\n\n - oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c (CVE-2019-16163)\n\n - oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c (CVE-2019-19203)\n\n - oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c\n (CVE-2019-19204)\n\n - oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c (CVE-2019-19246)\n\n - pcre: Out of bounds read in JIT mode when \\X is used in non-UTF mode (CVE-2019-20454)\n\n - php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059)\n\n - php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function (CVE-2020-7060)\n\n - php: NULL pointer dereference in PHP session upload progress (CVE-2020-7062)\n\n - php: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063)\n\n - php: Information disclosure in exif_read_data() function (CVE-2020-7064)\n\n - php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution\n (CVE-2020-7065)\n\n - php: Information disclosure in function get_headers (CVE-2020-7066)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3662\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:apcu-panel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libzip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libzip-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libzip-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pecl-apcu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pecl-apcu-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pecl-rrd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pecl-xdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pecl-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-xmlrpc\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/php');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module php:7.3');\nif ('7.3' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module php:' + module_ver);\n\nappstreams = {\n 'php:7.3': [\n {'reference':'apcu-panel-5.1.17-1.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apcu-panel-5.1.17-1.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libzip-1.5.2-1.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libzip-1.5.2-1.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libzip-devel-1.5.2-1.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libzip-devel-1.5.2-1.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libzip-tools-1.5.2-1.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libzip-tools-1.5.2-1.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-bcmath-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-bcmath-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-cli-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-cli-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-common-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-common-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-dba-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-dba-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-dbg-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-dbg-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-devel-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-devel-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-embedded-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-embedded-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-enchant-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-enchant-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-fpm-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-fpm-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-gd-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-gd-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-gmp-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-gmp-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-intl-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-intl-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-json-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-json-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-ldap-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-ldap-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-mbstring-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-mbstring-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-mysqlnd-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-mysqlnd-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-odbc-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-odbc-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-opcache-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-opcache-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pdo-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pdo-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pear-1.10.9-1.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pear-1.10.9-1.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-apcu-5.1.17-1.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-apcu-5.1.17-1.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-apcu-devel-5.1.17-1.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-apcu-devel-5.1.17-1.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-rrd-2.0.1-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-rrd-2.0.1-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-xdebug-2.8.0-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-xdebug-2.8.0-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-zip-1.15.4-1.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-zip-1.15.4-1.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pgsql-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pgsql-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-process-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-process-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-recode-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-recode-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-snmp-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-snmp-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-soap-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-soap-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-xml-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-xml-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-xmlrpc-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-xmlrpc-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module php:7.3');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apcu-panel / libzip / libzip-devel / libzip-tools / php / php-bcmath / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-25T18:54:54", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-3662 advisory.\n\n - Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash. (CVE-2019-11039)\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. (CVE-2019-11040)\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. (CVE-2019-11041, CVE-2019-11042)\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.\n (CVE-2019-11047, CVE-2019-11050)\n\n - In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server. (CVE-2019-11048)\n\n - A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust. (CVE-2019-13225)\n\n - Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.\n (CVE-2019-16163)\n\n - An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string.\n This leads to a heap-based buffer over-read. (CVE-2019-19203)\n\n - Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c. (CVE-2019-19246)\n\n - An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \\X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c. (CVE-2019-20454)\n\n - In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash. (CVE-2020-7064)\n\n - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \\0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access. (CVE-2019-11045)\n\n - A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust. (CVE-2019-13224)\n\n - An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read. (CVE-2019-19204)\n\n - When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash. (CVE-2020-7059)\n\n - When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash. (CVE-2020-7060)\n\n - In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash. (CVE-2020-7062)\n\n - In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted. (CVE-2020-7063)\n\n - In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution. (CVE-2020-7065)\n\n - In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\\0) character, the URL will be silently truncated at it.\n This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server. (CVE-2020-7066)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-09-10T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : php:7.3 (ELSA-2020-3662)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11039", "CVE-2019-11040", "CVE-2019-11041", "CVE-2019-11042", "CVE-2019-11045", "CVE-2019-11047", "CVE-2019-11048", "CVE-2019-11050", "CVE-2019-13224", "CVE-2019-13225", "CVE-2019-16163", "CVE-2019-19203", "CVE-2019-19204", "CVE-2019-19246", "CVE-2019-20454", "CVE-2020-7059", "CVE-2020-7060", "CVE-2020-7062", "CVE-2020-7063", "CVE-2020-7064", "CVE-2020-7065", "CVE-2020-7066"], "modified": "2021-05-11T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:apcu-panel", "p-cpe:/a:oracle:linux:libzip", "p-cpe:/a:oracle:linux:libzip-devel", "p-cpe:/a:oracle:linux:libzip-tools", "p-cpe:/a:oracle:linux:php", "p-cpe:/a:oracle:linux:php-bcmath", "p-cpe:/a:oracle:linux:php-cli", "p-cpe:/a:oracle:linux:php-common", "p-cpe:/a:oracle:linux:php-dba", "p-cpe:/a:oracle:linux:php-dbg", "p-cpe:/a:oracle:linux:php-devel", "p-cpe:/a:oracle:linux:php-embedded", "p-cpe:/a:oracle:linux:php-enchant", "p-cpe:/a:oracle:linux:php-fpm", "p-cpe:/a:oracle:linux:php-gd", "p-cpe:/a:oracle:linux:php-gmp", "p-cpe:/a:oracle:linux:php-intl", "p-cpe:/a:oracle:linux:php-json", "p-cpe:/a:oracle:linux:php-ldap", "p-cpe:/a:oracle:linux:php-mbstring", "p-cpe:/a:oracle:linux:php-mysqlnd", "p-cpe:/a:oracle:linux:php-odbc", "p-cpe:/a:oracle:linux:php-opcache", "p-cpe:/a:oracle:linux:php-pdo", "p-cpe:/a:oracle:linux:php-pear", "p-cpe:/a:oracle:linux:php-pecl-apcu", "p-cpe:/a:oracle:linux:php-pecl-apcu-devel", "p-cpe:/a:oracle:linux:php-pecl-rrd", "p-cpe:/a:oracle:linux:php-pecl-xdebug", "p-cpe:/a:oracle:linux:php-pecl-zip", "p-cpe:/a:oracle:linux:php-pgsql", "p-cpe:/a:oracle:linux:php-process", "p-cpe:/a:oracle:linux:php-recode", "p-cpe:/a:oracle:linux:php-snmp", "p-cpe:/a:oracle:linux:php-soap", "p-cpe:/a:oracle:linux:php-xml", "p-cpe:/a:oracle:linux:php-xmlrpc"], "id": "ORACLELINUX_ELSA-2020-3662.NASL", "href": "https://www.tenable.com/plugins/nessus/140482", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-3662.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140482);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/11\");\n\n script_cve_id(\n \"CVE-2019-11039\",\n \"CVE-2019-11040\",\n \"CVE-2019-11041\",\n \"CVE-2019-11042\",\n \"CVE-2019-11045\",\n \"CVE-2019-11047\",\n \"CVE-2019-11048\",\n \"CVE-2019-11050\",\n \"CVE-2019-13224\",\n \"CVE-2019-13225\",\n \"CVE-2019-16163\",\n \"CVE-2019-19203\",\n \"CVE-2019-19204\",\n \"CVE-2019-19246\",\n \"CVE-2019-20454\",\n \"CVE-2020-7059\",\n \"CVE-2020-7060\",\n \"CVE-2020-7062\",\n \"CVE-2020-7063\",\n \"CVE-2020-7064\",\n \"CVE-2020-7065\",\n \"CVE-2020-7066\"\n );\n script_bugtraq_id(108520, 108525);\n\n script_name(english:\"Oracle Linux 8 : php:7.3 (ELSA-2020-3662)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-3662 advisory.\n\n - Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x\n below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may\n lead to information disclosure or crash. (CVE-2019-11039)\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in\n PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with\n data what will cause it to read past the allocated buffer. This may lead to information disclosure or\n crash. (CVE-2019-11040)\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in\n PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with\n data what will cause it to read past the allocated buffer. This may lead to information disclosure or\n crash. (CVE-2019-11041, CVE-2019-11042)\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in\n PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what\n will cause it to read past the allocated buffer. This may lead to information disclosure or crash.\n (CVE-2019-11047, CVE-2019-11050)\n\n - In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are\n allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized\n memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files\n created by upload request. This potentially could lead to accumulation of uncleaned temporary files\n exhausting the disk space on the target server. (CVE-2019-11048)\n\n - A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially\n cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as\n well as common optional libraries for PHP and Rust. (CVE-2019-13225)\n\n - Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.\n (CVE-2019-16163)\n\n - An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file\n gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string.\n This leads to a heap-based buffer over-read. (CVE-2019-19203)\n\n - Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in\n str_lower_case_match in regexec.c. (CVE-2019-19246)\n\n - An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \\X is JIT compiled and used to\n match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may\n be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in\n do_extuni_no_utf in pcre2_jit_compile.c. (CVE-2019-20454)\n\n - In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with\n exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of\n uninitialized memory. This could potentially lead to information disclosure or crash. (CVE-2020-7064)\n\n - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts\n filenames with embedded \\0 byte and treats them as terminating at that byte. This could lead to security\n vulnerabilities, e.g. in applications checking paths that the code is allowed to access. (CVE-2019-11045)\n\n - A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause\n information disclosure, denial of service, or possibly code execution by providing a crafted regular\n expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that\n gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional\n libraries for PHP and Rust. (CVE-2019-13224)\n\n - An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier\n (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This\n leads to a heap-based buffer over-read. (CVE-2019-19204)\n\n - When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x\n below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read\n past the allocated buffer. This may lead to information disclosure or crash. (CVE-2020-7059)\n\n - When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27,\n 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function\n mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or\n crash. (CVE-2020-7060)\n\n - In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload\n functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0\n (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist\n and encounter null pointer dereference, which would likely lead to a crash. (CVE-2020-7062)\n\n - In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive\n using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all\n access) even if the original files on the filesystem were with more restrictive permissions. This may\n result in files having more lax permissions than intended when such archive is extracted. (CVE-2020-7063)\n\n - In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with\n UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could\n lead to memory corruption, crashes and potentially code execution. (CVE-2020-7065)\n\n - In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers()\n with user-supplied URL, if the URL contains zero (\\0) character, the URL will be silently truncated at it.\n This may cause some software to make incorrect assumptions about the target of the get_headers() and\n possibly send some information to a wrong server. (CVE-2020-7066)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-3662.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:apcu-panel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libzip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libzip-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libzip-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pecl-apcu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pecl-apcu-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pecl-rrd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pecl-xdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pecl-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-xmlrpc\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/php');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module php:7.3');\nif ('7.3' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module php:' + module_ver);\n\nappstreams = {\n 'php:7.3': [\n {'reference':'apcu-panel-5.1.17-1.module+el8.2.0+5569+98c8b30d', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libzip-1.5.2-1.module+el8.2.0+5569+98c8b30d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libzip-1.5.2-1.module+el8.2.0+5569+98c8b30d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libzip-devel-1.5.2-1.module+el8.2.0+5569+98c8b30d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libzip-devel-1.5.2-1.module+el8.2.0+5569+98c8b30d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libzip-tools-1.5.2-1.module+el8.2.0+5569+98c8b30d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libzip-tools-1.5.2-1.module+el8.2.0+5569+98c8b30d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-bcmath-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-bcmath-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-cli-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-cli-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-common-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-common-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-dba-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-dba-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-dbg-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-dbg-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-devel-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-devel-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-embedded-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-embedded-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-enchant-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-enchant-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-fpm-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-fpm-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-gd-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-gd-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-gmp-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-gmp-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-intl-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-intl-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-json-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-json-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-ldap-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-ldap-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-mbstring-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-mbstring-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-mysqlnd-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-mysqlnd-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-odbc-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-odbc-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-opcache-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-opcache-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pdo-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pdo-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pear-1.10.9-1.module+el8.2.0+5569+98c8b30d', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'php-pecl-apcu-5.1.17-1.module+el8.2.0+5569+98c8b30d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-apcu-5.1.17-1.module+el8.2.0+5569+98c8b30d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-apcu-devel-5.1.17-1.module+el8.2.0+5569+98c8b30d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-apcu-devel-5.1.17-1.module+el8.2.0+5569+98c8b30d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-rrd-2.0.1-1.module+el8.2.0+5569+98c8b30d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-rrd-2.0.1-1.module+el8.2.0+5569+98c8b30d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-xdebug-2.8.0-1.module+el8.2.0+5569+98c8b30d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-xdebug-2.8.0-1.module+el8.2.0+5569+98c8b30d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-zip-1.15.4-1.module+el8.2.0+5569+98c8b30d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-zip-1.15.4-1.module+el8.2.0+5569+98c8b30d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pgsql-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pgsql-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-process-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-process-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-recode-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-recode-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-snmp-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-snmp-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-soap-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-soap-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-xml-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-xml-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-xmlrpc-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-xmlrpc-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module php:7.3');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apcu-panel / libzip / libzip-devel / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-25T18:55:22", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3662 advisory.\n\n - php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() (CVE-2019-11039)\n\n - php: Buffer over-read in exif_read_data() (CVE-2019-11040)\n\n - php: Heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041)\n\n - php: Heap buffer over-read in exif_process_user_comment() (CVE-2019-11042)\n\n - php: DirectoryIterator class accepts filenames with embedded \\0 byte and treats them as terminating at that byte (CVE-2019-11045)\n\n - php: Information disclosure in exif_read_data() (CVE-2019-11047)\n\n - php: Integer wraparounds when receiving multipart forms (CVE-2019-11048)\n\n - php: Out of bounds read when parsing EXIF information (CVE-2019-11050)\n\n - oniguruma: Use-after-free in onig_new_deluxe() in regext.c (CVE-2019-13224)\n\n - oniguruma: NULL pointer dereference in match_at() in regexec.c (CVE-2019-13225)\n\n - oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c (CVE-2019-16163)\n\n - oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c (CVE-2019-19203)\n\n - oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c (CVE-2019-19204)\n\n - oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c (CVE-2019-19246)\n\n - pcre: Out of bounds read in JIT mode when \\X is used in non-UTF mode (CVE-2019-20454)\n\n - php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059)\n\n - php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function (CVE-2020-7060)\n\n - php: NULL pointer dereference in PHP session upload progress (CVE-2020-7062)\n\n - php: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063)\n\n - php: Information disclosure in exif_read_data() function (CVE-2020-7064)\n\n - php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution (CVE-2020-7065)\n\n - php: Information disclosure in function get_headers (CVE-2020-7066)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-09-08T00:00:00", "type": "nessus", "title": "RHEL 8 : php:7.3 (RHSA-2020:3662)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11039", "CVE-2019-11040", "CVE-2019-11041", "CVE-2019-11042", "CVE-2019-11045", "CVE-2019-11047", "CVE-2019-11048", "CVE-2019-11050", "CVE-2019-13224", "CVE-2019-13225", "CVE-2019-16163", "CVE-2019-19203", "CVE-2019-19204", "CVE-2019-19246", "CVE-2019-20454", "CVE-2020-7059", "CVE-2020-7060", "CVE-2020-7062", "CVE-2020-7063", "CVE-2020-7064", "CVE-2020-7065", "CVE-2020-7066"], "modified": "2021-10-12T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_tus:8.2", "cpe:/o:redhat:rhel_tus:8.4", "p-cpe:/a:redhat:enterprise_linux:apcu-panel", "p-cpe:/a:redhat:enterprise_linux:libzip", "p-cpe:/a:redhat:enterprise_linux:libzip-devel", "p-cpe:/a:redhat:enterprise_linux:libzip-tools", "p-cpe:/a:redhat:enterprise_linux:php", "p-cpe:/a:redhat:enterprise_linux:php-bcmath", "p-cpe:/a:redhat:enterprise_linux:php-cli", "p-cpe:/a:redhat:enterprise_linux:php-common", "p-cpe:/a:redhat:enterprise_linux:php-dba", "p-cpe:/a:redhat:enterprise_linux:php-dbg", "p-cpe:/a:redhat:enterprise_linux:php-devel", "p-cpe:/a:redhat:enterprise_linux:php-embedded", "p-cpe:/a:redhat:enterprise_linux:php-enchant", "p-cpe:/a:redhat:enterprise_linux:php-fpm", "p-cpe:/a:redhat:enterprise_linux:php-gd", "p-cpe:/a:redhat:enterprise_linux:php-gmp", "p-cpe:/a:redhat:enterprise_linux:php-intl", "p-cpe:/a:redhat:enterprise_linux:php-json", "p-cpe:/a:redhat:enterprise_linux:php-ldap", "p-cpe:/a:redhat:enterprise_linux:php-mbstring", "p-cpe:/a:redhat:enterprise_linux:php-mysqlnd", "p-cpe:/a:redhat:enterprise_linux:php-odbc", "p-cpe:/a:redhat:enterprise_linux:php-opcache", "p-cpe:/a:redhat:enterprise_linux:php-pdo", "p-cpe:/a:redhat:enterprise_linux:php-pear", "p-cpe:/a:redhat:enterprise_linux:php-pecl-apcu", "p-cpe:/a:redhat:enterprise_linux:php-pecl-apcu-devel", "p-cpe:/a:redhat:enterprise_linux:php-pecl-rrd", "p-cpe:/a:redhat:enterprise_linux:php-pecl-xdebug", "p-cpe:/a:redhat:enterprise_linux:php-pecl-zip", "p-cpe:/a:redhat:enterprise_linux:php-pgsql", "p-cpe:/a:redhat:enterprise_linux:php-process", "p-cpe:/a:redhat:enterprise_linux:php-recode", "p-cpe:/a:redhat:enterprise_linux:php-snmp", "p-cpe:/a:redhat:enterprise_linux:php-soap", "p-cpe:/a:redhat:enterprise_linux:php-xml", "p-cpe:/a:redhat:enterprise_linux:php-xmlrpc"], "id": "REDHAT-RHSA-2020-3662.NASL", "href": "https://www.tenable.com/plugins/nessus/140396", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3662. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140396);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/12\");\n\n script_cve_id(\n \"CVE-2019-11039\",\n \"CVE-2019-11040\",\n \"CVE-2019-11041\",\n \"CVE-2019-11042\",\n \"CVE-2019-11045\",\n \"CVE-2019-11047\",\n \"CVE-2019-11048\",\n \"CVE-2019-11050\",\n \"CVE-2019-13224\",\n \"CVE-2019-13225\",\n \"CVE-2019-16163\",\n \"CVE-2019-19203\",\n \"CVE-2019-19204\",\n \"CVE-2019-19246\",\n \"CVE-2019-20454\",\n \"CVE-2020-7059\",\n \"CVE-2020-7060\",\n \"CVE-2020-7062\",\n \"CVE-2020-7063\",\n \"CVE-2020-7064\",\n \"CVE-2020-7065\",\n \"CVE-2020-7066\"\n );\n script_bugtraq_id(108520, 108525);\n script_xref(name:\"RHSA\", value:\"2020:3662\");\n script_xref(name:\"IAVB\", value:\"2019-B-0045-S\");\n script_xref(name:\"IAVA\", value:\"2019-A-0437-S\");\n script_xref(name:\"IAVB\", value:\"2019-B-0070-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0006-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0221-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0039-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0081-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0117-S\");\n\n script_name(english:\"RHEL 8 : php:7.3 (RHSA-2020:3662)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:3662 advisory.\n\n - php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() (CVE-2019-11039)\n\n - php: Buffer over-read in exif_read_data() (CVE-2019-11040)\n\n - php: Heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041)\n\n - php: Heap buffer over-read in exif_process_user_comment() (CVE-2019-11042)\n\n - php: DirectoryIterator class accepts filenames with embedded \\0 byte and treats them as terminating at\n that byte (CVE-2019-11045)\n\n - php: Information disclosure in exif_read_data() (CVE-2019-11047)\n\n - php: Integer wraparounds when receiving multipart forms (CVE-2019-11048)\n\n - php: Out of bounds read when parsing EXIF information (CVE-2019-11050)\n\n - oniguruma: Use-after-free in onig_new_deluxe() in regext.c (CVE-2019-13224)\n\n - oniguruma: NULL pointer dereference in match_at() in regexec.c (CVE-2019-13225)\n\n - oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c (CVE-2019-16163)\n\n - oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c (CVE-2019-19203)\n\n - oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c\n (CVE-2019-19204)\n\n - oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c (CVE-2019-19246)\n\n - pcre: Out of bounds read in JIT mode when \\X is used in non-UTF mode (CVE-2019-20454)\n\n - php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059)\n\n - php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function (CVE-2020-7060)\n\n - php: NULL pointer dereference in PHP session upload progress (CVE-2020-7062)\n\n - php: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063)\n\n - php: Information disclosure in exif_read_data() function (CVE-2020-7064)\n\n - php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution\n (CVE-2020-7065)\n\n - php: Information disclosure in function get_headers (CVE-2020-7066)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/119.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/120.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/121.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/125.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/170.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/190.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/284.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/476.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/674.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/787.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11039\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13224\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13225\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19246\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-20454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-7059\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-7060\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-7062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-7063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-7064\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-7065\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-7066\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1724152\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1724154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1728965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1728970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1735494\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1739459\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1739465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1768997\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1777537\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1786570\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1786572\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788258\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1797776\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1797779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1802061\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1802068\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1808532\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1808536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1820601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1820604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1820627\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1837842\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 120, 121, 125, 170, 190, 200, 284, 400, 416, 476, 674, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apcu-panel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libzip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libzip-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libzip-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pecl-apcu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pecl-apcu-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pecl-rrd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pecl-xdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pecl-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_8_appstream': [\n 'rhel-8-for-aarch64-appstream-debug-rpms',\n 'rhel-8-for-aarch64-appstream-rpms',\n 'rhel-8-for-aarch64-appstream-source-rpms',\n 'rhel-8-for-s390x-appstream-debug-rpms',\n 'rhel-8-for-s390x-appstream-rpms',\n 'rhel-8-for-s390x-appstream-source-rpms',\n 'rhel-8-for-x86_64-appstream-debug-rpms',\n 'rhel-8-for-x86_64-appstream-rpms',\n 'rhel-8-for-x86_64-appstream-source-rpms'\n ],\n 'enterprise_linux_8_baseos': [\n 'rhel-8-for-aarch64-baseos-debug-rpms',\n 'rhel-8-for-aarch64-baseos-rpms',\n 'rhel-8-for-aarch64-baseos-source-rpms',\n 'rhel-8-for-s390x-baseos-debug-rpms',\n 'rhel-8-for-s390x-baseos-rpms',\n 'rhel-8-for-s390x-baseos-source-rpms',\n 'rhel-8-for-x86_64-baseos-debug-rpms',\n 'rhel-8-for-x86_64-baseos-rpms',\n 'rhel-8-for-x86_64-baseos-source-rpms'\n ],\n 'enterprise_linux_8_crb': [\n 'codeready-builder-for-rhel-8-aarch64-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-rpms',\n 'codeready-builder-for-rhel-8-aarch64-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-rpms',\n 'codeready-builder-for-rhel-8-s390x-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-rpms',\n 'codeready-builder-for-rhel-8-x86_64-source-rpms'\n ],\n 'enterprise_linux_8_highavailability': [\n 'rhel-8-for-aarch64-highavailability-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-rpms',\n 'rhel-8-for-aarch64-highavailability-source-rpms',\n 'rhel-8-for-s390x-highavailability-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-rpms',\n 'rhel-8-for-s390x-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-rpms',\n 'rhel-8-for-x86_64-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'enterprise_linux_8_nfv': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'enterprise_linux_8_realtime': [\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'enterprise_linux_8_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-rpms',\n 'rhel-8-for-s390x-resilientstorage-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-rpms',\n 'rhel-8-for-x86_64-resilientstorage-source-rpms'\n ],\n 'enterprise_linux_8_sap': [\n 'rhel-8-for-s390x-sap-netweaver-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-rpms',\n 'rhel-8-for-s390x-sap-netweaver-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-source-rpms'\n ],\n 'enterprise_linux_8_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-rpms',\n 'rhel-8-for-x86_64-sap-solutions-source-rpms'\n ],\n 'enterprise_linux_8_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-rpms',\n 'rhel-8-for-aarch64-supplementary-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-rpms',\n 'rhel-8-for-s390x-supplementary-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-rpms',\n 'rhel-8-for-x86_64-supplementary-source-rpms'\n ],\n 'rhel_aus_8_2_appstream': [\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms__8_DOT_2'\n ],\n 'rhel_aus_8_2_baseos': [\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms__8_DOT_2'\n ],\n 'rhel_aus_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms__8_DOT_4'\n ],\n 'rhel_aus_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_2_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_baseos': [\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_highavailability': [\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_sap': [\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_highavailability': [\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_sap': [\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_2_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms'\n ],\n 'rhel_eus_8_2_baseos': [\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms',\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-baseos-eus-rpms',\n 'rhel-8-for-aarch64-baseos-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-baseos-eus-rpms',\n 'rhel-8-for-s390x-baseos-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-baseos-eus-source-rpms',\n 'rhel-8-for-s390x-baseos-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-eus-rpms',\n 'rhel-8-for-x86_64-baseos-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms'\n ],\n 'rhel_eus_8_2_crb': [\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_highavailability': [\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'rhel_eus_8_2_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_sap': [\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_4_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms'\n ],\n 'rhel_eus_8_4_baseos': [\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms',\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-baseos-eus-rpms',\n 'rhel-8-for-aarch64-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-rpms',\n 'rhel-8-for-s390x-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-source-rpms',\n 'rhel-8-for-s390x-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-eus-rpms',\n 'rhel-8-for-x86_64-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms'\n ],\n 'rhel_eus_8_4_crb': [\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_highavailability': [\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'rhel_eus_8_4_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_sap': [\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_extras_nfv_8': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'rhel_extras_rt_8': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'rhel_tus_8_2_appstream': [\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms__8_DOT_2'\n ],\n 'rhel_tus_8_2_baseos': [\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms__8_DOT_2'\n ],\n 'rhel_tus_8_2_highavailability': [\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms__8_DOT_2'\n ],\n 'rhel_tus_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms__8_DOT_4'\n ],\n 'rhel_tus_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms__8_DOT_4'\n ],\n 'rhel_tus_8_4_highavailability': [\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms__8_DOT_4'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nvar enterprise_linux_flag = rhel_repo_sets_has_enterprise_linux(repo_sets:repo_sets);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'apcu-panel-5.1.17-1.module+el8.1.0+3189+a1bff096', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'libzip-1.5.2-1.module+el8.1.0+3189+a1bff096', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'libzip-1.5.2-1.module+el8.1.0+3189+a1bff096', 'cpu':'s390x', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'libzip-1.5.2-1.module+el8.1.0+3189+a1bff096', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'libzip-devel-1.5.2-1.module+el8.1.0+3189+a1bff096', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'libzip-devel-1.5.2-1.module+el8.1.0+3189+a1bff096', 'cpu':'s390x', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'libzip-devel-1.5.2-1.module+el8.1.0+3189+a1bff096', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'libzip-tools-1.5.2-1.module+el8.1.0+3189+a1bff096', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'libzip-tools-1.5.2-1.module+el8.1.0+3189+a1bff096', 'cpu':'s390x', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'libzip-tools-1.5.2-1.module+el8.1.0+3189+a1bff096', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'php-7.3.20-1.module+el8.2.0+7373+b272fdef', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'php-7.3.20-1.module+el8.2.0+7373+b272fdef', 'cpu':'s390x', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'php-7.3.20-1.module+el8.2.0+7373+b272fdef', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'php-bcmath-7.3.20-1.module+el8.2.0+7373+b272fdef', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'php-bcmath-7.3.20-1.module+el8.2.0+7373+b272fdef', 'cpu':'s390x', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'php-bcmath-7.3.20-1.module+el8.2.0+7373+b272fdef', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'php-cli-7.3.20-1.module+el8.2.0+7373+b272fdef', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'php-cli-7.3.20-1.module+el8.2.0+7373+b272fdef', 'cpu':'s390x', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'php-cli-7.3.20-1.module+el8.2.0+7373+b272fdef', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'php-common-7.3.20-1.module+el8.2.0+7373+b272fdef', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'php-common-7.3.20-1.module+el8.2.0+7373+b272fdef', 'cpu':'s390x', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'php-common-7.3.20-1.module+el8.2.0+7373+b272fdef', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'php-dba-7.3.20-1.module+el8.2.0+7373+b272fdef', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'php-dba-7.3.20-1.module+el8.2.0+7373+b272fdef', 'cpu':'s390x', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'php-dba-7.3.20-1.module+el8.2.0+7373+b272fdef', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'php-dbg-7.3.20-1.module+el8.2.0+7373+b272fdef', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'php-dbg-7.3.20-1.module+el8.2.0+7373+b272fdef', 'cpu':'s390x', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'php-dbg-7.3.20-1.module+el8.2.0+7373+b272fdef', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'php-devel-7.3.20-1.module+el8.2.0+7373+b272fdef', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'php-devel-7.3.20-1.module+el8.2.0+7373+b272fdef', 'cpu':'s390x', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'php-devel-7.3.20-1.module+el8.2.0+7373+b272fdef', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'php-embedded-7.3.20-1.module+el8.2.0+7373+b272fdef', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'php-embedded-7.3.20-1.module+el8.2.0+7373+b272fdef', 'cpu':'s390x', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'php-embedded-7.3.20-1.module+el8.2.0+7373+b272fdef', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'php-enchant-7.3.20-1.module+el8.2.0+7373+b272fdef', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'php-enchant-7.3.20-1.module+el8.2.0+7373+b272fdef', 'cpu':'s390x', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'php-enchant-7.3.20-1.module+el8.2.0+7373+b272fdef', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'php-fpm-7.3.20-1.module+el8.2.0+7373+b272fdef', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'php-fpm-7.3.20-1.module+el8.2.0+7373+b272fdef', 'cpu':'s390x', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'php-fpm-7
Low: php71, php73
