DATABASE RESOURCES PRICING ABOUT US

{"id": "CLSA-2023:1678395661", "vendorId": null, "type": "cloudlinux", "bulletinFamily": "unix", "title": "php: Fix of 3 CVEs", "description": "- CVE-2023-0567: crypt: Fix validation of malformed BCrypt hashes\n- CVE-2023-0568: Fix array overrun when appending slash to paths\n- CVE-2023-0662: Fix DoS vulnerability when parsing multipart request body", "published": "2023-03-09T21:01:01", "modified": "2023-03-09T21:01:01", "epss": [{"cve": "CVE-2023-0567", "epss": 0.00045, "percentile": 0.12321, "modified": "2023-06-03"}, {"cve": "CVE-2023-0568", "epss": 0.00087, "percentile": 0.36014, "modified": "2023-06-03"}, {"cve": "CVE-2023-0662", "epss": 0.00046, "percentile": 0.13993, "modified": "2023-06-03"}], "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "HIGH", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 5.1}, "severity": "MEDIUM", "exploitabilityScore": 4.9, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.2, "impactScore": 5.9}, "href": "https://repo.cloudlinux.com/centos6-els/updateinfo.xml", "reporter": "CloudLinux", "references": [], "cvelist": ["CVE-2023-0567", "CVE-2023-0568", "CVE-2023-0662"], "immutableFields": [], "lastseen": "2023-06-03T18:23:19", "viewCount": 19, "enchantments": {"dependencies": {"references": [{"type": "alpinelinux", "idList": ["ALPINE:CVE-2023-0567", "ALPINE:CVE-2023-0568", "ALPINE:CVE-2023-0662"]}, {"type": "altlinux", "idList": ["27D393F8D4D2B1551BAB9E095CFEE955", "962EFAD88EA64F807BF8478562B07F29", "A0C6C615CF0B36A64DEC35A0F1F02B53"]}, {"type": "cve", "idList": ["CVE-2023-0567", "CVE-2023-0568", "CVE-2023-0662"]}, {"type": "debian", "idList": ["DEBIAN:DLA-3345-1:E3C58", "DEBIAN:DSA-5363-1:5B9AA"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2023-0567", "DEBIANCVE:CVE-2023-0568", "DEBIANCVE:CVE-2023-0662"]}, {"type": "fedora", "idList": ["FEDORA:08777305F846", "FEDORA:456663045996"]}, {"type": "github", "idList": ["GHSA-95X4-J7VC-H8MF"]}, {"type": "hp", "idList": ["HPSBHF03842"]}, {"type": "mageia", "idList": ["MGASA-2023-0065"]}, {"type": "nessus", "idList": ["AL2023_ALAS2023-2023-139.NASL", "DEBIAN_DLA-3345.NASL", "DEBIAN_DSA-5363.NASL", "FEDORA_2023-452714DBC6.NASL", "FEDORA_2023-D12FF09D38.NASL", "MARINER_PHP_CVE-2023-0567.NASL", "MARINER_PHP_CVE-2023-0568.NASL", "MARINER_PHP_CVE-2023-0662.NASL", "PHP_8_0_28.NASL", "PHP_8_1_16.NASL", "PHP_8_2_3.NASL", "SECURITYCENTER_6_1_0_TNS_2023_16.NASL", "SECURITYCENTER_TNS_2023_18.NASL", "SLACKWARE_SSA_2023-045-02.NASL", "SUSE_SU-2023-0476-1.NASL", "SUSE_SU-2023-0513-1.NASL", "SUSE_SU-2023-0514-1.NASL", "SUSE_SU-2023-0515-1.NASL", "SUSE_SU-2023-0527-1.NASL", "UBUNTU_USN-5902-1.NASL", "UBUNTU_USN-5905-1.NASL", "UBUNTU_USN-6053-1.NASL", "WEB_APPLICATION_SCANNING_113581", "WEB_APPLICATION_SCANNING_113582", "WEB_APPLICATION_SCANNING_113583"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2023"]}, {"type": "osv", "idList": ["OSV:DLA-3345-1", "OSV:DSA-5363-1", "OSV:GHSA-95X4-J7VC-H8MF"]}, {"type": "redhatcve", "idList": ["RH:CVE-2023-0567", "RH:CVE-2023-0568", "RH:CVE-2023-0662"]}, {"type": "redos", "idList": ["ROS-20230418-02"]}, {"type": "slackware", "idList": ["SSA-2023-045-02"]}, {"type": "ubuntu", "idList": ["USN-5902-1", "USN-5905-1", "USN-6053-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2023-0567", "UB:CVE-2023-0568", "UB:CVE-2023-0662"]}, {"type": "veracode", "idList": ["VERACODE:39322", "VERACODE:39323", "VERACODE:39325"]}]}, "score": {"value": 7.2, "vector": "NONE"}, "epss": [{"cve": "CVE-2023-0567", "epss": 0.00045, "percentile": 0.12316, "modified": "2023-05-02"}, {"cve": "CVE-2023-0568", "epss": 0.00087, "percentile": 0.35927, "modified": "2023-05-02"}, {"cve": "CVE-2023-0662", "epss": 0.00046, "percentile": 0.13987, "modified": "2023-05-02"}], "vulnersScore": 7.2}, "_state": {"dependencies": 0, "score": 1685816800, "epss": 0}, "_internal": {"score_hash": "efe290a280b826ebf60a83d242982ee4"}, "affectedPackage": [{"OS": "Centos", "OSVersion": "6", "arch": "x86_64", "packageVersion": "5.3.3", "packageFilename": "php-5.3.3-55.el6.tuxcare.els4.src.rpm", "operator": "lt", "packageName": "php"}, {"OS": "Centos", "OSVersion": "6", "arch": "x86_64", "packageVersion": "5.3.3", "packageFilename": "php-5.3.3-55.el6.tuxcare.els4.src.rpm", "operator": "lt", "packageName": "php-bcmath"}, {"OS": "Centos", "OSVersion": "6", "arch": "x86_64", "packageVersion": "5.3.3", "packageFilename": "php-5.3.3-55.el6.tuxcare.els4.src.rpm", "operator": "lt", "packageName": "php-cli"}, {"OS": "Centos", "OSVersion": "6", "arch": "x86_64", "packageVersion": "5.3.3", "packageFilename": "php-5.3.3-55.el6.tuxcare.els4.src.rpm", "operator": "lt", "packageName": "php-common"}, {"OS": "Centos", "OSVersion": "6", "arch": "x86_64", "packageVersion": "5.3.3", "packageFilename": "php-5.3.3-55.el6.tuxcare.els4.src.rpm", "operator": "lt", "packageName": "php-dba"}, {"OS": "Centos", "OSVersion": "6", "arch": "x86_64", "packageVersion": "5.3.3", "packageFilename": "php-5.3.3-55.el6.tuxcare.els4.src.rpm", "operator": "lt", "packageName": "php-devel"}, {"OS": "Centos", "OSVersion": "6", "arch": "x86_64", "packageVersion": "5.3.3", "packageFilename": "php-5.3.3-55.el6.tuxcare.els4.src.rpm", "operator": "lt", "packageName": "php-embedded"}, {"OS": "Centos", "OSVersion": "6", "arch": "x86_64", "packageVersion": "5.3.3", "packageFilename": "php-5.3.3-55.el6.tuxcare.els4.src.rpm", "operator": "lt", "packageName": "php-enchant"}, {"OS": "Centos", "OSVersion": "6", "arch": "x86_64", "packageVersion": "5.3.3", "packageFilename": "php-5.3.3-55.el6.tuxcare.els4.src.rpm", "operator": "lt", "packageName": "php-fpm"}, {"OS": "Centos", "OSVersion": "6", "arch": "x86_64", "packageVersion": "5.3.3", "packageFilename": "php-5.3.3-55.el6.tuxcare.els4.src.rpm", "operator": "lt", "packageName": "php-gd"}, {"OS": "Centos", "OSVersion": "6", "arch": "x86_64", "packageVersion": "5.3.3", "packageFilename": "php-5.3.3-55.el6.tuxcare.els4.src.rpm", "operator": "lt", "packageName": "php-imap"}, {"OS": "Centos", "OSVersion": "6", "arch": "x86_64", "packageVersion": "5.3.3", "packageFilename": "php-5.3.3-55.el6.tuxcare.els4.src.rpm", "operator": "lt", "packageName": "php-intl"}, {"OS": "Centos", "OSVersion": "6", "arch": "x86_64", "packageVersion": "5.3.3", "packageFilename": "php-5.3.3-55.el6.tuxcare.els4.src.rpm", "operator": "lt", "packageName": "php-ldap"}, {"OS": "Centos", "OSVersion": "6", "arch": "x86_64", "packageVersion": "5.3.3", "packageFilename": "php-5.3.3-55.el6.tuxcare.els4.src.rpm", "operator": "lt", "packageName": "php-mbstring"}, {"OS": "Centos", "OSVersion": "6", "arch": "x86_64", "packageVersion": "5.3.3", "packageFilename": "php-5.3.3-55.el6.tuxcare.els4.src.rpm", "operator": "lt", "packageName": "php-mysql"}, {"OS": "Centos", "OSVersion": "6", "arch": "x86_64", "packageVersion": "5.3.3", "packageFilename": "php-5.3.3-55.el6.tuxcare.els4.src.rpm", "operator": "lt", "packageName": "php-odbc"}, {"OS": "Centos", "OSVersion": "6", "arch": "x86_64", "packageVersion": "5.3.3", "packageFilename": "php-5.3.3-55.el6.tuxcare.els4.src.rpm", "operator": "lt", "packageName": "php-pdo"}, {"OS": "Centos", "OSVersion": "6", "arch": "x86_64", "packageVersion": "5.3.3", "packageFilename": "php-5.3.3-55.el6.tuxcare.els4.src.rpm", "operator": "lt", "packageName": "php-pgsql"}, {"OS": "Centos", "OSVersion": "6", "arch": "x86_64", "packageVersion": "5.3.3", "packageFilename": "php-5.3.3-55.el6.tuxcare.els4.src.rpm", "operator": "lt", "packageName": "php-process"}, {"OS": "Centos", "OSVersion": "6", "arch": "x86_64", "packageVersion": "5.3.3", "packageFilename": "php-5.3.3-55.el6.tuxcare.els4.src.rpm", "operator": "lt", "packageName": "php-pspell"}, {"OS": "Centos", "OSVersion": "6", "arch": "x86_64", "packageVersion": "5.3.3", "packageFilename": "php-5.3.3-55.el6.tuxcare.els4.src.rpm", "operator": "lt", "packageName": "php-recode"}, {"OS": "Centos", "OSVersion": "6", "arch": "x86_64", "packageVersion": "5.3.3", "packageFilename": "php-5.3.3-55.el6.tuxcare.els4.src.rpm", "operator": "lt", "packageName": "php-snmp"}, {"OS": "Centos", "OSVersion": "6", "arch": "x86_64", "packageVersion": "5.3.3", "packageFilename": "php-5.3.3-55.el6.tuxcare.els4.src.rpm", "operator": "lt", "packageName": "php-soap"}, {"OS": "Centos", "OSVersion": "6", "arch": "x86_64", "packageVersion": "5.3.3", "packageFilename": "php-5.3.3-55.el6.tuxcare.els4.src.rpm", "operator": "lt", "packageName": "php-tidy"}, {"OS": "Centos", "OSVersion": "6", "arch": "x86_64", "packageVersion": "5.3.3", "packageFilename": "php-5.3.3-55.el6.tuxcare.els4.src.rpm", "operator": "lt", "packageName": "php-xml"}, {"OS": "Centos", "OSVersion": "6", "arch": "x86_64", "packageVersion": "5.3.3", "packageFilename": "php-5.3.3-55.el6.tuxcare.els4.src.rpm", "operator": "lt", "packageName": "php-xmlrpc"}, {"OS": "Centos", "OSVersion": "6", "arch": "x86_64", "packageVersion": "5.3.3", "packageFilename": "php-5.3.3-55.el6.tuxcare.els4.src.rpm", "operator": "lt", "packageName": "php-zts"}]}

{"altlinux": [{"lastseen": "2023-05-07T11:55:03", "description": "8.1.16-alt1 built Feb. 17, 2023 Anton Farygin in task #315276\n\nFeb. 15, 2023 Anton Farygin\n \n \n - 8.1.15 -> 8.1.16 (Fixes: CVE-2023-0567, CVE-2023-0568, CVE-2023-0662)\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-17T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 10 package php8.1 version 8.1.16-alt1", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2023-0567", "CVE-2023-0568", "CVE-2023-0662"], "modified": "2023-02-17T00:00:00", "id": "27D393F8D4D2B1551BAB9E095CFEE955", "href": "https://packages.altlinux.org/en/p10/srpms/php8.1/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-07T11:56:15", "description": "8.2.3-alt1 built Feb. 21, 2023 Anton Farygin in task #315258\n\nFeb. 14, 2023 Anton Farygin\n \n \n - 8.2.2 -> 8.2.3 (Fixes: CVE-2023-0567, CVE-2023-0568, CVE-2023-0662)\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-21T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 10 package php8.2 version 8.2.3-alt1", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2023-0567", "CVE-2023-0568", "CVE-2023-0662"], "modified": "2023-02-21T00:00:00", "id": "A0C6C615CF0B36A64DEC35A0F1F02B53", "href": "https://packages.altlinux.org/en/p10/srpms/php8.2/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-07T11:55:38", "description": "8.0.28-alt1 built Feb. 21, 2023 Anton Farygin in task #315278\n\nFeb. 14, 2023 Anton Farygin\n \n \n - 8.0.27 -> 8.0.28 (Fixes: CVE-2023-0567, CVE-2023-0568, CVE-2023-0662)\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-21T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 10 package php8.0 version 8.0.28-alt1", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2023-0567", "CVE-2023-0568", "CVE-2023-0662"], "modified": "2023-02-21T00:00:00", "id": "962EFAD88EA64F807BF8478562B07F29", "href": "https://packages.altlinux.org/en/p10/srpms/php8.0/", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2023-05-17T16:41:28", "description": "The version of PHP installed on the remote host is prior to 8.2.3. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.2.3 advisory.\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. (CVE-2023-0568)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. (CVE-2023-0567)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-14T00:00:00", "type": "nessus", "title": "PHP 8.2.x < 8.2.3 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-0567", "CVE-2023-0568", "CVE-2023-0662"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_8_2_3.NASL", "href": "https://www.tenable.com/plugins/nessus/171466", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171466);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2023-0567\", \"CVE-2023-0568\", \"CVE-2023-0662\");\n script_xref(name:\"IAVA\", value:\"2023-A-0105\");\n\n script_name(english:\"PHP 8.2.x < 8.2.3 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version PHP running on the remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of PHP installed on the remote host is prior to 8.2.3. It is, therefore, affected by multiple\nvulnerabilities as referenced in the Version 8.2.3 advisory.\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function\n allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting,\n this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to\n unauthorized data access or modification. (CVE-2023-0568)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may\n accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database,\n it may lead to an application allowing any password for this entry as valid. (CVE-2023-0567)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP\n form upload can cause high resource consumption and excessive number of log entries. This can cause denial\n of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://bugs.php.net/81744\");\n script_set_attribute(attribute:\"see_also\", value:\"http://bugs.php.net/81746\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-8.php#8.2.3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 8.2.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-0568\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('http.inc');\n\nvar port = get_http_port(default:80, php:TRUE);\nvar app_info = vcf::get_app_info(app:'PHP', port:port, webapp:TRUE);\n\nvar backported = get_kb_item('www/php/' + port + '/' + app_info.version + '/backported');\nif ((report_paranoia < 2) && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, 'PHP ' + app_info.version + ' install');\n\nvar constraints = [\n { 'min_version' : '8.2.0alpha1', 'fixed_version' : '8.2.3' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:44:33", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0515-1 advisory.\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. (CVE-2023-0567)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. (CVE-2023-0568)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-25T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : php74 (SUSE-SU-2023:0515-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-0567", "CVE-2023-0568", "CVE-2023-0662"], "modified": "2023-03-07T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php74", "p-cpe:/a:novell:suse_linux:php74", "p-cpe:/a:novell:suse_linux:php74-bcmath", "p-cpe:/a:novell:suse_linux:php74-bz2", "p-cpe:/a:novell:suse_linux:php74-calendar", "p-cpe:/a:novell:suse_linux:php74-ctype", "p-cpe:/a:novell:suse_linux:php74-curl", "p-cpe:/a:novell:suse_linux:php74-dba", "p-cpe:/a:novell:suse_linux:php74-devel", "p-cpe:/a:novell:suse_linux:php74-dom", "p-cpe:/a:novell:suse_linux:php74-enchant", "p-cpe:/a:novell:suse_linux:php74-exif", "p-cpe:/a:novell:suse_linux:php74-fastcgi", "p-cpe:/a:novell:suse_linux:php74-fileinfo", "p-cpe:/a:novell:suse_linux:php74-fpm", "p-cpe:/a:novell:suse_linux:php74-ftp", "p-cpe:/a:novell:suse_linux:php74-gd", "p-cpe:/a:novell:suse_linux:php74-gettext", "p-cpe:/a:novell:suse_linux:php74-gmp", "p-cpe:/a:novell:suse_linux:php74-iconv", "p-cpe:/a:novell:suse_linux:php74-intl", "p-cpe:/a:novell:suse_linux:php74-json", "p-cpe:/a:novell:suse_linux:php74-ldap", "p-cpe:/a:novell:suse_linux:php74-mbstring", "p-cpe:/a:novell:suse_linux:php74-mysql", "p-cpe:/a:novell:suse_linux:php74-odbc", "p-cpe:/a:novell:suse_linux:php74-opcache", "p-cpe:/a:novell:suse_linux:php74-openssl", "p-cpe:/a:novell:suse_linux:php74-pcntl", "p-cpe:/a:novell:suse_linux:php74-pdo", "p-cpe:/a:novell:suse_linux:php74-pgsql", "p-cpe:/a:novell:suse_linux:php74-phar", "p-cpe:/a:novell:suse_linux:php74-posix", "p-cpe:/a:novell:suse_linux:php74-readline", "p-cpe:/a:novell:suse_linux:php74-shmop", "p-cpe:/a:novell:suse_linux:php74-snmp", "p-cpe:/a:novell:suse_linux:php74-soap", "p-cpe:/a:novell:suse_linux:php74-sockets", "p-cpe:/a:novell:suse_linux:php74-sodium", "p-cpe:/a:novell:suse_linux:php74-sqlite", "p-cpe:/a:novell:suse_linux:php74-sysvmsg", "p-cpe:/a:novell:suse_linux:php74-sysvsem", "p-cpe:/a:novell:suse_linux:php74-sysvshm", "p-cpe:/a:novell:suse_linux:php74-tidy", "p-cpe:/a:novell:suse_linux:php74-tokenizer", "p-cpe:/a:novell:suse_linux:php74-xmlreader", "p-cpe:/a:novell:suse_linux:php74-xmlrpc", "p-cpe:/a:novell:suse_linux:php74-xmlwriter", "p-cpe:/a:novell:suse_linux:php74-xsl", "p-cpe:/a:novell:suse_linux:php74-zip", "p-cpe:/a:novell:suse_linux:php74-zlib", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2023-0515-1.NASL", "href": "https://www.tenable.com/plugins/nessus/171909", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2023:0515-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171909);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/07\");\n\n script_cve_id(\"CVE-2023-0567\", \"CVE-2023-0568\", \"CVE-2023-0662\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2023:0515-1\");\n script_xref(name:\"IAVA\", value:\"2023-A-0105\");\n\n script_name(english:\"SUSE SLES12 Security Update : php74 (SUSE-SU-2023:0515-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2023:0515-1 advisory.\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may\n accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database,\n it may lead to an application allowing any password for this entry as valid. (CVE-2023-0567)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function\n allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting,\n this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to\n unauthorized data access or modification. (CVE-2023-0568)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP\n form upload can cause high resource consumption and excessive number of log entries. This can cause denial\n of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1208366\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1208367\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1208388\");\n # https://lists.suse.com/pipermail/sle-security-updates/2023-February/013883.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?894c1d77\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-0567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-0568\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-0662\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-0568\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php74\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-sodium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|3|4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP0/3/4/5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'apache2-mod_php74-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'apache2-mod_php74-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'apache2-mod_php74-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'apache2-mod_php74-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-bcmath-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-bcmath-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-bcmath-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-bcmath-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-bz2-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-bz2-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-bz2-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-bz2-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-calendar-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-calendar-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-calendar-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-calendar-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-ctype-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-ctype-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-ctype-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-ctype-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-curl-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-curl-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-curl-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-curl-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-dba-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-dba-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-dba-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-dba-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-dom-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-dom-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-dom-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-dom-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-enchant-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-enchant-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-enchant-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-enchant-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-exif-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-exif-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-exif-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-exif-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-fastcgi-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-fastcgi-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-fastcgi-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-fastcgi-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-fileinfo-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-fileinfo-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-fileinfo-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-fileinfo-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-fpm-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-fpm-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-fpm-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-fpm-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-ftp-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-ftp-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-ftp-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-ftp-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-gd-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-gd-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-gd-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-gd-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-gettext-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-gettext-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-gettext-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-gettext-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-gmp-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-gmp-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-gmp-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-gmp-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-iconv-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-iconv-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-iconv-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-iconv-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-intl-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-intl-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-intl-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-intl-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-json-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-json-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-json-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-json-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-ldap-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-ldap-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-ldap-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-ldap-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-mbstring-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-mbstring-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-mbstring-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-mbstring-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-mysql-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-mysql-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-mysql-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-mysql-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-odbc-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-odbc-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-odbc-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-odbc-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-opcache-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-opcache-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-opcache-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-opcache-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-openssl-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-openssl-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-openssl-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-openssl-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-pcntl-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-pcntl-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-pcntl-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-pcntl-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-pdo-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-pdo-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-pdo-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-pdo-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-pgsql-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-pgsql-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-pgsql-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-pgsql-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-phar-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-phar-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-phar-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-phar-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-posix-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-posix-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-posix-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-posix-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-readline-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-readline-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-readline-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-readline-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-shmop-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-shmop-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-shmop-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-shmop-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-snmp-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-snmp-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-snmp-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-snmp-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-soap-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-soap-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-soap-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-soap-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sockets-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sockets-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sockets-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sockets-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sodium-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sodium-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sodium-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sodium-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sqlite-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sqlite-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sqlite-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sqlite-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sysvmsg-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sysvmsg-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sysvmsg-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sysvmsg-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sysvsem-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sysvsem-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sysvsem-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sysvsem-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sysvshm-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sysvshm-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sysvshm-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sysvshm-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-tidy-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-tidy-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-tidy-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-tidy-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-tokenizer-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-tokenizer-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-tokenizer-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-tokenizer-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-xmlreader-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-xmlreader-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-xmlreader-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-xmlreader-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-xmlrpc-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-xmlrpc-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-xmlrpc-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-xmlrpc-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-xmlwriter-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-xmlwriter-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-xmlwriter-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-xmlwriter-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-xsl-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-xsl-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-xsl-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-xsl-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-zip-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-zip-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-zip-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-zip-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-zlib-7.4.33-1.53.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-zlib-7.4.33-1.53.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-zlib-7.4.33-1.53.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-zlib-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-devel-7.4.33-1.53.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-sdk-release-12.5', 'sles-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2-mod_php74 / php74 / php74-bcmath / php74-bz2 / php74-calendar / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T17:40:54", "description": "The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-d12ff09d38 advisory.\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. (CVE-2023-0568)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\n - Password_verify() always return true with some hash [fedora-36] (CVE-2023-0567)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-24T00:00:00", "type": "nessus", "title": "Fedora 36 : php (2023-d12ff09d38)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-0567", "CVE-2023-0568", "CVE-2023-0662"], "modified": "2023-03-06T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:36", "p-cpe:/a:fedoraproject:fedora:php"], "id": "FEDORA_2023-D12FF09D38.NASL", "href": "https://www.tenable.com/plugins/nessus/171875", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2023-d12ff09d38\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171875);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/06\");\n\n script_cve_id(\"CVE-2023-0567\", \"CVE-2023-0568\", \"CVE-2023-0662\");\n script_xref(name:\"IAVA\", value:\"2023-A-0105\");\n script_xref(name:\"FEDORA\", value:\"2023-d12ff09d38\");\n\n script_name(english:\"Fedora 36 : php (2023-d12ff09d38)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2023-d12ff09d38 advisory.\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function\n allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting,\n this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to\n unauthorized data access or modification. (CVE-2023-0568)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP\n form upload can cause high resource consumption and excessive number of log entries. This can cause denial\n of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\n - Password_verify() always return true with some hash [fedora-36] (CVE-2023-0567)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2023-d12ff09d38\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-0568\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:36\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');\nvar os_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^36([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 36', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nvar pkgs = [\n {'reference':'php-8.1.16-1.fc36', 'release':'FC36', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'php');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:43:58", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5902-1 advisory.\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. (CVE-2023-0568)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\n - Password_verify() always return true with some hash [fedora-36] (CVE-2023-0567)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-28T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 : PHP vulnerabilities (USN-5902-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-0567", "CVE-2023-0568", "CVE-2023-0662"], "modified": "2023-04-04T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "cpe:/o:canonical:ubuntu_linux:22.10", "p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.2", "p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.4", "p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php8.0", "p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php8.1", "p-cpe:/a:canonical:ubuntu_linux:libphp7.2-embed", "p-cpe:/a:canonical:ubuntu_linux:libphp7.4-embed", "p-cpe:/a:canonical:ubuntu_linux:libphp8.1-embed", "p-cpe:/a:canonical:ubuntu_linux:php7.2", "p-cpe:/a:canonical:ubuntu_linux:php7.2-bcmath", "p-cpe:/a:canonical:ubuntu_linux:php7.2-bz2", "p-cpe:/a:canonical:ubuntu_linux:php7.2-cgi", "p-cpe:/a:canonical:ubuntu_linux:php7.2-cli", "p-cpe:/a:canonical:ubuntu_linux:php7.2-common", "p-cpe:/a:canonical:ubuntu_linux:php7.2-curl", "p-cpe:/a:canonical:ubuntu_linux:php7.2-dba", "p-cpe:/a:canonical:ubuntu_linux:php7.2-dev", "p-cpe:/a:canonical:ubuntu_linux:php7.2-enchant", "p-cpe:/a:canonical:ubuntu_linux:php7.2-fpm", "p-cpe:/a:canonical:ubuntu_linux:php7.2-gd", "p-cpe:/a:canonical:ubuntu_linux:php7.2-gmp", "p-cpe:/a:canonical:ubuntu_linux:php7.2-imap", "p-cpe:/a:canonical:ubuntu_linux:php7.2-intl", "p-cpe:/a:canonical:ubuntu_linux:php7.2-json", "p-cpe:/a:canonical:ubuntu_linux:php7.2-ldap", "p-cpe:/a:canonical:ubuntu_linux:php7.2-mbstring", "p-cpe:/a:canonical:ubuntu_linux:php7.2-mysql", "p-cpe:/a:canonical:ubuntu_linux:php7.2-odbc", "p-cpe:/a:canonical:ubuntu_linux:php7.2-opcache", "p-cpe:/a:canonical:ubuntu_linux:php7.2-pgsql", "p-cpe:/a:canonical:ubuntu_linux:php7.2-phpdbg", "p-cpe:/a:canonical:ubuntu_linux:php7.2-pspell", "p-cpe:/a:canonical:ubuntu_linux:php7.2-readline", "p-cpe:/a:canonical:ubuntu_linux:php7.2-recode", "p-cpe:/a:canonical:ubuntu_linux:php7.2-snmp", "p-cpe:/a:canonical:ubuntu_linux:php7.2-soap", "p-cpe:/a:canonical:ubuntu_linux:php7.2-sqlite3", "p-cpe:/a:canonical:ubuntu_linux:php7.2-sybase", "p-cpe:/a:canonical:ubuntu_linux:php7.2-tidy", "p-cpe:/a:canonical:ubuntu_linux:php7.2-xml", "p-cpe:/a:canonical:ubuntu_linux:php7.2-xmlrpc", "p-cpe:/a:canonical:ubuntu_linux:php7.2-xsl", "p-cpe:/a:canonical:ubuntu_linux:php7.2-zip", "p-cpe:/a:canonical:ubuntu_linux:php7.4", "p-cpe:/a:canonical:ubuntu_linux:php7.4-bcmath", "p-cpe:/a:canonical:ubuntu_linux:php7.4-bz2", "p-cpe:/a:canonical:ubuntu_linux:php7.4-cgi", "p-cpe:/a:canonical:ubuntu_linux:php7.4-cli", "p-cpe:/a:canonical:ubuntu_linux:php7.4-common", "p-cpe:/a:canonical:ubuntu_linux:php7.4-curl", "p-cpe:/a:canonical:ubuntu_linux:php7.4-dba", "p-cpe:/a:canonical:ubuntu_linux:php7.4-dev", "p-cpe:/a:canonical:ubuntu_linux:php7.4-enchant", "p-cpe:/a:canonical:ubuntu_linux:php7.4-fpm", "p-cpe:/a:canonical:ubuntu_linux:php7.4-gd", "p-cpe:/a:canonical:ubuntu_linux:php7.4-gmp", "p-cpe:/a:canonical:ubuntu_linux:php7.4-imap", "p-cpe:/a:canonical:ubuntu_linux:php7.4-interbase", "p-cpe:/a:canonical:ubuntu_linux:php7.4-intl", "p-cpe:/a:canonical:ubuntu_linux:php7.4-json", "p-cpe:/a:canonical:ubuntu_linux:php7.4-ldap", "p-cpe:/a:canonical:ubuntu_linux:php7.4-mbstring", "p-cpe:/a:canonical:ubuntu_linux:php7.4-mysql", "p-cpe:/a:canonical:ubuntu_linux:php7.4-odbc", "p-cpe:/a:canonical:ubuntu_linux:php7.4-opcache", "p-cpe:/a:canonical:ubuntu_linux:php7.4-pgsql", "p-cpe:/a:canonical:ubuntu_linux:php7.4-phpdbg", "p-cpe:/a:canonical:ubuntu_linux:php7.4-pspell", "p-cpe:/a:canonical:ubuntu_linux:php7.4-readline", "p-cpe:/a:canonical:ubuntu_linux:php7.4-snmp", "p-cpe:/a:canonical:ubuntu_linux:php7.4-soap", "p-cpe:/a:canonical:ubuntu_linux:php7.4-sqlite3", "p-cpe:/a:canonical:ubuntu_linux:php7.4-sybase", "p-cpe:/a:canonical:ubuntu_linux:php7.4-tidy", "p-cpe:/a:canonical:ubuntu_linux:php7.4-xml", "p-cpe:/a:canonical:ubuntu_linux:php7.4-xmlrpc", "p-cpe:/a:canonical:ubuntu_linux:php7.4-xsl", "p-cpe:/a:canonical:ubuntu_linux:php7.4-zip", "p-cpe:/a:canonical:ubuntu_linux:php8.1", "p-cpe:/a:canonical:ubuntu_linux:php8.1-bcmath", "p-cpe:/a:canonical:ubuntu_linux:php8.1-bz2", "p-cpe:/a:canonical:ubuntu_linux:php8.1-cgi", "p-cpe:/a:canonical:ubuntu_linux:php8.1-cli", "p-cpe:/a:canonical:ubuntu_linux:php8.1-common", "p-cpe:/a:canonical:ubuntu_linux:php8.1-curl", "p-cpe:/a:canonical:ubuntu_linux:php8.1-dba", "p-cpe:/a:canonical:ubuntu_linux:php8.1-dev", "p-cpe:/a:canonical:ubuntu_linux:php8.1-enchant", "p-cpe:/a:canonical:ubuntu_linux:php8.1-fpm", "p-cpe:/a:canonical:ubuntu_linux:php8.1-gd", "p-cpe:/a:canonical:ubuntu_linux:php8.1-gmp", "p-cpe:/a:canonical:ubuntu_linux:php8.1-imap", "p-cpe:/a:canonical:ubuntu_linux:php8.1-interbase", "p-cpe:/a:canonical:ubuntu_linux:php8.1-intl", "p-cpe:/a:canonical:ubuntu_linux:php8.1-ldap", "p-cpe:/a:canonical:ubuntu_linux:php8.1-mbstring", "p-cpe:/a:canonical:ubuntu_linux:php8.1-mysql", "p-cpe:/a:canonical:ubuntu_linux:php8.1-odbc", "p-cpe:/a:canonical:ubuntu_linux:php8.1-opcache", "p-cpe:/a:canonical:ubuntu_linux:php8.1-pgsql", "p-cpe:/a:canonical:ubuntu_linux:php8.1-phpdbg", "p-cpe:/a:canonical:ubuntu_linux:php8.1-pspell", "p-cpe:/a:canonical:ubuntu_linux:php8.1-readline", "p-cpe:/a:canonical:ubuntu_linux:php8.1-snmp", "p-cpe:/a:canonical:ubuntu_linux:php8.1-soap", "p-cpe:/a:canonical:ubuntu_linux:php8.1-sqlite3", "p-cpe:/a:canonical:ubuntu_linux:php8.1-sybase", "p-cpe:/a:canonical:ubuntu_linux:php8.1-tidy", "p-cpe:/a:canonical:ubuntu_linux:php8.1-xml", "p-cpe:/a:canonical:ubuntu_linux:php8.1-xsl", "p-cpe:/a:canonical:ubuntu_linux:php8.1-zip", "p-cpe:/a:canonical:ubuntu_linux:php7.2-interbase"], "id": "UBUNTU_USN-5902-1.NASL", "href": "https://www.tenable.com/plugins/nessus/171965", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5902-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171965);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/04\");\n\n script_cve_id(\"CVE-2023-0567\", \"CVE-2023-0568\", \"CVE-2023-0662\");\n script_xref(name:\"USN\", value:\"5902-1\");\n script_xref(name:\"IAVA\", value:\"2023-A-0105\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 : PHP vulnerabilities (USN-5902-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple\nvulnerabilities as referenced in the USN-5902-1 advisory.\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function\n allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting,\n this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to\n unauthorized data access or modification. (CVE-2023-0568)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP\n form upload can cause high resource consumption and excessive number of log entries. This can cause denial\n of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\n - Password_verify() always return true with some hash [fedora-36] (CVE-2023-0567)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5902-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-0568\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libphp7.2-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libphp7.4-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libphp8.1-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-interbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-phpdbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-sqlite3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.4-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.4-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.4-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.4-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.4-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.4-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.4-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.4-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.4-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.4-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.4-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.4-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.4-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.4-interbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.4-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.4-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.4-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.4-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.4-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.4-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.4-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.4-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.4-phpdbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.4-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.4-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.4-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.4-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.4-sqlite3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.4-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.4-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.4-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.4-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.4-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.4-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php8.1-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php8.1-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php8.1-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php8.1-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php8.1-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php8.1-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php8.1-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php8.1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php8.1-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php8.1-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php8.1-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php8.1-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php8.1-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php8.1-interbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php8.1-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php8.1-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php8.1-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php8.1-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php8.1-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php8.1-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php8.1-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php8.1-phpdbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php8.1-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php8.1-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php8.1-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php8.1-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php8.1-sqlite3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php8.1-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php8.1-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php8.1-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php8.1-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php8.1-zip\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(18\\.04|20\\.04|22\\.04|22\\.10)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04 / 22.04 / 22.10', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '18.04', 'pkgname': 'libapache2-mod-php7.2', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '18.04', 'pkgname': 'libphp7.2-embed', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '18.04', 'pkgname': 'php7.2', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '18.04', 'pkgname': 'php7.2-bcmath', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '18.04', 'pkgname': 'php7.2-bz2', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '18.04', 'pkgname': 'php7.2-cgi', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '18.04', 'pkgname': 'php7.2-cli', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '18.04', 'pkgname': 'php7.2-common', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '18.04', 'pkgname': 'php7.2-curl', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '18.04', 'pkgname': 'php7.2-dba', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '18.04', 'pkgname': 'php7.2-dev', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '18.04', 'pkgname': 'php7.2-enchant', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '18.04', 'pkgname': 'php7.2-fpm', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '18.04', 'pkgname': 'php7.2-gd', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '18.04', 'pkgname': 'php7.2-gmp', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '18.04', 'pkgname': 'php7.2-imap', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '18.04', 'pkgname': 'php7.2-interbase', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '18.04', 'pkgname': 'php7.2-intl', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '18.04', 'pkgname': 'php7.2-json', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '18.04', 'pkgname': 'php7.2-ldap', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '18.04', 'pkgname': 'php7.2-mbstring', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '18.04', 'pkgname': 'php7.2-mysql', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '18.04', 'pkgname': 'php7.2-odbc', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '18.04', 'pkgname': 'php7.2-opcache', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '18.04', 'pkgname': 'php7.2-pgsql', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '18.04', 'pkgname': 'php7.2-phpdbg', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '18.04', 'pkgname': 'php7.2-pspell', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '18.04', 'pkgname': 'php7.2-readline', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '18.04', 'pkgname': 'php7.2-recode', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '18.04', 'pkgname': 'php7.2-snmp', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '18.04', 'pkgname': 'php7.2-soap', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '18.04', 'pkgname': 'php7.2-sqlite3', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '18.04', 'pkgname': 'php7.2-sybase', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '18.04', 'pkgname': 'php7.2-tidy', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '18.04', 'pkgname': 'php7.2-xml', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '18.04', 'pkgname': 'php7.2-xmlrpc', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '18.04', 'pkgname': 'php7.2-xsl', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '18.04', 'pkgname': 'php7.2-zip', 'pkgver': '7.2.24-0ubuntu0.18.04.17'},\n {'osver': '20.04', 'pkgname': 'libapache2-mod-php7.4', 'pkgver': '7.4.3-4ubuntu2.18'},\n {'osver': '20.04', 'pkgname': 'libphp7.4-embed', 'pkgver': '7.4.3-4ubuntu2.18'},\n {'osver': '20.04', 'pkgname': 'php7.4', 'pkgver': '7.4.3-4ubuntu2.18'},\n {'osver': '20.04', 'pkgname': 'php7.4-bcmath', 'pkgver': '7.4.3-4ubuntu2.18'},\n {'osver': '20.04', 'pkgname': 'php7.4-bz2', 'pkgver': '7.4.3-4ubuntu2.18'},\n {'osver': '20.04', 'pkgname': 'php7.4-cgi', 'pkgver': '7.4.3-4ubuntu2.18'},\n {'osver': '20.04', 'pkgname': 'php7.4-cli', 'pkgver': '7.4.3-4ubuntu2.18'},\n {'osver': '20.04', 'pkgname': 'php7.4-common', 'pkgver': '7.4.3-4ubuntu2.18'},\n {'osver': '20.04', 'pkgname': 'php7.4-curl', 'pkgver': '7.4.3-4ubuntu2.18'},\n {'osver': '20.04', 'pkgname': 'php7.4-dba', 'pkgver': '7.4.3-4ubuntu2.18'},\n {'osver': '20.04', 'pkgname': 'php7.4-dev', 'pkgver': '7.4.3-4ubuntu2.18'},\n {'osver': '20.04', 'pkgname': 'php7.4-enchant', 'pkgver': '7.4.3-4ubuntu2.18'},\n {'osver': '20.04', 'pkgname': 'php7.4-fpm', 'pkgver': '7.4.3-4ubuntu2.18'},\n {'osver': '20.04', 'pkgname': 'php7.4-gd', 'pkgver': '7.4.3-4ubuntu2.18'},\n {'osver': '20.04', 'pkgname': 'php7.4-gmp', 'pkgver': '7.4.3-4ubuntu2.18'},\n {'osver': '20.04', 'pkgname': 'php7.4-imap', 'pkgver': '7.4.3-4ubuntu2.18'},\n {'osver': '20.04', 'pkgname': 'php7.4-interbase', 'pkgver': '7.4.3-4ubuntu2.18'},\n {'osver': '20.04', 'pkgname': 'php7.4-intl', 'pkgver': '7.4.3-4ubuntu2.18'},\n {'osver': '20.04', 'pkgname': 'php7.4-json', 'pkgver': '7.4.3-4ubuntu2.18'},\n {'osver': '20.04', 'pkgname': 'php7.4-ldap', 'pkgver': '7.4.3-4ubuntu2.18'},\n {'osver': '20.04', 'pkgname': 'php7.4-mbstring', 'pkgver': '7.4.3-4ubuntu2.18'},\n {'osver': '20.04', 'pkgname': 'php7.4-mysql', 'pkgver': '7.4.3-4ubuntu2.18'},\n {'osver': '20.04', 'pkgname': 'php7.4-odbc', 'pkgver': '7.4.3-4ubuntu2.18'},\n {'osver': '20.04', 'pkgname': 'php7.4-opcache', 'pkgver': '7.4.3-4ubuntu2.18'},\n {'osver': '20.04', 'pkgname': 'php7.4-pgsql', 'pkgver': '7.4.3-4ubuntu2.18'},\n {'osver': '20.04', 'pkgname': 'php7.4-phpdbg', 'pkgver': '7.4.3-4ubuntu2.18'},\n {'osver': '20.04', 'pkgname': 'php7.4-pspell', 'pkgver': '7.4.3-4ubuntu2.18'},\n {'osver': '20.04', 'pkgname': 'php7.4-readline', 'pkgver': '7.4.3-4ubuntu2.18'},\n {'osver': '20.04', 'pkgname': 'php7.4-snmp', 'pkgver': '7.4.3-4ubuntu2.18'},\n {'osver': '20.04', 'pkgname': 'php7.4-soap', 'pkgver': '7.4.3-4ubuntu2.18'},\n {'osver': '20.04', 'pkgname': 'php7.4-sqlite3', 'pkgver': '7.4.3-4ubuntu2.18'},\n {'osver': '20.04', 'pkgname': 'php7.4-sybase', 'pkgver': '7.4.3-4ubuntu2.18'},\n {'osver': '20.04', 'pkgname': 'php7.4-tidy', 'pkgver': '7.4.3-4ubuntu2.18'},\n {'osver': '20.04', 'pkgname': 'php7.4-xml', 'pkgver': '7.4.3-4ubuntu2.18'},\n {'osver': '20.04', 'pkgname': 'php7.4-xmlrpc', 'pkgver': '7.4.3-4ubuntu2.18'},\n {'osver': '20.04', 'pkgname': 'php7.4-xsl', 'pkgver': '7.4.3-4ubuntu2.18'},\n {'osver': '20.04', 'pkgname': 'php7.4-zip', 'pkgver': '7.4.3-4ubuntu2.18'},\n {'osver': '22.04', 'pkgname': 'libapache2-mod-php7.4', 'pkgver': '8.1.2-1ubuntu2.11'},\n {'osver': '22.04', 'pkgname': 'libapache2-mod-php8.0', 'pkgver': '8.1.2-1ubuntu2.11'},\n {'osver': '22.04', 'pkgname': 'libapache2-mod-php8.1', 'pkgver': '8.1.2-1ubuntu2.11'},\n {'osver': '22.04', 'pkgname': 'libphp8.1-embed', 'pkgver': '8.1.2-1ubuntu2.11'},\n {'osver': '22.04', 'pkgname': 'php8.1', 'pkgver': '8.1.2-1ubuntu2.11'},\n {'osver': '22.04', 'pkgname': 'php8.1-bcmath', 'pkgver': '8.1.2-1ubuntu2.11'},\n {'osver': '22.04', 'pkgname': 'php8.1-bz2', 'pkgver': '8.1.2-1ubuntu2.11'},\n {'osver': '22.04', 'pkgname': 'php8.1-cgi', 'pkgver': '8.1.2-1ubuntu2.11'},\n {'osver': '22.04', 'pkgname': 'php8.1-cli', 'pkgver': '8.1.2-1ubuntu2.11'},\n {'osver': '22.04', 'pkgname': 'php8.1-common', 'pkgver': '8.1.2-1ubuntu2.11'},\n {'osver': '22.04', 'pkgname': 'php8.1-curl', 'pkgver': '8.1.2-1ubuntu2.11'},\n {'osver': '22.04', 'pkgname': 'php8.1-dba', 'pkgver': '8.1.2-1ubuntu2.11'},\n {'osver': '22.04', 'pkgname': 'php8.1-dev', 'pkgver': '8.1.2-1ubuntu2.11'},\n {'osver': '22.04', 'pkgname': 'php8.1-enchant', 'pkgver': '8.1.2-1ubuntu2.11'},\n {'osver': '22.04', 'pkgname': 'php8.1-fpm', 'pkgver': '8.1.2-1ubuntu2.11'},\n {'osver': '22.04', 'pkgname': 'php8.1-gd', 'pkgver': '8.1.2-1ubuntu2.11'},\n {'osver': '22.04', 'pkgname': 'php8.1-gmp', 'pkgver': '8.1.2-1ubuntu2.11'},\n {'osver': '22.04', 'pkgname': 'php8.1-imap', 'pkgver': '8.1.2-1ubuntu2.11'},\n {'osver': '22.04', 'pkgname': 'php8.1-interbase', 'pkgver': '8.1.2-1ubuntu2.11'},\n {'osver': '22.04', 'pkgname': 'php8.1-intl', 'pkgver': '8.1.2-1ubuntu2.11'},\n {'osver': '22.04', 'pkgname': 'php8.1-ldap', 'pkgver': '8.1.2-1ubuntu2.11'},\n {'osver': '22.04', 'pkgname': 'php8.1-mbstring', 'pkgver': '8.1.2-1ubuntu2.11'},\n {'osver': '22.04', 'pkgname': 'php8.1-mysql', 'pkgver': '8.1.2-1ubuntu2.11'},\n {'osver': '22.04', 'pkgname': 'php8.1-odbc', 'pkgver': '8.1.2-1ubuntu2.11'},\n {'osver': '22.04', 'pkgname': 'php8.1-opcache', 'pkgver': '8.1.2-1ubuntu2.11'},\n {'osver': '22.04', 'pkgname': 'php8.1-pgsql', 'pkgver': '8.1.2-1ubuntu2.11'},\n {'osver': '22.04', 'pkgname': 'php8.1-phpdbg', 'pkgver': '8.1.2-1ubuntu2.11'},\n {'osver': '22.04', 'pkgname': 'php8.1-pspell', 'pkgver': '8.1.2-1ubuntu2.11'},\n {'osver': '22.04', 'pkgname': 'php8.1-readline', 'pkgver': '8.1.2-1ubuntu2.11'},\n {'osver': '22.04', 'pkgname': 'php8.1-snmp', 'pkgver': '8.1.2-1ubuntu2.11'},\n {'osver': '22.04', 'pkgname': 'php8.1-soap', 'pkgver': '8.1.2-1ubuntu2.11'},\n {'osver': '22.04', 'pkgname': 'php8.1-sqlite3', 'pkgver': '8.1.2-1ubuntu2.11'},\n {'osver': '22.04', 'pkgname': 'php8.1-sybase', 'pkgver': '8.1.2-1ubuntu2.11'},\n {'osver': '22.04', 'pkgname': 'php8.1-tidy', 'pkgver': '8.1.2-1ubuntu2.11'},\n {'osver': '22.04', 'pkgname': 'php8.1-xml', 'pkgver': '8.1.2-1ubuntu2.11'},\n {'osver': '22.04', 'pkgname': 'php8.1-xsl', 'pkgver': '8.1.2-1ubuntu2.11'},\n {'osver': '22.04', 'pkgname': 'php8.1-zip', 'pkgver': '8.1.2-1ubuntu2.11'},\n {'osver': '22.10', 'pkgname': 'libapache2-mod-php7.4', 'pkgver': '8.1.7-1ubuntu3.3'},\n {'osver': '22.10', 'pkgname': 'libapache2-mod-php8.0', 'pkgver': '8.1.7-1ubuntu3.3'},\n {'osver': '22.10', 'pkgname': 'libapache2-mod-php8.1', 'pkgver': '8.1.7-1ubuntu3.3'},\n {'osver': '22.10', 'pkgname': 'libphp8.1-embed', 'pkgver': '8.1.7-1ubuntu3.3'},\n {'osver': '22.10', 'pkgname': 'php8.1', 'pkgver': '8.1.7-1ubuntu3.3'},\n {'osver': '22.10', 'pkgname': 'php8.1-bcmath', 'pkgver': '8.1.7-1ubuntu3.3'},\n {'osver': '22.10', 'pkgname': 'php8.1-bz2', 'pkgver': '8.1.7-1ubuntu3.3'},\n {'osver': '22.10', 'pkgname': 'php8.1-cgi', 'pkgver': '8.1.7-1ubuntu3.3'},\n {'osver': '22.10', 'pkgname': 'php8.1-cli', 'pkgver': '8.1.7-1ubuntu3.3'},\n {'osver': '22.10', 'pkgname': 'php8.1-common', 'pkgver': '8.1.7-1ubuntu3.3'},\n {'osver': '22.10', 'pkgname': 'php8.1-curl', 'pkgver': '8.1.7-1ubuntu3.3'},\n {'osver': '22.10', 'pkgname': 'php8.1-dba', 'pkgver': '8.1.7-1ubuntu3.3'},\n {'osver': '22.10', 'pkgname': 'php8.1-dev', 'pkgver': '8.1.7-1ubuntu3.3'},\n {'osver': '22.10', 'pkgname': 'php8.1-enchant', 'pkgver': '8.1.7-1ubuntu3.3'},\n {'osver': '22.10', 'pkgname': 'php8.1-fpm', 'pkgver': '8.1.7-1ubuntu3.3'},\n {'osver': '22.10', 'pkgname': 'php8.1-gd', 'pkgver': '8.1.7-1ubuntu3.3'},\n {'osver': '22.10', 'pkgname': 'php8.1-gmp', 'pkgver': '8.1.7-1ubuntu3.3'},\n {'osver': '22.10', 'pkgname': 'php8.1-imap', 'pkgver': '8.1.7-1ubuntu3.3'},\n {'osver': '22.10', 'pkgname': 'php8.1-interbase', 'pkgver': '8.1.7-1ubuntu3.3'},\n {'osver': '22.10', 'pkgname': 'php8.1-intl', 'pkgver': '8.1.7-1ubuntu3.3'},\n {'osver': '22.10', 'pkgname': 'php8.1-ldap', 'pkgver': '8.1.7-1ubuntu3.3'},\n {'osver': '22.10', 'pkgname': 'php8.1-mbstring', 'pkgver': '8.1.7-1ubuntu3.3'},\n {'osver': '22.10', 'pkgname': 'php8.1-mysql', 'pkgver': '8.1.7-1ubuntu3.3'},\n {'osver': '22.10', 'pkgname': 'php8.1-odbc', 'pkgver': '8.1.7-1ubuntu3.3'},\n {'osver': '22.10', 'pkgname': 'php8.1-opcache', 'pkgver': '8.1.7-1ubuntu3.3'},\n {'osver': '22.10', 'pkgname': 'php8.1-pgsql', 'pkgver': '8.1.7-1ubuntu3.3'},\n {'osver': '22.10', 'pkgname': 'php8.1-phpdbg', 'pkgver': '8.1.7-1ubuntu3.3'},\n {'osver': '22.10', 'pkgname': 'php8.1-pspell', 'pkgver': '8.1.7-1ubuntu3.3'},\n {'osver': '22.10', 'pkgname': 'php8.1-readline', 'pkgver': '8.1.7-1ubuntu3.3'},\n {'osver': '22.10', 'pkgname': 'php8.1-snmp', 'pkgver': '8.1.7-1ubuntu3.3'},\n {'osver': '22.10', 'pkgname': 'php8.1-soap', 'pkgver': '8.1.7-1ubuntu3.3'},\n {'osver': '22.10', 'pkgname': 'php8.1-sqlite3', 'pkgver': '8.1.7-1ubuntu3.3'},\n {'osver': '22.10', 'pkgname': 'php8.1-sybase', 'pkgver': '8.1.7-1ubuntu3.3'},\n {'osver': '22.10', 'pkgname': 'php8.1-tidy', 'pkgver': '8.1.7-1ubuntu3.3'},\n {'osver': '22.10', 'pkgname': 'php8.1-xml', 'pkgver': '8.1.7-1ubuntu3.3'},\n {'osver': '22.10', 'pkgname': 'php8.1-xsl', 'pkgver': '8.1.7-1ubuntu3.3'},\n {'osver': '22.10', 'pkgname': 'php8.1-zip', 'pkgver': '8.1.7-1ubuntu3.3'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libapache2-mod-php7.2 / libapache2-mod-php7.4 / libapache2-mod-php8.0 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:43:35", "description": "The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0514-1 advisory.\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. (CVE-2023-0567)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. (CVE-2023-0568)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-25T00:00:00", "type": "nessus", "title": "SUSE SLES15 / openSUSE 15 Security Update : php7 (SUSE-SU-2023:0514-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-0567", "CVE-2023-0568", "CVE-2023-0662"], "modified": "2023-03-07T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php7", "p-cpe:/a:novell:suse_linux:php7", "p-cpe:/a:novell:suse_linux:php7-bcmath", "p-cpe:/a:novell:suse_linux:php7-bz2", "p-cpe:/a:novell:suse_linux:php7-calendar", "p-cpe:/a:novell:suse_linux:php7-ctype", "p-cpe:/a:novell:suse_linux:php7-curl", "p-cpe:/a:novell:suse_linux:php7-dba", "p-cpe:/a:novell:suse_linux:php7-devel", "p-cpe:/a:novell:suse_linux:php7-dom", "p-cpe:/a:novell:suse_linux:php7-enchant", "p-cpe:/a:novell:suse_linux:php7-exif", "p-cpe:/a:novell:suse_linux:php7-fastcgi", "p-cpe:/a:novell:suse_linux:php7-fileinfo", "p-cpe:/a:novell:suse_linux:php7-fpm", "p-cpe:/a:novell:suse_linux:php7-ftp", "p-cpe:/a:novell:suse_linux:php7-gd", "p-cpe:/a:novell:suse_linux:php7-gettext", "p-cpe:/a:novell:suse_linux:php7-gmp", "p-cpe:/a:novell:suse_linux:php7-iconv", "p-cpe:/a:novell:suse_linux:php7-intl", "p-cpe:/a:novell:suse_linux:php7-json", "p-cpe:/a:novell:suse_linux:php7-ldap", "p-cpe:/a:novell:suse_linux:php7-mbstring", "p-cpe:/a:novell:suse_linux:php7-mysql", "p-cpe:/a:novell:suse_linux:php7-odbc", "p-cpe:/a:novell:suse_linux:php7-opcache", "p-cpe:/a:novell:suse_linux:php7-openssl", "p-cpe:/a:novell:suse_linux:php7-pcntl", "p-cpe:/a:novell:suse_linux:php7-pdo", "p-cpe:/a:novell:suse_linux:php7-pear", "p-cpe:/a:novell:suse_linux:php7-pear-archive_tar", "p-cpe:/a:novell:suse_linux:php7-pgsql", "p-cpe:/a:novell:suse_linux:php7-phar", "p-cpe:/a:novell:suse_linux:php7-posix", "p-cpe:/a:novell:suse_linux:php7-readline", "p-cpe:/a:novell:suse_linux:php7-shmop", "p-cpe:/a:novell:suse_linux:php7-snmp", "p-cpe:/a:novell:suse_linux:php7-soap", "p-cpe:/a:novell:suse_linux:php7-sockets", "p-cpe:/a:novell:suse_linux:php7-sodium", "p-cpe:/a:novell:suse_linux:php7-sqlite", "p-cpe:/a:novell:suse_linux:php7-sysvmsg", "p-cpe:/a:novell:suse_linux:php7-sysvsem", "p-cpe:/a:novell:suse_linux:php7-sysvshm", "p-cpe:/a:novell:suse_linux:php7-tidy", "p-cpe:/a:novell:suse_linux:php7-tokenizer", "p-cpe:/a:novell:suse_linux:php7-wddx", "p-cpe:/a:novell:suse_linux:php7-xmlreader", "p-cpe:/a:novell:suse_linux:php7-xmlrpc", "p-cpe:/a:novell:suse_linux:php7-xmlwriter", "p-cpe:/a:novell:suse_linux:php7-xsl", "p-cpe:/a:novell:suse_linux:php7-zip", "p-cpe:/a:novell:suse_linux:php7-zlib", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2023-0514-1.NASL", "href": "https://www.tenable.com/plugins/nessus/171906", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2023:0514-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171906);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/07\");\n\n script_cve_id(\"CVE-2023-0567\", \"CVE-2023-0568\", \"CVE-2023-0662\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2023:0514-1\");\n script_xref(name:\"IAVA\", value:\"2023-A-0105\");\n\n script_name(english:\"SUSE SLES15 / openSUSE 15 Security Update : php7 (SUSE-SU-2023:0514-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2023:0514-1 advisory.\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may\n accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database,\n it may lead to an application allowing any password for this entry as valid. (CVE-2023-0567)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function\n allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting,\n this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to\n unauthorized data access or modification. (CVE-2023-0568)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP\n form upload can cause high resource consumption and excessive number of log entries. This can cause denial\n of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1208366\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1208367\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1208388\");\n # https://lists.suse.com/pipermail/sle-security-updates/2023-February/013884.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?648b8f4c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-0567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-0568\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-0662\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-0568\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pear-Archive_Tar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sodium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SUSE15\\.4)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'apache2-mod_php7-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-bcmath-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-bz2-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-calendar-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-ctype-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-curl-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-dba-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-devel-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-dom-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-enchant-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-exif-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-fastcgi-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-fileinfo-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-fpm-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-ftp-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-gd-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-gettext-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-gmp-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-iconv-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-intl-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-json-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-ldap-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-mbstring-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-mysql-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-odbc-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-opcache-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-openssl-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-pcntl-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-pdo-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-pear-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-pear-Archive_Tar-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-pgsql-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-phar-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-posix-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-readline-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-shmop-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-snmp-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-soap-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-sockets-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-sodium-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-sqlite-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-sysvmsg-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-sysvsem-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-sysvshm-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-tidy-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-tokenizer-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-wddx-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-xmlreader-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-xmlrpc-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-xmlwriter-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-xsl-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-zip-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'php7-zlib-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'apache2-mod_php7-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'apache2-mod_php7-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-bcmath-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-bcmath-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-bz2-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-bz2-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-calendar-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-calendar-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-ctype-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-ctype-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-curl-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-curl-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-dba-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-dba-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-devel-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-devel-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-dom-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-dom-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-enchant-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-enchant-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-exif-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-exif-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-fastcgi-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-fastcgi-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-fileinfo-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-fileinfo-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-fpm-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-fpm-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-ftp-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-ftp-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-gd-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-gd-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-gettext-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-gettext-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-gmp-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-gmp-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-iconv-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-iconv-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-intl-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-intl-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-json-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-json-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-ldap-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-ldap-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-mbstring-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-mbstring-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-mysql-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-mysql-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-odbc-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-odbc-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-opcache-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-opcache-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-openssl-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-openssl-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-pcntl-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-pcntl-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-pdo-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-pdo-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-pear-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'php7-pear-Archive_Tar-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'php7-pgsql-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-pgsql-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-phar-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-phar-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-posix-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-posix-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-readline-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-readline-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-shmop-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-shmop-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-snmp-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-snmp-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-soap-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-soap-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-sockets-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-sockets-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-sodium-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-sodium-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-sqlite-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-sqlite-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-sysvmsg-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-sysvmsg-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-sysvsem-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-sysvsem-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-sysvshm-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-sysvshm-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-tidy-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-tidy-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-tokenizer-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-tokenizer-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-wddx-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-wddx-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-xmlreader-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-xmlreader-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-xmlrpc-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-xmlrpc-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-xmlwriter-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-xmlwriter-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-xsl-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-xsl-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-zip-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-zip-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-zlib-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-zlib-7.2.34-150000.4.109.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'php7-wddx-7.2.34-150000.4.109.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'apache2-mod_php7-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-bcmath-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-bz2-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-calendar-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-ctype-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-curl-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-dba-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-devel-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-dom-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-enchant-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-exif-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-fastcgi-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-fileinfo-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-fpm-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-ftp-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-gd-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-gettext-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-gmp-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-iconv-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-intl-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-json-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-ldap-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-mbstring-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-mysql-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-odbc-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-opcache-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-openssl-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-pcntl-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-pdo-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-pgsql-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-phar-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-posix-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-readline-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-shmop-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-snmp-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-soap-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-sockets-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-sodium-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-sqlite-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-sysvmsg-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-sysvsem-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-sysvshm-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-tidy-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-tokenizer-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-wddx-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-xmlreader-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-xmlrpc-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-xmlwriter-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-xsl-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-zip-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'php7-zlib-7.2.34-150000.4.109.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2-mod_php7 / php7 / php7-bcmath / php7-bz2 / php7-calendar / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T17:40:52", "description": "The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-452714dbc6 advisory.\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. (CVE-2023-0568)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\n - Password_verify() always return true with some hash [fedora-36] (CVE-2023-0567)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-24T00:00:00", "type": "nessus", "title": "Fedora 37 : php (2023-452714dbc6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-0567", "CVE-2023-0568", "CVE-2023-0662"], "modified": "2023-03-06T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:37", "p-cpe:/a:fedoraproject:fedora:php"], "id": "FEDORA_2023-452714DBC6.NASL", "href": "https://www.tenable.com/plugins/nessus/171876", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2023-452714dbc6\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171876);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/06\");\n\n script_cve_id(\"CVE-2023-0567\", \"CVE-2023-0568\", \"CVE-2023-0662\");\n script_xref(name:\"IAVA\", value:\"2023-A-0105\");\n script_xref(name:\"FEDORA\", value:\"2023-452714dbc6\");\n\n script_name(english:\"Fedora 37 : php (2023-452714dbc6)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2023-452714dbc6 advisory.\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function\n allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting,\n this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to\n unauthorized data access or modification. (CVE-2023-0568)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP\n form upload can cause high resource consumption and excessive number of log entries. This can cause denial\n of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\n - Password_verify() always return true with some hash [fedora-36] (CVE-2023-0567)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2023-452714dbc6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-0568\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');\nvar os_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^37([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 37', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nvar pkgs = [\n {'reference':'php-8.1.16-1.fc37', 'release':'FC37', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'php');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:43:36", "description": "The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0513-1 advisory.\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. (CVE-2023-0567)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. (CVE-2023-0568)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-25T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 / openSUSE 15 Security Update : php7 (SUSE-SU-2023:0513-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-0567", "CVE-2023-0568", "CVE-2023-0662"], "modified": "2023-03-07T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php7", "p-cpe:/a:novell:suse_linux:php7", "p-cpe:/a:novell:suse_linux:php7-bcmath", "p-cpe:/a:novell:suse_linux:php7-bz2", "p-cpe:/a:novell:suse_linux:php7-calendar", "p-cpe:/a:novell:suse_linux:php7-cli", "p-cpe:/a:novell:suse_linux:php7-ctype", "p-cpe:/a:novell:suse_linux:php7-curl", "p-cpe:/a:novell:suse_linux:php7-dba", "p-cpe:/a:novell:suse_linux:php7-devel", "p-cpe:/a:novell:suse_linux:php7-dom", "p-cpe:/a:novell:suse_linux:php7-embed", "p-cpe:/a:novell:suse_linux:php7-enchant", "p-cpe:/a:novell:suse_linux:php7-exif", "p-cpe:/a:novell:suse_linux:php7-fastcgi", "p-cpe:/a:novell:suse_linux:php7-fileinfo", "p-cpe:/a:novell:suse_linux:php7-fpm", "p-cpe:/a:novell:suse_linux:php7-ftp", "p-cpe:/a:novell:suse_linux:php7-gd", "p-cpe:/a:novell:suse_linux:php7-gettext", "p-cpe:/a:novell:suse_linux:php7-gmp", "p-cpe:/a:novell:suse_linux:php7-iconv", "p-cpe:/a:novell:suse_linux:php7-intl", "p-cpe:/a:novell:suse_linux:php7-json", "p-cpe:/a:novell:suse_linux:php7-ldap", "p-cpe:/a:novell:suse_linux:php7-mbstring", "p-cpe:/a:novell:suse_linux:php7-mysql", "p-cpe:/a:novell:suse_linux:php7-odbc", "p-cpe:/a:novell:suse_linux:php7-opcache", "p-cpe:/a:novell:suse_linux:php7-openssl", "p-cpe:/a:novell:suse_linux:php7-pcntl", "p-cpe:/a:novell:suse_linux:php7-pdo", "p-cpe:/a:novell:suse_linux:php7-pgsql", "p-cpe:/a:novell:suse_linux:php7-phar", "p-cpe:/a:novell:suse_linux:php7-posix", "p-cpe:/a:novell:suse_linux:php7-readline", "p-cpe:/a:novell:suse_linux:php7-shmop", "p-cpe:/a:novell:suse_linux:php7-snmp", "p-cpe:/a:novell:suse_linux:php7-soap", "p-cpe:/a:novell:suse_linux:php7-sockets", "p-cpe:/a:novell:suse_linux:php7-sodium", "p-cpe:/a:novell:suse_linux:php7-sqlite", "p-cpe:/a:novell:suse_linux:php7-sysvmsg", "p-cpe:/a:novell:suse_linux:php7-sysvsem", "p-cpe:/a:novell:suse_linux:php7-sysvshm", "p-cpe:/a:novell:suse_linux:php7-tidy", "p-cpe:/a:novell:suse_linux:php7-tokenizer", "p-cpe:/a:novell:suse_linux:php7-xmlreader", "p-cpe:/a:novell:suse_linux:php7-xmlrpc", "p-cpe:/a:novell:suse_linux:php7-xmlwriter", "p-cpe:/a:novell:suse_linux:php7-xsl", "p-cpe:/a:novell:suse_linux:php7-zip", "p-cpe:/a:novell:suse_linux:php7-zlib", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2023-0513-1.NASL", "href": "https://www.tenable.com/plugins/nessus/171913", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2023:0513-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171913);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/07\");\n\n script_cve_id(\"CVE-2023-0567\", \"CVE-2023-0568\", \"CVE-2023-0662\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2023:0513-1\");\n script_xref(name:\"IAVA\", value:\"2023-A-0105\");\n\n script_name(english:\"SUSE SLED15 / SLES15 / openSUSE 15 Security Update : php7 (SUSE-SU-2023:0513-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the SUSE-SU-2023:0513-1 advisory.\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may\n accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database,\n it may lead to an application allowing any password for this entry as valid. (CVE-2023-0567)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function\n allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting,\n this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to\n unauthorized data access or modification. (CVE-2023-0568)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP\n form upload can cause high resource consumption and excessive number of log entries. This can cause denial\n of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1208366\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1208367\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1208388\");\n # https://lists.suse.com/pipermail/sle-security-updates/2023-February/013885.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7616e742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-0567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-0568\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-0662\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-0568\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sodium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15|SUSE15\\.4)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP4\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP4\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'apache2-mod_php7-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-bcmath-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-bz2-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-calendar-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-cli-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-ctype-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-curl-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-dba-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-devel-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-dom-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-embed-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-packagehub-subpackages-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-embed-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-packagehub-subpackages-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-enchant-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-exif-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-fastcgi-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-fileinfo-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-fpm-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-ftp-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-gd-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-gettext-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-gmp-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-iconv-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-intl-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-json-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-ldap-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-mbstring-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-mysql-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-odbc-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-opcache-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-openssl-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-pcntl-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-pdo-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-pgsql-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-phar-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-posix-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-readline-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-shmop-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-snmp-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-soap-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-sockets-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-sodium-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-sqlite-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-sysvmsg-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-sysvsem-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-sysvshm-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-tidy-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-tokenizer-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-xmlreader-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-xmlrpc-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-xmlwriter-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-xsl-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-zip-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'php7-zlib-7.4.33-150400.4.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'apache2-mod_php7-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-bcmath-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-bz2-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-calendar-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-cli-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-ctype-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-curl-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-dba-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-devel-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-dom-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-embed-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-enchant-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-exif-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-fastcgi-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-fileinfo-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-fpm-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-ftp-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-gd-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-gettext-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-gmp-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-iconv-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-intl-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-json-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-ldap-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-mbstring-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-mysql-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-odbc-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-opcache-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-openssl-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-pcntl-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-pdo-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-pgsql-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-phar-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-posix-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-readline-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-shmop-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-snmp-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-soap-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-sockets-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-sodium-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-sqlite-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-sysvmsg-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-sysvsem-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-sysvshm-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-test-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-tidy-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-tokenizer-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-xmlreader-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-xmlrpc-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-xmlwriter-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-xsl-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-zip-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php7-zlib-7.4.33-150400.4.19.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2-mod_php7 / php7 / php7-bcmath / php7-bz2 / php7-calendar / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T17:41:12", "description": "The version of php installed on the remote host is prior to 7.4.33 / 8.0.28 / 8.1.16. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-045-02 advisory.\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. (CVE-2023-0568)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. (CVE-2023-0567)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-15T00:00:00", "type": "nessus", "title": "Slackware Linux 15.0 / current php Multiple Vulnerabilities (SSA:2023-045-02)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-0567", "CVE-2023-0568", "CVE-2023-0662"], "modified": "2023-03-21T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:php", "p-cpe:/a:slackware:slackware_linux:php80", "p-cpe:/a:slackware:slackware_linux:php81", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:15.0"], "id": "SLACKWARE_SSA_2023-045-02.NASL", "href": "https://www.tenable.com/plugins/nessus/171479", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Slackware Security Advisory SSA:2023-045-02. The text\n# itself is copyright (C) Slackware Linux, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171479);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2023-0567\", \"CVE-2023-0568\", \"CVE-2023-0662\");\n script_xref(name:\"IAVA\", value:\"2023-A-0105\");\n\n script_name(english:\"Slackware Linux 15.0 / current php Multiple Vulnerabilities (SSA:2023-045-02)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Slackware Linux host is missing a security update to php.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of php installed on the remote host is prior to 7.4.33 / 8.0.28 / 8.1.16. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the SSA:2023-045-02 advisory.\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function\n allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting,\n this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to\n unauthorized data access or modification. (CVE-2023-0568)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may\n accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database,\n it may lead to an application allowing any password for this entry as valid. (CVE-2023-0567)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP\n form upload can cause high resource consumption and excessive number of log entries. This can cause denial\n of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-0568\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:php80\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:php81\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:15.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Slackware Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\ninclude(\"slackware.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\nvar flag = 0;\nvar constraints = [\n { 'fixed_version' : '7.4.33', 'product' : 'php', 'os_name' : 'Slackware Linux', 'os_version' : '15.0', 'service_pack' : '3_slack15.0', 'arch' : 'i586' },\n { 'fixed_version' : '8.0.28', 'product' : 'php80', 'os_name' : 'Slackware Linux', 'os_version' : '15.0', 'service_pack' : '1_slack15.0', 'arch' : 'i586' },\n { 'fixed_version' : '8.1.16', 'product' : 'php81', 'os_name' : 'Slackware Linux', 'os_version' : '15.0', 'service_pack' : '1_slack15.0', 'arch' : 'i586' },\n { 'fixed_version' : '7.4.33', 'product' : 'php', 'os_name' : 'Slackware Linux', 'os_version' : '15.0', 'service_pack' : '3_slack15.0', 'arch' : 'x86_64' },\n { 'fixed_version' : '8.0.28', 'product' : 'php80', 'os_name' : 'Slackware Linux', 'os_version' : '15.0', 'service_pack' : '1_slack15.0', 'arch' : 'x86_64' },\n { 'fixed_version' : '8.1.16', 'product' : 'php81', 'os_name' : 'Slackware Linux', 'os_version' : '15.0', 'service_pack' : '1_slack15.0', 'arch' : 'x86_64' },\n { 'fixed_version' : '7.4.33', 'product' : 'php', 'os_name' : 'Slackware Linux', 'os_version' : 'current', 'service_pack' : '3', 'arch' : 'i586' },\n { 'fixed_version' : '8.0.28', 'product' : 'php80', 'os_name' : 'Slackware Linux', 'os_version' : 'current', 'service_pack' : '1', 'arch' : 'i586' },\n { 'fixed_version' : '8.1.16', 'product' : 'php81', 'os_name' : 'Slackware Linux', 'os_version' : 'current', 'service_pack' : '1', 'arch' : 'i586' },\n { 'fixed_version' : '7.4.33', 'product' : 'php', 'os_name' : 'Slackware Linux', 'os_version' : 'current', 'service_pack' : '3', 'arch' : 'x86_64' },\n { 'fixed_version' : '8.0.28', 'product' : 'php80', 'os_name' : 'Slackware Linux', 'os_version' : 'current', 'service_pack' : '1', 'arch' : 'x86_64' },\n { 'fixed_version' : '8.1.16', 'product' : 'php81', 'os_name' : 'Slackware Linux', 'os_version' : 'current', 'service_pack' : '1', 'arch' : 'x86_64' }\n];\n\nforeach constraint (constraints) {\n var pkg_arch = constraint['arch'];\n var arch = NULL;\n if (pkg_arch == \"x86_64\") {\n arch = pkg_arch;\n }\n if (slackware_check(osver:constraint['os_version'],\n arch:arch,\n pkgname:constraint['product'],\n pkgver:constraint['fixed_version'],\n pkgarch:pkg_arch,\n pkgnum:constraint['service_pack'])) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : slackware_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:45:34", "description": "It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-139 advisory.\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. (CVE-2023-0567)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. (CVE-2023-0568)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-23T00:00:00", "type": "nessus", "title": "Amazon Linux 2023 : php8.1, php8.1-bcmath, php8.1-cli (ALAS2023-2023-139)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-0567", "CVE-2023-0568", "CVE-2023-0662"], "modified": "2023-04-20T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:php8.1", "p-cpe:/a:amazon:linux:php8.1-bcmath", "p-cpe:/a:amazon:linux:php8.1-bcmath-debuginfo", "p-cpe:/a:amazon:linux:php8.1-cli", "p-cpe:/a:amazon:linux:php8.1-cli-debuginfo", "p-cpe:/a:amazon:linux:php8.1-common", "p-cpe:/a:amazon:linux:php8.1-common-debuginfo", "p-cpe:/a:amazon:linux:php8.1-dba", "p-cpe:/a:amazon:linux:php8.1-dba-debuginfo", "p-cpe:/a:amazon:linux:php8.1-dbg", "p-cpe:/a:amazon:linux:php8.1-dbg-debuginfo", "p-cpe:/a:amazon:linux:php8.1-debuginfo", "p-cpe:/a:amazon:linux:php8.1-debugsource", "p-cpe:/a:amazon:linux:php8.1-devel", "p-cpe:/a:amazon:linux:php8.1-embedded", "p-cpe:/a:amazon:linux:php8.1-embedded-debuginfo", "p-cpe:/a:amazon:linux:php8.1-enchant", "p-cpe:/a:amazon:linux:php8.1-enchant-debuginfo", "p-cpe:/a:amazon:linux:php8.1-ffi", "p-cpe:/a:amazon:linux:php8.1-ffi-debuginfo", "p-cpe:/a:amazon:linux:php8.1-fpm", "p-cpe:/a:amazon:linux:php8.1-fpm-debuginfo", "p-cpe:/a:amazon:linux:php8.1-gmp", "p-cpe:/a:amazon:linux:php8.1-gmp-debuginfo", "p-cpe:/a:amazon:linux:php8.1-intl", "p-cpe:/a:amazon:linux:php8.1-gd", "p-cpe:/a:amazon:linux:php8.1-intl-debuginfo", "p-cpe:/a:amazon:linux:php8.1-ldap", "p-cpe:/a:amazon:linux:php8.1-gd-debuginfo", "p-cpe:/a:amazon:linux:php8.1-ldap-debuginfo", "p-cpe:/a:amazon:linux:php8.1-mbstring", "p-cpe:/a:amazon:linux:php8.1-mbstring-debuginfo", "p-cpe:/a:amazon:linux:php8.1-mysqlnd", "p-cpe:/a:amazon:linux:php8.1-mysqlnd-debuginfo", "p-cpe:/a:amazon:linux:php8.1-odbc", "p-cpe:/a:amazon:linux:php8.1-odbc-debuginfo", "p-cpe:/a:amazon:linux:php8.1-opcache", "p-cpe:/a:amazon:linux:php8.1-opcache-debuginfo", "p-cpe:/a:amazon:linux:php8.1-pdo", "p-cpe:/a:amazon:linux:php8.1-pdo-debuginfo", "p-cpe:/a:amazon:linux:php8.1-pgsql", "p-cpe:/a:amazon:linux:php8.1-pgsql-debuginfo", "p-cpe:/a:amazon:linux:php8.1-process", "p-cpe:/a:amazon:linux:php8.1-process-debuginfo", "p-cpe:/a:amazon:linux:php8.1-soap", "p-cpe:/a:amazon:linux:php8.1-soap-debuginfo", "p-cpe:/a:amazon:linux:php8.1-tidy", "p-cpe:/a:amazon:linux:php8.1-tidy-debuginfo", "p-cpe:/a:amazon:linux:php8.1-xml", "p-cpe:/a:amazon:linux:php8.1-xml-debuginfo", "cpe:/o:amazon:linux:2023"], "id": "AL2023_ALAS2023-2023-139.NASL", "href": "https://www.tenable.com/plugins/nessus/173338", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2023 Security Advisory ALAS2023-2023-139.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(173338);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/20\");\n\n script_cve_id(\"CVE-2023-0567\", \"CVE-2023-0568\", \"CVE-2023-0662\");\n script_xref(name:\"IAVA\", value:\"2023-A-0105\");\n\n script_name(english:\"Amazon Linux 2023 : php8.1, php8.1-bcmath, php8.1-cli (ALAS2023-2023-139)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2023 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-139 advisory.\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may\n accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database,\n it may lead to an application allowing any password for this entry as valid. (CVE-2023-0567)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function\n allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting,\n this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to\n unauthorized data access or modification. (CVE-2023-0568)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP\n form upload can cause high resource consumption and excessive number of log entries. This can cause denial\n of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2023/ALAS-2023-139.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2023-0567.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2023-0568.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2023-0662.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/faqs.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'dnf update --releasever=2023.0.20230322 php8.1' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-0568\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-cli-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-common-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-dbg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-embedded-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-ffi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-ffi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-mysqlnd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-process-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-tidy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php8.1-xml-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2023\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"-2023\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2023\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'php8.1-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-bcmath-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-bcmath-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-bcmath-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-bcmath-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-bcmath-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-bcmath-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-cli-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-cli-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-cli-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-cli-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-cli-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-cli-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-common-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-common-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-common-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-common-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-common-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-common-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-dba-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-dba-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-dba-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-dba-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-dba-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-dba-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-dbg-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-dbg-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-dbg-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-dbg-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-dbg-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-dbg-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-debugsource-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-debugsource-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-debugsource-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-devel-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-devel-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-devel-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-embedded-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-embedded-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-embedded-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-embedded-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-embedded-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-embedded-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-enchant-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-enchant-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-enchant-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-enchant-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-enchant-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-enchant-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-ffi-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-ffi-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-ffi-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-ffi-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-ffi-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-ffi-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-fpm-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-fpm-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-fpm-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-fpm-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-fpm-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-fpm-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-gd-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-gd-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-gd-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-gd-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-gd-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-gd-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-gmp-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-gmp-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-gmp-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-gmp-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-gmp-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-gmp-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-intl-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-intl-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-intl-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-intl-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-intl-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-intl-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-ldap-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-ldap-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-ldap-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-ldap-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-ldap-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-ldap-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-mbstring-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-mbstring-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-mbstring-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-mbstring-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-mbstring-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-mbstring-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-mysqlnd-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-mysqlnd-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-mysqlnd-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-mysqlnd-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-mysqlnd-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-mysqlnd-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-odbc-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-odbc-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-odbc-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-odbc-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-odbc-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-odbc-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-opcache-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-opcache-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-opcache-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-opcache-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-opcache-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-opcache-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-pdo-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-pdo-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-pdo-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-pdo-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-pdo-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-pdo-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-pgsql-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-pgsql-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-pgsql-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-pgsql-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-pgsql-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-pgsql-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-process-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-process-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-process-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-process-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-process-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-process-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-soap-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-soap-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-soap-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-soap-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-soap-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-soap-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-tidy-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-tidy-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-tidy-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-tidy-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-tidy-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-tidy-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-xml-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-xml-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-xml-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-xml-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-xml-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php8.1-xml-debuginfo-8.1.16-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php8.1 / php8.1-bcmath / php8.1-bcmath-debuginfo / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:43:36", "description": "The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5363 advisory.\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. (CVE-2023-0568)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\n - php: PDO::quote() may return unquoted string due to an integer overflow (CVE-2022-31631)\n\n - Password_verify() always return true with some hash [fedora-36] (CVE-2023-0567)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-26T00:00:00", "type": "nessus", "title": "Debian DSA-5363-1 : php7.4 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-31631", "CVE-2023-0567", "CVE-2023-0568", "CVE-2023-0662"], "modified": "2023-04-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libapache2-mod-php7.4", "p-cpe:/a:debian:debian_linux:libphp7.4-embed", "p-cpe:/a:debian:debian_linux:php7.4", "p-cpe:/a:debian:debian_linux:php7.4-bcmath", "p-cpe:/a:debian:debian_linux:php7.4-bz2", "p-cpe:/a:debian:debian_linux:php7.4-cgi", "p-cpe:/a:debian:debian_linux:php7.4-cli", "p-cpe:/a:debian:debian_linux:php7.4-common", "p-cpe:/a:debian:debian_linux:php7.4-curl", "p-cpe:/a:debian:debian_linux:php7.4-dba", "p-cpe:/a:debian:debian_linux:php7.4-dev", "p-cpe:/a:debian:debian_linux:php7.4-enchant", "p-cpe:/a:debian:debian_linux:php7.4-fpm", "p-cpe:/a:debian:debian_linux:php7.4-gd", "p-cpe:/a:debian:debian_linux:php7.4-gmp", "p-cpe:/a:debian:debian_linux:php7.4-imap", "p-cpe:/a:debian:debian_linux:php7.4-interbase", "p-cpe:/a:debian:debian_linux:php7.4-intl", "p-cpe:/a:debian:debian_linux:php7.4-json", "p-cpe:/a:debian:debian_linux:php7.4-ldap", "p-cpe:/a:debian:debian_linux:php7.4-mbstring", "p-cpe:/a:debian:debian_linux:php7.4-mysql", "p-cpe:/a:debian:debian_linux:php7.4-odbc", "p-cpe:/a:debian:debian_linux:php7.4-opcache", "p-cpe:/a:debian:debian_linux:php7.4-pgsql", "p-cpe:/a:debian:debian_linux:php7.4-phpdbg", "p-cpe:/a:debian:debian_linux:php7.4-pspell", "p-cpe:/a:debian:debian_linux:php7.4-readline", "p-cpe:/a:debian:debian_linux:php7.4-snmp", "p-cpe:/a:debian:debian_linux:php7.4-soap", "p-cpe:/a:debian:debian_linux:php7.4-sqlite3", "p-cpe:/a:debian:debian_linux:php7.4-sybase", "p-cpe:/a:debian:debian_linux:php7.4-tidy", "p-cpe:/a:debian:debian_linux:php7.4-xml", "p-cpe:/a:debian:debian_linux:php7.4-xmlrpc", "p-cpe:/a:debian:debian_linux:php7.4-xsl", "p-cpe:/a:debian:debian_linux:php7.4-zip", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5363.NASL", "href": "https://www.tenable.com/plugins/nessus/171921", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5363. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171921);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/04\");\n\n script_cve_id(\n \"CVE-2022-31631\",\n \"CVE-2023-0567\",\n \"CVE-2023-0568\",\n \"CVE-2023-0662\"\n );\n script_xref(name:\"IAVA\", value:\"2023-A-0105\");\n\n script_name(english:\"Debian DSA-5363-1 : php7.4 - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5363 advisory.\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function\n allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting,\n this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to\n unauthorized data access or modification. (CVE-2023-0568)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP\n form upload can cause high resource consumption and excessive number of log entries. This can cause denial\n of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\n - php: PDO::quote() may return unquoted string due to an integer overflow (CVE-2022-31631)\n\n - Password_verify() always return true with some hash [fedora-36] (CVE-2023-0567)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/php7.4\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2023/dsa-5363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-31631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2023-0567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2023-0568\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2023-0662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/php7.4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the php7.4 packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 7.4.33-1+deb11u3.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-0568\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libapache2-mod-php7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libphp7.4-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.4-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.4-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.4-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.4-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.4-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.4-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.4-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.4-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.4-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.4-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.4-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.4-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.4-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.4-interbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.4-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.4-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.4-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.4-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.4-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.4-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.4-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.4-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.4-phpdbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.4-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.4-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.4-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.4-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.4-sqlite3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.4-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.4-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.4-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.4-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.4-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.4-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar debian_release = get_kb_item('Host/Debian/release');\nif ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');\ndebian_release = chomp(debian_release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + debian_release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'libapache2-mod-php7.4', 'reference': '7.4.33-1+deb11u3'},\n {'release': '11.0', 'prefix': 'libphp7.4-embed', 'reference': '7.4.33-1+deb11u3'},\n {'release': '11.0', 'prefix': 'php7.4', 'reference': '7.4.33-1+deb11u3'},\n {'release': '11.0', 'prefix': 'php7.4-bcmath', 'reference': '7.4.33-1+deb11u3'},\n {'release': '11.0', 'prefix': 'php7.4-bz2', 'reference': '7.4.33-1+deb11u3'},\n {'release': '11.0', 'prefix': 'php7.4-cgi', 'reference': '7.4.33-1+deb11u3'},\n {'release': '11.0', 'prefix': 'php7.4-cli', 'reference': '7.4.33-1+deb11u3'},\n {'release': '11.0', 'prefix': 'php7.4-common', 'reference': '7.4.33-1+deb11u3'},\n {'release': '11.0', 'prefix': 'php7.4-curl', 'reference': '7.4.33-1+deb11u3'},\n {'release': '11.0', 'prefix': 'php7.4-dba', 'reference': '7.4.33-1+deb11u3'},\n {'release': '11.0', 'prefix': 'php7.4-dev', 'reference': '7.4.33-1+deb11u3'},\n {'release': '11.0', 'prefix': 'php7.4-enchant', 'reference': '7.4.33-1+deb11u3'},\n {'release': '11.0', 'prefix': 'php7.4-fpm', 'reference': '7.4.33-1+deb11u3'},\n {'release': '11.0', 'prefix': 'php7.4-gd', 'reference': '7.4.33-1+deb11u3'},\n {'release': '11.0', 'prefix': 'php7.4-gmp', 'reference': '7.4.33-1+deb11u3'},\n {'release': '11.0', 'prefix': 'php7.4-imap', 'reference': '7.4.33-1+deb11u3'},\n {'release': '11.0', 'prefix': 'php7.4-interbase', 'reference': '7.4.33-1+deb11u3'},\n {'release': '11.0', 'prefix': 'php7.4-intl', 'reference': '7.4.33-1+deb11u3'},\n {'release': '11.0', 'prefix': 'php7.4-json', 'reference': '7.4.33-1+deb11u3'},\n {'release': '11.0', 'prefix': 'php7.4-ldap', 'reference': '7.4.33-1+deb11u3'},\n {'release': '11.0', 'prefix': 'php7.4-mbstring', 'reference': '7.4.33-1+deb11u3'},\n {'release': '11.0', 'prefix': 'php7.4-mysql', 'reference': '7.4.33-1+deb11u3'},\n {'release': '11.0', 'prefix': 'php7.4-odbc', 'reference': '7.4.33-1+deb11u3'},\n {'release': '11.0', 'prefix': 'php7.4-opcache', 'reference': '7.4.33-1+deb11u3'},\n {'release': '11.0', 'prefix': 'php7.4-pgsql', 'reference': '7.4.33-1+deb11u3'},\n {'release': '11.0', 'prefix': 'php7.4-phpdbg', 'reference': '7.4.33-1+deb11u3'},\n {'release': '11.0', 'prefix': 'php7.4-pspell', 'reference': '7.4.33-1+deb11u3'},\n {'release': '11.0', 'prefix': 'php7.4-readline', 'reference': '7.4.33-1+deb11u3'},\n {'release': '11.0', 'prefix': 'php7.4-snmp', 'reference': '7.4.33-1+deb11u3'},\n {'release': '11.0', 'prefix': 'php7.4-soap', 'reference': '7.4.33-1+deb11u3'},\n {'release': '11.0', 'prefix': 'php7.4-sqlite3', 'reference': '7.4.33-1+deb11u3'},\n {'release': '11.0', 'prefix': 'php7.4-sybase', 'reference': '7.4.33-1+deb11u3'},\n {'release': '11.0', 'prefix': 'php7.4-tidy', 'reference': '7.4.33-1+deb11u3'},\n {'release': '11.0', 'prefix': 'php7.4-xml', 'reference': '7.4.33-1+deb11u3'},\n {'release': '11.0', 'prefix': 'php7.4-xmlrpc', 'reference': '7.4.33-1+deb11u3'},\n {'release': '11.0', 'prefix': 'php7.4-xsl', 'reference': '7.4.33-1+deb11u3'},\n {'release': '11.0', 'prefix': 'php7.4-zip', 'reference': '7.4.33-1+deb11u3'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var _release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (_release && prefix && reference) {\n if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libapache2-mod-php7.4 / libphp7.4-embed / php7.4 / php7.4-bcmath / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:44:33", "description": "The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3345 advisory.\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. (CVE-2023-0568)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\n - php: PDO::quote() may return unquoted string due to an integer overflow (CVE-2022-31631)\n\n - Password_verify() always return true with some hash [fedora-36] (CVE-2023-0567)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-26T00:00:00", "type": "nessus", "title": "Debian DLA-3345-1 : php7.3 - LTS security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-31631", "CVE-2023-0567", "CVE-2023-0568", "CVE-2023-0662"], "modified": "2023-04-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libapache2-mod-php7.3", "p-cpe:/a:debian:debian_linux:libphp7.3-embed", "p-cpe:/a:debian:debian_linux:php7.3", "p-cpe:/a:debian:debian_linux:php7.3-bcmath", "p-cpe:/a:debian:debian_linux:php7.3-bz2", "p-cpe:/a:debian:debian_linux:php7.3-cgi", "p-cpe:/a:debian:debian_linux:php7.3-cli", "p-cpe:/a:debian:debian_linux:php7.3-common", "p-cpe:/a:debian:debian_linux:php7.3-mysql", "p-cpe:/a:debian:debian_linux:php7.3-curl", "p-cpe:/a:debian:debian_linux:php7.3-odbc", "p-cpe:/a:debian:debian_linux:php7.3-dba", "p-cpe:/a:debian:debian_linux:php7.3-opcache", "p-cpe:/a:debian:debian_linux:php7.3-dev", "p-cpe:/a:debian:debian_linux:php7.3-pgsql", "p-cpe:/a:debian:debian_linux:php7.3-enchant", "p-cpe:/a:debian:debian_linux:php7.3-phpdbg", "p-cpe:/a:debian:debian_linux:php7.3-fpm", "p-cpe:/a:debian:debian_linux:php7.3-pspell", "p-cpe:/a:debian:debian_linux:php7.3-readline", "p-cpe:/a:debian:debian_linux:php7.3-gd", "p-cpe:/a:debian:debian_linux:php7.3-recode", "p-cpe:/a:debian:debian_linux:php7.3-gmp", "p-cpe:/a:debian:debian_linux:php7.3-snmp", "p-cpe:/a:debian:debian_linux:php7.3-imap", "p-cpe:/a:debian:debian_linux:php7.3-soap", "p-cpe:/a:debian:debian_linux:php7.3-interbase", "p-cpe:/a:debian:debian_linux:php7.3-sqlite3", "p-cpe:/a:debian:debian_linux:php7.3-intl", "p-cpe:/a:debian:debian_linux:php7.3-sybase", "p-cpe:/a:debian:debian_linux:php7.3-json", "p-cpe:/a:debian:debian_linux:php7.3-tidy", "p-cpe:/a:debian:debian_linux:php7.3-xml", "p-cpe:/a:debian:debian_linux:php7.3-ldap", "p-cpe:/a:debian:debian_linux:php7.3-xmlrpc", "p-cpe:/a:debian:debian_linux:php7.3-xsl", "p-cpe:/a:debian:debian_linux:php7.3-mbstring", "p-cpe:/a:debian:debian_linux:php7.3-zip", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DLA-3345.NASL", "href": "https://www.tenable.com/plugins/nessus/171925", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-3345. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171925);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/04\");\n\n script_cve_id(\n \"CVE-2022-31631\",\n \"CVE-2023-0567\",\n \"CVE-2023-0568\",\n \"CVE-2023-0662\"\n );\n script_xref(name:\"IAVA\", value:\"2023-A-0105\");\n\n script_name(english:\"Debian DLA-3345-1 : php7.3 - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndla-3345 advisory.\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function\n allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting,\n this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to\n unauthorized data access or modification. (CVE-2023-0568)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP\n form upload can cause high resource consumption and excessive number of log entries. This can cause denial\n of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\n - php: PDO::quote() may return unquoted string due to an integer overflow (CVE-2022-31631)\n\n - Password_verify() always return true with some hash [fedora-36] (CVE-2023-0567)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/php7.3\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2023/dla-3345\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-31631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2023-0567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2023-0568\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2023-0662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/php7.3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the php7.3 packages.\n\nFor Debian 10 buster, these problems have been fixed in version 7.3.31-1~deb10u3.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-0568\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libapache2-mod-php7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libphp7.3-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3-interbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3-phpdbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3-sqlite3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar debian_release = get_kb_item('Host/Debian/release');\nif ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');\ndebian_release = chomp(debian_release);\nif (! preg(pattern:\"^(10)\\.[0-9]+\", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + debian_release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '10.0', 'prefix': 'libapache2-mod-php7.3', 'reference': '7.3.31-1~deb10u3'},\n {'release': '10.0', 'prefix': 'libphp7.3-embed', 'reference': '7.3.31-1~deb10u3'},\n {'release': '10.0', 'prefix': 'php7.3', 'reference': '7.3.31-1~deb10u3'},\n {'release': '10.0', 'prefix': 'php7.3-bcmath', 'reference': '7.3.31-1~deb10u3'},\n {'release': '10.0', 'prefix': 'php7.3-bz2', 'reference': '7.3.31-1~deb10u3'},\n {'release': '10.0', 'prefix': 'php7.3-cgi', 'reference': '7.3.31-1~deb10u3'},\n {'release': '10.0', 'prefix': 'php7.3-cli', 'reference': '7.3.31-1~deb10u3'},\n {'release': '10.0', 'prefix': 'php7.3-common', 'reference': '7.3.31-1~deb10u3'},\n {'release': '10.0', 'prefix': 'php7.3-curl', 'reference': '7.3.31-1~deb10u3'},\n {'release': '10.0', 'prefix': 'php7.3-dba', 'reference': '7.3.31-1~deb10u3'},\n {'release': '10.0', 'prefix': 'php7.3-dev', 'reference': '7.3.31-1~deb10u3'},\n {'release': '10.0', 'prefix': 'php7.3-enchant', 'reference': '7.3.31-1~deb10u3'},\n {'release': '10.0', 'prefix': 'php7.3-fpm', 'reference': '7.3.31-1~deb10u3'},\n {'release': '10.0', 'prefix': 'php7.3-gd', 'reference': '7.3.31-1~deb10u3'},\n {'release': '10.0', 'prefix': 'php7.3-gmp', 'reference': '7.3.31-1~deb10u3'},\n {'release': '10.0', 'prefix': 'php7.3-imap', 'reference': '7.3.31-1~deb10u3'},\n {'release': '10.0', 'prefix': 'php7.3-interbase', 'reference': '7.3.31-1~deb10u3'},\n {'release': '10.0', 'prefix': 'php7.3-intl', 'reference': '7.3.31-1~deb10u3'},\n {'release': '10.0', 'prefix': 'php7.3-json', 'reference': '7.3.31-1~deb10u3'},\n {'release': '10.0', 'prefix': 'php7.3-ldap', 'reference': '7.3.31-1~deb10u3'},\n {'release': '10.0', 'prefix': 'php7.3-mbstring', 'reference': '7.3.31-1~deb10u3'},\n {'release': '10.0', 'prefix': 'php7.3-mysql', 'reference': '7.3.31-1~deb10u3'},\n {'release': '10.0', 'prefix': 'php7.3-odbc', 'reference': '7.3.31-1~deb10u3'},\n {'release': '10.0', 'prefix': 'php7.3-opcache', 'reference': '7.3.31-1~deb10u3'},\n {'release': '10.0', 'prefix': 'php7.3-pgsql', 'reference': '7.3.31-1~deb10u3'},\n {'release': '10.0', 'prefix': 'php7.3-phpdbg', 'reference': '7.3.31-1~deb10u3'},\n {'release': '10.0', 'prefix': 'php7.3-pspell', 'reference': '7.3.31-1~deb10u3'},\n {'release': '10.0', 'prefix': 'php7.3-readline', 'reference': '7.3.31-1~deb10u3'},\n {'release': '10.0', 'prefix': 'php7.3-recode', 'reference': '7.3.31-1~deb10u3'},\n {'release': '10.0', 'prefix': 'php7.3-snmp', 'reference': '7.3.31-1~deb10u3'},\n {'release': '10.0', 'prefix': 'php7.3-soap', 'reference': '7.3.31-1~deb10u3'},\n {'release': '10.0', 'prefix': 'php7.3-sqlite3', 'reference': '7.3.31-1~deb10u3'},\n {'release': '10.0', 'prefix': 'php7.3-sybase', 'reference': '7.3.31-1~deb10u3'},\n {'release': '10.0', 'prefix': 'php7.3-tidy', 'reference': '7.3.31-1~deb10u3'},\n {'release': '10.0', 'prefix': 'php7.3-xml', 'reference': '7.3.31-1~deb10u3'},\n {'release': '10.0', 'prefix': 'php7.3-xmlrpc', 'reference': '7.3.31-1~deb10u3'},\n {'release': '10.0', 'prefix': 'php7.3-xsl', 'reference': '7.3.31-1~deb10u3'},\n {'release': '10.0', 'prefix': 'php7.3-zip', 'reference': '7.3.31-1~deb10u3'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var _release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (_release && prefix && reference) {\n if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libapache2-mod-php7.3 / libphp7.3-embed / php7.3 / php7.3-bcmath / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:43:22", "description": "The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0476-1 advisory.\n\n - php: PDO::quote() may return unquoted string due to an integer overflow (CVE-2022-31631)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. (CVE-2023-0567)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. (CVE-2023-0568)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-23T00:00:00", "type": "nessus", "title": "SUSE SLES15 / openSUSE 15 Security Update : php7 (SUSE-SU-2023:0476-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-31631", "CVE-2023-0567", "CVE-2023-0568", "CVE-2023-0662"], "modified": "2023-03-07T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php7", "p-cpe:/a:novell:suse_linux:php7", "p-cpe:/a:novell:suse_linux:php7-bcmath", "p-cpe:/a:novell:suse_linux:php7-bz2", "p-cpe:/a:novell:suse_linux:php7-calendar", "p-cpe:/a:novell:suse_linux:php7-ctype", "p-cpe:/a:novell:suse_linux:php7-curl", "p-cpe:/a:novell:suse_linux:php7-dba", "p-cpe:/a:novell:suse_linux:php7-devel", "p-cpe:/a:novell:suse_linux:php7-dom", "p-cpe:/a:novell:suse_linux:php7-enchant", "p-cpe:/a:novell:suse_linux:php7-exif", "p-cpe:/a:novell:suse_linux:php7-fastcgi", "p-cpe:/a:novell:suse_linux:php7-fileinfo", "p-cpe:/a:novell:suse_linux:php7-fpm", "p-cpe:/a:novell:suse_linux:php7-ftp", "p-cpe:/a:novell:suse_linux:php7-gd", "p-cpe:/a:novell:suse_linux:php7-gettext", "p-cpe:/a:novell:suse_linux:php7-gmp", "p-cpe:/a:novell:suse_linux:php7-iconv", "p-cpe:/a:novell:suse_linux:php7-intl", "p-cpe:/a:novell:suse_linux:php7-json", "p-cpe:/a:novell:suse_linux:php7-ldap", "p-cpe:/a:novell:suse_linux:php7-mbstring", "p-cpe:/a:novell:suse_linux:php7-mysql", "p-cpe:/a:novell:suse_linux:php7-odbc", "p-cpe:/a:novell:suse_linux:php7-opcache", "p-cpe:/a:novell:suse_linux:php7-openssl", "p-cpe:/a:novell:suse_linux:php7-pcntl", "p-cpe:/a:novell:suse_linux:php7-pdo", "p-cpe:/a:novell:suse_linux:php7-pgsql", "p-cpe:/a:novell:suse_linux:php7-phar", "p-cpe:/a:novell:suse_linux:php7-posix", "p-cpe:/a:novell:suse_linux:php7-readline", "p-cpe:/a:novell:suse_linux:php7-shmop", "p-cpe:/a:novell:suse_linux:php7-snmp", "p-cpe:/a:novell:suse_linux:php7-soap", "p-cpe:/a:novell:suse_linux:php7-sockets", "p-cpe:/a:novell:suse_linux:php7-sodium", "p-cpe:/a:novell:suse_linux:php7-sqlite", "p-cpe:/a:novell:suse_linux:php7-sysvmsg", "p-cpe:/a:novell:suse_linux:php7-sysvsem", "p-cpe:/a:novell:suse_linux:php7-sysvshm", "p-cpe:/a:novell:suse_linux:php7-tidy", "p-cpe:/a:novell:suse_linux:php7-tokenizer", "p-cpe:/a:novell:suse_linux:php7-xmlreader", "p-cpe:/a:novell:suse_linux:php7-xmlrpc", "p-cpe:/a:novell:suse_linux:php7-xmlwriter", "p-cpe:/a:novell:suse_linux:php7-xsl", "p-cpe:/a:novell:suse_linux:php7-zip", "p-cpe:/a:novell:suse_linux:php7-zlib", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2023-0476-1.NASL", "href": "https://www.tenable.com/plugins/nessus/171842", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2023:0476-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171842);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/07\");\n\n script_cve_id(\n \"CVE-2022-31631\",\n \"CVE-2023-0567\",\n \"CVE-2023-0568\",\n \"CVE-2023-0662\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2023:0476-1\");\n script_xref(name:\"IAVA\", value:\"2023-A-0016-S\");\n script_xref(name:\"IAVA\", value:\"2023-A-0105\");\n\n script_name(english:\"SUSE SLES15 / openSUSE 15 Security Update : php7 (SUSE-SU-2023:0476-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2023:0476-1 advisory.\n\n - php: PDO::quote() may return unquoted string due to an integer overflow (CVE-2022-31631)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may\n accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database,\n it may lead to an application allowing any password for this entry as valid. (CVE-2023-0567)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function\n allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting,\n this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to\n unauthorized data access or modification. (CVE-2023-0568)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP\n form upload can cause high resource consumption and excessive number of log entries. This can cause denial\n of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1208366\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1208367\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1208388\");\n # https://lists.suse.com/pipermail/sle-security-updates/2023-February/013867.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?20ce5d2a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-31631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-0567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-0568\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-0662\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-0568\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sodium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SUSE15\\.4)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'apache2-mod_php7-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-bcmath-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-bz2-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-calendar-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-ctype-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-curl-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-dba-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-devel-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-dom-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-enchant-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-exif-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-fastcgi-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-fileinfo-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-fpm-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-ftp-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-gd-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-gettext-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-gmp-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-iconv-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-intl-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-json-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-ldap-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-mbstring-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-mysql-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-odbc-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-opcache-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-openssl-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-pcntl-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-pdo-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-pgsql-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-phar-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-posix-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-readline-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-shmop-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-snmp-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-soap-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-sockets-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-sodium-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-sqlite-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-sysvmsg-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-sysvsem-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-sysvshm-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-tidy-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-tokenizer-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-xmlreader-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-xmlrpc-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-xmlwriter-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-xsl-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-zip-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-zlib-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'apache2-mod_php7-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-bcmath-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-bz2-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-calendar-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-ctype-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-curl-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-dba-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-devel-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-dom-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-enchant-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-exif-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-fastcgi-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-fileinfo-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-fpm-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-ftp-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-gd-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-gettext-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-gmp-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-iconv-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-intl-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-json-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-ldap-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-mbstring-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-mysql-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-odbc-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-opcache-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-openssl-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-pcntl-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-pdo-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-pgsql-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-phar-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-posix-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-readline-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-shmop-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-snmp-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-soap-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-sockets-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-sodium-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-sqlite-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-sysvmsg-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-sysvsem-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-sysvshm-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-tidy-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-tokenizer-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-xmlreader-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-xmlrpc-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-xmlwriter-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-xsl-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-zip-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-zlib-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-ESPOS-release-3']},\n {'reference':'apache2-mod_php7-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-bcmath-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-bz2-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-calendar-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-ctype-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-curl-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-dba-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-devel-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-dom-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-enchant-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-exif-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-fastcgi-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-fileinfo-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-fpm-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-ftp-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-gd-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-gettext-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-gmp-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-iconv-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-intl-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-json-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-ldap-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-mbstring-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-mysql-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-odbc-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-opcache-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-openssl-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-pcntl-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-pdo-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-pgsql-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-phar-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-posix-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-readline-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-shmop-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-snmp-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-soap-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-sockets-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-sodium-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-sqlite-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-sysvmsg-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-sysvsem-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-sysvshm-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-tidy-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-tokenizer-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-xmlreader-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-xmlrpc-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-xmlwriter-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-xsl-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-zip-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'php7-zlib-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},\n {'reference':'apache2-mod_php7-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'apache2-mod_php7-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-bcmath-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-bcmath-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-bz2-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-bz2-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-calendar-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-calendar-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-ctype-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-ctype-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-curl-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-curl-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-dba-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-dba-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-devel-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-devel-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-dom-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-dom-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-enchant-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-enchant-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-exif-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-exif-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-fastcgi-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-fastcgi-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-fileinfo-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-fileinfo-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-fpm-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-fpm-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-ftp-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-ftp-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-gd-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-gd-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-gettext-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-gettext-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-gmp-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-gmp-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-iconv-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-iconv-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-intl-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-intl-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-json-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-json-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-ldap-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-ldap-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-mbstring-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-mbstring-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-mysql-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-mysql-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-odbc-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-odbc-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-opcache-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-opcache-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-openssl-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-openssl-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-pcntl-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-pcntl-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-pdo-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-pdo-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-pgsql-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-pgsql-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-phar-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-phar-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-posix-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-posix-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-readline-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-readline-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-shmop-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-shmop-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-snmp-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-snmp-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-soap-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-soap-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-sockets-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-sockets-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-sodium-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-sodium-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-sqlite-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-sqlite-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-sysvmsg-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-sysvmsg-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-sysvsem-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-sysvsem-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-sysvshm-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-sysvshm-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-tidy-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-tidy-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-tokenizer-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-tokenizer-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-xmlreader-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-xmlreader-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-xmlrpc-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-xmlrpc-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-xmlwriter-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-xmlwriter-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-xsl-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-xsl-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-zip-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-zip-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-zlib-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'php7-zlib-7.4.33-150200.3.51.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'apache2-mod_php7-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'apache2-mod_php7-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-bcmath-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-bcmath-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-bz2-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-bz2-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-calendar-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-calendar-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-ctype-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-ctype-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-curl-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-curl-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-dba-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-dba-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-devel-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-devel-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-dom-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-dom-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-enchant-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-enchant-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-exif-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-exif-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-fastcgi-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-fastcgi-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-fileinfo-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-fileinfo-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-fpm-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-fpm-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-ftp-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-ftp-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-gd-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-gd-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-gettext-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-gettext-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-gmp-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-gmp-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-iconv-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-iconv-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-intl-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-intl-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-json-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-json-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-ldap-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-ldap-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-mbstring-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-mbstring-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-mysql-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-mysql-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-odbc-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-odbc-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-opcache-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-opcache-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-openssl-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-openssl-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-pcntl-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-pcntl-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-pdo-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-pdo-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-pgsql-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-pgsql-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-phar-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-phar-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-posix-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-posix-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-readline-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-readline-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-shmop-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-shmop-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-snmp-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-snmp-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-soap-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-soap-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-sockets-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-sockets-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-sodium-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-sodium-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-sqlite-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-sqlite-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-sysvmsg-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-sysvmsg-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-sysvsem-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-sysvsem-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-sysvshm-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-sysvshm-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-tidy-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-tidy-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-tokenizer-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-tokenizer-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-xmlreader-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-xmlreader-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-xmlrpc-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-xmlrpc-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-xmlwriter-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-xmlwriter-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-xsl-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-xsl-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-zip-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-zip-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-zlib-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-zlib-7.4.33-150200.3.51.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},\n {'reference':'php7-firebird-7.4.33-150200.3.51.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'apache2-mod_php7-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-bcmath-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-bz2-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-calendar-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-ctype-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-curl-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-dba-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-devel-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-dom-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-enchant-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-exif-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-fastcgi-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-fileinfo-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-fpm-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-ftp-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-gd-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-gettext-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-gmp-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-iconv-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-intl-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-json-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-ldap-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-mbstring-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-mysql-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-odbc-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-opcache-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-openssl-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-pcntl-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-pdo-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-pgsql-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-phar-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-posix-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-readline-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-shmop-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-snmp-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-soap-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-sockets-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-sodium-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-sqlite-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-sysvmsg-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-sysvsem-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-sysvshm-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-tidy-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-tokenizer-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-xmlreader-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-xmlrpc-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-xmlwriter-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-xsl-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-zip-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'php7-zlib-7.4.33-150200.3.51.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'apache2-mod_php7-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-bcmath-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-bz2-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-calendar-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-ctype-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-curl-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-dba-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-devel-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-dom-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-enchant-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-exif-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-fastcgi-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-fileinfo-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-fpm-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-ftp-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-gd-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-gettext-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-gmp-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-iconv-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-intl-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-json-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-ldap-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-mbstring-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-mysql-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-odbc-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-opcache-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-openssl-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-pcntl-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-pdo-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-pgsql-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-phar-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-posix-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-readline-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-shmop-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-snmp-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-soap-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-sockets-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-sodium-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-sqlite-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-sysvmsg-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-sysvsem-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-sysvshm-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-tidy-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-tokenizer-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-xmlreader-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-xmlrpc-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-xmlwriter-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-xsl-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-zip-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},\n {'reference':'php7-zlib-7.4.33-150200.3.51.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2-mod_php7 / php7 / php7-bcmath / php7-bz2 / php7-calendar / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:47:58", "description": "According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is running 5.22.0 or 5.23.1 or 6.0.0 and and is therefore affected by multiple vulnerabilities in PHP prior to version 8.0.28 / 8.1.16 / 8.2.3:\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. (CVE-2023-0568)", "cvss3": {}, "published": "2023-04-25T00:00:00", "type": "nessus", "title": "Tenable SecurityCenter 5.22.0 / 5.23.1 / 6.0.0 Multiple Vulnerabilities (TNS-2023-18)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-0568", "CVE-2023-0662"], "modified": "2023-04-26T00:00:00", "cpe": ["cpe:/a:tenable:securitycenter"], "id": "SECURITYCENTER_TNS_2023_18.NASL", "href": "https://www.tenable.com/plugins/nessus/174746", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(174746);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/26\");\n\n script_cve_id(\"CVE-2023-0662\", \"CVE-2023-0568\");\n\n script_name(english:\"Tenable SecurityCenter 5.22.0 / 5.23.1 / 6.0.0 Multiple Vulnerabilities (TNS-2023-18)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is \nrunning 5.22.0 or 5.23.1 or 6.0.0 and and is therefore affected by multiple vulnerabilities in PHP prior to \nversion 8.0.28 / 8.1.16 / 8.2.3:\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP \n form upload can cause high resource consumption and excessive number of log entries. This can cause denial \n of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function \n allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, \n this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to \n unauthorized data access or modification. (CVE-2023-0568)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/tns-2023-18\");\n # https://docs.tenable.com/releasenotes/Content/tenablesc/tenablesc2023.htm#Tenable.sc-6.1.0-(2023-03-22)\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0c45a331\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the security patch referenced in the vendor advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-0568\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/04/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/04/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:tenable:securitycenter\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"securitycenter_installed.nbin\");\n script_require_ports(\"installed_sw/Tenable SecurityCenter\");\n\n exit(0);\n}\n\ninclude('vcf_extras.inc');\n\nvar patches = make_list('SC-202304.1');\nvar app_info = vcf::tenable_sc::get_app_info();\n\nvcf::tenable_sc::check_for_patch(app_info:app_info, patches:patches);\n\nvar constraints = [\n { 'min_version' : '5.22.0', 'max_version': '5.22.0', 'fixed_display' : 'Apply Patch SC-202304.1'},\n { 'min_version' : '5.23.1', 'max_version': '5.23.1', 'fixed_display' : 'Apply Patch SC-202304.1'},\n { 'min_version' : '6.0.0', 'max_version': '6.0.0', 'fixed_display' : 'Apply Patch SC-202304.1'},\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:43:58", "description": "The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0527-1 advisory.\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. (CVE-2023-0568)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-27T00:00:00", "type": "nessus", "title": "SUSE SLES15 / openSUSE 15 Security Update : php8 (SUSE-SU-2023:0527-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-0568", "CVE-2023-0662"], "modified": "2023-03-07T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php8", "p-cpe:/a:novell:suse_linux:php8", "p-cpe:/a:novell:suse_linux:php8-bcmath", "p-cpe:/a:novell:suse_linux:php8-bz2", "p-cpe:/a:novell:suse_linux:php8-calendar", "p-cpe:/a:novell:suse_linux:php8-cli", "p-cpe:/a:novell:suse_linux:php8-ctype", "p-cpe:/a:novell:suse_linux:php8-curl", "p-cpe:/a:novell:suse_linux:php8-dba", "p-cpe:/a:novell:suse_linux:php8-devel", "p-cpe:/a:novell:suse_linux:php8-dom", "p-cpe:/a:novell:suse_linux:php8-embed", "p-cpe:/a:novell:suse_linux:php8-enchant", "p-cpe:/a:novell:suse_linux:php8-exif", "p-cpe:/a:novell:suse_linux:php8-fastcgi", "p-cpe:/a:novell:suse_linux:php8-fileinfo", "p-cpe:/a:novell:suse_linux:php8-fpm", "p-cpe:/a:novell:suse_linux:php8-ftp", "p-cpe:/a:novell:suse_linux:php8-gd", "p-cpe:/a:novell:suse_linux:php8-gettext", "p-cpe:/a:novell:suse_linux:php8-gmp", "p-cpe:/a:novell:suse_linux:php8-iconv", "p-cpe:/a:novell:suse_linux:php8-intl", "p-cpe:/a:novell:suse_linux:php8-ldap", "p-cpe:/a:novell:suse_linux:php8-mbstring", "p-cpe:/a:novell:suse_linux:php8-mysql", "p-cpe:/a:novell:suse_linux:php8-odbc", "p-cpe:/a:novell:suse_linux:php8-opcache", "p-cpe:/a:novell:suse_linux:php8-openssl", "p-cpe:/a:novell:suse_linux:php8-pcntl", "p-cpe:/a:novell:suse_linux:php8-pdo", "p-cpe:/a:novell:suse_linux:php8-pgsql", "p-cpe:/a:novell:suse_linux:php8-phar", "p-cpe:/a:novell:suse_linux:php8-posix", "p-cpe:/a:novell:suse_linux:php8-readline", "p-cpe:/a:novell:suse_linux:php8-shmop", "p-cpe:/a:novell:suse_linux:php8-snmp", "p-cpe:/a:novell:suse_linux:php8-soap", "p-cpe:/a:novell:suse_linux:php8-sockets", "p-cpe:/a:novell:suse_linux:php8-sodium", "p-cpe:/a:novell:suse_linux:php8-sqlite", "p-cpe:/a:novell:suse_linux:php8-sysvmsg", "p-cpe:/a:novell:suse_linux:php8-sysvsem", "p-cpe:/a:novell:suse_linux:php8-sysvshm", "p-cpe:/a:novell:suse_linux:php8-test", "p-cpe:/a:novell:suse_linux:php8-tidy", "p-cpe:/a:novell:suse_linux:php8-tokenizer", "p-cpe:/a:novell:suse_linux:php8-xmlreader", "p-cpe:/a:novell:suse_linux:php8-xmlwriter", "p-cpe:/a:novell:suse_linux:php8-xsl", "p-cpe:/a:novell:suse_linux:php8-zip", "p-cpe:/a:novell:suse_linux:php8-zlib", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2023-0527-1.NASL", "href": "https://www.tenable.com/plugins/nessus/171934", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2023:0527-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171934);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/07\");\n\n script_cve_id(\"CVE-2023-0568\", \"CVE-2023-0662\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2023:0527-1\");\n script_xref(name:\"IAVA\", value:\"2023-A-0105\");\n\n script_name(english:\"SUSE SLES15 / openSUSE 15 Security Update : php8 (SUSE-SU-2023:0527-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2023:0527-1 advisory.\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function\n allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting,\n this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to\n unauthorized data access or modification. (CVE-2023-0568)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP\n form upload can cause high resource consumption and excessive number of log entries. This can cause denial\n of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1208366\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1208367\");\n # https://lists.suse.com/pipermail/sle-security-updates/2023-February/013897.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?56ad6a75\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-0568\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-0662\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-0568\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-sodium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php8-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SUSE15\\.4)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP4\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'apache2-mod_php8-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-bcmath-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-bz2-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-calendar-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-cli-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-ctype-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-curl-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-dba-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-devel-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-dom-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-embed-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-enchant-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-exif-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-fastcgi-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-fileinfo-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-fpm-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-ftp-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-gd-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-gettext-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-gmp-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-iconv-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-intl-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-ldap-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-mbstring-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-mysql-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-odbc-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-opcache-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-openssl-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-pcntl-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-pdo-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-pgsql-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-phar-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-posix-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-readline-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-shmop-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-snmp-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-soap-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-sockets-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-sodium-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-sqlite-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-sysvmsg-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-sysvsem-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-sysvshm-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-test-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-tidy-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-tokenizer-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-xmlreader-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-xmlwriter-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-xsl-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-zip-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'php8-zlib-8.0.28-150400.4.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},\n {'reference':'apache2-mod_php8-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-bcmath-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-bz2-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-calendar-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-cli-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-ctype-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-curl-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-dba-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-devel-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-dom-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-embed-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-enchant-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-exif-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-fastcgi-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-fileinfo-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-fpm-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-ftp-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-gd-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-gettext-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-gmp-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-iconv-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-intl-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-ldap-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-mbstring-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-mysql-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-odbc-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-opcache-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-openssl-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-pcntl-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-pdo-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-pgsql-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-phar-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-posix-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-readline-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-shmop-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-snmp-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-soap-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-sockets-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-sodium-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-sqlite-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-sysvmsg-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-sysvsem-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-sysvshm-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-test-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-tidy-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-tokenizer-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-xmlreader-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-xmlwriter-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-xsl-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-zip-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'php8-zlib-8.0.28-150400.4.26.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2-mod_php8 / php8 / php8-bcmath / php8-bz2 / php8-calendar / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:41:07", "description": "According to its self-reported version number, the version of PHP installed on the remote host is 8.0.x prior to 8.0.28, 8.1.x prior to 8.1.16, or 8.2.x prior to 8.2.3. It is, therefore, affected by multiple vulnerabilities:\n\n - A denial of service (DoS) attack due to insufficient validation of user-supplied input when parsing multipart request body. (CVE-2023-0662)\n\n - An authentication bypass due to an error within the Password_verify() function hich always returns true with some hashes. (CVE-2023-0567)\n\n - A buffer overflow due to a boundary error when processing untrusted input in fopen_wrappers.c. (CVE-2023-0567)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-15T00:00:00", "type": "nessus", "title": "PHP 8.1.x < 8.1.16 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-0567", "CVE-2023-0662"], "modified": "2023-03-14T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_113582", "href": "https://www.tenable.com/plugins/was/113582", "sourceData": "No source data", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:41:07", "description": "According to its self-reported version number, the version of PHP installed on the remote host is 8.0.x prior to 8.0.28, 8.1.x prior to 8.1.16, or 8.2.x prior to 8.2.3. It is, therefore, affected by multiple vulnerabilities:\n\n - A denial of service (DoS) attack due to insufficient validation of user-supplied input when parsing multipart request body. (CVE-2023-0662)\n\n - An authentication bypass due to an error within the Password_verify() function hich always returns true with some hashes. (CVE-2023-0567)\n\n - A buffer overflow due to a boundary error when processing untrusted input in fopen_wrappers.c. (CVE-2023-0567)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-15T00:00:00", "type": "nessus", "title": "PHP 8.2.x < 8.2.3 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-0567", "CVE-2023-0662"], "modified": "2023-03-14T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_113581", "href": "https://www.tenable.com/plugins/was/113581", "sourceData": "No source data", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:41:08", "description": "According to its self-reported version number, the version of PHP installed on the remote host is 8.0.x prior to 8.0.28, 8.1.x prior to 8.1.16, or 8.2.x prior to 8.2.3. It is, therefore, affected by multiple vulnerabilities:\n\n - A denial of service (DoS) attack due to insufficient validation of user-supplied input when parsing multipart request body. (CVE-2023-0662)\n\n - An authentication bypass due to an error within the Password_verify() function hich always returns true with some hashes. (CVE-2023-0567)\n\n - A buffer overflow due to a boundary error when processing untrusted input in fopen_wrappers.c. (CVE-2023-0567)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-15T00:00:00", "type": "nessus", "title": "PHP 8.0.x < 8.0.28 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-0567", "CVE-2023-0662"], "modified": "2023-03-14T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_113583", "href": "https://www.tenable.com/plugins/was/113583", "sourceData": "No source data", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-29T16:06:01", "description": "According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is running 6.0.0 or earlier and is therefore affected by multiple vulnerabilities in Apache prior to version 2.4.56 and PHP prior to version 8.1.16:\n\n - HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client. (CVE-2023-27522)\n\n - Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target data and is then re-inserted into the proxied request-target using variable substitution. (CVE-2023-25690)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. (CVE-2023-0568)", "cvss3": {}, "published": "2023-03-23T00:00:00", "type": "nessus", "title": "Tenable SecurityCenter < 6.1.0 Multiple Vulnerabilities (TNS-2023-16)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-0568", "CVE-2023-0662", "CVE-2023-25690", "CVE-2023-27522"], "modified": "2023-04-20T00:00:00", "cpe": ["cpe:/a:tenable:securitycenter"], "id": "SECURITYCENTER_6_1_0_TNS_2023_16.NASL", "href": "https://www.tenable.com/plugins/nessus/173301", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(173301);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/20\");\n\n script_cve_id(\n \"CVE-2023-0568\",\n \"CVE-2023-0662\",\n \"CVE-2023-25690\",\n \"CVE-2023-27522\"\n );\n script_xref(name:\"IAVA\", value:\"2023-A-0105\");\n script_xref(name:\"IAVA\", value:\"2023-A-0124\");\n\n script_name(english:\"Tenable SecurityCenter < 6.1.0 Multiple Vulnerabilities (TNS-2023-16)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is \nrunning 6.0.0 or earlier and is therefore affected by multiple vulnerabilities in Apache prior to version 2.4.56\nand PHP prior to version 8.1.16:\n\n - HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache \n HTTP Server from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split\n the response forwarded to the client. (CVE-2023-27522)\n\n - Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request \n Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule\n or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target \n data and is then re-inserted into the proxied request-target using variable substitution. (CVE-2023-25690)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP \n form upload can cause high resource consumption and excessive number of log entries. This can cause denial \n of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function \n allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, \n this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to \n unauthorized data access or modification. (CVE-2023-0568)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/tns-2023-16\");\n # https://docs.tenable.com/releasenotes/Content/tenablesc/tenablesc2023.htm#Tenable.sc-6.1.0-(2023-03-22)\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0c45a331\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to Tenable SecurityCenter 6.1.0 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-25690\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/03/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:tenable:securitycenter\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"securitycenter_installed.nbin\");\n script_require_ports(\"installed_sw/Tenable SecurityCenter\");\n\n exit(0);\n}\n\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::tenable_sc::get_app_info();\n\nvar constraints = [\n { 'min_version' : '5.18.0', 'max_version': '6.0.0', 'fixed_display' : 'Upgrade to 6.1.0 or later'}\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:44:00", "description": "The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5905-1 advisory.\n\n - In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip files, resulting in an infinite loop. (CVE-2022-31628)\n\n - In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications. (CVE-2022-31629)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. (CVE-2023-0568)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\n - php: PDO::quote() may return unquoted string due to an integer overflow (CVE-2022-31631)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-02T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 ESM : PHP vulnerabilities (USN-5905-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-31628", "CVE-2022-31629", "CVE-2022-31631", "CVE-2023-0568", "CVE-2023-0662"], "modified": "2023-04-04T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:esm", "p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.0", "p-cpe:/a:canonical:ubuntu_linux:libphp7.0-embed", "p-cpe:/a:canonical:ubuntu_linux:php7.0", "p-cpe:/a:canonical:ubuntu_linux:php7.0-bcmath", "p-cpe:/a:canonical:ubuntu_linux:php7.0-bz2", "p-cpe:/a:canonical:ubuntu_linux:php7.0-cgi", "p-cpe:/a:canonical:ubuntu_linux:php7.0-cli", "p-cpe:/a:canonical:ubuntu_linux:php7.0-common", "p-cpe:/a:canonical:ubuntu_linux:php7.0-curl", "p-cpe:/a:canonical:ubuntu_linux:php7.0-dba", "p-cpe:/a:canonical:ubuntu_linux:php7.0-dev", "p-cpe:/a:canonical:ubuntu_linux:php7.0-enchant", "p-cpe:/a:canonical:ubuntu_linux:php7.0-fpm", "p-cpe:/a:canonical:ubuntu_linux:php7.0-gd", "p-cpe:/a:canonical:ubuntu_linux:php7.0-gmp", "p-cpe:/a:canonical:ubuntu_linux:php7.0-imap", "p-cpe:/a:canonical:ubuntu_linux:php7.0-interbase", "p-cpe:/a:canonical:ubuntu_linux:php7.0-intl", "p-cpe:/a:canonical:ubuntu_linux:php7.0-json", "p-cpe:/a:canonical:ubuntu_linux:php7.0-ldap", "p-cpe:/a:canonical:ubuntu_linux:php7.0-mbstring", "p-cpe:/a:canonical:ubuntu_linux:php7.0-mcrypt", "p-cpe:/a:canonical:ubuntu_linux:php7.0-mysql", "p-cpe:/a:canonical:ubuntu_linux:php7.0-odbc", "p-cpe:/a:canonical:ubuntu_linux:php7.0-opcache", "p-cpe:/a:canonical:ubuntu_linux:php7.0-pgsql", "p-cpe:/a:canonical:ubuntu_linux:php7.0-phpdbg", "p-cpe:/a:canonical:ubuntu_linux:php7.0-pspell", "p-cpe:/a:canonical:ubuntu_linux:php7.0-readline", "p-cpe:/a:canonical:ubuntu_linux:php7.0-recode", "p-cpe:/a:canonical:ubuntu_linux:php7.0-snmp", "p-cpe:/a:canonical:ubuntu_linux:php7.0-soap", "p-cpe:/a:canonical:ubuntu_linux:php7.0-sqlite3", "p-cpe:/a:canonical:ubuntu_linux:php7.0-sybase", "p-cpe:/a:canonical:ubuntu_linux:php7.0-tidy", "p-cpe:/a:canonical:ubuntu_linux:php7.0-xml", "p-cpe:/a:canonical:ubuntu_linux:php7.0-xmlrpc", "p-cpe:/a:canonical:ubuntu_linux:php7.0-xsl", "p-cpe:/a:canonical:ubuntu_linux:php7.0-zip"], "id": "UBUNTU_USN-5905-1.NASL", "href": "https://www.tenable.com/plugins/nessus/172053", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5905-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(172053);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/04\");\n\n script_cve_id(\n \"CVE-2022-31628\",\n \"CVE-2022-31629\",\n \"CVE-2022-31631\",\n \"CVE-2023-0568\",\n \"CVE-2023-0662\"\n );\n script_xref(name:\"USN\", value:\"5905-1\");\n script_xref(name:\"IAVA\", value:\"2023-A-0105\");\n\n script_name(english:\"Ubuntu 16.04 ESM : PHP vulnerabilities (USN-5905-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-5905-1 advisory.\n\n - In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress\n quines gzip files, resulting in an infinite loop. (CVE-2022-31628)\n\n - In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site\n attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or\n `__Secure-` cookie by PHP applications. (CVE-2022-31629)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function\n allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting,\n this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to\n unauthorized data access or modification. (CVE-2023-0568)\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP\n form upload can cause high resource consumption and excessive number of log entries. This can cause denial\n of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\n - php: PDO::quote() may return unquoted string due to an integer overflow (CVE-2022-31631)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5905-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-31629\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:esm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libphp7.0-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-interbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-phpdbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-sqlite3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-zip\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(16\\.04)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '16.04', 'pkgname': 'libapache2-mod-php7.0', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'libphp7.0-embed', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'php7.0', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'php7.0-bcmath', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'php7.0-bz2', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'php7.0-cgi', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'php7.0-cli', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'php7.0-common', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'php7.0-curl', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'php7.0-dba', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'php7.0-dev', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'php7.0-enchant', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'php7.0-fpm', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'php7.0-gd', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'php7.0-gmp', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'php7.0-imap', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'php7.0-interbase', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'php7.0-intl', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'php7.0-json', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'php7.0-ldap', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'php7.0-mbstring', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'php7.0-mcrypt', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'php7.0-mysql', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'php7.0-odbc', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'php7.0-opcache', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'php7.0-pgsql', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'php7.0-phpdbg', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'php7.0-pspell', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'php7.0-readline', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'php7.0-recode', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'php7.0-snmp', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'php7.0-soap', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'php7.0-sqlite3', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'php7.0-sybase', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'php7.0-tidy', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'php7.0-xml', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'php7.0-xmlrpc', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'php7.0-xsl', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'},\n {'osver': '16.04', 'pkgname': 'php7.0-zip', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm5'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libapache2-mod-php7.0 / libphp7.0-embed / php7.0 / php7.0-bcmath / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:45:46", "description": "The version of php installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-0568 advisory.\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. (CVE-2023-0568)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-20T00:00:00", "type": "nessus", "title": "CBL Mariner 2.0 Security Update: php (CVE-2023-0568)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-0568"], "modified": "2023-03-28T00:00:00", "cpe": ["p-cpe:/a:microsoft:cbl-mariner:php", "p-cpe:/a:microsoft:cbl-mariner:php-bcmath", "p-cpe:/a:microsoft:cbl-mariner:php-cli", "p-cpe:/a:microsoft:cbl-mariner:php-common", "p-cpe:/a:microsoft:cbl-mariner:php-dba", "p-cpe:/a:microsoft:cbl-mariner:php-dbg", "p-cpe:/a:microsoft:cbl-mariner:php-debuginfo", "p-cpe:/a:microsoft:cbl-mariner:php-devel", "p-cpe:/a:microsoft:cbl-mariner:php-embedded", "p-cpe:/a:microsoft:cbl-mariner:php-enchant", "p-cpe:/a:microsoft:cbl-mariner:php-ffi", "p-cpe:/a:microsoft:cbl-mariner:php-fpm", "p-cpe:/a:microsoft:cbl-mariner:php-gd", "p-cpe:/a:microsoft:cbl-mariner:php-gmp", "p-cpe:/a:microsoft:cbl-mariner:php-intl", "p-cpe:/a:microsoft:cbl-mariner:php-ldap", "p-cpe:/a:microsoft:cbl-mariner:php-mbstring", "p-cpe:/a:microsoft:cbl-mariner:php-mysqlnd", "p-cpe:/a:microsoft:cbl-mariner:php-odbc", "p-cpe:/a:microsoft:cbl-mariner:php-opcache", "p-cpe:/a:microsoft:cbl-mariner:php-pdo", "p-cpe:/a:microsoft:cbl-mariner:php-pdo-dblib", "p-cpe:/a:microsoft:cbl-mariner:php-pgsql", "p-cpe:/a:microsoft:cbl-mariner:php-process", "p-cpe:/a:microsoft:cbl-mariner:php-pspell", "p-cpe:/a:microsoft:cbl-mariner:php-snmp", "p-cpe:/a:microsoft:cbl-mariner:php-soap", "p-cpe:/a:microsoft:cbl-mariner:php-sodium", "p-cpe:/a:microsoft:cbl-mariner:php-tidy", "p-cpe:/a:microsoft:cbl-mariner:php-xml", "x-cpe:/o:microsoft:cbl-mariner"], "id": "MARINER_PHP_CVE-2023-0568.NASL", "href": "https://www.tenable.com/plugins/nessus/172933", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(172933);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/28\");\n\n script_cve_id(\"CVE-2023-0568\");\n script_xref(name:\"IAVA\", value:\"2023-A-0105\");\n\n script_name(english:\"CBL Mariner 2.0 Security Update: php (CVE-2023-0568)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CBL Mariner host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of php installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected\nby a vulnerability as referenced in the CVE-2023-0568 advisory.\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function\n allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting,\n this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to\n unauthorized data access or modification. (CVE-2023-0568)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://nvd.nist.gov/vuln/detail/CVE-2023-0568\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-0568\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-ffi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-pdo-dblib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-sodium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:microsoft:cbl-mariner\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MarinerOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CBLMariner/release\", \"Host/CBLMariner/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CBLMariner/release');\nif (isnull(release) || 'CBL-Mariner' >!< release) audit(AUDIT_OS_NOT, 'CBL-Mariner');\nvar os_ver = pregmatch(pattern: \"CBL-Mariner ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CBL-Mariner');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'CBL-Mariner 2.0', 'CBL-Mariner ' + os_ver);\n\nif (!get_kb_item('Host/CBLMariner/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu)\n audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CBL-Mariner', cpu);\n\nvar pkgs = [\n {'reference':'php-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-bcmath-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-bcmath-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-cli-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-cli-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-common-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-common-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-dba-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-dba-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-dbg-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-dbg-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-debuginfo-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-debuginfo-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-devel-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-devel-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-embedded-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-embedded-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-enchant-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-enchant-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-ffi-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-ffi-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-fpm-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-fpm-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-gd-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-gd-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-gmp-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-gmp-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-intl-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-intl-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-ldap-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-ldap-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-mbstring-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-mbstring-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-mysqlnd-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-mysqlnd-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-odbc-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-odbc-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-opcache-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-opcache-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pdo-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pdo-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pdo-dblib-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pdo-dblib-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pgsql-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pgsql-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-process-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-process-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pspell-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pspell-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-snmp-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-snmp-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-soap-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-soap-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-sodium-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-sodium-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-tidy-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-tidy-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-xml-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-xml-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'CBLMariner-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'php / php-bcmath / php-cli / php-common / php-dba / php-dbg / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:45:45", "description": "The version of php installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-0567 advisory.\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. (CVE-2023-0567)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-20T00:00:00", "type": "nessus", "title": "CBL Mariner 2.0 Security Update: php (CVE-2023-0567)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-0567"], "modified": "2023-03-20T00:00:00", "cpe": ["p-cpe:/a:microsoft:cbl-mariner:php", "p-cpe:/a:microsoft:cbl-mariner:php-bcmath", "p-cpe:/a:microsoft:cbl-mariner:php-cli", "p-cpe:/a:microsoft:cbl-mariner:php-common", "p-cpe:/a:microsoft:cbl-mariner:php-dba", "p-cpe:/a:microsoft:cbl-mariner:php-dbg", "p-cpe:/a:microsoft:cbl-mariner:php-debuginfo", "p-cpe:/a:microsoft:cbl-mariner:php-devel", "p-cpe:/a:microsoft:cbl-mariner:php-embedded", "p-cpe:/a:microsoft:cbl-mariner:php-enchant", "p-cpe:/a:microsoft:cbl-mariner:php-ffi", "p-cpe:/a:microsoft:cbl-mariner:php-fpm", "p-cpe:/a:microsoft:cbl-mariner:php-gd", "p-cpe:/a:microsoft:cbl-mariner:php-gmp", "p-cpe:/a:microsoft:cbl-mariner:php-intl", "p-cpe:/a:microsoft:cbl-mariner:php-ldap", "p-cpe:/a:microsoft:cbl-mariner:php-mbstring", "p-cpe:/a:microsoft:cbl-mariner:php-mysqlnd", "p-cpe:/a:microsoft:cbl-mariner:php-odbc", "p-cpe:/a:microsoft:cbl-mariner:php-opcache", "p-cpe:/a:microsoft:cbl-mariner:php-pdo", "p-cpe:/a:microsoft:cbl-mariner:php-pdo-dblib", "p-cpe:/a:microsoft:cbl-mariner:php-pgsql", "p-cpe:/a:microsoft:cbl-mariner:php-process", "p-cpe:/a:microsoft:cbl-mariner:php-pspell", "p-cpe:/a:microsoft:cbl-mariner:php-snmp", "p-cpe:/a:microsoft:cbl-mariner:php-soap", "p-cpe:/a:microsoft:cbl-mariner:php-sodium", "p-cpe:/a:microsoft:cbl-mariner:php-tidy", "p-cpe:/a:microsoft:cbl-mariner:php-xml", "x-cpe:/o:microsoft:cbl-mariner"], "id": "MARINER_PHP_CVE-2023-0567.NASL", "href": "https://www.tenable.com/plugins/nessus/172864", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(172864);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/20\");\n\n script_cve_id(\"CVE-2023-0567\");\n script_xref(name:\"IAVA\", value:\"2023-A-0105\");\n\n script_name(english:\"CBL Mariner 2.0 Security Update: php (CVE-2023-0567)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CBL Mariner host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of php installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected\nby a vulnerability as referenced in the CVE-2023-0567 advisory.\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may\n accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database,\n it may lead to an application allowing any password for this entry as valid. (CVE-2023-0567)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://nvd.nist.gov/vuln/detail/CVE-2023-0567\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-0567\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-ffi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-pdo-dblib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-sodium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:microsoft:cbl-mariner\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MarinerOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CBLMariner/release\", \"Host/CBLMariner/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CBLMariner/release');\nif (isnull(release) || 'CBL-Mariner' >!< release) audit(AUDIT_OS_NOT, 'CBL-Mariner');\nvar os_ver = pregmatch(pattern: \"CBL-Mariner ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CBL-Mariner');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'CBL-Mariner 2.0', 'CBL-Mariner ' + os_ver);\n\nif (!get_kb_item('Host/CBLMariner/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu)\n audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CBL-Mariner', cpu);\n\nvar pkgs = [\n {'reference':'php-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-bcmath-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-bcmath-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-cli-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-cli-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-common-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-common-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-dba-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-dba-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-dbg-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-dbg-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-debuginfo-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-debuginfo-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-devel-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-devel-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-embedded-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-embedded-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-enchant-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-enchant-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-ffi-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-ffi-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-fpm-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-fpm-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-gd-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-gd-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-gmp-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-gmp-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-intl-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-intl-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-ldap-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-ldap-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-mbstring-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-mbstring-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-mysqlnd-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-mysqlnd-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-odbc-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-odbc-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-opcache-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-opcache-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pdo-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pdo-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pdo-dblib-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pdo-dblib-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pgsql-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pgsql-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-process-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-process-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pspell-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pspell-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-snmp-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-snmp-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-soap-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-soap-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-sodium-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-sodium-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-tidy-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-tidy-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-xml-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-xml-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'CBLMariner-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'php / php-bcmath / php-cli / php-common / php-dba / php-dbg / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:47:47", "description": "The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6053-1 advisory.\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. (CVE-2023-0567)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-05-02T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 ESM : PHP vulnerability (USN-6053-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-0567"], "modified": "2023-05-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.0", "p-cpe:/a:canonical:ubuntu_linux:php7.0-cgi", "p-cpe:/a:canonical:ubuntu_linux:php7.0-cli", "p-cpe:/a:canonical:ubuntu_linux:php7.0-fpm", "p-cpe:/a:canonical:ubuntu_linux:php7.0-bcmath", "p-cpe:/a:canonical:ubuntu_linux:php7.0-mbstring", "p-cpe:/a:canonical:ubuntu_linux:php7.0-xmlrpc", "p-cpe:/a:canonical:ubuntu_linux:php7.0-curl", "p-cpe:/a:canonical:ubuntu_linux:php7.0-gd", "p-cpe:/a:canonical:ubuntu_linux:php7.0-mysql", "p-cpe:/a:canonical:ubuntu_linux:libphp7.0-embed", "p-cpe:/a:canonical:ubuntu_linux:php7.0", "p-cpe:/a:canonical:ubuntu_linux:php7.0-bz2", "p-cpe:/a:canonical:ubuntu_linux:php7.0-common", "p-cpe:/a:canonical:ubuntu_linux:php7.0-dba", "p-cpe:/a:canonical:ubuntu_linux:php7.0-dev", "p-cpe:/a:canonical:ubuntu_linux:php7.0-enchant", "p-cpe:/a:canonical:ubuntu_linux:php7.0-gmp", "p-cpe:/a:canonical:ubuntu_linux:php7.0-imap", "p-cpe:/a:canonical:ubuntu_linux:php7.0-interbase", "p-cpe:/a:canonical:ubuntu_linux:php7.0-intl", "p-cpe:/a:canonical:ubuntu_linux:php7.0-json", "p-cpe:/a:canonical:ubuntu_linux:php7.0-ldap", "p-cpe:/a:canonical:ubuntu_linux:php7.0-mcrypt", "p-cpe:/a:canonical:ubuntu_linux:php7.0-odbc", "p-cpe:/a:canonical:ubuntu_linux:php7.0-opcache", "p-cpe:/a:canonical:ubuntu_linux:php7.0-pgsql", "p-cpe:/a:canonical:ubuntu_linux:php7.0-phpdbg", "p-cpe:/a:canonical:ubuntu_linux:php7.0-pspell", "p-cpe:/a:canonical:ubuntu_linux:php7.0-readline", "p-cpe:/a:canonical:ubuntu_linux:php7.0-recode", "p-cpe:/a:canonical:ubuntu_linux:php7.0-snmp", "p-cpe:/a:canonical:ubuntu_linux:php7.0-soap", "p-cpe:/a:canonical:ubuntu_linux:php7.0-sqlite3", "p-cpe:/a:canonical:ubuntu_linux:php7.0-sybase", "p-cpe:/a:canonical:ubuntu_linux:php7.0-tidy", "p-cpe:/a:canonical:ubuntu_linux:php7.0-xml", "p-cpe:/a:canonical:ubuntu_linux:php7.0-xsl", "p-cpe:/a:canonical:ubuntu_linux:php7.0-zip", "cpe:/o:canonical:ubuntu_linux:16.04:-:esm"], "id": "UBUNTU_USN-6053-1.NASL", "href": "https://www.tenable.com/plugins/nessus/174997", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-6053-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(174997);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/02\");\n\n script_cve_id(\"CVE-2023-0567\");\n script_xref(name:\"USN\", value:\"6053-1\");\n\n script_name(english:\"Ubuntu 16.04 ESM : PHP vulnerability (USN-6053-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the\nUSN-6053-1 advisory.\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may\n accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database,\n it may lead to an application allowing any password for this entry as valid. (CVE-2023-0567)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-6053-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-0567\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/05/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/05/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:esm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libphp7.0-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-interbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-phpdbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-sqlite3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-zip\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(16\\.04)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '16.04', 'pkgname': 'libapache2-mod-php7.0', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'libphp7.0-embed', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'php7.0', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'php7.0-bcmath', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'php7.0-bz2', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'php7.0-cgi', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'php7.0-cli', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'php7.0-common', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'php7.0-curl', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'php7.0-dba', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'php7.0-dev', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'php7.0-enchant', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'php7.0-fpm', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'php7.0-gd', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'php7.0-gmp', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'php7.0-imap', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'php7.0-interbase', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'php7.0-intl', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'php7.0-json', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'php7.0-ldap', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'php7.0-mbstring', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'php7.0-mcrypt', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'php7.0-mysql', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'php7.0-odbc', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'php7.0-opcache', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'php7.0-pgsql', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'php7.0-phpdbg', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'php7.0-pspell', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'php7.0-readline', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'php7.0-recode', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'php7.0-snmp', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'php7.0-soap', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'php7.0-sqlite3', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'php7.0-sybase', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'php7.0-tidy', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'php7.0-xml', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'php7.0-xmlrpc', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'php7.0-xsl', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'},\n {'osver': '16.04', 'pkgname': 'php7.0-zip', 'pkgver': '7.0.33-0ubuntu0.16.04.16+esm6'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libapache2-mod-php7.0 / libphp7.0-embed / php7.0 / php7.0-bcmath / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-22T22:44:58", "description": "The version of php installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-0662 advisory.\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-20T00:00:00", "type": "nessus", "title": "CBL Mariner 2.0 Security Update: php (CVE-2023-0662)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-0662"], "modified": "2023-03-28T00:00:00", "cpe": ["p-cpe:/a:microsoft:cbl-mariner:php", "p-cpe:/a:microsoft:cbl-mariner:php-bcmath", "p-cpe:/a:microsoft:cbl-mariner:php-cli", "p-cpe:/a:microsoft:cbl-mariner:php-common", "p-cpe:/a:microsoft:cbl-mariner:php-dba", "p-cpe:/a:microsoft:cbl-mariner:php-dbg", "p-cpe:/a:microsoft:cbl-mariner:php-debuginfo", "p-cpe:/a:microsoft:cbl-mariner:php-devel", "p-cpe:/a:microsoft:cbl-mariner:php-embedded", "p-cpe:/a:microsoft:cbl-mariner:php-enchant", "p-cpe:/a:microsoft:cbl-mariner:php-ffi", "p-cpe:/a:microsoft:cbl-mariner:php-fpm", "p-cpe:/a:microsoft:cbl-mariner:php-gd", "p-cpe:/a:microsoft:cbl-mariner:php-gmp", "p-cpe:/a:microsoft:cbl-mariner:php-intl", "p-cpe:/a:microsoft:cbl-mariner:php-ldap", "p-cpe:/a:microsoft:cbl-mariner:php-mbstring", "p-cpe:/a:microsoft:cbl-mariner:php-mysqlnd", "p-cpe:/a:microsoft:cbl-mariner:php-odbc", "p-cpe:/a:microsoft:cbl-mariner:php-opcache", "p-cpe:/a:microsoft:cbl-mariner:php-pdo", "p-cpe:/a:microsoft:cbl-mariner:php-pdo-dblib", "p-cpe:/a:microsoft:cbl-mariner:php-pgsql", "p-cpe:/a:microsoft:cbl-mariner:php-process", "p-cpe:/a:microsoft:cbl-mariner:php-pspell", "p-cpe:/a:microsoft:cbl-mariner:php-snmp", "p-cpe:/a:microsoft:cbl-mariner:php-soap", "p-cpe:/a:microsoft:cbl-mariner:php-sodium", "p-cpe:/a:microsoft:cbl-mariner:php-tidy", "p-cpe:/a:microsoft:cbl-mariner:php-xml", "x-cpe:/o:microsoft:cbl-mariner"], "id": "MARINER_PHP_CVE-2023-0662.NASL", "href": "https://www.tenable.com/plugins/nessus/172988", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(172988);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/28\");\n\n script_cve_id(\"CVE-2023-0662\");\n script_xref(name:\"IAVA\", value:\"2023-A-0105\");\n\n script_name(english:\"CBL Mariner 2.0 Security Update: php (CVE-2023-0662)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CBL Mariner host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of php installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected\nby a vulnerability as referenced in the CVE-2023-0662 advisory.\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP\n form upload can cause high resource consumption and excessive number of log entries. This can cause denial\n of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://nvd.nist.gov/vuln/detail/CVE-2023-0662\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-0662\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-ffi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-pdo-dblib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-sodium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:microsoft:cbl-mariner\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MarinerOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CBLMariner/release\", \"Host/CBLMariner/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CBLMariner/release');\nif (isnull(release) || 'CBL-Mariner' >!< release) audit(AUDIT_OS_NOT, 'CBL-Mariner');\nvar os_ver = pregmatch(pattern: \"CBL-Mariner ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CBL-Mariner');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'CBL-Mariner 2.0', 'CBL-Mariner ' + os_ver);\n\nif (!get_kb_item('Host/CBLMariner/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu)\n audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CBL-Mariner', cpu);\n\nvar pkgs = [\n {'reference':'php-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-bcmath-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-bcmath-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-cli-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-cli-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-common-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-common-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-dba-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-dba-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-dbg-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-dbg-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-debuginfo-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-debuginfo-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-devel-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-devel-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-embedded-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-embedded-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-enchant-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-enchant-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-ffi-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-ffi-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-fpm-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-fpm-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-gd-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-gd-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-gmp-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-gmp-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-intl-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-intl-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-ldap-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-ldap-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-mbstring-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-mbstring-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-mysqlnd-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-mysqlnd-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-odbc-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-odbc-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-opcache-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-opcache-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pdo-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pdo-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pdo-dblib-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pdo-dblib-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pgsql-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pgsql-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-process-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-process-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pspell-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pspell-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-snmp-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-snmp-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-soap-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-soap-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-sodium-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-sodium-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-tidy-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-tidy-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-xml-8.1.16-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-xml-8.1.16-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'CBLMariner-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'php / php-bcmath / php-cli / php-common / php-dba / php-dbg / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-22T22:43:21", "description": "The version of PHP installed on the remote host is prior to 8.1.16. It is, therefore, affected by a vulnerability as referenced in the Version 8.1.16 advisory.\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-14T00:00:00", "type": "nessus", "title": "PHP 8.1.x < 8.1.16", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-0662"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_8_1_16.NASL", "href": "https://www.tenable.com/plugins/nessus/171465", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171465);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2023-0662\");\n script_xref(name:\"IAVA\", value:\"2023-A-0105\");\n\n script_name(english:\"PHP 8.1.x < 8.1.16\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version PHP running on the remote web server is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of PHP installed on the remote host is prior to 8.1.16. It is, therefore, affected by a vulnerability as\nreferenced in the Version 8.1.16 advisory.\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP\n form upload can cause high resource consumption and excessive number of log entries. This can cause denial\n of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-8.php#8.1.16\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 8.1.16 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-0662\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('http.inc');\n\nvar port = get_http_port(default:80, php:TRUE);\nvar app_info = vcf::get_app_info(app:'PHP', port:port, webapp:TRUE);\n\nvar backported = get_kb_item('www/php/' + port + '/' + app_info.version + '/backported');\nif ((report_paranoia < 2) && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, 'PHP ' + app_info.version + ' install');\n\nvar constraints = [\n { 'min_version' : '8.1.0alpha1', 'fixed_version' : '8.1.16' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-22T22:43:45", "description": "The version of PHP installed on the remote host is prior to 8.0.28. It is, therefore, affected by a vulnerability as referenced in the Version 8.0.28 advisory.\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-14T00:00:00", "type": "nessus", "title": "PHP 8.0.x < 8.0.28", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-0662"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_8_0_28.NASL", "href": "https://www.tenable.com/plugins/nessus/171436", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171436);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2023-0662\");\n script_xref(name:\"IAVA\", value:\"2023-A-0105\");\n\n script_name(english:\"PHP 8.0.x < 8.0.28\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version PHP running on the remote web server is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of PHP installed on the remote host is prior to 8.0.28. It is, therefore, affected by a vulnerability as\nreferenced in the Version 8.0.28 advisory.\n\n - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP\n form upload can cause high resource consumption and excessive number of log entries. This can cause denial\n of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-8.php#8.0.28\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 8.0.28 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-0662\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('http.inc');\n\nvar port = get_http_port(default:80, php:TRUE);\nvar app_info = vcf::get_app_info(app:'PHP', port:port, webapp:TRUE);\n\nvar backported = get_kb_item('www/php/' + port + '/' + app_info.version + '/backported');\nif ((report_paranoia < 2) && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, 'PHP ' + app_info.version + ' install');\n\nvar constraints = [\n { 'min_version' : '8.0.0alpha1', 'fixed_version' : '8.0.28' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "fedora": [{"lastseen": "2023-06-03T18:37:50", "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-24T03:47:37", "type": "fedora", "title": "[SECURITY] Fedora 36 Update: php-8.1.16-1.fc36", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-0567", "CVE-2023-0568", "CVE-2023-0662"], "modified": "2023-02-24T03:47:37", "id": "FEDORA:08777305F846", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BQFBADFADMIH3HN3E4XY4OJRTS4GCOR2/", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T18:37:50", "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-24T04:47:32", "type": "fedora", "title": "[SECURITY] Fedora 37 Update: php-8.1.16-1.fc37", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-0567", "CVE-2023-0568", "CVE-2023-0662"], "modified": "2023-02-24T04:47:32", "id": "FEDORA:456663045996", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SAHLELXVEJWT6XOXAJBXT4AKQCKION65/", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2023-06-03T18:21:57", "description": "New php packages are available for Slackware 15.0 and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 15.0 ChangeLog:\n\npatches/packages/php-7.4.33-i586-3_slack15.0.txz: Rebuilt.\n This update fixes security issues:\n Core: Password_verify() always return true with some hash.\n Core: 1-byte array overrun in common path resolve code.\n SAPI: DOS vulnerability when parsing multipart request body.\n For more information, see:\n https://vulners.com/cve/CVE-2023-0567\n https://vulners.com/cve/CVE-2023-0568\n https://vulners.com/cve/CVE-2023-0662\n (* Security fix *)\nextra/php80/php80-8.0.28-i586-1_slack15.0.txz: Upgraded.\n This update fixes security issues:\n Core: Password_verify() always return true with some hash.\n Core: 1-byte array overrun in common path resolve code.\n SAPI: DOS vulnerability when parsing multipart request body.\n For more information, see:\n https://vulners.com/cve/CVE-2023-0567\n https://vulners.com/cve/CVE-2023-0568\n https://vulners.com/cve/CVE-2023-0662\n (* Security fix *)\nextra/php81/php81-8.1.16-i586-1_slack15.0.txz: Upgraded.\n This update fixes security issues:\n Core: Password_verify() always return true with some hash.\n Core: 1-byte array overrun in common path resolve code.\n SAPI: DOS vulnerability when parsing multipart request body.\n For more information, see:\n https://vulners.com/cve/CVE-2023-0567\n https://vulners.com/cve/CVE-2023-0568\n https://vulners.com/cve/CVE-2023-0662\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 15.0:\nftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/php-7.4.33-i586-3_slack15.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-15.0/extra/php80/php80-8.0.28-i586-1_slack15.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-15.0/extra/php81/php81-8.1.16-i586-1_slack15.0.txz\n\nUpdated packages for Slackware x86_64 15.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/php-7.4.33-x86_64-3_slack15.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-15.0/extra/php80/php80-8.0.28-x86_64-1_slack15.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-15.0/extra/php81/php81-8.1.16-x86_64-1_slack15.0.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-7.4.33-i586-3.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/extra/php80/php80-8.0.28-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/extra/php81/php81-8.1.16-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-7.4.33-x86_64-3.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/extra/php80/php80-8.0.28-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/extra/php81/php81-8.1.16-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 15.0 packages:\n42f70860c20e4d8e7919632643b5d1e9 php-7.4.33-i586-3_slack15.0.txz\nca921cbd3e1913f168678b309478bb04 php80-8.0.28-i586-1_slack15.0.txz\n3c315b9477355d47d90121e7f95309fa php81-8.1.16-i586-1_slack15.0.txz\n\nSlackware x86_64 15.0 packages:\n99e509806237a9f9ab01e023f384d622 php-7.4.33-x86_64-3_slack15.0.txz\n32f5653c682942e82be61a113193fd9a php80-8.0.28-x86_64-1_slack15.0.txz\ne0ef677a63dc35962226d828ae53ffbf php81-8.1.16-x86_64-1_slack15.0.txz\n\nSlackware -current packages:\n93196b6545a6699bd9ad6a59dd24298e n/php-7.4.33-i586-3.txz\n9128ba44e5ad38c5898dd8445f415aa2 extra/php80/php80-8.0.28-i586-1.txz\n23fd959729ed20f7a5ba4cb965217e66 extra/php81/php81-8.1.16-i586-1.txz\n\nSlackware x86_64 -current packages:\n7b59cd25c8065f8ddc713d883a8fbda2 n/php-7.4.33-x86_64-3.txz\nedcb77db2ea1c340425241002ff5bd8f extra/php80/php80-8.0.28-x86_64-1.txz\n0075cef00072f4fabee60241271e8213 extra/php81/php81-8.1.16-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg php-7.4.33-i586-3_slack15.0.txz\n\nThen, restart Apache httpd:\n > /etc/rc.d/rc.httpd stop\n > /etc/rc.d/rc.httpd start", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-15T03:06:12", "type": "slackware", "title": "[slackware-security] php", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-0567", "CVE-2023-0568", "CVE-2023-0662"], "modified": "2023-02-15T03:06:12", "id": "SSA-2023-045-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.542216", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2023-06-03T18:27:44", "description": "## Releases\n\n * Ubuntu 22.10 \n * Ubuntu 22.04 LTS\n * Ubuntu 20.04 LTS\n * Ubuntu 18.04 ESM\n\n## Packages\n\n * php7.2 \\- HTML-embedded scripting language interpreter\n * php7.4 \\- HTML-embedded scripting language interpreter\n * php8.1 \\- HTML-embedded scripting language interpreter\n\nIt was discovered that PHP incorrectly handled certain invalid Blowfish \npassword hashes. An invalid password hash could possibly allow applications \nto accept any password as valid, contrary to expectations. (CVE-2023-0567)\n\nIt was discovered that PHP incorrectly handled resolving long paths. A \nremote attacker could possibly use this issue to obtain or modify sensitive \ninformation. (CVE-2023-0568)\n\nIt was discovered that PHP incorrectly handled a large number of parts in \nHTTP form uploads. A remote attacker could possibly use this issue to cause \nPHP to consume resources, leading to a denial of service. (CVE-2023-0662)\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-28T00:00:00", "type": "ubuntu", "title": "PHP vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-0567", "CVE-2023-0568", "CVE-2023-0662"], "modified": "2023-02-28T00:00:00", "id": "USN-5902-1", "href": "https://ubuntu.com/security/notices/USN-5902-1", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T18:27:38", "description": "## Releases\n\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * php7.0 \\- HTML-embedded scripting language interpreter\n\nIt was discovered that PHP incorrectly handled certain gzip files. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2022-31628)\n\nIt was discovered that PHP incorrectly handled certain cookies. \nAn attacker could possibly use this issue to compromise data integrity. \n(CVE-2022-31629)\n\nIt was discovered that PHP incorrectly handled certain inputs. \nAn attacker could possibly use this issue to cause a crash or \nexecute arbitrary code. (CVE-2022-31631)\n\nIt was discovered that PHP incorrectly handled resolving long paths. A \nremote attacker could possibly use this issue to obtain or modify sensitive \ninformation. (CVE-2023-0568)\n\nIt was discovered that PHP incorrectly handled a large number of field and file \nparts in HTTP form uploads. A remote attacker could possibly use this issue to \ncause PHP to consume resources, leading to a denial of service. (CVE-2023-0662)\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-02T00:00:00", "type": "ubuntu", "title": "PHP vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-31628", "CVE-2022-31629", "CVE-2022-31631", "CVE-2023-0568", "CVE-2023-0662"], "modified": "2023-03-02T00:00:00", "id": "USN-5905-1", "href": "https://ubuntu.com/security/notices/USN-5905-1", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T18:25:09", "description": "## Releases\n\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * php7.0 \\- HTML-embedded scripting language interpreter\n\nIt was discovered that PHP incorrectly handled certain invalid Blowfish \npassword hashes. An invalid password hash could possibly allow applications to \naccept any password as valid, contrary to expectations.\n", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-05-02T00:00:00", "type": "ubuntu", "title": "PHP vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-0567"], "modified": "2023-05-02T00:00:00", "id": "USN-6053-1", "href": "https://ubuntu.com/security/notices/USN-6053-1", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}], "mageia": [{"lastseen": "2023-06-03T19:51:38", "description": "The password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. (CVE-2023-0567) The core path resolution function allocates a buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. (CVE-2023-0568) Excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662) \n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-27T20:27:16", "type": "mageia", "title": "Updated php packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-0567", "CVE-2023-0568", "CVE-2023-0662"], "modified": "2023-02-20T21:25:36", "id": "MGASA-2023-0065", "href": "https://advisories.mageia.org/MGASA-2023-0065.html", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2023-02-27T00:23:13", "description": "\nMultiple security issues were found in PHP, a widely-used open source\ngeneral purpose scripting language which could result in denial of\nservice or incorrect validation of BCrypt hashes.\n\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 7.4.33-1+deb11u3.\n\n\nWe recommend that you upgrade your php7.4 packages.\n\n\nFor the detailed security status of php7.4 please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/php7.4](https://security-tracker.debian.org/tracker/php7.4)\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-24T00:00:00", "type": "osv", "title": "php7.4 - security update", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-31631", "CVE-2023-0567", "CVE-2023-0568", "CVE-2023-0662"], "modified": "2023-02-27T00:22:56", "id": "OSV:DSA-5363-1", "href": "https://osv.dev/vulnerability/DSA-5363-1", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-26T23:35:21", "description": "\nMultiple security issues were found in PHP, a widely-used open source\ngeneral purpose scripting language, which could result in denial of\nservice or incorrect validation of BCrypt hashes.\n\n\n* [CVE-2022-31631](https://security-tracker.debian.org/tracker/CVE-2022-31631)\nDue to an uncaught integer overflow, `PDO::quote()` of\n `PDO_SQLite` may return an improperly quoted string.\n The exact details likely depend on the implementation of\n `sqlite3_snprintf()`, but with some versions it is possible to\n force the function to return a single apostrophe, if the function is\n called on user supplied input without any length restrictions in\n place.\n* [CVE-2023-0567](https://security-tracker.debian.org/tracker/CVE-2023-0567)\nTim D\u0102\u017asterhus discovered that malformed BCrypt hashes that include a\n `$` character within their salt part trigger a buffer\n overread and may erroneously validate any password as valid.\n (`Password_verify()` always returns `true` with such\n inputs.)\n* [CVE-2023-0568](https://security-tracker.debian.org/tracker/CVE-2023-0568)\n1-byte array overrun when appending slash to paths during path\n resolution.\n* [CVE-2023-0662](https://security-tracker.debian.org/tracker/CVE-2023-0662)\nJakob Ackermann discovered a Denial of Service vulnerability when\n parsing multipart request body: the request body parsing in PHP\n allows any unauthenticated attacker to consume a large amount of CPU\n time and trigger excessive logging.\n\n\nFor Debian 10 buster, these problems have been fixed in version\n7.3.31-1~deb10u3.\n\n\nWe recommend that you upgrade your php7.3 packages.\n\n\nFor the detailed security status of php7.3 please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/php7.3>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-26T00:00:00", "type": "osv", "title": "php7.3 - security update", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-31631", "CVE-2023-0567", "CVE-2023-0568", "CVE-2023-0662"], "modified": "2023-02-26T23:35:21", "id": "OSV:DLA-3345-1", "href": "https://osv.dev/vulnerability/DLA-3345-1", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-22T21:48:32", "description": "### Summary\n\nPrevious versions of ReactPHP's HTTP server component contain a potential DoS vulnerability that can cause high CPU load when processing large HTTP request bodies. This vulnerability has little to no impact on the default configuration, but can be exploited when explicitly using the `RequestBodyBufferMiddleware` with very large settings. This might lead to consuming large amounts of CPU time for processing requests and significantly delay or slow down the processing of legitimate user requests.\n\n### Patches\n\nThe supplied patch resolves this vulnerability for ReactPHP.\n\n### Workarounds\n\n- Keeping the request body limit using `RequestBodyBufferMiddleware` sensible will mitigate it.\n\n- Infrastructure or DevOps can place a reverse proxy in front of the ReactPHP HTTP server to filter out any excessive HTTP request bodies.\n\n### References\n\nA similar vulnerability was discovered in PHP recently, see also [PHP's security advisory](https://github.com/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv) (CVE-2023-0662). The fix is based on the [PHP-FPM fix](https://github.com/php/php-src/commit/716de0cff539f46294ef70fe75d548cd66766370#diff-81d659aa9e83177ac08151f99cebf21ab331d22462c72a1039f59947e66f5a35).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-05-17T17:07:57", "type": "osv", "title": "ReactPHP's HTTP server continues parsing unused multipart parts after reaching input field and file upload limits", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2023-0662", "CVE-2023-26044"], "modified": "2023-05-22T21:48:30", "id": "OSV:GHSA-95X4-J7VC-H8MF", "href": "https://osv.dev/vulnerability/GHSA-95x4-j7vc-h8mf", "cvss": {"score": 0.0, "vector": "NONE"}}], "debian": [{"lastseen": "2023-06-02T18:11:31", "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-3345-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Guilhem Moulin\nFebruary 26, 2023 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : php7.3\nVersion : 7.3.31-1~deb10u3\nCVE ID : CVE-2022-31631 CVE-2023-0567 CVE-2023-0568 CVE-2023-0662\nDebian Bug : 1031368\n\nMultiple security issues were found in PHP, a widely-used open source\ngeneral purpose scripting language, which could result in denial of\nservice or incorrect validation of BCrypt hashes.\n\nCVE-2022-31631\n\n Due to an uncaught integer overflow, `PDO::quote()` of PDO_SQLite\n may return an improperly quoted string. The exact details likely\n depend on the implementation of `sqlite3_snprintf()`, but with some\n versions it is possible to force the function to return a single\n apostrophe, if the function is called on user supplied input without\n any length restrictions in place.\n\nCVE-2023-0567\n\n Tim D\u00fcsterhus discovered that malformed BCrypt hashes that include a\n `$` within their salt part trigger a buffer overread and may\n erroneously validate any password as valid. (`Password_verify()`\n always return `true` with such inputs.)\n\nCVE-2023-0568\n\n 1-byte array overrun when appending slash to paths during path\n resolution.\n\nCVE-2023-0662\n\n Jakob Ackermann discovered a Denial of Service vulnerability when\n parsing multipart request body: the request body parsing in PHP\n allows any unauthenticated attacker to consume a large amount of CPU\n time and trigger excessive logging.\n\nFor Debian 10 buster, these problems have been fixed in version\n7.3.31-1~deb10u3.\n\nWe recommend that you upgrade your php7.3 packages.\n\nFor the detailed security status of php7.3 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/php7.3\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-26T22:00:18", "type": "debian", "title": "[SECURITY] [DLA 3345-1] php7.3 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-31631", "CVE-2023-0567", "CVE-2023-0568", "CVE-2023-0662"], "modified": "2023-02-26T22:00:18", "id": "DEBIAN:DLA-3345-1:E3C58", "href": "https://lists.debian.org/debian-lts-announce/2023/02/msg00039.html", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T18:10:26", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5363-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 24, 2023 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : php7.4\nCVE ID : CVE-2023-0567 CVE-2023-0568 CVE-2023-0662 CVE-2022-31631\n\nMultiple security issues were found in PHP, a widely-used open source\ngeneral purpose scripting language which could result in denial of\nservice or incorrect validation of BCrypt hashes.\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 7.4.33-1+deb11u3.\n\nWe recommend that you upgrade your php7.4 packages.\n\nFor the detailed security status of php7.4 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/php7.4\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-24T19:21:10", "type": "debian", "title": "[SECURITY] [DSA 5363-1] php7.4 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-31631", "CVE-2023-0567", "CVE-2023-0568", "CVE-2023-0662"], "modified": "2023-02-24T19:21:10", "id": "DEBIAN:DSA-5363-1:5B9AA", "href": "https://lists.debian.org/debian-security-announce/2023/msg00052.html", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "redos": [{"lastseen": "2023-05-31T09:58:54", "description": "A PHP vulnerability is related to the kernel path resolution feature, which allocates a buffer one\r\n Bytes less than necessary, allowing paths close to the system's MAXPATHLEN length may cause\r\n can cause a byte after the allocated buffer to be overwritten with a NUL value. Exploiting the vulnerability could\r\n allow an intruder acting remotely to cause unauthorized data access or\r\n modification.\n\nVulnerability in PHP programming language is related to excessive number of parts when loading HTTP form\r\n leads to high resource consumption and excessive logging. Exploiting the\r\n vulnerability could allow an attacker acting remotely to cause a denial of service on the\r\n vulnerable server due to exhaustion of CPU resources or disk space.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-04-18T00:00:00", "type": "redos", "title": "ROS-20230418-02", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-0568", "CVE-2023-0662"], "modified": "2023-04-18T00:00:00", "id": "ROS-20230418-02", "href": "https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-php-cve-2023-0662-cve-2023-0568/", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2023-06-03T13:12:52", "description": "In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3,\ncore path resolution function allocate buffer one byte too small. When\nresolving paths with lengths close to system MAXPATHLEN setting, this may\nlead to the byte after the allocated buffer being overwritten with NUL\nvalue, which might lead to unauthorized data access or modification.\n\n#### Bugs\n\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031368>\n * <https://bugs.php.net/bug.php?id=81746>\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-16T00:00:00", "type": "ubuntucve", "title": "CVE-2023-0568", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-0568"], "modified": "2023-02-16T00:00:00", "id": "UB:CVE-2023-0568", "href": "https://ubuntu.com/security/CVE-2023-0568", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T13:12:59", "description": "In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3,\npassword_verify() function may accept some invalid Blowfish hashes as\nvalid. If such invalid hash ever ends up in the password database, it may\nlead to an application allowing any password for this entry as valid.\n\n#### Bugs\n\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031368>\n * <https://bugs.php.net/bug.php?id=81744>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | This vulnerability requires an attacker to be able to modify password hashes, which is an unlikely scenario\n", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-15T00:00:00", "type": "ubuntucve", "title": "CVE-2023-0567", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-0567"], "modified": "2023-02-15T00:00:00", "id": "UB:CVE-2023-0567", "href": "https://ubuntu.com/security/CVE-2023-0567", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-03T13:12:53", "description": "In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3,\nexcessive number of parts in HTTP form upload can cause high resource\nconsumption and excessive number of log entries. This can cause denial of\nservice on the affected server by exhausting CPU resources or disk space.\n\n#### Bugs\n\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031368>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-16T00:00:00", "type": "ubuntucve", "title": "CVE-2023-0662", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-0662"], "modified": "2023-02-16T00:00:00", "id": "UB:CVE-2023-0662", "href": "https://ubuntu.com/security/CVE-2023-0662", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2023-06-03T18:13:22", "description": "In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.\u00a0", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-16T07:15:00", "type": "debiancve", "title": "CVE-2023-0568", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-0568"], "modified": "2023-02-16T07:15:00", "id": "DEBIANCVE:CVE-2023-0568", "href": "https://security-tracker.debian.org/tracker/CVE-2023-0568", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T18:13:22", "description": "In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid.", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-03-01T08:15:00", "type": "debiancve", "title": "CVE-2023-0567", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-0567"], "modified": "2023-03-01T08:15:00", "id": "DEBIANCVE:CVE-2023-0567", "href": "https://security-tracker.debian.org/tracker/CVE-2023-0567", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-03T18:13:22", "description": "In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space.\u00a0", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-16T07:15:00", "type": "debiancve", "title": "CVE-2023-0662", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-0662"], "modified": "2023-02-16T07:15:00", "id": "DEBIANCVE:CVE-2023-0662", "href": "https://security-tracker.debian.org/tracker/CVE-2023-0662", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2023-06-03T17:34:14", "description": "In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.\u00a0", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-16T07:15:00", "type": "cve", "title": "CVE-2023-0568", "cwe": ["CWE-770"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-0568"], "modified": "2023-05-17T20:15:00", "cpe": [], "id": "CVE-2023-0568", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0568", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-06-03T17:34:21", "description": "In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid.", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-03-01T08:15:00", "type": "cve", "title": "CVE-2023-0567", "cwe": ["CWE-916"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-0567"], "modified": "2023-03-10T17:32:00", "cpe": [], "id": "CVE-2023-0567", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0567", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2023-06-03T17:34:31", "description": "In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space.\u00a0", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-16T07:15:00", "type": "cve", "title": "CVE-2023-0662", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-0662"], "modified": "2023-05-17T20:15:00", "cpe": [], "id": "CVE-2023-0662", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0662", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": []}], "alpinelinux": [{"lastseen": "2023-06-03T21:03:59", "description": "In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.\u00a0", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-06-03T21:03:29", "type": "alpinelinux", "title": "CVE-2023-0568", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-0568"], "modified": "2023-06-03T21:03:29", "id": "ALPINE:CVE-2023-0568", "href": "https://security.alpinelinux.org/vuln/CVE-2023-0568", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T21:03:59", "description": "In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid.", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-06-03T21:03:29", "type": "alpinelinux", "title": "CVE-2023-0567", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-0567"], "modified": "2023-06-03T21:03:29", "id": "ALPINE:CVE-2023-0567", "href": "https://security.alpinelinux.org/vuln/CVE-2023-0567", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-03T21:03:59", "description": "In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space.\u00a0", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-06-03T21:03:29", "type": "alpinelinux", "title": "CVE-2023-0662", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-0662"], "modified": "2023-06-03T21:03:29", "id": "ALPINE:CVE-2023-0662", "href": "https://security.alpinelinux.org/vuln/CVE-2023-0662", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "veracode": [{"lastseen": "2023-06-03T19:49:27", "description": "PHP is vulnerable to Incorrect Calculation of Buffer Size. The vulnerability exists because the core path resolution function allocates a buffer one byte too small when resolving paths with lengths close to the system `MAXPATHLEN` setting, leading to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-17T10:23:44", "type": "veracode", "title": "Incorrect Calculation Of Buffer Size", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-0568"], "modified": "2023-05-17T23:22:26", "id": "VERACODE:39322", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-39322/summary", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T19:55:42", "description": "PHP is vulnerable to Authentication Bypass. The vulnerability exists because the `Password_verify()` function always returns true with some hashes, allowing an attacker to modify password hashes.\n", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-17T10:36:14", "type": "veracode", "title": "Authentication Bypass", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-0567"], "modified": "2023-03-10T19:57:33", "id": "VERACODE:39323", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-39323/summary", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-03T20:00:48", "description": "PHP is vulnerable to Denial Of Service (DoS). The vulnerability exists because the excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries, allowing an attacker to cause an application crash \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-18T00:53:19", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-0662"], "modified": "2023-05-17T23:26:43", "id": "VERACODE:39325", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-39325/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhatcve": [{"lastseen": "2023-06-03T20:13:53", "description": "A vulnerability was found in PHP. This security issue occurs because the core path resolution function allocates a buffer one byte small. Resolving paths with lengths close to the system MAXPATHLEN setting may lead to the byte after the allocated buffer being overwritten with a NULL value, which might lead to unauthorized data access or modification.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-17T12:00:27", "type": "redhatcve", "title": "CVE-2023-0568", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-0568"], "modified": "2023-05-31T07:40:42", "id": "RH:CVE-2023-0568", "href": "https://access.redhat.com/security/cve/cve-2023-0568", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T20:13:54", "description": "A vulnerability was found in PHP. This security flaw occurs when malformatted BCrypt hashes that include a $ within their salt part trigger a buffer overread and may erroneously validate any password as valid.\n", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-17T12:00:22", "type": "redhatcve", "title": "CVE-2023-0567", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-0567"], "modified": "2023-05-31T07:40:33", "id": "RH:CVE-2023-0567", "href": "https://access.redhat.com/security/cve/cve-2023-0567", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-03T20:13:53", "description": "A vulnerability was found in PHP. This security flaw occurs when the request body parsing in PHP allows any unauthenticated attacker to consume a large amount of CPU time and trigger excessive logging. A large amount of CPU time required for processing requests can block all available worker processes and significantly delay or slow the processing of legitimate user requests. The large volume of warning messages can wear down the disk and fill it up. A complete denial of service is achievable by sending many concurrent multipart requests in a loop. PHP parses the request body before invoking any application scripts. This vulnerability affects all PHP websites that accept POST request bodies (post_max_size set to a value greater than zero, the default value is 8MB).\n#### Mitigation\n\nUsers can decrease the post_max_size close to zero. This will render most websites non-interactive and break file uploads. \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-17T12:00:27", "type": "redhatcve", "title": "CVE-2023-0662", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-0662"], "modified": "2023-05-31T07:40:53", "id": "RH:CVE-2023-0662", "href": "https://access.redhat.com/security/cve/cve-2023-0662", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "github": [{"lastseen": "2023-06-03T20:12:18", "description": "### Summary\n\nPrevious versions of ReactPHP's HTTP server component contain a potential DoS vulnerability that can cause high CPU load when processing large HTTP request bodies. This vulnerability has little to no impact on the default configuration, but can be exploited when explicitly using the `RequestBodyBufferMiddleware` with very large settings. This might lead to consuming large amounts of CPU time for processing requests and significantly delay or slow down the processing of legitimate user requests.\n\n### Patches\n\nThe supplied patch resolves this vulnerability for ReactPHP.\n\n### Workarounds\n\n- Keeping the request body limit using `RequestBodyBufferMiddleware` sensible will mitigate it.\n\n- Infrastructure or DevOps can place a reverse proxy in front of the ReactPHP HTTP server to filter out any excessive HTTP request bodies.\n\n### References\n\nA similar vulnerability was discovered in PHP recently, see also [PHP's security advisory](https://github.com/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv) (CVE-2023-0662). The fix is based on the [PHP-FPM fix](https://github.com/php/php-src/commit/716de0cff539f46294ef70fe75d548cd66766370#diff-81d659aa9e83177ac08151f99cebf21ab331d22462c72a1039f59947e66f5a35).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2023-05-17T17:07:57", "type": "github", "title": "ReactPHP's HTTP server continues parsing unused multipart parts after reaching input field and file upload limits", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-0662", "CVE-2023-26044"], "modified": "2023-05-22T21:29:43", "id": "GHSA-95X4-J7VC-H8MF", "href": "https://github.com/advisories/GHSA-95x4-j7vc-h8mf", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "hp": [{"lastseen": "2023-06-03T18:24:06", "description": "Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. HP has released HP Device Manager 5.0.10, which includes updates to mitigate these potential vulnerabilities. \n\nAll the identified vulnerabilities listed previously were addressed and fixed as part of HP Device Manager 5.0.10, which released on March 29th, 2023. \n", "cvss3": {}, "published": "2023-04-13T00:00:00", "type": "hp", "title": "HP Device Manager Security Updates", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2006-20001", "CVE-2020-11103", "CVE-2022-21540", "CVE-2022-21541", "CVE-2022-21618", "CVE-2022-21619", "CVE-2022-21624", "CVE-2022-21626", "CVE-2022-21628", "CVE-2022-31628", "CVE-2022-31629", "CVE-2022-31630", "CVE-2022-34169", "CVE-2022-36760", "CVE-2022-37436", "CVE-2022-37454", "CVE-2022-39399", "CVE-2022-4304", "CVE-2022-4450", "CVE-2023-0215", "CVE-2023-0286", "CVE-2023-0567", "CVE-2023-0568", "CVE-2023-0662", "CVE-2023-25690", "CVE-2023-26294", "CVE-2023-26295", "CVE-2023-26296", "CVE-2023-26297", "CVE-2023-26298", "CVE-2023-27522"], "modified": "2023-04-13T00:00:00", "id": "HPSBHF03842", "href": "https://support.hp.com/us-en/document/ish_7974907-7974931-16/HPSBHF03842", "cvss": {"score": "7.8", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/"}}], "oracle": [{"lastseen": "2023-06-03T20:05:25", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update Advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Refer to [\u201cCritical Patch Updates, Security Alerts and Bulletins\u201d](<https://www.oracle.com/security-alerts/>) for information about Oracle Security advisories. \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 433 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ April 2023 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2921644.1>).\n", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 9.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2023-04-18T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - April 2023", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000656", "CVE-2018-1311", "CVE-2018-14371", "CVE-2018-18074", "CVE-2018-20060", "CVE-2018-20225", "CVE-2018-25032", "CVE-2019-10086", "CVE-2019-10172", "CVE-2019-11287", "CVE-2019-12402", "CVE-2019-12415", "CVE-2019-17091", "CVE-2019-18935", "CVE-2019-20388", "CVE-2019-20907", "CVE-2019-20916", "CVE-2020-10693", "CVE-2020-10735", "CVE-2020-11979", "CVE-2020-11987", "CVE-2020-11988", "CVE-2020-13936", "CVE-2020-13954", "CVE-2020-14343", "CVE-2020-15250", "CVE-2020-15522", "CVE-2020-17521", "CVE-2020-1945", "CVE-2020-24977", "CVE-2020-25638", "CVE-2020-25649", "CVE-2020-28052", "CVE-2020-28500", "CVE-2020-29504", "CVE-2020-29506", "CVE-2020-29507", "CVE-2020-29508", "CVE-2020-35163", "CVE-2020-35164", "CVE-2020-35165", "CVE-2020-35166", "CVE-2020-35167", "CVE-2020-35168", "CVE-2020-35169", "CVE-2020-35490", "CVE-2020-35491", "CVE-2020-35728", "CVE-2020-36179", "CVE-2020-36180", "CVE-2020-36181", "CVE-2020-36182", "CVE-2020-36183", "CVE-2020-36184", "CVE-2020-36185", "CVE-2020-36186", "CVE-2020-36187", "CVE-2020-36188", "CVE-2020-36189", "CVE-2020-36518", "CVE-2020-6950", "CVE-2020-7009", "CVE-2020-7595", "CVE-2020-7712", "CVE-2020-8908", "CVE-2021-21575", "CVE-2021-22569", "CVE-2021-23017", "CVE-2021-23337", "CVE-2021-23413", "CVE-2021-2351", "CVE-2021-23926", "CVE-2021-27568", "CVE-2021-28168", "CVE-2021-29425", "CVE-2021-29921", "CVE-2021-30129", "CVE-2021-31684", "CVE-2021-32808", "CVE-2021-32809", "CVE-2021-33560", "CVE-2021-34798", "CVE-2021-35043", "CVE-2021-3517", "CVE-2021-3518", "CVE-2021-3537", "CVE-2021-35515", "CVE-2021-35516", "CVE-2021-35517", "CVE-2021-36090", "CVE-2021-36373", "CVE-2021-36374", "CVE-2021-3712", "CVE-2021-37136", "CVE-2021-37137", "CVE-2021-37519", "CVE-2021-37533", "CVE-2021-37695", "CVE-2021-38604", "CVE-2021-3918", "CVE-2021-4048", "CVE-2021-40528", "CVE-2021-40690", "CVE-2021-4104", "CVE-2021-41182", "CVE-2021-41183", "CVE-2021-41184", "CVE-2021-41973", "CVE-2021-42575", "CVE-2021-43396", "CVE-2021-43859", "CVE-2021-44531", "CVE-2021-44532", "CVE-2021-44533", "CVE-2021-44832", "CVE-2021-46848", "CVE-2022-1292", "CVE-2022-1471", "CVE-2022-1586", "CVE-2022-1587", "CVE-2022-2047", "CVE-2022-2048", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-21824", "CVE-2022-2191", "CVE-2022-2274", "CVE-2022-22950", "CVE-2022-22965", "CVE-2022-22970", "CVE-2022-22971", "CVE-2022-22976", "CVE-2022-22978", "CVE-2022-22979", "CVE-2022-23181", "CVE-2022-23218", "CVE-2022-23219", "CVE-2022-23221", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307", "CVE-2022-23308", "CVE-2022-23437", "CVE-2022-23457", "CVE-2022-23491", "CVE-2022-24675", "CVE-2022-24728", "CVE-2022-24729", "CVE-2022-24823", "CVE-2022-24839", "CVE-2022-24891", "CVE-2022-25235", "CVE-2022-25236", "CVE-2022-25313", "CVE-2022-25314", "CVE-2022-25315", "CVE-2022-25647", "CVE-2022-25857", "CVE-2022-26336", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-27778", "CVE-2022-27779", "CVE-2022-27780", "CVE-2022-27781", "CVE-2022-27782", "CVE-2022-28199", "CVE-2022-28327", "CVE-2022-28614", "CVE-2022-28738", "CVE-2022-28739", "CVE-2022-2879", "CVE-2022-2880", "CVE-2022-29078", "CVE-2022-29577", "CVE-2022-29599", "CVE-2022-29824", "CVE-2022-30115", "CVE-2022-31081", "CVE-2022-31123", "CVE-2022-31129", "CVE-2022-31130", "CVE-2022-31160", "CVE-2022-31630", "CVE-2022-31690", "CVE-2022-31692", "CVE-2022-3171", "CVE-2022-32212", "CVE-2022-32213", "CVE-2022-32215", "CVE-2022-32222", "CVE-2022-3358", "CVE-2022-33980", "CVE-2022-34169", "CVE-2022-34305", "CVE-2022-3479", "CVE-2022-34917", "CVE-2022-35737", "CVE-2022-3602", "CVE-2022-36033", "CVE-2022-36760", "CVE-2022-37434", "CVE-2022-37436", "CVE-2022-37454", "CVE-2022-3786", "CVE-2022-37865", "CVE-2022-37866", "CVE-2022-3821", "CVE-2022-38749", "CVE-2022-38750", "CVE-2022-38751", "CVE-2022-38752", "CVE-2022-39135", "CVE-2022-39201", "CVE-2022-39229", "CVE-2022-39271", "CVE-2022-40146", "CVE-2022-40149", "CVE-2022-40150", "CVE-2022-40151", "CVE-2022-40152", "CVE-2022-40303", "CVE-2022-40304", "CVE-2022-41704", "CVE-2022-41715", "CVE-2022-41881", "CVE-2022-41915", "CVE-2022-41966", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-42252", "CVE-2022-42889", "CVE-2022-42890", "CVE-2022-42898", "CVE-2022-42915", "CVE-2022-42916", "CVE-2022-42919", "CVE-2022-4304", "CVE-2022-43401", "CVE-2022-43402", "CVE-2022-43548", "CVE-2022-43551", "CVE-2022-43680", "CVE-2022-4415", "CVE-2022-4450", "CVE-2022-45047", "CVE-2022-45061", "CVE-2022-45143", "CVE-2022-45685", "CVE-2022-45693", "CVE-2022-46363", "CVE-2022-46364", "CVE-2022-46908", "CVE-2022-47629", "CVE-2023-0215", "CVE-2023-0286", "CVE-2023-0361", "CVE-2023-0567", "CVE-2023-0568", "CVE-2023-0662", "CVE-2023-1370", "CVE-2023-21896", "CVE-2023-21902", "CVE-2023-21903", "CVE-2023-21904", "CVE-2023-21905", "CVE-2023-21906", "CVE-2023-21907", "CVE-2023-21908", "CVE-2023-21909", "CVE-2023-21910", "CVE-2023-21911", "CVE-2023-21912", "CVE-2023-21913", "CVE-2023-21915", "CVE-2023-21916", "CVE-2023-21917", "CVE-2023-21918", "CVE-2023-21919", "CVE-2023-21920", "CVE-2023-21921", "CVE-2023-21922", "CVE-2023-21923", "CVE-2023-21924", "CVE-2023-21925", "CVE-2023-21926", "CVE-2023-21927", "CVE-2023-21928", "CVE-2023-21929", "CVE-2023-21930", "CVE-2023-21931", "CVE-2023-21932", "CVE-2023-21933", "CVE-2023-21934", "CVE-2023-21935", "CVE-2023-21936", "CVE-2023-21937", "CVE-2023-21938", "CVE-2023-21939", "CVE-2023-21940", "CVE-2023-21941", "CVE-2023-21942", "CVE-2023-21943", "CVE-2023-21944", "CVE-2023-21945", "CVE-2023-21946", "CVE-2023-21947", "CVE-2023-21948", "CVE-2023-21952", "CVE-2023-21953", "CVE-2023-21954", "CVE-2023-21955", "CVE-2023-21956", "CVE-2023-21959", "CVE-2023-21960", "CVE-2023-21962", "CVE-2023-21963", "CVE-2023-21964", "CVE-2023-21965", "CVE-2023-21966", "CVE-2023-21967", "CVE-2023-21968", "CVE-2023-21969", "CVE-2023-21970", "CVE-2023-21971", "CVE-2023-21972", "CVE-2023-21973", "CVE-2023-21976", "CVE-2023-21977", "CVE-2023-21978", "CVE-2023-21979", "CVE-2023-21980", "CVE-2023-21981", "CVE-2023-21982", "CVE-2023-21984", "CVE-2023-21985", "CVE-2023-21986", "CVE-2023-21987", "CVE-2023-21988", "CVE-2023-21989", "CVE-2023-21990", "CVE-2023-21991", "CVE-2023-21992", "CVE-2023-21993", "CVE-2023-21996", "CVE-2023-21997", "CVE-2023-21998", "CVE-2023-21999", "CVE-2023-22000", "CVE-2023-22001", "CVE-2023-22002", "CVE-2023-22003", "CVE-2023-22899", "CVE-2023-23914", "CVE-2023-23915", "CVE-2023-23916", "CVE-2023-23918", "CVE-2023-23919", "CVE-2023-23920", "CVE-2023-23931", "CVE-2023-23934", "CVE-2023-23936", "CVE-2023-24998", "CVE-2023-25136", "CVE-2023-25194", "CVE-2023-25577", "CVE-2023-25613", "CVE-2023-25690", "CVE-2023-27522", "CVE-2023-28708"], "modified": "2023-04-25T00:00:00", "id": "ORACLE:CPUAPR2023", "href": "https://www.oracle.com/security-alerts/cpuapr2023.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}