{"id": "CVE-2016-7417", "bulletinFamily": "NVD", "title": "CVE-2016-7417", "description": "ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data.", "published": "2016-09-17T21:59:00", "modified": "2018-05-04T01:29:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7417", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/bid/93007", "https://bugs.php.net/bug.php?id=73029", "https://security.gentoo.org/glsa/201611-22", "https://www.tenable.com/security/tns-2016-19", "http://www.openwall.com/lists/oss-security/2016/09/15/10", "https://github.com/php/php-src/commit/ecb7f58a069be0dec4a6131b6351a761f808f22e?w=1", "http://www.php.net/ChangeLog-7.php", "https://access.redhat.com/errata/RHSA-2018:1296", "http://www.php.net/ChangeLog-5.php", "http://www.securitytracker.com/id/1036836"], "cvelist": ["CVE-2016-7417"], "type": "cve", "lastseen": "2019-05-29T18:15:39", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "739e4c027e3e98a8d7af9f5429fce703"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "67623983898bd205863d4ca99484050a"}, {"key": "cpe23", "hash": "4b7d933b24cf58bb5514be582a8aae75"}, {"key": "cvelist", "hash": "edbd7eed8baac00cbd0f70528fae33e5"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "27c7580c75f8189a2ddd31c96c2f7e2b"}, {"key": "cvss3", "hash": "48cec8f43ff700f672081508fe3d5099"}, {"key": "cwe", "hash": "226da5129ffaaee3d5b48e506b957d58"}, {"key": "description", "hash": "3b2ff5bca182f9477361fc108208b95e"}, {"key": "href", "hash": "87661649a6981a2e0fcbe43817936019"}, {"key": "modified", "hash": "0114bebcb12734c90fe292ec1cfdd797"}, {"key": "published", "hash": "7487ea59974a0fb04af82eb74c490518"}, {"key": "references", "hash": "7fbd50ef98f65f4829d3940d5f3224d6"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "bf9ea1debe77853403939ad55bc3e64f"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "adb3da29e5cf22a6c93b5407f88b8871b5072475a8803e143f23385a551fe6bd", "viewCount": 40, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310851410", "OPENVAS:1361412562310809423", "OPENVAS:1361412562310851402", "OPENVAS:1361412562310120742", "OPENVAS:1361412562310809316", "OPENVAS:703689", "OPENVAS:1361412562311220171068", "OPENVAS:1361412562310809422", "OPENVAS:1361412562310120743", "OPENVAS:1361412562310809317"]}, {"type": "freebsd", "idList": ["8D5180A6-86FE-11E6-8D93-00248C0C745D", "F471032A-8700-11E6-8D93-00248C0C745D"]}, {"type": "nessus", "idList": ["ALA_ALAS-2016-754.NASL", "OPENSUSE-2016-1193.NASL", "OPENSUSE-2016-1150.NASL", "FEDORA_2016-DB71B72137.NASL", "FREEBSD_PKG_8D5180A686FE11E68D9300248C0C745D.NASL", "PHP_7_0_11.NASL", "FREEBSD_PKG_F471032A870011E68D9300248C0C745D.NASL", "SUSE_SU-2016-2477-1.NASL", "FEDORA_2016-62FC05FD68.NASL", "SLACKWARE_SSA_2016-267-01.NASL"]}, {"type": "amazon", "idList": ["ALAS-2016-753", "ALAS-2016-754"]}, {"type": "suse", "idList": ["SUSE-SU-2016:2460-1", "SUSE-SU-2016:2477-1", "OPENSUSE-SU-2016:2444-1", "OPENSUSE-SU-2016:2540-1", "SUSE-SU-2016:2459-1", "SUSE-SU-2016:2461-1", "SUSE-SU-2016:2477-2", "SUSE-SU-2016:2460-2"]}, {"type": "slackware", "idList": ["SSA-2016-267-01"]}, {"type": "archlinux", "idList": ["ASA-201609-16"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:FC4FB717C57CFF4AE1D36C279949AE09"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3689-1:80BAA", "DEBIAN:DLA-749-1:7CC58"]}, {"type": "ubuntu", "idList": ["USN-3095-1"]}, {"type": "redhat", "idList": ["RHSA-2018:1296"]}, {"type": "gentoo", "idList": ["GLSA-201611-22"]}, {"type": "apple", "idList": ["APPLE:HT207423"]}], "modified": "2019-05-29T18:15:39", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2019-05-29T18:15:39", "rev": 2}, "vulnersScore": 7.1}, "objectVersion": "1.3", "cpe": ["cpe:/a:php:php:7.0.7", "cpe:/a:php:php:7.0.6", "cpe:/a:php:php:7.0.3", "cpe:/a:php:php:7.0.2", "cpe:/a:php:php:7.0.9", "cpe:/a:php:php:7.0.5", "cpe:/a:php:php:7.0.10", "cpe:/a:php:php:7.0.0", "cpe:/a:php:php:7.0.1", "cpe:/a:php:php:7.0.8", "cpe:/a:php:php:7.0.4"], "affectedSoftware": [{"name": "php php", "operator": "eq", "version": "7.0.10"}, {"name": "php php", "operator": "eq", "version": "7.0.7"}, {"name": "php php", "operator": "eq", "version": "7.0.8"}, {"name": "php php", "operator": "eq", "version": "7.0.3"}, {"name": "php php", "operator": "eq", "version": "7.0.1"}, {"name": "php php", "operator": "le", "version": "5.6.25"}, {"name": "php php", "operator": "eq", "version": "7.0.2"}, {"name": "php php", "operator": "eq", "version": "7.0.5"}, {"name": "php php", "operator": "eq", "version": "7.0.0"}, {"name": "php php", "operator": "eq", "version": "7.0.6"}, {"name": "php php", "operator": "eq", "version": "7.0.9"}, {"name": "php php", "operator": "eq", "version": "7.0.4"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cpe23": ["cpe:2.3:a:php:php:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:*"], "cwe": ["CWE-20"]}

{"openvas": [{"lastseen": "2019-05-29T18:35:48", "bulletinFamily": "scanner", "description": "This host is installed with PHP and is prone\n to multiple vulnerabilities.", "modified": "2019-03-14T00:00:00", "published": "2016-09-12T00:00:00", "id": "OPENVAS:1361412562310809316", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809316", "title": "PHP Multiple Vulnerabilities - 03 - Sep16 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_mult_vuln03_sep16_win.nasl 14181 2019-03-14 12:59:41Z cfischer $\n#\n# PHP Multiple Vulnerabilities - 03 - Sep16 (Windows)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809316\");\n script_version(\"$Revision: 14181 $\");\n script_cve_id(\"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\",\n \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_bugtraq_id(93005, 93006, 93004, 93022, 93008, 93007, 93011);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:59:41 +0100 (Thu, 14 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-12 18:19:30 +0530 (Mon, 12 Sep 2016)\");\n script_name(\"PHP Multiple Vulnerabilities - 03 - Sep16 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Use-after-free vulnerability in the 'wddx_stack_destroy' function\n in 'ext/wddx/wddx.c' script.\n\n - Improper varification of a BIT field has the UNSIGNED_FLAG flag\n in 'ext/mysqlnd/mysqlnd_wireprotocol.c' script.\n\n - The ZIP signature-verification feature does not ensure that the\n uncompressed_filesize field is large enough.\n\n - The script 'ext/spl/spl_array.c' proceeds with SplArray unserialization\n without validating a return value and data type.\n\n - The script 'ext/intl/msgformat/msgformat_format.c' does not properly restrict\n the locale length provided to the Locale class in the ICU library.\n\n - An error in the php_wddx_push_element function in ext/wddx/wddx.c.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue allow\n remote attackers to cause a denial of service, or possibly have unspecified\n other impact.\");\n\n script_tag(name:\"affected\", value:\"PHP versions prior to 5.6.26 and\n 7.x before 7.0.11 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP version 5.6.26, or 7.0.11,\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-7.php\");\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-5.php\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_windows\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );\n\nif(version_is_less(version:phpVer, test_version:\"5.6.26\"))\n{\n fix = \"5.6.26\";\n VULN = TRUE;\n}\n\nelse if(phpVer =~ \"^7\\.0\")\n{\n if(version_in_range(version:phpVer, test_version:\"7.0\", test_version2:\"7.0.10\"))\n {\n fix = \"7.0.11\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:phpVer, fixed_version:fix);\n security_message(data:report, port:phpPort);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:00", "bulletinFamily": "scanner", "description": "This host is installed with PHP and is prone\n to multiple vulnerabilities.", "modified": "2018-10-17T00:00:00", "published": "2016-09-12T00:00:00", "id": "OPENVAS:1361412562310809317", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809317", "title": "PHP Multiple Vulnerabilities - 03 - Sep16 (Linux)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_mult_vuln03_sep16_lin.nasl 11938 2018-10-17 10:08:39Z asteins $\n#\n# PHP Multiple Vulnerabilities - 03 - Sep16 (Linux)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809317\");\n script_version(\"$Revision: 11938 $\");\n script_cve_id(\"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\",\n \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_bugtraq_id(93005, 93006, 93004, 93022, 93008, 93007, 93011);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-17 12:08:39 +0200 (Wed, 17 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-12 18:19:30 +0530 (Mon, 12 Sep 2016)\");\n script_name(\"PHP Multiple Vulnerabilities - 03 - Sep16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Use-after-free vulnerability in the 'wddx_stack_destroy' function\n in 'ext/wddx/wddx.c' script.\n\n - Improper varification of a BIT field has the UNSIGNED_FLAG flag\n in 'ext/mysqlnd/mysqlnd_wireprotocol.c' script.\n\n - The ZIP signature-verification feature does not ensure that the\n uncompressed_filesize field is large enough.\n\n - The script 'ext/spl/spl_array.c' proceeds with SplArray unserialization\n without validating a return value and data type.\n\n - The script 'ext/intl/msgformat/msgformat_format.c' does not properly restrict\n the locale length provided to the Locale class in the ICU library.\n\n - An error in the php_wddx_push_element function in ext/wddx/wddx.c.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue allow\n remote attackers to cause a denial of service, or possibly have unspecified\n other impact.\");\n\n script_tag(name:\"affected\", value:\"PHP versions prior to 5.6.25 and\n 7.x before 7.0.10 on Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP version 5.6.25, or 7.0.10,\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-7.php\");\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-5.php\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_unixoide\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );\n\nif(version_is_less(version:phpVer, test_version:\"5.6.26\"))\n{\n fix = \"5.6.26\";\n VULN = TRUE;\n}\n\nelse if(phpVer =~ \"^7\\.0\")\n{\n if(version_in_range(version:phpVer, test_version:\"7.0\", test_version2:\"7.0.10\"))\n {\n fix = \"7.0.11\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:phpVer, fixed_version:fix);\n security_message(data:report, port:phpPort);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T22:57:29", "bulletinFamily": "scanner", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2016-10-26T00:00:00", "id": "OPENVAS:1361412562310120743", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120743", "title": "Amazon Linux: Security Advisory (ALAS-2016-754)", "type": "openvas", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120743\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-10-26 15:38:27 +0300 (Wed, 26 Oct 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-754)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in PHP. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update php70 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-754.html\");\n script_cve_id(\"CVE-2016-7418\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7412\", \"CVE-2016-7413\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"php70-enchant\", rpm:\"php70-enchant~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-bcmath\", rpm:\"php70-bcmath~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-process\", rpm:\"php70-process~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-intl\", rpm:\"php70-intl~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-gmp\", rpm:\"php70-gmp~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-soap\", rpm:\"php70-soap~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-xml\", rpm:\"php70-xml~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-mbstring\", rpm:\"php70-mbstring~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-mcrypt\", rpm:\"php70-mcrypt~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-json\", rpm:\"php70-json~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-gd\", rpm:\"php70-gd~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-recode\", rpm:\"php70-recode~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-snmp\", rpm:\"php70-snmp~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-imap\", rpm:\"php70-imap~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-ldap\", rpm:\"php70-ldap~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-tidy\", rpm:\"php70-tidy~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-cli\", rpm:\"php70-cli~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-odbc\", rpm:\"php70-odbc~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-zip\", rpm:\"php70-zip~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-common\", rpm:\"php70-common~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-embedded\", rpm:\"php70-embedded~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-pdo-dblib\", rpm:\"php70-pdo-dblib~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-fpm\", rpm:\"php70-fpm~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-pdo\", rpm:\"php70-pdo~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-devel\", rpm:\"php70-devel~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-mysqlnd\", rpm:\"php70-mysqlnd~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-dba\", rpm:\"php70-dba~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-xmlrpc\", rpm:\"php70-xmlrpc~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-dbg\", rpm:\"php70-dbg~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-pgsql\", rpm:\"php70-pgsql~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-pspell\", rpm:\"php70-pspell~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-opcache\", rpm:\"php70-opcache~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-debuginfo\", rpm:\"php70-debuginfo~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70\", rpm:\"php70~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T22:55:39", "bulletinFamily": "scanner", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2016-10-26T00:00:00", "id": "OPENVAS:1361412562310120742", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120742", "title": "Amazon Linux: Security Advisory (ALAS-2016-753)", "type": "openvas", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120742\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-10-26 15:38:27 +0300 (Wed, 26 Oct 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-753)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in PHP. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update php56 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-753.html\");\n script_cve_id(\"CVE-2016-7418\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"php56-tidy\", rpm:\"php56-tidy~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-bcmath\", rpm:\"php56-bcmath~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-fpm\", rpm:\"php56-fpm~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-mysqlnd\", rpm:\"php56-mysqlnd~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-intl\", rpm:\"php56-intl~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-cli\", rpm:\"php56-cli~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-mssql\", rpm:\"php56-mssql~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-enchant\", rpm:\"php56-enchant~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-dba\", rpm:\"php56-dba~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-soap\", rpm:\"php56-soap~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-common\", rpm:\"php56-common~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-mcrypt\", rpm:\"php56-mcrypt~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-gmp\", rpm:\"php56-gmp~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-process\", rpm:\"php56-process~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-pspell\", rpm:\"php56-pspell~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-mbstring\", rpm:\"php56-mbstring~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-pgsql\", rpm:\"php56-pgsql~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-debuginfo\", rpm:\"php56-debuginfo~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-dbg\", rpm:\"php56-dbg~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-imap\", rpm:\"php56-imap~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-odbc\", rpm:\"php56-odbc~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-snmp\", rpm:\"php56-snmp~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-ldap\", rpm:\"php56-ldap~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-embedded\", rpm:\"php56-embedded~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-xmlrpc\", rpm:\"php56-xmlrpc~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-devel\", rpm:\"php56-devel~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-pdo\", rpm:\"php56-pdo~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-gd\", rpm:\"php56-gd~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-opcache\", rpm:\"php56-opcache~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-recode\", rpm:\"php56-recode~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-xml\", rpm:\"php56-xml~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56\", rpm:\"php56~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:35:55", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-10-05T00:00:00", "id": "OPENVAS:1361412562310851402", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851402", "title": "openSUSE: Security Advisory for php5 (openSUSE-SU-2016:2444-1)", "type": "openvas", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851402\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-10-05 05:44:46 +0200 (Wed, 05 Oct 2016)\");\n script_cve_id(\"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\",\n \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for php5 (openSUSE-SU-2016:2444-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php5'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for php5 fixes the following security issues:\n\n * CVE-2016-7411: Memory corruption when destructing deserialized object\n\n * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG\n in BIT field\n\n * CVE-2016-7413: Use after free in wddx_deserialize\n\n * CVE-2016-7414: Out of bounds heap read when verifying signature of zip\n phar in phar_parse_zipfile\n\n * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n\n * CVE-2016-7417: Missing type check when unserializing SplArray\n\n * CVE-2016-7418: Null pointer dereference in php_wddx_push_element\");\n\n script_tag(name:\"affected\", value:\"php5 on openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:2444-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_php5\", rpm:\"apache2-mod_php5~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_php5-debuginfo\", rpm:\"apache2-mod_php5-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5\", rpm:\"php5~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bcmath\", rpm:\"php5-bcmath~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bcmath-debuginfo\", rpm:\"php5-bcmath-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bz2\", rpm:\"php5-bz2~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bz2-debuginfo\", rpm:\"php5-bz2-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-calendar\", rpm:\"php5-calendar~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-calendar-debuginfo\", rpm:\"php5-calendar-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ctype\", rpm:\"php5-ctype~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ctype-debuginfo\", rpm:\"php5-ctype-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-curl\", rpm:\"php5-curl~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-curl-debuginfo\", rpm:\"php5-curl-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dba\", rpm:\"php5-dba~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dba-debuginfo\", rpm:\"php5-dba-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-debuginfo\", rpm:\"php5-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-debugsource\", rpm:\"php5-debugsource~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-devel\", rpm:\"php5-devel~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dom\", rpm:\"php5-dom~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dom-debuginfo\", rpm:\"php5-dom-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-enchant\", rpm:\"php5-enchant~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-enchant-debuginfo\", rpm:\"php5-enchant-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-exif\", rpm:\"php5-exif~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-exif-debuginfo\", rpm:\"php5-exif-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fastcgi\", rpm:\"php5-fastcgi~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fastcgi-debuginfo\", rpm:\"php5-fastcgi-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fileinfo\", rpm:\"php5-fileinfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fileinfo-debuginfo\", rpm:\"php5-fileinfo-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-firebird\", rpm:\"php5-firebird~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-firebird-debuginfo\", rpm:\"php5-firebird-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fpm\", rpm:\"php5-fpm~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fpm-debuginfo\", rpm:\"php5-fpm-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ftp\", rpm:\"php5-ftp~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ftp-debuginfo\", rpm:\"php5-ftp-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gd\", rpm:\"php5-gd~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gd-debuginfo\", rpm:\"php5-gd-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gettext\", rpm:\"php5-gettext~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gettext-debuginfo\", rpm:\"php5-gettext-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gmp\", rpm:\"php5-gmp~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gmp-debuginfo\", rpm:\"php5-gmp-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-iconv\", rpm:\"php5-iconv~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-iconv-debuginfo\", rpm:\"php5-iconv-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-imap\", rpm:\"php5-imap~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-imap-debuginfo\", rpm:\"php5-imap-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-intl\", rpm:\"php5-intl~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-intl-debuginfo\", rpm:\"php5-intl-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-json\", rpm:\"php5-json~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-json-debuginfo\", rpm:\"php5-json-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ldap\", rpm:\"php5-ldap~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ldap-debuginfo\", rpm:\"php5-ldap-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mbstring\", rpm:\"php5-mbstring~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mbstring-debuginfo\", rpm:\"php5-mbstring-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mcrypt\", rpm:\"php5-mcrypt~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mcrypt-debuginfo\", rpm:\"php5-mcrypt-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mssql\", rpm:\"php5-mssql~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mssql-debuginfo\", rpm:\"php5-mssql-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mysql\", rpm:\"php5-mysql~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mysql-debuginfo\", rpm:\"php5-mysql-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-odbc\", rpm:\"php5-odbc~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-odbc-debuginfo\", rpm:\"php5-odbc-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-opcache\", rpm:\"php5-opcache~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-opcache-debuginfo\", rpm:\"php5-opcache-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-openssl\", rpm:\"php5-openssl~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-openssl-debuginfo\", rpm:\"php5-openssl-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pcntl\", rpm:\"php5-pcntl~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pcntl-debuginfo\", rpm:\"php5-pcntl-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pdo\", rpm:\"php5-pdo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pdo-debuginfo\", rpm:\"php5-pdo-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pgsql\", rpm:\"php5-pgsql~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pgsql-debuginfo\", rpm:\"php5-pgsql-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-phar\", rpm:\"php5-phar~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-phar-debuginfo\", rpm:\"php5-phar-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-posix\", rpm:\"php5-posix~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-posix-debuginfo\", rpm:\"php5-posix-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pspell\", rpm:\"php5-pspell~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pspell-debuginfo\", rpm:\"php5-pspell-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-readline\", rpm:\"php5-readline~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-readline-debuginfo\", rpm:\"php5-readline-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-shmop\", rpm:\"php5-shmop~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-shmop-debuginfo\", rpm:\"php5-shmop-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-snmp\", rpm:\"php5-snmp~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-snmp-debuginfo\", rpm:\"php5-snmp-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-soap\", rpm:\"php5-soap~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-soap-debuginfo\", rpm:\"php5-soap-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sockets\", rpm:\"php5-sockets~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sockets-debuginfo\", rpm:\"php5-sockets-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sqlite\", rpm:\"php5-sqlite~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sqlite-debuginfo\", rpm:\"php5-sqlite-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-suhosin\", rpm:\"php5-suhosin~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-suhosin-debuginfo\", rpm:\"php5-suhosin-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvmsg\", rpm:\"php5-sysvmsg~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvmsg-debuginfo\", rpm:\"php5-sysvmsg-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvsem\", rpm:\"php5-sysvsem~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvsem-debuginfo\", rpm:\"php5-sysvsem-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvshm\", rpm:\"php5-sysvshm~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvshm-debuginfo\", rpm:\"php5-sysvshm-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tidy\", rpm:\"php5-tidy~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tidy-debuginfo\", rpm:\"php5-tidy-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tokenizer\", rpm:\"php5-tokenizer~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tokenizer-debuginfo\", rpm:\"php5-tokenizer-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-wddx\", rpm:\"php5-wddx~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-wddx-debuginfo\", rpm:\"php5-wddx-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlreader\", rpm:\"php5-xmlreader~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlreader-debuginfo\", rpm:\"php5-xmlreader-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlrpc\", rpm:\"php5-xmlrpc~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlrpc-debuginfo\", rpm:\"php5-xmlrpc-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlwriter\", rpm:\"php5-xmlwriter~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlwriter-debuginfo\", rpm:\"php5-xmlwriter-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xsl\", rpm:\"php5-xsl~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xsl-debuginfo\", rpm:\"php5-xsl-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zip\", rpm:\"php5-zip~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zip-debuginfo\", rpm:\"php5-zip-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zlib\", rpm:\"php5-zlib~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zlib-debuginfo\", rpm:\"php5-zlib-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pear\", rpm:\"php5-pear~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:34:23", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-10-15T00:00:00", "id": "OPENVAS:1361412562310851410", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851410", "title": "openSUSE: Security Advisory for php5 (openSUSE-SU-2016:2540-1)", "type": "openvas", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851410\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-10-15 05:53:02 +0200 (Sat, 15 Oct 2016)\");\n script_cve_id(\"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\",\n \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for php5 (openSUSE-SU-2016:2540-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php5'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for php5 fixes the following security issues:\n\n * CVE-2016-7411: php5: Memory corruption when destructing deserialized\n object\n\n * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG\n in BIT field\n\n * CVE-2016-7413: Use after free in wddx_deserialize\n\n * CVE-2016-7414: Out of bounds heap read when verifying signature of zip\n phar in phar_parse_zipfile\n\n * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n\n * CVE-2016-7417: Missing type check when unserializing SplArray\n\n * CVE-2016-7418: Null pointer dereference in php_wddx_push_element\n\n This update was imported from the SUSE:SLE-12:Update update project.\");\n\n script_tag(name:\"affected\", value:\"php5 on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:2540-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_php5\", rpm:\"apache2-mod_php5~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_php5-debuginfo\", rpm:\"apache2-mod_php5-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5\", rpm:\"php5~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bcmath\", rpm:\"php5-bcmath~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bcmath-debuginfo\", rpm:\"php5-bcmath-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bz2\", rpm:\"php5-bz2~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bz2-debuginfo\", rpm:\"php5-bz2-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-calendar\", rpm:\"php5-calendar~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-calendar-debuginfo\", rpm:\"php5-calendar-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ctype\", rpm:\"php5-ctype~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ctype-debuginfo\", rpm:\"php5-ctype-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-curl\", rpm:\"php5-curl~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-curl-debuginfo\", rpm:\"php5-curl-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dba\", rpm:\"php5-dba~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dba-debuginfo\", rpm:\"php5-dba-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-debuginfo\", rpm:\"php5-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-debugsource\", rpm:\"php5-debugsource~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-devel\", rpm:\"php5-devel~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dom\", rpm:\"php5-dom~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dom-debuginfo\", rpm:\"php5-dom-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-enchant\", rpm:\"php5-enchant~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-enchant-debuginfo\", rpm:\"php5-enchant-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-exif\", rpm:\"php5-exif~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-exif-debuginfo\", rpm:\"php5-exif-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fastcgi\", rpm:\"php5-fastcgi~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fastcgi-debuginfo\", rpm:\"php5-fastcgi-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fileinfo\", rpm:\"php5-fileinfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fileinfo-debuginfo\", rpm:\"php5-fileinfo-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-firebird\", rpm:\"php5-firebird~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-firebird-debuginfo\", rpm:\"php5-firebird-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fpm\", rpm:\"php5-fpm~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fpm-debuginfo\", rpm:\"php5-fpm-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ftp\", rpm:\"php5-ftp~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ftp-debuginfo\", rpm:\"php5-ftp-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gd\", rpm:\"php5-gd~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gd-debuginfo\", rpm:\"php5-gd-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gettext\", rpm:\"php5-gettext~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gettext-debuginfo\", rpm:\"php5-gettext-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gmp\", rpm:\"php5-gmp~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gmp-debuginfo\", rpm:\"php5-gmp-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-iconv\", rpm:\"php5-iconv~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-iconv-debuginfo\", rpm:\"php5-iconv-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-imap\", rpm:\"php5-imap~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-imap-debuginfo\", rpm:\"php5-imap-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-intl\", rpm:\"php5-intl~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-intl-debuginfo\", rpm:\"php5-intl-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-json\", rpm:\"php5-json~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-json-debuginfo\", rpm:\"php5-json-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ldap\", rpm:\"php5-ldap~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ldap-debuginfo\", rpm:\"php5-ldap-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mbstring\", rpm:\"php5-mbstring~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mbstring-debuginfo\", rpm:\"php5-mbstring-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mcrypt\", rpm:\"php5-mcrypt~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mcrypt-debuginfo\", rpm:\"php5-mcrypt-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mssql\", rpm:\"php5-mssql~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mssql-debuginfo\", rpm:\"php5-mssql-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mysql\", rpm:\"php5-mysql~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mysql-debuginfo\", rpm:\"php5-mysql-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-odbc\", rpm:\"php5-odbc~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-odbc-debuginfo\", rpm:\"php5-odbc-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-opcache\", rpm:\"php5-opcache~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-opcache-debuginfo\", rpm:\"php5-opcache-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-openssl\", rpm:\"php5-openssl~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-openssl-debuginfo\", rpm:\"php5-openssl-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pcntl\", rpm:\"php5-pcntl~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pcntl-debuginfo\", rpm:\"php5-pcntl-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pdo\", rpm:\"php5-pdo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pdo-debuginfo\", rpm:\"php5-pdo-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pgsql\", rpm:\"php5-pgsql~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pgsql-debuginfo\", rpm:\"php5-pgsql-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-phar\", rpm:\"php5-phar~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-phar-debuginfo\", rpm:\"php5-phar-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-posix\", rpm:\"php5-posix~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-posix-debuginfo\", rpm:\"php5-posix-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pspell\", rpm:\"php5-pspell~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pspell-debuginfo\", rpm:\"php5-pspell-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-readline\", rpm:\"php5-readline~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-readline-debuginfo\", rpm:\"php5-readline-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-shmop\", rpm:\"php5-shmop~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-shmop-debuginfo\", rpm:\"php5-shmop-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-snmp\", rpm:\"php5-snmp~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-snmp-debuginfo\", rpm:\"php5-snmp-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-soap\", rpm:\"php5-soap~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-soap-debuginfo\", rpm:\"php5-soap-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sockets\", rpm:\"php5-sockets~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sockets-debuginfo\", rpm:\"php5-sockets-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sqlite\", rpm:\"php5-sqlite~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sqlite-debuginfo\", rpm:\"php5-sqlite-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-suhosin\", rpm:\"php5-suhosin~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-suhosin-debuginfo\", rpm:\"php5-suhosin-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvmsg\", rpm:\"php5-sysvmsg~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvmsg-debuginfo\", rpm:\"php5-sysvmsg-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvsem\", rpm:\"php5-sysvsem~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvsem-debuginfo\", rpm:\"php5-sysvsem-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvshm\", rpm:\"php5-sysvshm~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvshm-debuginfo\", rpm:\"php5-sysvshm-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tidy\", rpm:\"php5-tidy~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tidy-debuginfo\", rpm:\"php5-tidy-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tokenizer\", rpm:\"php5-tokenizer~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tokenizer-debuginfo\", rpm:\"php5-tokenizer-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-wddx\", rpm:\"php5-wddx~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-wddx-debuginfo\", rpm:\"php5-wddx-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlreader\", rpm:\"php5-xmlreader~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlreader-debuginfo\", rpm:\"php5-xmlreader-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlrpc\", rpm:\"php5-xmlrpc~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlrpc-debuginfo\", rpm:\"php5-xmlrpc-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlwriter\", rpm:\"php5-xmlwriter~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlwriter-debuginfo\", rpm:\"php5-xmlwriter-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xsl\", rpm:\"php5-xsl~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xsl-debuginfo\", rpm:\"php5-xsl-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zip\", rpm:\"php5-zip~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zip-debuginfo\", rpm:\"php5-zip-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zlib\", rpm:\"php5-zlib~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zlib-debuginfo\", rpm:\"php5-zlib-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pear\", rpm:\"php5-pear~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:44", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-09-28T00:00:00", "id": "OPENVAS:1361412562310809422", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809422", "title": "Fedora Update for php FEDORA-2016-62fc05fd68", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2016-62fc05fd68\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809422\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-28 06:03:21 +0200 (Wed, 28 Sep 2016)\");\n script_cve_id(\"CVE-2016-7418\", \"CVE-2016-7417\", \"CVE-2016-7416\", \"CVE-2016-7414\", \"CVE-2016-7413\", \"CVE-2016-7412\", \"CVE-2016-7411\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for php FEDORA-2016-62fc05fd68\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"php on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-62fc05fd68\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HCPYXRCCP6O73RVWR5XSFZK2TBUYIY3M\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.6.26~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:47", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-09-29T00:00:00", "id": "OPENVAS:1361412562310809423", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809423", "title": "Fedora Update for php FEDORA-2016-db71b72137", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2016-db71b72137\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809423\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-29 06:01:14 +0200 (Thu, 29 Sep 2016)\");\n script_cve_id(\"CVE-2016-7418\", \"CVE-2016-7417\", \"CVE-2016-7416\", \"CVE-2016-7414\", \"CVE-2016-7413\", \"CVE-2016-7412\", \"CVE-2016-7411\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for php FEDORA-2016-db71b72137\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"php on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-db71b72137\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OAOLNCQKFGIGAQBUCUAYISLRZSQCLEW\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.6.26~1.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:49", "bulletinFamily": "scanner", "description": "Several vulnerabilities were found in PHP,\na general-purpose scripting language commonly used for web application development.\n\nThe vulnerabilities are addressed by upgrading PHP to the new upstream\nversion 5.6.26, which includes additional bug fixes.", "modified": "2019-03-18T00:00:00", "published": "2016-10-08T00:00:00", "id": "OPENVAS:1361412562310703689", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703689", "title": "Debian Security Advisory DSA 3689-1 (php5 - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3689.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3689-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703689\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-7124\", \"CVE-2016-7125\", \"CVE-2016-7126\", \"CVE-2016-7127\",\n \"CVE-2016-7128\", \"CVE-2016-7129\", \"CVE-2016-7130\", \"CVE-2016-7131\",\n \"CVE-2016-7132\", \"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\",\n \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_name(\"Debian Security Advisory DSA 3689-1 (php5 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-10-08 00:00:00 +0200 (Sat, 08 Oct 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3689.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"php5 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 5.6.26+dfsg-0+deb8u1.\n\nWe recommend that you upgrade your php5 packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were found in PHP,\na general-purpose scripting language commonly used for web application development.\n\nThe vulnerabilities are addressed by upgrading PHP to the new upstream\nversion 5.6.26, which includes additional bug fixes.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libphp5-embed\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-phpdbg\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-readline\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-05T16:42:13", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-02-05T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171067", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171067", "title": "Huawei EulerOS: Security Advisory for php (EulerOS-SA-2017-1067)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1067\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2016-4342\", \"CVE-2016-4343\", \"CVE-2016-6290\", \"CVE-2016-6295\", \"CVE-2016-6296\", \"CVE-2016-6297\", \"CVE-2016-7127\", \"CVE-2016-7129\", \"CVE-2016-7130\", \"CVE-2016-7131\", \"CVE-2016-7132\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7478\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:47:26 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for php (EulerOS-SA-2017-1067)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1067\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1067\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'php' package(s) announced via the EulerOS-SA-2017-1067 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.(CVE-2016-7478)\n\next/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data.(CVE-2016-7417)\n\next/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive.(CVE-2016-4342)\n\nThe php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML document(CVE-2016-7129)\n\nInteger signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function.(CVE-2016-6296)\n\next/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via crafted serialized data, a related issue to CVE-2016-5773.(CVE-2016-6295)\n\next/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deserialization.(CVE-2016-6290)\n\nInteger overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted zip:// URL.(CVE-2016-6297) ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'php' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"php\", rpm:\"php~5.4.16~42.h27\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.4.16~42.h27\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.4.16~42.h27\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.4.16~42.h27\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.4.16~42.h27\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.4.16~42.h27\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.4.16~42.h27\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.4.16~42.h27\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.4.16~42.h27\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~5.4.16~42.h27\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.4.16~42.h27\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.4.16~42.h27\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.4.16~42.h27\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.4.16~42.h27\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}], "nessus": [{"lastseen": "2020-05-01T02:07:23", "bulletinFamily": "scanner", "description": "According to its banner, the version of PHP running on the remote web\nserver is 7.0.x prior to 7.0.11. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An heap buffer overflow condition exists in the\n php_mysqlnd_rowp_read_text_protocol_aux() function\n within file ext/mysqlnd/mysqlnd_wireprotocol.c due to\n a failure to verify that a BIT field has the\n UNSIGNED_FLAG flag. An unauthenticated, remote attacker\n can exploit this, via specially crafted field metadata,\n to cause a denial of service condition. (CVE-2016-7412)\n\n - A use-after-free error exists in the\n wddx_stack_destroy() function within file\n ext/wddx/wddx.c when deserializing recordset elements.\n An unauthenticated, remote attacker can exploit this,\n via a specially crafted wddxPacket XML document, to\n cause a denial of service condition. (CVE-2016-7413)\n\n - An out-of-bounds access error exists in the\n phar_parse_zipfile() function within file ext/phar/zip.c\n due to a failure to ensure that the\n uncompressed_filesize field is large enough. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted archive, to cause a denial of service\n condition. (CVE-2016-7414)\n\n - A stack-based buffer overflow condition exists in the\n ICU4C library, specifically within file common/locid.cpp\n in the msgfmt_format_message() function, due to a\n failure to properly restrict the locale length provided\n to the Locale class. An unauthenticated, remote attacker\n can exploit this, via a long first argument to a\n MessageFormatter::formatMessage() function call, to\n cause a denial of service condition. (CVE-2016-7416)\n\n - A flaw exists in the spl_array_get_dimension_ptr_ptr()\n function within file ext/spl/spl_array.c due to a\n failure to properly validate the return value and data\n type when deserializing SplArray. An unauthenticated,\n remote attacker can exploit this, via specially crafted\n serialized data, to cause a denial of service condition.\n (CVE-2016-7417)\n\n - An out-of-bounds read error exists in the\n php_wddx_push_element() function within file\n ext/wddx/wddx.c when handling an incorrect boolean\n element, which leads to mishandling the\n wddx_deserialize() call. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n wddxPacket XML document, to cause a denial of service\n condition. (CVE-2016-7418)\n\n - An out-of-bounds access error exists in the\n phar_parse_tarfile() function within file ext/phar/tar.c\n when handling the verification of signatures. An\n unauthenticated, remote attacker can exploit this to\n cause an unspecified impact.", "modified": "2020-05-02T00:00:00", "id": "PHP_7_0_11.NASL", "href": "https://www.tenable.com/plugins/nessus/93657", "published": "2016-09-22T00:00:00", "title": "PHP 7.0.x < 7.0.11 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93657);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/14\");\n\n script_cve_id(\n \"CVE-2016-7412\",\n \"CVE-2016-7413\",\n \"CVE-2016-7414\",\n \"CVE-2016-7416\",\n \"CVE-2016-7417\",\n \"CVE-2016-7418\"\n );\n script_bugtraq_id(\n 93004,\n 93005,\n 93006,\n 93007,\n 93008,\n 93011\n );\n\n script_name(english:\"PHP 7.0.x < 7.0.11 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of PHP.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of PHP running on the remote web server is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP running on the remote web\nserver is 7.0.x prior to 7.0.11. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An heap buffer overflow condition exists in the\n php_mysqlnd_rowp_read_text_protocol_aux() function\n within file ext/mysqlnd/mysqlnd_wireprotocol.c due to\n a failure to verify that a BIT field has the\n UNSIGNED_FLAG flag. An unauthenticated, remote attacker\n can exploit this, via specially crafted field metadata,\n to cause a denial of service condition. (CVE-2016-7412)\n\n - A use-after-free error exists in the\n wddx_stack_destroy() function within file\n ext/wddx/wddx.c when deserializing recordset elements.\n An unauthenticated, remote attacker can exploit this,\n via a specially crafted wddxPacket XML document, to\n cause a denial of service condition. (CVE-2016-7413)\n\n - An out-of-bounds access error exists in the\n phar_parse_zipfile() function within file ext/phar/zip.c\n due to a failure to ensure that the\n uncompressed_filesize field is large enough. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted archive, to cause a denial of service\n condition. (CVE-2016-7414)\n\n - A stack-based buffer overflow condition exists in the\n ICU4C library, specifically within file common/locid.cpp\n in the msgfmt_format_message() function, due to a\n failure to properly restrict the locale length provided\n to the Locale class. An unauthenticated, remote attacker\n can exploit this, via a long first argument to a\n MessageFormatter::formatMessage() function call, to\n cause a denial of service condition. (CVE-2016-7416)\n\n - A flaw exists in the spl_array_get_dimension_ptr_ptr()\n function within file ext/spl/spl_array.c due to a\n failure to properly validate the return value and data\n type when deserializing SplArray. An unauthenticated,\n remote attacker can exploit this, via specially crafted\n serialized data, to cause a denial of service condition.\n (CVE-2016-7417)\n\n - An out-of-bounds read error exists in the\n php_wddx_push_element() function within file\n ext/wddx/wddx.c when handling an incorrect boolean\n element, which leads to mishandling the\n wddx_deserialize() call. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n wddxPacket XML document, to cause a denial of service\n condition. (CVE-2016-7418)\n\n - An out-of-bounds access error exists in the\n phar_parse_tarfile() function within file ext/phar/tar.c\n when handling the verification of signatures. An\n unauthenticated, remote attacker can exploit this to\n cause an unspecified impact.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://secure.php.net/ChangeLog-7.php#7.0.11\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 7.0.11 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-7417\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^7(\\.0)?$\")\n audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^7\\.0\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 7.0.x\", port);\n\nif (version =~ \"^7\\.0\\.\" && ver_compare(ver:version, fix:\"7.0.11\", strict:FALSE) < 0){\n security_report_v4(\n port : port,\n extra :\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 7.0.11' +\n '\\n',\n severity:SECURITY_HOLE\n );\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-01T00:26:03", "bulletinFamily": "scanner", "description": "PHP reports :\n\n- Fixed bug #73007 (add locale length check)\n\n- Fixed bug #72293 (Heap overflow in mysqlnd related to BIT fields)\n\n- Fixed bug #72928 (Out of bound when verify signature of zip phar in\nphar_parse_zipfile)\n\n- Fixed bug #73029 (Missing type check when unserializing SplArray)\n\n- Fixed bug #73052 (Memory Corruption in During Deserialized-object\nDestruction)\n\n- Fixed bug #72860 (wddx_deserialize use-after-free)\n\n- Fixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element)", "modified": "2020-05-02T00:00:00", "id": "FREEBSD_PKG_F471032A870011E68D9300248C0C745D.NASL", "href": "https://www.tenable.com/plugins/nessus/94084", "published": "2016-10-17T00:00:00", "title": "FreeBSD : PHP -- multiple vulnerabilities (f471032a-8700-11e6-8d93-00248c0c745d)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94084);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/11/10 11:49:46\");\n\n script_cve_id(\"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n\n script_name(english:\"FreeBSD : PHP -- multiple vulnerabilities (f471032a-8700-11e6-8d93-00248c0c745d)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PHP reports :\n\n- Fixed bug #73007 (add locale length check)\n\n- Fixed bug #72293 (Heap overflow in mysqlnd related to BIT fields)\n\n- Fixed bug #72928 (Out of bound when verify signature of zip phar in\nphar_parse_zipfile)\n\n- Fixed bug #73029 (Missing type check when unserializing SplArray)\n\n- Fixed bug #73052 (Memory Corruption in During Deserialized-object\nDestruction)\n\n- Fixed bug #72860 (wddx_deserialize use-after-free)\n\n- Fixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-7.php#7.0.11\"\n );\n # https://vuxml.freebsd.org/freebsd/f471032a-8700-11e6-8d93-00248c0c745d.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?556e252c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php70\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"php70<7.0.11\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-03T01:50:03", "bulletinFamily": "scanner", "description": "ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before\n7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag,\nwhich allows remote MySQL servers to cause a denial of service\n(heap-based buffer overflow) or possibly have unspecified other impact\nvia crafted field metadata (CVE-2016-7412).\n\nUse-after-free vulnerability in the wddx_stack_destroy function in\next/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows\nremote attackers to cause a denial of service or possibly have\nunspecified other impact via a wddxPacket XML document that lacks an\nend-tag for a recordset field element, leading to mishandling in a\nwddx_deserialize call (CVE-2016-7413).\n\nThe ZIP signature-verification feature in PHP before 5.6.26 and 7.x\nbefore 7.0.11 does not ensure that the uncompressed_filesize field is\nlarge enough, which allows remote attackers to cause a denial of\nservice (out-of-bounds memory access) or possibly have unspecified\nother impact via a crafted PHAR archive, related to ext/phar/util.c\nand ext/phar/zip.c (CVE-2016-7414).\n\next/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x\nbefore 7.0.11 does not properly restrict the locale length provided to\nthe Locale class in the ICU library, which allows remote attackers to\ncause a denial of service (application crash) or possibly have\nunspecified other impact via a MessageFormatter::formatMessage call\nwith a long first argument (CVE-2016-7416).\n\next/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11\nproceeds with SplArray unserialization without validating a return\nvalue and data type, which allows remote attackers to cause a denial\nof service or possibly have unspecified other impact via crafted\nserialized data (CVE-2016-7417).\n\nThe php_wddx_push_element function in ext/wddx/wddx.c in PHP before\n5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial\nof service (invalid pointer access and out-of-bounds read) or possibly\nhave unspecified other impact via an incorrect boolean element in a\nwddxPacket XML document, leading to mishandling in a wddx_deserialize\ncall (CVE-2016-7418).", "modified": "2020-05-02T00:00:00", "id": "ALA_ALAS-2016-754.NASL", "href": "https://www.tenable.com/plugins/nessus/94020", "published": "2016-10-13T00:00:00", "title": "Amazon Linux AMI : php70 (ALAS-2016-754)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-754.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94020);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_xref(name:\"ALAS\", value:\"2016-754\");\n\n script_name(english:\"Amazon Linux AMI : php70 (ALAS-2016-754)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before\n7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag,\nwhich allows remote MySQL servers to cause a denial of service\n(heap-based buffer overflow) or possibly have unspecified other impact\nvia crafted field metadata (CVE-2016-7412).\n\nUse-after-free vulnerability in the wddx_stack_destroy function in\next/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows\nremote attackers to cause a denial of service or possibly have\nunspecified other impact via a wddxPacket XML document that lacks an\nend-tag for a recordset field element, leading to mishandling in a\nwddx_deserialize call (CVE-2016-7413).\n\nThe ZIP signature-verification feature in PHP before 5.6.26 and 7.x\nbefore 7.0.11 does not ensure that the uncompressed_filesize field is\nlarge enough, which allows remote attackers to cause a denial of\nservice (out-of-bounds memory access) or possibly have unspecified\nother impact via a crafted PHAR archive, related to ext/phar/util.c\nand ext/phar/zip.c (CVE-2016-7414).\n\next/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x\nbefore 7.0.11 does not properly restrict the locale length provided to\nthe Locale class in the ICU library, which allows remote attackers to\ncause a denial of service (application crash) or possibly have\nunspecified other impact via a MessageFormatter::formatMessage call\nwith a long first argument (CVE-2016-7416).\n\next/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11\nproceeds with SplArray unserialization without validating a return\nvalue and data type, which allows remote attackers to cause a denial\nof service or possibly have unspecified other impact via crafted\nserialized data (CVE-2016-7417).\n\nThe php_wddx_push_element function in ext/wddx/wddx.c in PHP before\n5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial\nof service (invalid pointer access and out-of-bounds read) or possibly\nhave unspecified other impact via an incorrect boolean element in a\nwddxPacket XML document, leading to mishandling in a wddx_deserialize\ncall (CVE-2016-7418).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-754.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update php70' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-pdo-dblib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php70-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-bcmath-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-cli-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-common-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-dba-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-dbg-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-debuginfo-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-devel-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-embedded-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-enchant-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-fpm-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-gd-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-gmp-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-imap-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-intl-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-json-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-ldap-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-mbstring-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-mcrypt-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-mysqlnd-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-odbc-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-opcache-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-pdo-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-pdo-dblib-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-pgsql-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-process-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-pspell-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-recode-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-snmp-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-soap-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-tidy-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-xml-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-xmlrpc-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-zip-7.0.11-1.16.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php70 / php70-bcmath / php70-cli / php70-common / php70-dba / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-01T00:22:43", "bulletinFamily": "scanner", "description": "PHP reports :\n\n- Fixed bug #73007 (add locale length check)\n\n- Fixed bug #72293 (Heap overflow in mysqlnd related to BIT fields)\n\n- Fixed bug #72928 (Out of bound when verify signature of zip phar in\nphar_parse_zipfile)\n\n- Fixed bug #73029 (Missing type check when unserializing SplArray)\n\n- Fixed bug #73052 (Memory Corruption in During Deserialized-object\nDestruction)\n\n- Fixed bug #72860 (wddx_deserialize use-after-free)\n\n- Fixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element)", "modified": "2020-05-02T00:00:00", "id": "FREEBSD_PKG_8D5180A686FE11E68D9300248C0C745D.NASL", "href": "https://www.tenable.com/plugins/nessus/94083", "published": "2016-10-17T00:00:00", "title": "FreeBSD : PHP -- multiple vulnerabilities (8d5180a6-86fe-11e6-8d93-00248c0c745d)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94083);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/11/10 11:49:45\");\n\n script_cve_id(\"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n\n script_name(english:\"FreeBSD : PHP -- multiple vulnerabilities (8d5180a6-86fe-11e6-8d93-00248c0c745d)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PHP reports :\n\n- Fixed bug #73007 (add locale length check)\n\n- Fixed bug #72293 (Heap overflow in mysqlnd related to BIT fields)\n\n- Fixed bug #72928 (Out of bound when verify signature of zip phar in\nphar_parse_zipfile)\n\n- Fixed bug #73029 (Missing type check when unserializing SplArray)\n\n- Fixed bug #73052 (Memory Corruption in During Deserialized-object\nDestruction)\n\n- Fixed bug #72860 (wddx_deserialize use-after-free)\n\n- Fixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-5.php#5.6.26\"\n );\n # https://vuxml.freebsd.org/freebsd/8d5180a6-86fe-11e6-8d93-00248c0c745d.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1b5b60f9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php56\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"php56<5.6.26\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-03T02:17:23", "bulletinFamily": "scanner", "description": "15 Sep 2016 **PHP version 5.6.26**\n\n**Core:**\n\n - Fixed bug php#72907 (NULL pointer deref, segfault in\n gc_remove_zval_from_buffer (zend_gc.c:260)). (Laruence)\n\n**Dba:**\n\n - Fixed bug php#71514 (Bad dba_replace condition because\n of wrong API usage). (cmb)\n\n - Fixed bug php#70825 (Cannot fetch multiple values with\n group in ini file). (cmb)\n\n**EXIF:**\n\n - Fixed bug php#72926 (Uninitialized Thumbail Data Leads\n To Memory Leakage in exif_process_IFD_in_TIFF). (Stas)\n\n**FTP:**\n\n - Fixed bug php#70195 (Cannot upload file using ftp_put to\n FTPES with require_ssl_reuse). (Benedict Singer)\n\n**GD:**\n\n - Fixed bug php#66005 (imagecopy does not support 1bit\n transparency on truecolor images). (cmb)\n\n - Fixed bug php#72913 (imagecopy() loses single-color\n transparency on palette images). (cmb)\n\n - Fixed bug php#68716 (possible resource leaks in\n _php_image_convert()). (cmb)\n\n**Intl:**\n\n - Fixed bug php#73007 (add locale length check). (Stas)\n\n**JSON:**\n\n - Fixed bug php#72787 (json_decode reads out of bounds).\n (Jakub Zelenka)\n\n**mbstring:**\n\n - Fixed bug php#66797 (mb_substr only takes 32-bit signed\n integer). (cmb)\n\n - Fixed bug php#72910 (Out of bounds heap read in\n mbc_to_code() / triggered by mb_ereg_match()). (Stas)\n\n**MSSQL:**\n\n - Fixed bug php#72039 (Use of uninitialised value on\n mssql_guid_string). (Kalle)\n\n**Mysqlnd:**\n\n - Fixed bug php#72293 (Heap overflow in mysqlnd related to\n BIT fields). (Stas)\n\n**Phar:**\n\n - Fixed bug php#72928 (Out of bound when verify signature\n of zip phar in phar_parse_zipfile). (Stas)\n\n - Fixed bug php#73035 (Out of bound when verify signature\n of tar phar in phar_parse_tarfile). (Stas)\n\n**PDO:**\n\n - Fixed bug php#60665 (call to empty() on NULL result\n using PDO::FETCH_LAZY returns false). (cmb)\n\n**PDO_pgsql:**\n\n - Implemented FR php#72633 (Postgres PDO lastInsertId()\n should work without specifying a sequence). (Pablo\n Santiago S&aacute;nchez, Matteo)\n\n - Fixed bug php#72759 (Regression in pgo_pgsql). (Anatol)\n\n**SPL:**\n\n - Fixed bug php#73029 (Missing type check when\n unserializing SplArray). (Stas)\n\n**Standard:**\n\n - Fixed bug php#72823 (strtr out-of-bound access). (cmb)\n\n - Fixed bug php#72278 (getimagesize returning FALSE on\n valid jpg). (cmb)\n\n - Fixed bug php#65550 (get_browser() incorrectly parses\n entries with ", "modified": "2020-05-02T00:00:00", "id": "FEDORA_2016-DB71B72137.NASL", "href": "https://www.tenable.com/plugins/nessus/93754", "published": "2016-09-28T00:00:00", "title": "Fedora 23 : php (2016-db71b72137)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-db71b72137.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93754);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2019/09/25 17:12:10\");\n\n script_cve_id(\"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_xref(name:\"FEDORA\", value:\"2016-db71b72137\");\n\n script_name(english:\"Fedora 23 : php (2016-db71b72137)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"15 Sep 2016 **PHP version 5.6.26**\n\n**Core:**\n\n - Fixed bug php#72907 (NULL pointer deref, segfault in\n gc_remove_zval_from_buffer (zend_gc.c:260)). (Laruence)\n\n**Dba:**\n\n - Fixed bug php#71514 (Bad dba_replace condition because\n of wrong API usage). (cmb)\n\n - Fixed bug php#70825 (Cannot fetch multiple values with\n group in ini file). (cmb)\n\n**EXIF:**\n\n - Fixed bug php#72926 (Uninitialized Thumbail Data Leads\n To Memory Leakage in exif_process_IFD_in_TIFF). (Stas)\n\n**FTP:**\n\n - Fixed bug php#70195 (Cannot upload file using ftp_put to\n FTPES with require_ssl_reuse). (Benedict Singer)\n\n**GD:**\n\n - Fixed bug php#66005 (imagecopy does not support 1bit\n transparency on truecolor images). (cmb)\n\n - Fixed bug php#72913 (imagecopy() loses single-color\n transparency on palette images). (cmb)\n\n - Fixed bug php#68716 (possible resource leaks in\n _php_image_convert()). (cmb)\n\n**Intl:**\n\n - Fixed bug php#73007 (add locale length check). (Stas)\n\n**JSON:**\n\n - Fixed bug php#72787 (json_decode reads out of bounds).\n (Jakub Zelenka)\n\n**mbstring:**\n\n - Fixed bug php#66797 (mb_substr only takes 32-bit signed\n integer). (cmb)\n\n - Fixed bug php#72910 (Out of bounds heap read in\n mbc_to_code() / triggered by mb_ereg_match()). (Stas)\n\n**MSSQL:**\n\n - Fixed bug php#72039 (Use of uninitialised value on\n mssql_guid_string). (Kalle)\n\n**Mysqlnd:**\n\n - Fixed bug php#72293 (Heap overflow in mysqlnd related to\n BIT fields). (Stas)\n\n**Phar:**\n\n - Fixed bug php#72928 (Out of bound when verify signature\n of zip phar in phar_parse_zipfile). (Stas)\n\n - Fixed bug php#73035 (Out of bound when verify signature\n of tar phar in phar_parse_tarfile). (Stas)\n\n**PDO:**\n\n - Fixed bug php#60665 (call to empty() on NULL result\n using PDO::FETCH_LAZY returns false). (cmb)\n\n**PDO_pgsql:**\n\n - Implemented FR php#72633 (Postgres PDO lastInsertId()\n should work without specifying a sequence). (Pablo\n Santiago S&aacute;nchez, Matteo)\n\n - Fixed bug php#72759 (Regression in pgo_pgsql). (Anatol)\n\n**SPL:**\n\n - Fixed bug php#73029 (Missing type check when\n unserializing SplArray). (Stas)\n\n**Standard:**\n\n - Fixed bug php#72823 (strtr out-of-bound access). (cmb)\n\n - Fixed bug php#72278 (getimagesize returning FALSE on\n valid jpg). (cmb)\n\n - Fixed bug php#65550 (get_browser() incorrectly parses\n entries with '+' sign). (cmb)\n\n - Fixed bug php#71882 (Negative ftruncate() on\n php://memory exhausts memory). (cmb)\n\n - Fixed bug php#73011 (integer overflow in fgets cause\n heap corruption). (Stas)\n\n - Fixed bug php#73017 (memory corruption in wordwrap\n function). (Stas)\n\n - Fixed bug php#73045 (integer overflow in fgetcsv caused\n heap corruption). (Stas)\n\n - Fixed bug php#73052 (Memory Corruption in During\n Deserialized-object Destruction) (Stas)\n\n**Streams:**\n\n - Fixed bug php#72853 (stream_set_blocking doesn't work).\n (Laruence)\n\n**Wddx:**\n\n - Fixed bug php#72860 (wddx_deserialize use-after-free).\n (Stas)\n\n - Fixed bug php#73065 (Out-Of-Bounds Read in\n php_wddx_push_element). (Stas)\n\n**XML:**\n\n - Fixed bug php#72085 (SEGV on unknown address\n zif_xml_parse). (cmb)\n\n - Fixed bug php#72927 (integer overflow in\n xml_utf8_encode). (Stas)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-db71b72137\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"php-5.6.26-1.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-03T01:44:49", "bulletinFamily": "scanner", "description": "New php packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix security issues.", "modified": "2020-05-02T00:00:00", "id": "SLACKWARE_SSA_2016-267-01.NASL", "href": "https://www.tenable.com/plugins/nessus/93687", "published": "2016-09-26T00:00:00", "title": "Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2016-267-01)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2016-267-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93687);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2017/09/21 13:38:14 $\");\n\n script_cve_id(\"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_xref(name:\"SSA\", value:\"2016-267-01\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2016-267-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New php packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.449886\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?39115ff5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"php\", pkgver:\"5.6.26\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.6.26\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"php\", pkgver:\"5.6.26\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.6.26\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"php\", pkgver:\"5.6.26\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.6.26\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"php\", pkgver:\"5.6.26\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.6.26\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-01T01:25:49", "bulletinFamily": "scanner", "description": "This update for php5 fixes the following security issues :\n\n - CVE-2016-7411: Memory corruption when destructing\n deserialized object\n\n - CVE-2016-7412: Heap overflow in mysqlnd when not\n receiving UNSIGNED_FLAG in BIT field\n\n - CVE-2016-7413: Use after free in wddx_deserialize\n\n - CVE-2016-7414: Out of bounds heap read when verifying\n signature of zip phar in phar_parse_zipfile\n\n - CVE-2016-7416: Stack based buffer overflow in\n msgfmt_format_message\n\n - CVE-2016-7417: Missing type check when unserializing\n SplArray\n\n - CVE-2016-7418: NULL pointer dereference in\n php_wddx_push_element", "modified": "2020-05-02T00:00:00", "id": "OPENSUSE-2016-1150.NASL", "href": "https://www.tenable.com/plugins/nessus/93853", "published": "2016-10-05T00:00:00", "title": "openSUSE Security Update : php5 (openSUSE-2016-1150)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1150.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93853);\n script_version(\"$Revision: 2.4 $\");\n script_cvs_date(\"$Date: 2016/10/25 16:58:35 $\");\n\n script_cve_id(\"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n\n script_name(english:\"openSUSE Security Update : php5 (openSUSE-2016-1150)\");\n script_summary(english:\"Check for the openSUSE-2016-1150 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for php5 fixes the following security issues :\n\n - CVE-2016-7411: Memory corruption when destructing\n deserialized object\n\n - CVE-2016-7412: Heap overflow in mysqlnd when not\n receiving UNSIGNED_FLAG in BIT field\n\n - CVE-2016-7413: Use after free in wddx_deserialize\n\n - CVE-2016-7414: Out of bounds heap read when verifying\n signature of zip phar in phar_parse_zipfile\n\n - CVE-2016-7416: Stack based buffer overflow in\n msgfmt_format_message\n\n - CVE-2016-7417: Missing type check when unserializing\n SplArray\n\n - CVE-2016-7418: NULL pointer dereference in\n php_wddx_push_element\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999820\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-firebird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"apache2-mod_php5-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"apache2-mod_php5-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bcmath-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bcmath-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bz2-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bz2-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-calendar-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-calendar-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ctype-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ctype-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-curl-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-curl-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dba-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dba-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-debugsource-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-devel-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dom-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dom-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-enchant-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-enchant-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-exif-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-exif-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fastcgi-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fastcgi-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fileinfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fileinfo-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-firebird-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-firebird-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fpm-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fpm-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ftp-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ftp-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gd-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gd-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gettext-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gettext-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gmp-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gmp-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-iconv-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-iconv-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-imap-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-imap-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-intl-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-intl-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-json-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-json-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ldap-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ldap-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mbstring-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mbstring-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mcrypt-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mcrypt-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mssql-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mssql-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mysql-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mysql-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-odbc-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-odbc-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-opcache-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-opcache-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-openssl-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-openssl-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pcntl-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pcntl-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pdo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pdo-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pear-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pgsql-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pgsql-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-phar-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-phar-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-posix-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-posix-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pspell-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pspell-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-readline-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-readline-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-shmop-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-shmop-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-snmp-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-snmp-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-soap-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-soap-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sockets-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sockets-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sqlite-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sqlite-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-suhosin-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-suhosin-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvmsg-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvmsg-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvsem-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvsem-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvshm-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvshm-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tidy-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tidy-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tokenizer-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tokenizer-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-wddx-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-wddx-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlreader-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlreader-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlrpc-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlrpc-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlwriter-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlwriter-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xsl-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xsl-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zip-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zip-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zlib-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zlib-debuginfo-5.6.1-78.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php5 / apache2-mod_php5-debuginfo / php5 / php5-bcmath / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-24T02:40:27", "bulletinFamily": "scanner", "description": "This update for php5 fixes the following security issues :\n\n - CVE-2016-7411: php5: Memory corruption when destructing\n deserialized object\n\n - CVE-2016-7412: Heap overflow in mysqlnd when not\n receiving UNSIGNED_FLAG in BIT field\n\n - CVE-2016-7413: Use after free in wddx_deserialize\n\n - CVE-2016-7414: Out of bounds heap read when verifying\n signature of zip phar in phar_parse_zipfile\n\n - CVE-2016-7416: Stack based buffer overflow in\n msgfmt_format_message\n\n - CVE-2016-7417: Missing type check when unserializing\n SplArray\n\n - CVE-2016-7418: NULL pointer dereference in\n php_wddx_push_element\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-01-02T00:00:00", "id": "SUSE_SU-2016-2477-1.NASL", "href": "https://www.tenable.com/plugins/nessus/119983", "published": "2019-01-02T00:00:00", "title": "SUSE SLES12 Security Update : php5 (SUSE-SU-2016:2477-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2477-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119983);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/23\");\n\n script_cve_id(\"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n\n script_name(english:\"SUSE SLES12 Security Update : php5 (SUSE-SU-2016:2477-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for php5 fixes the following security issues :\n\n - CVE-2016-7411: php5: Memory corruption when destructing\n deserialized object\n\n - CVE-2016-7412: Heap overflow in mysqlnd when not\n receiving UNSIGNED_FLAG in BIT field\n\n - CVE-2016-7413: Use after free in wddx_deserialize\n\n - CVE-2016-7414: Out of bounds heap read when verifying\n signature of zip phar in phar_parse_zipfile\n\n - CVE-2016-7416: Stack based buffer overflow in\n msgfmt_format_message\n\n - CVE-2016-7417: Missing type check when unserializing\n SplArray\n\n - CVE-2016-7418: NULL pointer dereference in\n php_wddx_push_element\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7411/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7412/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7413/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7414/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7416/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7417/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7418/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162477-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e883a5d8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2016-1446=1\n\nSUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch\nSUSE-SLE-Module-Web-Scripting-12-2016-1446=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-suhosin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php5-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php5-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bcmath-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bcmath-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bz2-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bz2-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-calendar-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-calendar-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ctype-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ctype-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-curl-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-curl-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dba-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dba-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-debugsource-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dom-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dom-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-enchant-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-enchant-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-exif-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-exif-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fastcgi-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fastcgi-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fileinfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fileinfo-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fpm-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fpm-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ftp-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ftp-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gd-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gd-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gettext-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gettext-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gmp-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gmp-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-iconv-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-iconv-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-imap-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-imap-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-intl-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-intl-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-json-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-json-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ldap-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ldap-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mbstring-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mbstring-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mcrypt-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mcrypt-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mysql-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mysql-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-odbc-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-odbc-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-opcache-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-opcache-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-openssl-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-openssl-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pcntl-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pcntl-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pdo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pdo-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pgsql-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pgsql-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-phar-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-phar-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-posix-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-posix-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pspell-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pspell-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-shmop-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-shmop-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-snmp-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-snmp-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-soap-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-soap-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sockets-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sockets-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sqlite-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sqlite-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-suhosin-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-suhosin-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvmsg-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvmsg-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvsem-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvsem-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvshm-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvshm-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-tokenizer-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-tokenizer-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-wddx-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-wddx-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlreader-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlreader-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlrpc-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlrpc-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlwriter-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlwriter-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xsl-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xsl-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zip-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zip-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zlib-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zlib-debuginfo-5.5.14-78.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php5\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-03T02:17:12", "bulletinFamily": "scanner", "description": "15 Sep 2016 **PHP version 5.6.26**\n\n**Core:**\n\n - Fixed bug php#72907 (NULL pointer deref, segfault in\n gc_remove_zval_from_buffer (zend_gc.c:260)). (Laruence)\n\n**Dba:**\n\n - Fixed bug php#71514 (Bad dba_replace condition because\n of wrong API usage). (cmb)\n\n - Fixed bug php#70825 (Cannot fetch multiple values with\n group in ini file). (cmb)\n\n**EXIF:**\n\n - Fixed bug php#72926 (Uninitialized Thumbail Data Leads\n To Memory Leakage in exif_process_IFD_in_TIFF). (Stas)\n\n**FTP:**\n\n - Fixed bug php#70195 (Cannot upload file using ftp_put to\n FTPES with require_ssl_reuse). (Benedict Singer)\n\n**GD:**\n\n - Fixed bug php#66005 (imagecopy does not support 1bit\n transparency on truecolor images). (cmb)\n\n - Fixed bug php#72913 (imagecopy() loses single-color\n transparency on palette images). (cmb)\n\n - Fixed bug php#68716 (possible resource leaks in\n _php_image_convert()). (cmb)\n\n**Intl:**\n\n - Fixed bug php#73007 (add locale length check). (Stas)\n\n**JSON:**\n\n - Fixed bug php#72787 (json_decode reads out of bounds).\n (Jakub Zelenka)\n\n**mbstring:**\n\n - Fixed bug php#66797 (mb_substr only takes 32-bit signed\n integer). (cmb)\n\n - Fixed bug php#72910 (Out of bounds heap read in\n mbc_to_code() / triggered by mb_ereg_match()). (Stas)\n\n**MSSQL:**\n\n - Fixed bug php#72039 (Use of uninitialised value on\n mssql_guid_string). (Kalle)\n\n**Mysqlnd:**\n\n - Fixed bug php#72293 (Heap overflow in mysqlnd related to\n BIT fields). (Stas)\n\n**Phar:**\n\n - Fixed bug php#72928 (Out of bound when verify signature\n of zip phar in phar_parse_zipfile). (Stas)\n\n - Fixed bug php#73035 (Out of bound when verify signature\n of tar phar in phar_parse_tarfile). (Stas)\n\n**PDO:**\n\n - Fixed bug php#60665 (call to empty() on NULL result\n using PDO::FETCH_LAZY returns false). (cmb)\n\n**PDO_pgsql:**\n\n - Implemented FR php#72633 (Postgres PDO lastInsertId()\n should work without specifying a sequence). (Pablo\n Santiago S&aacute;nchez, Matteo)\n\n - Fixed bug php#72759 (Regression in pgo_pgsql). (Anatol)\n\n**SPL:**\n\n - Fixed bug php#73029 (Missing type check when\n unserializing SplArray). (Stas)\n\n**Standard:**\n\n - Fixed bug php#72823 (strtr out-of-bound access). (cmb)\n\n - Fixed bug php#72278 (getimagesize returning FALSE on\n valid jpg). (cmb)\n\n - Fixed bug php#65550 (get_browser() incorrectly parses\n entries with ", "modified": "2020-05-02T00:00:00", "id": "FEDORA_2016-62FC05FD68.NASL", "href": "https://www.tenable.com/plugins/nessus/93726", "published": "2016-09-27T00:00:00", "title": "Fedora 24 : php (2016-62fc05fd68)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-62fc05fd68.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93726);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2019/09/25 17:12:08\");\n\n script_cve_id(\"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_xref(name:\"FEDORA\", value:\"2016-62fc05fd68\");\n\n script_name(english:\"Fedora 24 : php (2016-62fc05fd68)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"15 Sep 2016 **PHP version 5.6.26**\n\n**Core:**\n\n - Fixed bug php#72907 (NULL pointer deref, segfault in\n gc_remove_zval_from_buffer (zend_gc.c:260)). (Laruence)\n\n**Dba:**\n\n - Fixed bug php#71514 (Bad dba_replace condition because\n of wrong API usage). (cmb)\n\n - Fixed bug php#70825 (Cannot fetch multiple values with\n group in ini file). (cmb)\n\n**EXIF:**\n\n - Fixed bug php#72926 (Uninitialized Thumbail Data Leads\n To Memory Leakage in exif_process_IFD_in_TIFF). (Stas)\n\n**FTP:**\n\n - Fixed bug php#70195 (Cannot upload file using ftp_put to\n FTPES with require_ssl_reuse). (Benedict Singer)\n\n**GD:**\n\n - Fixed bug php#66005 (imagecopy does not support 1bit\n transparency on truecolor images). (cmb)\n\n - Fixed bug php#72913 (imagecopy() loses single-color\n transparency on palette images). (cmb)\n\n - Fixed bug php#68716 (possible resource leaks in\n _php_image_convert()). (cmb)\n\n**Intl:**\n\n - Fixed bug php#73007 (add locale length check). (Stas)\n\n**JSON:**\n\n - Fixed bug php#72787 (json_decode reads out of bounds).\n (Jakub Zelenka)\n\n**mbstring:**\n\n - Fixed bug php#66797 (mb_substr only takes 32-bit signed\n integer). (cmb)\n\n - Fixed bug php#72910 (Out of bounds heap read in\n mbc_to_code() / triggered by mb_ereg_match()). (Stas)\n\n**MSSQL:**\n\n - Fixed bug php#72039 (Use of uninitialised value on\n mssql_guid_string). (Kalle)\n\n**Mysqlnd:**\n\n - Fixed bug php#72293 (Heap overflow in mysqlnd related to\n BIT fields). (Stas)\n\n**Phar:**\n\n - Fixed bug php#72928 (Out of bound when verify signature\n of zip phar in phar_parse_zipfile). (Stas)\n\n - Fixed bug php#73035 (Out of bound when verify signature\n of tar phar in phar_parse_tarfile). (Stas)\n\n**PDO:**\n\n - Fixed bug php#60665 (call to empty() on NULL result\n using PDO::FETCH_LAZY returns false). (cmb)\n\n**PDO_pgsql:**\n\n - Implemented FR php#72633 (Postgres PDO lastInsertId()\n should work without specifying a sequence). (Pablo\n Santiago S&aacute;nchez, Matteo)\n\n - Fixed bug php#72759 (Regression in pgo_pgsql). (Anatol)\n\n**SPL:**\n\n - Fixed bug php#73029 (Missing type check when\n unserializing SplArray). (Stas)\n\n**Standard:**\n\n - Fixed bug php#72823 (strtr out-of-bound access). (cmb)\n\n - Fixed bug php#72278 (getimagesize returning FALSE on\n valid jpg). (cmb)\n\n - Fixed bug php#65550 (get_browser() incorrectly parses\n entries with '+' sign). (cmb)\n\n - Fixed bug php#71882 (Negative ftruncate() on\n php://memory exhausts memory). (cmb)\n\n - Fixed bug php#73011 (integer overflow in fgets cause\n heap corruption). (Stas)\n\n - Fixed bug php#73017 (memory corruption in wordwrap\n function). (Stas)\n\n - Fixed bug php#73045 (integer overflow in fgetcsv caused\n heap corruption). (Stas)\n\n - Fixed bug php#73052 (Memory Corruption in During\n Deserialized-object Destruction) (Stas)\n\n**Streams:**\n\n - Fixed bug php#72853 (stream_set_blocking doesn't work).\n (Laruence)\n\n**Wddx:**\n\n - Fixed bug php#72860 (wddx_deserialize use-after-free).\n (Stas)\n\n - Fixed bug php#73065 (Out-Of-Bounds Read in\n php_wddx_push_element). (Stas)\n\n**XML:**\n\n - Fixed bug php#72085 (SEGV on unknown address\n zif_xml_parse). (cmb)\n\n - Fixed bug php#72927 (integer overflow in\n xml_utf8_encode). (Stas)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-62fc05fd68\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"php-5.6.26-1.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-03T01:50:03", "bulletinFamily": "scanner", "description": "ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles\nobject-deserialization failures, which allows remote attackers to\ncause a denial of service (memory corruption) or possibly have\nunspecified other impact via an unserialize call that references a\npartially constructed object (CVE-2016-7411).\n\next/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before\n7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag,\nwhich allows remote MySQL servers to cause a denial of service\n(heap-based buffer overflow) or possibly have unspecified other impact\nvia crafted field metadata (CVE-2016-7412).\n\nUse-after-free vulnerability in the wddx_stack_destroy function in\next/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows\nremote attackers to cause a denial of service or possibly have\nunspecified other impact via a wddxPacket XML document that lacks an\nend-tag for a recordset field element, leading to mishandling in a\nwddx_deserialize call (CVE-2016-7413).\n\nThe ZIP signature-verification feature in PHP before 5.6.26 and 7.x\nbefore 7.0.11 does not ensure that the uncompressed_filesize field is\nlarge enough, which allows remote attackers to cause a denial of\nservice (out-of-bounds memory access) or possibly have unspecified\nother impact via a crafted PHAR archive, related to ext/phar/util.c\nand ext/phar/zip.c (CVE-2016-7414).\n\next/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x\nbefore 7.0.11 does not properly restrict the locale length provided to\nthe Locale class in the ICU library, which allows remote attackers to\ncause a denial of service (application crash) or possibly have\nunspecified other impact via a MessageFormatter::formatMessage call\nwith a long first argument (CVE-2016-7416).\n\next/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11\nproceeds with SplArray unserialization without validating a return\nvalue and data type, which allows remote attackers to cause a denial\nof service or possibly have unspecified other impact via crafted\nserialized data (CVE-2016-7417).\n\nThe php_wddx_push_element function in ext/wddx/wddx.c in PHP before\n5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial\nof service (invalid pointer access and out-of-bounds read) or possibly\nhave unspecified other impact via an incorrect boolean element in a\nwddxPacket XML document, leading to mishandling in a wddx_deserialize\ncall (CVE-2016-7418).", "modified": "2020-05-02T00:00:00", "id": "ALA_ALAS-2016-753.NASL", "href": "https://www.tenable.com/plugins/nessus/94019", "published": "2016-10-13T00:00:00", "title": "Amazon Linux AMI : php56 (ALAS-2016-753)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-753.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94019);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_xref(name:\"ALAS\", value:\"2016-753\");\n\n script_name(english:\"Amazon Linux AMI : php56 (ALAS-2016-753)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles\nobject-deserialization failures, which allows remote attackers to\ncause a denial of service (memory corruption) or possibly have\nunspecified other impact via an unserialize call that references a\npartially constructed object (CVE-2016-7411).\n\next/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before\n7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag,\nwhich allows remote MySQL servers to cause a denial of service\n(heap-based buffer overflow) or possibly have unspecified other impact\nvia crafted field metadata (CVE-2016-7412).\n\nUse-after-free vulnerability in the wddx_stack_destroy function in\next/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows\nremote attackers to cause a denial of service or possibly have\nunspecified other impact via a wddxPacket XML document that lacks an\nend-tag for a recordset field element, leading to mishandling in a\nwddx_deserialize call (CVE-2016-7413).\n\nThe ZIP signature-verification feature in PHP before 5.6.26 and 7.x\nbefore 7.0.11 does not ensure that the uncompressed_filesize field is\nlarge enough, which allows remote attackers to cause a denial of\nservice (out-of-bounds memory access) or possibly have unspecified\nother impact via a crafted PHAR archive, related to ext/phar/util.c\nand ext/phar/zip.c (CVE-2016-7414).\n\next/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x\nbefore 7.0.11 does not properly restrict the locale length provided to\nthe Locale class in the ICU library, which allows remote attackers to\ncause a denial of service (application crash) or possibly have\nunspecified other impact via a MessageFormatter::formatMessage call\nwith a long first argument (CVE-2016-7416).\n\next/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11\nproceeds with SplArray unserialization without validating a return\nvalue and data type, which allows remote attackers to cause a denial\nof service or possibly have unspecified other impact via crafted\nserialized data (CVE-2016-7417).\n\nThe php_wddx_push_element function in ext/wddx/wddx.c in PHP before\n5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial\nof service (invalid pointer access and out-of-bounds read) or possibly\nhave unspecified other impact via an incorrect boolean element in a\nwddxPacket XML document, leading to mishandling in a wddx_deserialize\ncall (CVE-2016-7418).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-753.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update php56' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php56-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-bcmath-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-cli-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-common-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-dba-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-dbg-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-debuginfo-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-devel-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-embedded-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-enchant-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-fpm-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-gd-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-gmp-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-imap-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-intl-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-ldap-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mbstring-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mcrypt-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mssql-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mysqlnd-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-odbc-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-opcache-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-pdo-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-pgsql-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-process-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-pspell-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-recode-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-snmp-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-soap-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-tidy-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-xml-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-xmlrpc-5.6.26-1.128.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php56 / php56-bcmath / php56-cli / php56-common / php56-dba / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2019-05-29T19:20:31", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\next/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata ([CVE-2016-7412 __](<https://access.redhat.com/security/cve/CVE-2016-7412>)).\n\nUse-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call ([CVE-2016-7413 __](<https://access.redhat.com/security/cve/CVE-2016-7413>)).\n\nThe ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c ([CVE-2016-7414 __](<https://access.redhat.com/security/cve/CVE-2016-7414>)).\n\next/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument ([CVE-2016-7416 __](<https://access.redhat.com/security/cve/CVE-2016-7416>)).\n\next/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data ([CVE-2016-7417 __](<https://access.redhat.com/security/cve/CVE-2016-7417>)).\n\nThe php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call ([CVE-2016-7418 __](<https://access.redhat.com/security/cve/CVE-2016-7418>)). \n\n\n \n**Affected Packages:** \n\n\nphp70\n\n \n**Issue Correction:** \nRun _yum update php70_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n php70-enchant-7.0.11-1.16.amzn1.i686 \n php70-bcmath-7.0.11-1.16.amzn1.i686 \n php70-process-7.0.11-1.16.amzn1.i686 \n php70-intl-7.0.11-1.16.amzn1.i686 \n php70-gmp-7.0.11-1.16.amzn1.i686 \n php70-soap-7.0.11-1.16.amzn1.i686 \n php70-xml-7.0.11-1.16.amzn1.i686 \n php70-mbstring-7.0.11-1.16.amzn1.i686 \n php70-mcrypt-7.0.11-1.16.amzn1.i686 \n php70-json-7.0.11-1.16.amzn1.i686 \n php70-gd-7.0.11-1.16.amzn1.i686 \n php70-recode-7.0.11-1.16.amzn1.i686 \n php70-snmp-7.0.11-1.16.amzn1.i686 \n php70-imap-7.0.11-1.16.amzn1.i686 \n php70-ldap-7.0.11-1.16.amzn1.i686 \n php70-tidy-7.0.11-1.16.amzn1.i686 \n php70-cli-7.0.11-1.16.amzn1.i686 \n php70-odbc-7.0.11-1.16.amzn1.i686 \n php70-zip-7.0.11-1.16.amzn1.i686 \n php70-common-7.0.11-1.16.amzn1.i686 \n php70-embedded-7.0.11-1.16.amzn1.i686 \n php70-pdo-dblib-7.0.11-1.16.amzn1.i686 \n php70-fpm-7.0.11-1.16.amzn1.i686 \n php70-pdo-7.0.11-1.16.amzn1.i686 \n php70-devel-7.0.11-1.16.amzn1.i686 \n php70-7.0.11-1.16.amzn1.i686 \n php70-mysqlnd-7.0.11-1.16.amzn1.i686 \n php70-dba-7.0.11-1.16.amzn1.i686 \n php70-xmlrpc-7.0.11-1.16.amzn1.i686 \n php70-dbg-7.0.11-1.16.amzn1.i686 \n php70-pgsql-7.0.11-1.16.amzn1.i686 \n php70-pspell-7.0.11-1.16.amzn1.i686 \n php70-opcache-7.0.11-1.16.amzn1.i686 \n php70-debuginfo-7.0.11-1.16.amzn1.i686 \n \n src: \n php70-7.0.11-1.16.amzn1.src \n \n x86_64: \n php70-tidy-7.0.11-1.16.amzn1.x86_64 \n php70-imap-7.0.11-1.16.amzn1.x86_64 \n php70-pspell-7.0.11-1.16.amzn1.x86_64 \n php70-mbstring-7.0.11-1.16.amzn1.x86_64 \n php70-intl-7.0.11-1.16.amzn1.x86_64 \n php70-dba-7.0.11-1.16.amzn1.x86_64 \n php70-embedded-7.0.11-1.16.amzn1.x86_64 \n php70-mysqlnd-7.0.11-1.16.amzn1.x86_64 \n php70-soap-7.0.11-1.16.amzn1.x86_64 \n php70-zip-7.0.11-1.16.amzn1.x86_64 \n php70-opcache-7.0.11-1.16.amzn1.x86_64 \n php70-gmp-7.0.11-1.16.amzn1.x86_64 \n php70-pdo-7.0.11-1.16.amzn1.x86_64 \n php70-fpm-7.0.11-1.16.amzn1.x86_64 \n php70-snmp-7.0.11-1.16.amzn1.x86_64 \n php70-common-7.0.11-1.16.amzn1.x86_64 \n php70-mcrypt-7.0.11-1.16.amzn1.x86_64 \n php70-pgsql-7.0.11-1.16.amzn1.x86_64 \n php70-enchant-7.0.11-1.16.amzn1.x86_64 \n php70-recode-7.0.11-1.16.amzn1.x86_64 \n php70-odbc-7.0.11-1.16.amzn1.x86_64 \n php70-json-7.0.11-1.16.amzn1.x86_64 \n php70-cli-7.0.11-1.16.amzn1.x86_64 \n php70-xmlrpc-7.0.11-1.16.amzn1.x86_64 \n php70-ldap-7.0.11-1.16.amzn1.x86_64 \n php70-pdo-dblib-7.0.11-1.16.amzn1.x86_64 \n php70-7.0.11-1.16.amzn1.x86_64 \n php70-devel-7.0.11-1.16.amzn1.x86_64 \n php70-process-7.0.11-1.16.amzn1.x86_64 \n php70-debuginfo-7.0.11-1.16.amzn1.x86_64 \n php70-dbg-7.0.11-1.16.amzn1.x86_64 \n php70-bcmath-7.0.11-1.16.amzn1.x86_64 \n php70-gd-7.0.11-1.16.amzn1.x86_64 \n php70-xml-7.0.11-1.16.amzn1.x86_64 \n \n \n", "modified": "2016-10-12T17:00:00", "published": "2016-10-12T17:00:00", "id": "ALAS-2016-754", "href": "https://alas.aws.amazon.com/ALAS-2016-754.html", "title": "Medium: php70", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T19:20:36", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\next/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object ([CVE-2016-7411 __](<https://access.redhat.com/security/cve/CVE-2016-7411>)).\n\next/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata ([CVE-2016-7412 __](<https://access.redhat.com/security/cve/CVE-2016-7412>)).\n\nUse-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call ([CVE-2016-7413 __](<https://access.redhat.com/security/cve/CVE-2016-7413>)).\n\nThe ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c ([CVE-2016-7414 __](<https://access.redhat.com/security/cve/CVE-2016-7414>)).\n\next/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument ([CVE-2016-7416 __](<https://access.redhat.com/security/cve/CVE-2016-7416>)).\n\next/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data ([CVE-2016-7417 __](<https://access.redhat.com/security/cve/CVE-2016-7417>)).\n\nThe php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call ([CVE-2016-7418 __](<https://access.redhat.com/security/cve/CVE-2016-7418>)). \n\n\n \n**Affected Packages:** \n\n\nphp56\n\n \n**Issue Correction:** \nRun _yum update php56_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n php56-tidy-5.6.26-1.128.amzn1.i686 \n php56-bcmath-5.6.26-1.128.amzn1.i686 \n php56-fpm-5.6.26-1.128.amzn1.i686 \n php56-mysqlnd-5.6.26-1.128.amzn1.i686 \n php56-intl-5.6.26-1.128.amzn1.i686 \n php56-cli-5.6.26-1.128.amzn1.i686 \n php56-mssql-5.6.26-1.128.amzn1.i686 \n php56-enchant-5.6.26-1.128.amzn1.i686 \n php56-dba-5.6.26-1.128.amzn1.i686 \n php56-soap-5.6.26-1.128.amzn1.i686 \n php56-common-5.6.26-1.128.amzn1.i686 \n php56-mcrypt-5.6.26-1.128.amzn1.i686 \n php56-gmp-5.6.26-1.128.amzn1.i686 \n php56-5.6.26-1.128.amzn1.i686 \n php56-process-5.6.26-1.128.amzn1.i686 \n php56-pspell-5.6.26-1.128.amzn1.i686 \n php56-mbstring-5.6.26-1.128.amzn1.i686 \n php56-pgsql-5.6.26-1.128.amzn1.i686 \n php56-debuginfo-5.6.26-1.128.amzn1.i686 \n php56-dbg-5.6.26-1.128.amzn1.i686 \n php56-imap-5.6.26-1.128.amzn1.i686 \n php56-odbc-5.6.26-1.128.amzn1.i686 \n php56-snmp-5.6.26-1.128.amzn1.i686 \n php56-ldap-5.6.26-1.128.amzn1.i686 \n php56-embedded-5.6.26-1.128.amzn1.i686 \n php56-xmlrpc-5.6.26-1.128.amzn1.i686 \n php56-devel-5.6.26-1.128.amzn1.i686 \n php56-pdo-5.6.26-1.128.amzn1.i686 \n php56-gd-5.6.26-1.128.amzn1.i686 \n php56-opcache-5.6.26-1.128.amzn1.i686 \n php56-recode-5.6.26-1.128.amzn1.i686 \n php56-xml-5.6.26-1.128.amzn1.i686 \n \n src: \n php56-5.6.26-1.128.amzn1.src \n \n x86_64: \n php56-process-5.6.26-1.128.amzn1.x86_64 \n php56-dba-5.6.26-1.128.amzn1.x86_64 \n php56-odbc-5.6.26-1.128.amzn1.x86_64 \n php56-intl-5.6.26-1.128.amzn1.x86_64 \n php56-pgsql-5.6.26-1.128.amzn1.x86_64 \n php56-recode-5.6.26-1.128.amzn1.x86_64 \n php56-gmp-5.6.26-1.128.amzn1.x86_64 \n php56-enchant-5.6.26-1.128.amzn1.x86_64 \n php56-xml-5.6.26-1.128.amzn1.x86_64 \n php56-ldap-5.6.26-1.128.amzn1.x86_64 \n php56-bcmath-5.6.26-1.128.amzn1.x86_64 \n php56-devel-5.6.26-1.128.amzn1.x86_64 \n php56-mbstring-5.6.26-1.128.amzn1.x86_64 \n php56-common-5.6.26-1.128.amzn1.x86_64 \n php56-soap-5.6.26-1.128.amzn1.x86_64 \n php56-5.6.26-1.128.amzn1.x86_64 \n php56-dbg-5.6.26-1.128.amzn1.x86_64 \n php56-pspell-5.6.26-1.128.amzn1.x86_64 \n php56-debuginfo-5.6.26-1.128.amzn1.x86_64 \n php56-snmp-5.6.26-1.128.amzn1.x86_64 \n php56-xmlrpc-5.6.26-1.128.amzn1.x86_64 \n php56-mssql-5.6.26-1.128.amzn1.x86_64 \n php56-cli-5.6.26-1.128.amzn1.x86_64 \n php56-pdo-5.6.26-1.128.amzn1.x86_64 \n php56-opcache-5.6.26-1.128.amzn1.x86_64 \n php56-gd-5.6.26-1.128.amzn1.x86_64 \n php56-fpm-5.6.26-1.128.amzn1.x86_64 \n php56-mysqlnd-5.6.26-1.128.amzn1.x86_64 \n php56-embedded-5.6.26-1.128.amzn1.x86_64 \n php56-tidy-5.6.26-1.128.amzn1.x86_64 \n php56-imap-5.6.26-1.128.amzn1.x86_64 \n php56-mcrypt-5.6.26-1.128.amzn1.x86_64 \n \n \n", "modified": "2016-10-12T17:00:00", "published": "2016-10-12T17:00:00", "id": "ALAS-2016-753", "href": "https://alas.aws.amazon.com/ALAS-2016-753.html", "title": "Medium: php56", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:30", "bulletinFamily": "unix", "description": "\nPHP reports:\n\n\nFixed bug #73007 (add locale length check)\nFixed bug #72293 (Heap overflow in mysqlnd related to BIT fields)\nFixed bug #72928 (Out of bound when verify signature of zip phar in phar_parse_zipfile)\nFixed bug #73029 (Missing type check when unserializing SplArray)\nFixed bug #73052 (Memory Corruption in During Deserialized-object Destruction)\nFixed bug #72860 (wddx_deserialize use-after-free)\nFixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element)\n\n\n", "modified": "2016-09-15T00:00:00", "published": "2016-09-15T00:00:00", "id": "F471032A-8700-11E6-8D93-00248C0C745D", "href": "https://vuxml.freebsd.org/freebsd/f471032a-8700-11e6-8d93-00248c0c745d.html", "title": "PHP -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:30", "bulletinFamily": "unix", "description": "\nPHP reports:\n\n\nFixed bug #73007 (add locale length check)\nFixed bug #72293 (Heap overflow in mysqlnd related to BIT fields)\nFixed bug #72928 (Out of bound when verify signature of zip phar in phar_parse_zipfile)\nFixed bug #73029 (Missing type check when unserializing SplArray)\nFixed bug #73052 (Memory Corruption in During Deserialized-object Destruction)\nFixed bug #72860 (wddx_deserialize use-after-free)\nFixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element)\n\n\n", "modified": "2016-09-16T00:00:00", "published": "2016-09-16T00:00:00", "id": "8D5180A6-86FE-11E6-8D93-00248C0C745D", "href": "https://vuxml.freebsd.org/freebsd/8d5180a6-86fe-11e6-8d93-00248c0c745d.html", "title": "PHP -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-10-07T21:27:37", "bulletinFamily": "unix", "description": "This update for php5 fixes the following security issues:\n\n * CVE-2016-7411: php5: Memory corruption when destructing deserialized\n object\n * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG\n in BIT field\n * CVE-2016-7413: Use after free in wddx_deserialize\n * CVE-2016-7414: Out of bounds heap read when verifying signature of zip\n phar in phar_parse_zipfile\n * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n * CVE-2016-7417: Missing type check when unserializing SplArray\n * CVE-2016-7418: Null pointer dereference in php_wddx_push_element\n\n", "modified": "2016-10-07T21:12:50", "published": "2016-10-07T21:12:50", "id": "SUSE-SU-2016:2477-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00017.html", "type": "suse", "title": "Security update for php5 (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-10-06T01:27:34", "bulletinFamily": "unix", "description": "This update for php53 fixes the following issues:\n\n * CVE-2016-7411: php5: Memory corruption when destructing deserialized\n object\n * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG\n in BIT field\n * CVE-2016-7413: Use after free in wddx_deserialize\n * CVE-2016-7414: Out of bounds heap read when verifying signature of zip\n phar in phar_parse_zipfile\n * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n * CVE-2016-7417: Missing type check when unserializing SplArray\n * CVE-2016-7418: Null pointer dereference in php_wddx_push_element\n\n", "modified": "2016-10-06T01:08:31", "published": "2016-10-06T01:08:31", "id": "SUSE-SU-2016:2461-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00008.html", "type": "suse", "title": "Security update for php53 (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-10-14T17:27:48", "bulletinFamily": "unix", "description": "This update for php5 fixes the following security issues:\n\n * CVE-2016-7411: php5: Memory corruption when destructing deserialized\n object\n * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG\n in BIT field\n * CVE-2016-7413: Use after free in wddx_deserialize\n * CVE-2016-7414: Out of bounds heap read when verifying signature of zip\n phar in phar_parse_zipfile\n * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n * CVE-2016-7417: Missing type check when unserializing SplArray\n * CVE-2016-7418: Null pointer dereference in php_wddx_push_element\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "modified": "2016-10-14T16:11:34", "published": "2016-10-14T16:11:34", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00031.html", "id": "OPENSUSE-SU-2016:2540-1", "type": "suse", "title": "Security update for php5 (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-10-04T17:27:47", "bulletinFamily": "unix", "description": "This update for php5 fixes the following security issues:\n\n * CVE-2016-7411: Memory corruption when destructing deserialized object\n * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG\n in BIT field\n * CVE-2016-7413: Use after free in wddx_deserialize\n * CVE-2016-7414: Out of bounds heap read when verifying signature of zip\n phar in phar_parse_zipfile\n * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n * CVE-2016-7417: Missing type check when unserializing SplArray\n * CVE-2016-7418: Null pointer dereference in php_wddx_push_element\n\n", "modified": "2016-10-04T16:10:25", "published": "2016-10-04T16:10:25", "id": "OPENSUSE-SU-2016:2444-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00002.html", "type": "suse", "title": "Security update for php5 (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-11-01T17:27:52", "bulletinFamily": "unix", "description": "This update for php5 fixes the following security issues:\n\n * CVE-2016-7411: php5: Memory corruption when destructing deserialized\n object\n * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG\n in BIT field\n * CVE-2016-7413: Use after free in wddx_deserialize\n * CVE-2016-7414: Out of bounds heap read when verifying signature of zip\n phar in phar_parse_zipfile\n * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n * CVE-2016-7417: Missing type check when unserializing SplArray\n * CVE-2016-7418: Null pointer dereference in php_wddx_push_element\n\n", "modified": "2016-11-01T16:07:21", "published": "2016-11-01T16:07:21", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00000.html", "id": "SUSE-SU-2016:2477-2", "type": "suse", "title": "Security update for php5 (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-10-05T17:27:35", "bulletinFamily": "unix", "description": "This update for php53 fixes the following security issues:\n\n * CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup()\n in Deserialization\n * CVE-2016-7125: PHP Session Data Injection Vulnerability\n * CVE-2016-7126: select_colors write out-of-bounds\n * CVE-2016-7127: imagegammacorrect allowed arbitrary write access\n * CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF\n * CVE-2016-7129: wddx_deserialize allows illegal memory access\n * CVE-2016-7130: wddx_deserialize null dereference\n * CVE-2016-7131: wddx_deserialize null dereference with invalid xml\n * CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element\n * CVE-2016-7411: php5: Memory corruption when destructing deserialized\n object\n * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG\n in BIT field\n * CVE-2016-7413: Use after free in wddx_deserialize\n * CVE-2016-7414: Out of bounds heap read when verifying signature of zip\n phar in phar_parse_zipfile\n * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n * CVE-2016-7417: Missing type check when unserializing SplArray\n * CVE-2016-7418: Null pointer dereference in php_wddx_push_element\n\n", "modified": "2016-10-05T18:12:21", "published": "2016-10-05T18:12:21", "id": "SUSE-SU-2016:2459-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00006.html", "type": "suse", "title": "Security update for php53 (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-10-05T21:27:33", "bulletinFamily": "unix", "description": "This update for php7 fixes the following security issues:\n\n * CVE-2016-6128: Invalid color index not properly handled [bsc#987580]\n * CVE-2016-6161: global out of bounds read when encoding gif from\n malformed input withgd2togif [bsc#988032]\n * CVE-2016-6292: Null pointer dereference in exif_process_user_comment\n [bsc#991422]\n * CVE-2016-6295: Use after free in SNMP with GC and unserialize()\n [bsc#991424]\n * CVE-2016-6297: Stack-based buffer overflow vulnerability in\n php_stream_zip_opener [bsc#991426]\n * CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE\n [bsc#991427]\n * CVE-2016-6289: Integer overflow leads to buffer overflow in\n virtual_file_ex [bsc#991428]\n * CVE-2016-6290: Use after free in unserialize() with Unexpected Session\n Deserialization [bsc#991429]\n * CVE-2016-5399: Improper error handling in bzread() [bsc#991430]\n * CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn\n in simplestring.c [bsc#991437]\n * CVE-2016-6207: Integer overflow error within _gdContributionsAlloc()\n [bsc#991434]\n * CVE-2016-4473: Invalid free() instead of efree() in phar_extract_file()\n * CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup()\n in Deserialization\n * CVE-2016-7125: PHP Session Data Injection Vulnerability\n * CVE-2016-7126: select_colors write out-of-bounds\n * CVE-2016-7127: imagegammacorrect allowed arbitrary write access\n * CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF\n * CVE-2016-7129: wddx_deserialize allowed illegal memory access\n * CVE-2016-7131: wddx_deserialize null dereference with invalid xml\n * CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element\n * CVE-2016-7133: memory allocator fails to realloc small block to large one\n * CVE-2016-7134: Heap overflow in the function curl_escape\n * CVE-2016-7130: wddx_deserialize null dereference\n * CVE-2016-7413: Use after free in wddx_deserialize\n * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG\n in BIT field\n * CVE-2016-7417: Missing type check when unserializing SplArray\n * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n * CVE-2016-7418: Null pointer dereference in php_wddx_push_element\n * CVE-2016-7414: Out of bounds heap read when verifying signature of zip\n phar in phar_parse_zipfile\n\n", "modified": "2016-10-05T21:08:45", "published": "2016-10-05T21:08:45", "id": "SUSE-SU-2016:2460-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00007.html", "type": "suse", "title": "Security update for php7 (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-11-01T17:27:52", "bulletinFamily": "unix", "description": "This update for php7 fixes the following security issues:\n\n * CVE-2016-6128: Invalid color index not properly handled [bsc#987580]\n * CVE-2016-6161: global out of bounds read when encoding gif from\n malformed input withgd2togif [bsc#988032]\n * CVE-2016-6292: Null pointer dereference in exif_process_user_comment\n [bsc#991422]\n * CVE-2016-6295: Use after free in SNMP with GC and unserialize()\n [bsc#991424]\n * CVE-2016-6297: Stack-based buffer overflow vulnerability in\n php_stream_zip_opener [bsc#991426]\n * CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE\n [bsc#991427]\n * CVE-2016-6289: Integer overflow leads to buffer overflow in\n virtual_file_ex [bsc#991428]\n * CVE-2016-6290: Use after free in unserialize() with Unexpected Session\n Deserialization [bsc#991429]\n * CVE-2016-5399: Improper error handling in bzread() [bsc#991430]\n * CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn\n in simplestring.c [bsc#991437]\n * CVE-2016-6207: Integer overflow error within _gdContributionsAlloc()\n [bsc#991434]\n * CVE-2016-4473: Invalid free() instead of efree() in phar_extract_file()\n * CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup()\n in Deserialization\n * CVE-2016-7125: PHP Session Data Injection Vulnerability\n * CVE-2016-7126: select_colors write out-of-bounds\n * CVE-2016-7127: imagegammacorrect allowed arbitrary write access\n * CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF\n * CVE-2016-7129: wddx_deserialize allowed illegal memory access\n * CVE-2016-7131: wddx_deserialize null dereference with invalid xml\n * CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element\n * CVE-2016-7133: memory allocator fails to realloc small block to large one\n * CVE-2016-7134: Heap overflow in the function curl_escape\n * CVE-2016-7130: wddx_deserialize null dereference\n * CVE-2016-7413: Use after free in wddx_deserialize\n * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG\n in BIT field\n * CVE-2016-7417: Missing type check when unserializing SplArray\n * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n * CVE-2016-7418: Null pointer dereference in php_wddx_push_element\n * CVE-2016-7414: Out of bounds heap read when verifying signature of zip\n phar in phar_parse_zipfile\n\n", "modified": "2016-11-01T16:21:27", "published": "2016-11-01T16:21:27", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00002.html", "id": "SUSE-SU-2016:2460-2", "type": "suse", "title": "Security update for php7 (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "archlinux": [{"lastseen": "2016-09-18T17:22:34", "bulletinFamily": "unix", "description": "- CVE-2016-7411 (arbitrary code execution)\n\nA memory Corruption vulnerability was found in php's unserialize method.\nThis happened during the deserialized-object Destruction.\n\n- CVE-2016-7412 (arbitrary code execution)\n\nPhp's mysqlnd extension assumes the `flags` returned for a BIT field\nnecessarily contains UNSIGNED_FLAG; this might not be the case, with a\nrogue mysql server, or a MITM attack. A malicious mysql server or MITM\ncan return field metadata for BIT fields that does not contain the\nUNSIGNED_FLAG, which leads to a heap overflow.\n\n- CVE-2016-7413 (arbitrary code execution)\n\nWhen WDDX tries to deserialize &quot;recordset&quot; element, use after free\nhappens if close tag for the field is not found. This happens only when\nfield names are set.\n\n- CVE-2016-7414 (arbitrary code execution)\n\nThe entry.uncompressed_filesize* method does not properly verify the\ninput parameters. An attacker can create a signature.bin with size less\nthan 8, when this value is passed to phar_verify_signature as sig_len a\nheap buffer overflow occurs.\n\n- CVE-2016-7416 (arbitrary code execution)\n\nBig locale string causes stack based overflow inside libicu.\n\n- CVE-2016-7417 (insufficient validation)\n\nThe return value of spl_array_get_hash_table is not properly checked and\nused on spl_array_get_dimension_ptr_ptr.\n\n- CVE-2016-7418 (denial of service)\n\nAn attacker can trigger an Out-Of-Bounds Read in php_wddx_push_element\nof wddx.c. A DoS (null pointer dereference) vulnerability can be\ntriggered in the wddx_deserialize function by providing a maliciously\ncrafted XML string.", "modified": "2016-09-18T00:00:00", "published": "2016-09-18T00:00:00", "id": "ASA-201609-16", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html", "type": "archlinux", "title": "php: multiple issues", "cvss": {"score": 0.0, "vector": "NONE"}}], "slackware": [{"lastseen": "2019-05-30T07:36:56", "bulletinFamily": "unix", "description": "New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/php-5.6.26-i586-1_slack14.2.txz: Upgraded.\n This release fixes bugs and security issues.\n For more information, see:\n https://php.net/ChangeLog-5.php#5.6.26\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7416\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7412\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7414\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7417\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7411\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7413\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7418\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.6.26-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.6.26-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.6.26-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.6.26-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/php-5.6.26-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/php-5.6.26-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.26-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.26-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\nc35c9a2ecb0efe18d30ac9afd09f2f18 php-5.6.26-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n5d717620237618ae0da8306fb0e103a6 php-5.6.26-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\nc86df189624511380930799eedf7147a php-5.6.26-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n2c306082ce746cccc2c43a975dbf723e php-5.6.26-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\nfe9dc583d44d71b359a52f787a3a3586 php-5.6.26-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n42ba7fa4b436381f508e21fa48c66d40 php-5.6.26-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n56a547e8bc4db3c91d6bfa5c31592175 n/php-5.6.26-i586-1.txz\n\nSlackware x86_64 -current package:\n28256516f8df30cc31d6937c9447853b n/php-5.6.26-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg php-5.6.26-i586-1_slack14.2.txz\n\nThen, restart Apache httpd:\n > /etc/rc.d/rc.httpd stop\n > /etc/rc.d/rc.httpd start", "modified": "2016-09-23T16:31:48", "published": "2016-09-23T16:31:48", "id": "SSA-2016-267-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.449886", "title": "php", "type": "slackware", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:59", "bulletinFamily": "software", "description": "USN-3095-1 PHP vulnerabilities\n\n# \n\nMedium\n\n# Vendor\n\nPHP\n\n# Versions Affected\n\n * Cloud Foundry PHP buildpack versions prior to 4.3.21 \n * Note: The PHP buildpack is patched from upstream PHP source \n\n# Description\n\nTaoguang Chen discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. ([CVE-2016-7124](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7124>))\n\nTaoguang Chen discovered that PHP incorrectly handled invalid session names. A remote attacker could use this issue to inject arbitrary session data. ([CVE-2016-7125](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7125>))\n\nIt was discovered that PHP incorrectly handled certain gamma values in the imagegammacorrect function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. ([CVE-2016-7127](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7127>))\n\nIt was discovered that PHP incorrectly handled certain crafted TIFF image thumbnails. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly expose sensitive information. ([CVE-2016-7128](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7128>))\n\nIt was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. ([CVE-2016-7129](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7129>), [CVE-2016-7130](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7130>), [CVE-2016-7131](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7131>), [CVE-2016-7132](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7132>), [CVE-2016-7413](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7413>))\n\nTaoguang Chen discovered that PHP incorrectly handled certain failures when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. ([CVE-2016-7411](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7411>))\n\nIt was discovered that PHP incorrectly handled certain flags in the MySQL driver. Malicious remote MySQL servers could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. ([CVE-2016-7412](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7412>))\n\nIt was discovered that PHP incorrectly handled ZIP file signature verification when processing a PHAR archive. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (C[VE-2016-7414](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7414>))\n\nIt was discovered that PHP incorrectly handled certain locale operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. ([CVE-2016-7416](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7416>))\n\nIt was discovered that PHP incorrectly handled SplArray unserializing. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. ([CVE-2016-7417](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7417>))\n\nKe Liu discovered that PHP incorrectly handled unserializing wddxPacket XML documents with incorrect boolean elements. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. ([CVE-2016-7418](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7418>))\n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * Upgrade the PHP Buildpack to v4.3.21 or later [2] and restage all applications that use automated buildpack detection. \n\n# Credit\n\nTaoguang Chen, Ke Liu, et. al.\n\n# References\n\n * [1] <https://www.ubuntu.com/usn/usn-3095-1/>\n * [2] <https://github.com/cloudfoundry/php-buildpack/releases>\n", "modified": "2016-10-04T00:00:00", "published": "2016-10-04T00:00:00", "id": "CFOUNDRY:FC4FB717C57CFF4AE1D36C279949AE09", "href": "https://www.cloudfoundry.org/blog/usn-3095-1/", "title": "USN-3095-1 PHP vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:21:45", "bulletinFamily": "unix", "description": "Package : php5\nVersion : 5.4.45-0+deb7u6\nCVE ID : CVE-2016-5385 CVE-2016-7124 CVE-2016-7128 CVE-2016-7129\n CVE-2016-7130 CVE-2016-7131 CVE-2016-7132 CVE-2016-7411\n CVE-2016-7412 CVE-2016-7413 CVE-2016-7414 CVE-2016-7416\n CVE-2016-7417 CVE-2016-7418\n\n\nCVE-2016-5385\n PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18\n namespace conflicts and therefore does not protect applications from\n the presence of untrusted client data in the HTTP_PROXY environment\n variable, which might allow remote attackers to redirect an application&#x27;s\n outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy\n header in an HTTP request, as demonstrated by (1) an application that\n makes a getenv(&#x27;HTTP_PROXY&#x27;) call or (2) a CGI configuration of PHP,\n aka an &quot;httpoxy&quot; issue.\n\nCVE-2016-7124\n ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10\n mishandles certain invalid objects, which allows remote attackers to cause\n a denial of service or possibly have unspecified other impact via crafted\n serialized data that leads to a (1) __destruct call or (2) magic method\n call.\n\nCVE-2016-7128\n The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before\n 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset\n that exceeds the file size, which allows remote attackers to obtain\n sensitive information from process memory via a crafted TIFF image.\n\nCVE-2016-7129\n The php_wddx_process_data function in ext/wddx/wddx.c in PHP before\n 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial\n of service (segmentation fault) or possibly have unspecified other\n impact via an invalid ISO 8601 time value, as demonstrated by\n a wddx_deserialize call that mishandles a dateTime element in\n a wddxPacket XML document.\n\nCVE-2016-7130\n The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before\n 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a\n denial of service (NULL pointer dereference and application crash)\n or possibly have unspecified other impact via an invalid base64\n binary value, as demonstrated by a wddx_deserialize call that\n mishandles a binary element in a wddxPacket XML document.\n\nCVE-2016-7131\n ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows\n remote attackers to cause a denial of service (NULL pointer\n dereference and application crash) or possibly have unspecified\n other impact via a malformed wddxPacket XML document that is\n mishandled in a wddx_deserialize call, as demonstrated by a tag\n that lacks a &lt; (less than) character.\n\nCVE-2016-7132\n ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows\n remote attackers to cause a denial of service (NULL pointer\n dereference and application crash) or possibly have unspecified\n other impact via an invalid wddxPacket XML document that is\n mishandled in a wddx_deserialize call, as demonstrated by\n a stray element inside a boolean element, leading to incorrect\n pop processing.\n\nCVE-2016-7411\n ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles\n object-deserialization failures, which allows remote attackers\n to cause a denial of service (memory corruption) or possibly\n have unspecified other impact via an unserialize call that\n references a partially constructed object.\n\nCVE-2016-7412\n ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x\n before 7.0.11 does not verify that a BIT field has the\n UNSIGNED_FLAG flag, which allows remote MySQL servers to cause\n a denial of service (heap-based buffer overflow) or possibly\n have unspecified other impact via crafted field metadata.\n\nCVE-2016-7413\n Use-after-free vulnerability in the wddx_stack_destroy function in\n ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows\n remote attackers to cause a denial of service or possibly have\n unspecified other impact via a wddxPacket XML document that lacks\n an end-tag for a recordset field element, leading to mishandling\n in a wddx_deserialize call.\n\nCVE-2016-7414\n The ZIP signature-verification feature in PHP before 5.6.26 and 7.x\n before 7.0.11 does not ensure that the uncompressed_filesize field\n is large enough, which allows remote attackers to cause a denial of\n service (out-of-bounds memory access) or possibly have unspecified\n other impact via a crafted PHAR archive, related to ext/phar/util.c\n and ext/phar/zip.c.\n\nCVE-2016-7416\n ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x\n before 7.0.11 does not properly restrict the locale length provided\n to the Locale class in the ICU library, which allows remote attackers\n to cause a denial of service (application crash) or possibly have\n unspecified other impact via a MessageFormatter::formatMessage call\n with a long first argument.\n\nCVE-2016-7417\n ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11\n proceeds with SplArray unserialization without validating a\n return value and data type, which allows remote attackers to\n cause a denial of service or possibly have unspecified other\n impact via crafted serialized data.\n\nCVE-2016-7418\n The php_wddx_push_element function in ext/wddx/wddx.c in PHP before\n 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a\n denial of service (invalid pointer access and out-of-bounds read)\n or possibly have unspecified other impact via an incorrect boolean\n element in a wddxPacket XML document, leading to mishandling in\n a wddx_deserialize call.\n\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n5.4.45-0+deb7u6.\n\nWe recommend that you upgrade your php5 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "modified": "2016-12-16T21:50:36", "published": "2016-12-16T21:50:36", "id": "DEBIAN:DLA-749-1:7CC58", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201612/msg00024.html", "title": "[SECURITY] [DLA 749-1] php5 security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:21:36", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3689-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nOctober 08, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : php5\nCVE ID : CVE-2016-7124 CVE-2016-7125 CVE-2016-7126 CVE-2016-7127 \n CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131\n CVE-2016-7132 CVE-2016-7411 CVE-2016-7412 CVE-2016-7413\n CVE-2016-7414 CVE-2016-7416 CVE-2016-7417 CVE-2016-7418\n\nSeveral vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development.\n\nThe vulnerabilities are addressed by upgrading PHP to the new upstream\nversion 5.6.26, which includes additional bug fixes. Please refer to the\nupstream changelog for more information:\n\n https://php.net/ChangeLog-5.php#5.6.25\nhttps://php.net/ChangeLog-5.php#5.6.26\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.6.26+dfsg-0+deb8u1.\n\nWe recommend that you upgrade your php5 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2016-10-08T13:53:20", "published": "2016-10-08T13:53:20", "id": "DEBIAN:DSA-3689-1:80BAA", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00270.html", "title": "[SECURITY] [DSA 3689-1] php5 security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2019-05-29T19:21:43", "bulletinFamily": "unix", "description": "Taoguang Chen discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7124)\n\nTaoguang Chen discovered that PHP incorrectly handled invalid session names. A remote attacker could use this issue to inject arbitrary session data. (CVE-2016-7125)\n\nIt was discovered that PHP incorrectly handled certain gamma values in the imagegammacorrect function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7127)\n\nIt was discovered that PHP incorrectly handled certain crafted TIFF image thumbnails. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly expose sensitive information. (CVE-2016-7128)\n\nIt was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7129, CVE-2016-7130, CVE-2016-7131, CVE-2016-7132, CVE-2016-7413)\n\nIt was discovered that PHP incorrectly handled certain memory operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-7133)\n\nIt was discovered that PHP incorrectly handled long strings in curl_escape calls. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-7134)\n\nTaoguang Chen discovered that PHP incorrectly handled certain failures when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-7411)\n\nIt was discovered that PHP incorrectly handled certain flags in the MySQL driver. Malicious remote MySQL servers could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7412)\n\nIt was discovered that PHP incorrectly handled ZIP file signature verification when processing a PHAR archive. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7414)\n\nIt was discovered that PHP incorrectly handled certain locale operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7416)\n\nIt was discovered that PHP incorrectly handled SplArray unserializing. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7417)\n\nKe Liu discovered that PHP incorrectly handled unserializing wddxPacket XML documents with incorrect boolean elements. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7418)", "modified": "2016-10-04T00:00:00", "published": "2016-10-04T00:00:00", "id": "USN-3095-1", "href": "https://usn.ubuntu.com/3095-1/", "title": "PHP vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:45", "bulletinFamily": "unix", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nThe following packages have been upgraded to a later upstream version: rh-php70-php (7.0.27). (BZ#1518843)\n\nSecurity Fix(es):\n\n* php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field (CVE-2016-7412)\n\n* php: Use after free in wddx_deserialize (CVE-2016-7413)\n\n* php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile (CVE-2016-7414)\n\n* php: Stack based buffer overflow in msgfmt_format_message (CVE-2016-7416)\n\n* php: Missing type check when unserializing SplArray (CVE-2016-7417)\n\n* php: Null pointer dereference in php_wddx_push_element (CVE-2016-7418)\n\n* php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object (CVE-2016-7479)\n\n* php: Invalid read when wddx decodes empty boolean element (CVE-2016-9935)\n\n* php: Use After Free in unserialize() (CVE-2016-9936)\n\n* php: Wrong calculation in exif_convert_any_to_int function (CVE-2016-10158)\n\n* php: Integer overflow in phar_parse_pharfile (CVE-2016-10159)\n\n* php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive (CVE-2016-10160)\n\n* php: Out-of-bounds heap read on unserialize in finish_nested_data() (CVE-2016-10161)\n\n* php: Null pointer dereference when unserializing PHP object (CVE-2016-10162)\n\n* gd: DoS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167)\n\n* gd: Integer overflow in gd_io.c (CVE-2016-10168)\n\n* php: Use of uninitialized memory in unserialize() (CVE-2017-5340)\n\n* php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function (CVE-2017-7890)\n\n* oniguruma: Out-of-bounds stack read in match_at() during regular expression searching (CVE-2017-9224)\n\n* oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation (CVE-2017-9226)\n\n* oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching (CVE-2017-9227)\n\n* oniguruma: Out-of-bounds heap write in bitset_set_range() (CVE-2017-9228)\n\n* oniguruma: Invalid pointer dereference in left_adjust_char_head() (CVE-2017-9229)\n\n* php: Incorrect WDDX deserialization of boolean parameters leads to DoS (CVE-2017-11143)\n\n* php: Incorrect return value check of OpenSSL sealing function leads to crash (CVE-2017-11144)\n\n* php: Out-of-bounds read in phar_parse_pharfile (CVE-2017-11147)\n\n* php: Stack-based buffer over-read in msgfmt_parse_message function (CVE-2017-11362)\n\n* php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c (CVE-2017-11628)\n\n* php: heap use after free in ext/standard/var_unserializer.re (CVE-2017-12932)\n\n* php: heap use after free in ext/standard/var_unserializer.re (CVE-2017-12934)\n\n* php: reflected XSS in .phar 404 page (CVE-2018-5712)\n\n* php, gd: Stack overflow in gdImageFillToBorder on truecolor images (CVE-2016-9933)\n\n* php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow (CVE-2016-9934)\n\n* php: wddx_deserialize() heap out-of-bound read via php_parse_date() (CVE-2017-11145)\n\n* php: buffer over-read in finish_nested_data function (CVE-2017-12933)\n\n* php: Out-of-bound read in timelib_meridian() (CVE-2017-16642)\n\n* php: Denial of Service (DoS) via infinite loop in libgd gdImageCreateFromGifCtx function in ext/gd/libgd/gd_gif_in.c (CVE-2018-5711)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor details, see the Red Hat Software Collections 3.1 Release Notes linked from the References section.", "modified": "2018-06-13T01:28:23", "published": "2018-05-03T07:21:11", "id": "RHSA-2018:1296", "href": "https://access.redhat.com/errata/RHSA-2018:1296", "type": "redhat", "title": "(RHSA-2018:1296) Moderate: rh-php70-php security, bug fix, and enhancement update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-12-01T00:54:53", "bulletinFamily": "unix", "description": "### Background\n\nPHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. \n\n### Description\n\nMultiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nAn attacker can possibly execute arbitrary code or create a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll PHP users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev=lang/php-5.6.28\"", "modified": "2016-11-30T00:00:00", "published": "2016-11-30T00:00:00", "href": "https://security.gentoo.org/glsa/201611-22", "id": "GLSA-201611-22", "type": "gentoo", "title": "PHP: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "apple": [{"lastseen": "2020-05-07T18:04:35", "bulletinFamily": "software", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite\n\nReleased December 13, 2016\n\n**apache_mod_php**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A remote attacker may cause an unexpected application termination or arbitrary code execution\n\nDescription: Multiple issues existed in PHP before 5.6.26. These were addressed by updating PHP to version 5.6.26.\n\nCVE-2016-7411\n\nCVE-2016-7412\n\nCVE-2016-7413\n\nCVE-2016-7414\n\nCVE-2016-7416\n\nCVE-2016-7417\n\nCVE-2016-7418\n\n**AppleGraphicsPowerManagement**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-7609: daybreaker@Minionz working with Trend Micro's Zero Day Initiative\n\n**Assets**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local attacker may modify downloaded mobile assets\n\nDescription: A permissions issue existed in mobile assets. This issue was addressed through improved access restrictions.\n\nCVE-2016-7628: Marcel Bresink of Marcel Bresink Software-Systeme\n\nEntry updated December 15, 2016\n\n**Audio**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Processing a maliciously crafted file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7658: Haohao Kong of Keen Lab (@keen_lab) of Tencent\n\nCVE-2016-7659: Haohao Kong of Keen Lab (@keen_lab) of Tencent\n\n**Bluetooth**\n\nAvailable for: macOS Sierra 10.12.1, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5\n\nImpact: An application may be able to execute arbitrary code with kernel privileges \n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-7596: Pekka Oikarainen, Matias Karhumaa and Marko Laakso of Synopsys Software Integrity Group\n\nEntry updated December 14, 2016\n\n**Bluetooth**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-7605: daybreaker of Minionz\n\n**Bluetooth**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2016-7617: Radu Motspan working with Trend Micro's Zero Day Initiative, Ian Beer of Google Project Zero\n\n**CoreCapture**\n\nAvailable for: macOS Sierra 10.12.1 and OS X El Capitan v10.11.6\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A null pointer dereference was addressed through improved state management.\n\nCVE-2016-7604: daybreaker of Minionz\n\nEntry updated December 14, 2016\n\n**CoreFoundation**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Processing malicious strings may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue existed in the processing of strings. This issue was addressed through improved bounds checking.\n\nCVE-2016-7663: an anonymous researcher\n\n**CoreGraphics**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Processing a maliciously crafted font file may lead to unexpected application termination\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-7627: TRAPMINE Inc. &amp; Meysam Firouzi @R00tkitSMM\n\n**CoreMedia External Displays**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local application may be able to execute arbitrary code in the context of the mediaserver daemon\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2016-7655: Keen Lab working with Trend Micro\u2019s Zero Day Initiative\n\n**CoreMedia Playback**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Processing a maliciously crafted .mp4 file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-7588: dragonltx of Huawei 2012 Laboratories\n\n**CoreStorage**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-7603: daybreaker@Minionz working with Trend Micro's Zero Day Initiative\n\n**CoreText**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking.\n\nCVE-2016-7595: riusksk(\u6cc9\u54e5) of Tencent Security Platform Department\n\n**CoreText**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Processing a maliciously crafted string may lead to a denial of service\n\nDescription: An issue when rendering overlapping ranges was addressed through improved validation.\n\nCVE-2016-7667: Nasser Al-Hadhrami (@fast_hack), Saif Al-Hinai (welcom_there) of Digital Unit (dgunit.com)\n\nEntry added December 15, 2016\n\n**curl**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: Multiple issues existed in curl. These issues were addressed by updating to curl version 7.51.0.\n\nCVE-2016-5419\n\nCVE-2016-5420\n\nCVE-2016-5421\n\nCVE-2016-7141\n\nCVE-2016-7167\n\nCVE-2016-8615\n\nCVE-2016-8616\n\nCVE-2016-8617\n\nCVE-2016-8618\n\nCVE-2016-8619\n\nCVE-2016-8620\n\nCVE-2016-8621\n\nCVE-2016-8622\n\nCVE-2016-8623\n\nCVE-2016-8624\n\nCVE-2016-8625\n\n**Directory Services**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to gain root privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2016-7633: Ian Beer of Google Project Zero\n\n**Disk Images**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7616: daybreaker@Minionz working with Trend Micro's Zero Day Initiative\n\n**FontParser**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking.\n\nCVE-2016-4691: riusksk(\u6cc9\u54e5) of Tencent Security Platform Department\n\n**Foundation**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Opening a maliciously crafted .gcx file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7618: riusksk(\u6cc9\u54e5) of Tencent Security Platform Department\n\n**Grapher**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Opening a maliciously crafted .gcx file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7622: riusksk(\u6cc9\u54e5) of Tencent Security Platform Department\n\n**ICU**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-7594: Andr\u00e9 Bargull\n\n**ImageIO**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An out-of-bounds read was addressed through improved bounds checking.\n\nCVE-2016-7643: Yangkang (@dnpushme) of Qihoo360 Qex Team\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An application may be able to execute arbitrary code with kernel privileges \n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7602: daybreaker@Minionz working with Trend Micro's Zero Day Initiative\n\n**IOFireWireFamily**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local attacker may be able to read kernel memory\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-7608: Brandon Azad\n\n**IOAcceleratorFamily**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to determine kernel memory layout\n\nDescription: A shared memory issue was addressed through improved memory handling.\n\nCVE-2016-7624 : Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative\n\n**IOHIDFamily**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local application with system privileges may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2016-7591: daybreaker of Minionz\n\n**IOKit**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An application may be able to read kernel memory\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7657: Keen Lab working with Trend Micro\u2019s Zero Day Initiative\n\n**IOKit**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to determine kernel memory layout\n\nDescription: A shared memory issue was addressed through improved memory handling.\n\nCVE-2016-7625: Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative\n\n**IOKit**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to determine kernel memory layout\n\nDescription: A shared memory issue was addressed through improved memory handling.\n\nCVE-2016-7714: Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative\n\nEntry added January 25, 2017\n\n**IOSurface**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to determine kernel memory layout\n\nDescription: A shared memory issue was addressed through improved memory handling.\n\nCVE-2016-7620: Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An application may be able to execute arbitrary code with kernel privileges \n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2016-7606: @cocoahuke, Chen Qin of Topsec Alpha Team (topsec.com)\n\nCVE-2016-7612: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An application may be able to read kernel memory\n\nDescription: An insufficient initialization issue was addressed by properly initializing memory returned to user space.\n\nCVE-2016-7607: Brandon Azad\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A denial of service issue was addressed through improved memory handling.\n\nCVE-2016-7615: The UK's National Cyber Security Centre (NCSC)\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2016-7621: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to gain root privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7637: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local application with system privileges may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2016-7644: Ian Beer of Google Project Zero\n\n**Kernel**\n\n****Available for: macOS Sierra 10.12.1\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A denial of service issue was addressed through improved memory handling.\n\nCVE-2016-7647: Lufeng Li of Qihoo 360 Vulcan Team\n\nEntry added May 17, 2017\n\n**kext tools**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An application may be able to execute arbitrary code with kernel privileges \n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7629: @cocoahuke\n\n**libarchive**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local attacker may be able to overwrite existing files\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks.\n\nCVE-2016-7619: an anonymous researcher\n\n**LibreSSL**\n\nAvailable for: macOS Sierra 10.12.1 and OS X El Capitan v10.11.6\n\nImpact: An attacker with a privileged network position may be able to cause a denial of service\n\nDescription: A denial of service issue in unbounded OCSP growth was addressed through improved memory handling.\n\nCVE-2016-6304\n\nEntry updated December 14, 2016\n\n**OpenLDAP**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm\n\nDescription: RC4 was removed as a default cipher.\n\nCVE-2016-1777: Pepi Zawodsky\n\n**OpenPAM**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local unprivileged user may gain access to privileged applications\n\nDescription: PAM authentication within sandboxed applications failed insecurely. This was addressed with improved error handling.\n\nCVE-2016-7600: Perette Barella of DeviousFish.com\n\n**OpenSSL**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An application may be able to execute arbitrary code\n\nDescription: An overflow issue existed in MDC2_Update(). This issue was addressed through improved input validation.\n\nCVE-2016-6303\n\n**OpenSSL**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An attacker with a privileged network position may be able to cause a denial of service\n\nDescription: A denial of service issue in unbounded OCSP growth was addressed through improved memory handling.\n\nCVE-2016-6304\n\n**Power Management**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to gain root privileges\n\nDescription: An issue in mach port name references was addressed through improved validation.\n\nCVE-2016-7661: Ian Beer of Google Project Zero\n\n**Security**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An attacker may be able to exploit weaknesses in the 3DES cryptographic algorithm\n\nDescription: 3DES was removed as a default cipher.\n\nCVE-2016-4693: Ga\u00ebtan Leurent and Karthikeyan Bhargavan from INRIA Paris\n\n**Security**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An attacker in a privileged network position may be able to cause a denial of service\n\nDescription: A validation issue existed in the handling of OCSP responder URLs. This issue was addressed by verifying OCSP revocation status after CA validation and limiting the number of OCSP requests per certificate.\n\nCVE-2016-7636: Maksymilian Arciemowicz (cxsecurity.com)\n\n**Security**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Certificates may be unexpectedly evaluated as trusted\n\nDescription: A certificate evaluation issue existed in certificate validation. This issue was addressed through additional validation of certificates.\n\nCVE-2016-7662: Apple\n\n**syslog**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to gain root privileges\n\nDescription: An issue in mach port name references was addressed through improved validation.\n\nCVE-2016-7660: Ian Beer of Google Project Zero\n\n**WiFi**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A malicious local user may be able to view sensitive network configuration information\n\nDescription: Network configuration was unexpectedly global. This issue was addressed by moving sensitive network configuration to per-user settings.\n\nCVE-2016-7761: Peter Loos, Karlsruhe, Germany\n\nEntry added January 24, 2017\n\n**xar**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Opening a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: The use of an uninitialized variable was addressed through improved validation.\n\nCVE-2016-7742: Gareth Evans of Context Information Security\n\nEntry added January 10, 2017\n\nmacOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite includes the security content of [Safari 10.0.2](<https://support.apple.com/kb/HT207421>).\n", "modified": "2017-05-17T09:07:19", "published": "2017-05-17T09:07:19", "id": "APPLE:HT207423", "href": "https://support.apple.com/kb/HT207423", "title": "About the security content of macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite - Apple Support", "type": "apple", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}