{"id": "ALA_ALAS-2017-867.NASL", "bulletinFamily": "scanner", "title": "Amazon Linux AMI : php70 (ALAS-2017-867)", "description": "Out-of-bounds heap write in bitset_set_range() :\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod\nin Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap\nout-of-bounds write occurs in bitset_set_range() during regular\nexpression compilation due to an uninitialized variable from an\nincorrect state transition. An incorrect state transition in\nparse_char_class() could create an execution path that leaves a\ncritical local variable uninitialized until it's used as an index,\nresulting in an out-of-bounds write memory corruption. (CVE-2017-9228)\n\nBuffer over-read from unitialized data in gdImageCreateFromGifCtx\nfunction\n\nThe GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in\nthe GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and\n7.x before 7.1.7, does not zero colorMap arrays before use. A\nspecially crafted GIF image could use the uninitialized tables to read\n~700 bytes from the top of the stack, potentially disclosing sensitive\ninformation. (CVE-2017-7890)\n\nInvalid pointer dereference in left_adjust_char_head() :\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod\nin Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV\noccurs in left_adjust_char_head() during regular expression\ncompilation. Invalid handling of reg->dmax in forward_search_range()\ncould result in an invalid pointer dereference, normally as an\nimmediate denial-of-service condition. (CVE-2017-9229)\n\nHeap buffer overflow in next_state_val() during regular expression\ncompilation :\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod\nin Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap\nout-of-bounds write or read occurs in next_state_val() during regular\nexpression compilation. Octal numbers larger than 0xff are not handled\ncorrectly in fetch_token() and fetch_token_in_cc(). A malformed\nregular expression containing an octal number in the form of \\\\700\nwould produce an invalid code point value larger than 0xff in\nnext_state_val(), resulting in an out-of-bounds write memory\ncorruption.(CVE-2017-9226)\n\nOut-of-bounds stack read in mbc_enc_len() during regular expression\nsearching :\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod\nin Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack\nout-of-bounds read occurs in mbc_enc_len() during regular expression\nsearching. Invalid handling of reg->dmin in forward_search_range()\ncould result in an invalid pointer dereference, as an out-of-bounds\nread from a stack buffer. (CVE-2017-9227)\n\nOut-of-bounds stack read in match_at() during regular expression\nsearching :\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod\nin Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack\nout-of-bounds read occurs in match_at() during regular expression\nsearching. A logical error involving order of validation and access in\nmatch_at() could result in an out-of-bounds read from a stack buffer.\n(CVE-2017-9224)", "published": "2017-08-04T00:00:00", "modified": "2021-02-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/102181", "reporter": "This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://alas.aws.amazon.com/ALAS-2017-867.html"], "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9229", "CVE-2017-9227", "CVE-2017-7890"], "type": "nessus", "lastseen": "2021-02-01T01:21:37", "edition": 26, "viewCount": 17, "enchantments": {"dependencies": {"references": [{"type": "f5", "idList": ["F5:K43292324", "F5:K09361513", "F5:K61164061", "F5:K34551175", "F5:K06844177", "F5:K01709026"]}, {"type": "amazon", "idList": ["ALAS-2017-871", "ALAS-2017-867"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3938-1:63905", "DEBIAN:DLA-1055-1:1D63E", "DEBIAN:DLA-958-1:E79D6"]}, {"type": "slackware", "idList": ["SSA-2018-108-01", "SSA-2017-188-01"]}, {"type": "hackerone", "idList": ["H1:237915"]}, {"type": "fedora", "idList": ["FEDORA:6380460600FA", "FEDORA:4DE9160C2673", "FEDORA:D3F6E60877BD", "FEDORA:52FE460DF3A9", "FEDORA:4720460BA914", "FEDORA:6A03F6045A1D", "FEDORA:577F0605A34A", "FEDORA:76D58601CED5"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843281", "OPENVAS:1361412562310873447", "OPENVAS:1361412562310872744", "OPENVAS:1361412562310872877", "OPENVAS:1361412562310872753", "OPENVAS:1361412562310890958", "OPENVAS:1361412562310872898", "OPENVAS:1361412562311220192403", "OPENVAS:1361412562311220191990", "OPENVAS:1361412562310872929"]}, {"type": "nessus", "idList": ["FEDORA_2017-5ADE380AB2.NASL", "DEBIAN_DLA-958.NASL", "ALA_ALAS-2017-871.NASL", "FEDORA_2017-E2D6D0067F.NASL", "EULEROS_SA-2019-2403.NASL", "FEDORA_2017-EE01A2CED6.NASL", "FEDORA_2017-60997F0D14.NASL", "FEDORA_2017-B674DC22AD.NASL", "SLACKWARE_SSA_2017-188-01.NASL", "FEDORA_2017-B8BB4B86E2.NASL"]}, {"type": "cve", "idList": ["CVE-2017-9227", "CVE-2017-9224", "CVE-2017-9228", "CVE-2017-7890", "CVE-2017-9226", "CVE-2017-9229"]}, {"type": "freebsd", "idList": ["5033E2FC-98EC-4EF5-8E0B-87CFBBC73081", "B396CF6C-62E6-11E7-9DEF-B499BAEBFEAF"]}, {"type": "ubuntu", "idList": ["USN-3382-2", "USN-3389-1", "USN-3389-2", "USN-3382-1"]}, {"type": "redhat", "idList": ["RHSA-2018:0406"]}, {"type": "centos", "idList": ["CESA-2018:0406"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-0406"]}], "modified": "2021-02-01T01:21:37", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2021-02-01T01:21:37", "rev": 2}, "vulnersScore": 6.3}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-867.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102181);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2019/07/10 16:04:12\");\n\n script_cve_id(\"CVE-2017-7890\", \"CVE-2017-9224\", \"CVE-2017-9226\", \"CVE-2017-9227\", \"CVE-2017-9228\", \"CVE-2017-9229\");\n script_xref(name:\"ALAS\", value:\"2017-867\");\n\n script_name(english:\"Amazon Linux AMI : php70 (ALAS-2017-867)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Out-of-bounds heap write in bitset_set_range() :\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod\nin Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap\nout-of-bounds write occurs in bitset_set_range() during regular\nexpression compilation due to an uninitialized variable from an\nincorrect state transition. An incorrect state transition in\nparse_char_class() could create an execution path that leaves a\ncritical local variable uninitialized until it's used as an index,\nresulting in an out-of-bounds write memory corruption. (CVE-2017-9228)\n\nBuffer over-read from unitialized data in gdImageCreateFromGifCtx\nfunction\n\nThe GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in\nthe GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and\n7.x before 7.1.7, does not zero colorMap arrays before use. A\nspecially crafted GIF image could use the uninitialized tables to read\n~700 bytes from the top of the stack, potentially disclosing sensitive\ninformation. (CVE-2017-7890)\n\nInvalid pointer dereference in left_adjust_char_head() :\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod\nin Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV\noccurs in left_adjust_char_head() during regular expression\ncompilation. Invalid handling of reg->dmax in forward_search_range()\ncould result in an invalid pointer dereference, normally as an\nimmediate denial-of-service condition. (CVE-2017-9229)\n\nHeap buffer overflow in next_state_val() during regular expression\ncompilation :\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod\nin Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap\nout-of-bounds write or read occurs in next_state_val() during regular\nexpression compilation. Octal numbers larger than 0xff are not handled\ncorrectly in fetch_token() and fetch_token_in_cc(). A malformed\nregular expression containing an octal number in the form of \\\\700\nwould produce an invalid code point value larger than 0xff in\nnext_state_val(), resulting in an out-of-bounds write memory\ncorruption.(CVE-2017-9226)\n\nOut-of-bounds stack read in mbc_enc_len() during regular expression\nsearching :\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod\nin Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack\nout-of-bounds read occurs in mbc_enc_len() during regular expression\nsearching. Invalid handling of reg->dmin in forward_search_range()\ncould result in an invalid pointer dereference, as an out-of-bounds\nread from a stack buffer. (CVE-2017-9227)\n\nOut-of-bounds stack read in match_at() during regular expression\nsearching :\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod\nin Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack\nout-of-bounds read occurs in match_at() during regular expression\nsearching. A logical error involving order of validation and access in\nmatch_at() could result in an out-of-bounds read from a stack buffer.\n(CVE-2017-9224)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-867.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update php70' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-pdo-dblib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php70-7.0.21-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-bcmath-7.0.21-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-cli-7.0.21-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-common-7.0.21-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-dba-7.0.21-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-dbg-7.0.21-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-debuginfo-7.0.21-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-devel-7.0.21-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-embedded-7.0.21-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-enchant-7.0.21-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-fpm-7.0.21-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-gd-7.0.21-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-gmp-7.0.21-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-imap-7.0.21-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-intl-7.0.21-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-json-7.0.21-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-ldap-7.0.21-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-mbstring-7.0.21-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-mcrypt-7.0.21-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-mysqlnd-7.0.21-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-odbc-7.0.21-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-opcache-7.0.21-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-pdo-7.0.21-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-pdo-dblib-7.0.21-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-pgsql-7.0.21-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-process-7.0.21-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-pspell-7.0.21-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-recode-7.0.21-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-snmp-7.0.21-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-soap-7.0.21-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-tidy-7.0.21-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-xml-7.0.21-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-xmlrpc-7.0.21-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-zip-7.0.21-1.23.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php70 / php70-bcmath / php70-cli / php70-common / php70-dba / etc\");\n}\n", "naslFamily": "Amazon Linux Local Security Checks", "pluginID": "102181", "cpe": ["p-cpe:/a:amazon:linux:php70-pdo", "p-cpe:/a:amazon:linux:php70-xml", "p-cpe:/a:amazon:linux:php70-mcrypt", "p-cpe:/a:amazon:linux:php70-debuginfo", "p-cpe:/a:amazon:linux:php70-enchant", "p-cpe:/a:amazon:linux:php70-snmp", "p-cpe:/a:amazon:linux:php70-mbstring", "p-cpe:/a:amazon:linux:php70-embedded", "p-cpe:/a:amazon:linux:php70-cli", "p-cpe:/a:amazon:linux:php70-dba", "p-cpe:/a:amazon:linux:php70-dbg", "p-cpe:/a:amazon:linux:php70", "p-cpe:/a:amazon:linux:php70-pspell", "p-cpe:/a:amazon:linux:php70-pgsql", "p-cpe:/a:amazon:linux:php70-intl", "p-cpe:/a:amazon:linux:php70-xmlrpc", "p-cpe:/a:amazon:linux:php70-gd", "p-cpe:/a:amazon:linux:php70-process", "p-cpe:/a:amazon:linux:php70-odbc", "p-cpe:/a:amazon:linux:php70-mysqlnd", "p-cpe:/a:amazon:linux:php70-tidy", "p-cpe:/a:amazon:linux:php70-pdo-dblib", "p-cpe:/a:amazon:linux:php70-common", "p-cpe:/a:amazon:linux:php70-devel", "p-cpe:/a:amazon:linux:php70-imap", "p-cpe:/a:amazon:linux:php70-zip", "p-cpe:/a:amazon:linux:php70-json", "p-cpe:/a:amazon:linux:php70-fpm", "p-cpe:/a:amazon:linux:php70-soap", "p-cpe:/a:amazon:linux:php70-ldap", "p-cpe:/a:amazon:linux:php70-recode", "p-cpe:/a:amazon:linux:php70-gmp", "p-cpe:/a:amazon:linux:php70-opcache", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:php70-bcmath"], "scheme": null, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}

{"f5": [{"lastseen": "2017-08-09T15:09:33", "bulletinFamily": "software", "cvelist": ["CVE-2017-9226", "CVE-2017-7890"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP AAM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP ASM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP DNS| None| 13.0.0 \n12.0.0 - 12.1.2| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1| Not vulnerable| None \nBIG-IP GTM| None| 11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP Link Controller| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP PEM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.1| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1| Not vulnerable| None \nBIG-IP WebSafe| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.3.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.2.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.2| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "edition": 1, "modified": "2017-08-08T00:04:00", "published": "2017-08-08T00:04:00", "href": "https://support.f5.com/csp/article/K01709026", "id": "F5:K01709026", "title": "PHP vulnerabilities CVE-2017-7890 and CVE-2017-9226", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-08-08T00:21:26", "bulletinFamily": "software", "cvelist": ["CVE-2017-9226", "CVE-2017-7890"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP AAM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP ASM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP DNS| None| 13.0.0 \n12.0.0 - 12.1.2| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1| Not vulnerable| None \nBIG-IP GTM| None| 11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP Link Controller| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP PEM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.1| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1| Not vulnerable| None \nBIG-IP WebSafe| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.3.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.2.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.2| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "edition": 1, "modified": "2017-08-08T00:03:00", "published": "2017-08-08T00:03:00", "href": "https://support.f5.com/csp/article/K09361513", "id": "F5:K09361513", "title": "PHP vulnerabilities CVE-2017-9226 and CVE-2017-7890", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-22T02:17:00", "bulletinFamily": "software", "cvelist": ["CVE-2017-9224"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP AAM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP ASM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP DNS| None| 13.0.0 \n12.0.0 - 12.1.2| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1| Not vulnerable| None \nBIG-IP GTM| None| 11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP Link Controller| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP PEM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.1| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1| Not vulnerable| None \nBIG-IP WebSafe| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.3.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.2.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.2| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "edition": 1, "modified": "2017-07-22T01:48:00", "published": "2017-07-22T01:48:00", "href": "https://support.f5.com/csp/article/K34551175", "id": "F5:K34551175", "title": "PHP vulnerability CVE-2017-9224", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-22T00:24:43", "bulletinFamily": "software", "cvelist": ["CVE-2017-9229"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP AAM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP ASM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP DNS| None| 13.0.0 \n12.0.0 - 12.1.2| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1| Not vulnerable| None \nBIG-IP GTM| None| 11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP Link Controller| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP PEM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.1| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1| Not vulnerable| None \nBIG-IP WebSafe| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.3.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.2.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.2| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "edition": 1, "modified": "2017-07-21T23:57:00", "published": "2017-07-21T23:57:00", "href": "https://support.f5.com/csp/article/K06844177", "id": "F5:K06844177", "title": "PHP vulnerability CVE-2017-9229", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T22:24:26", "bulletinFamily": "software", "cvelist": ["CVE-2017-9227"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP AAM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP ASM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP DNS| None| 13.0.0 \n12.0.0 - 12.1.2| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1| Not vulnerable| None \nBIG-IP GTM| None| 11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP Link Controller| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP PEM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.1| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1| Not vulnerable| None \nBIG-IP WebSafe| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.3.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.2.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.2| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "edition": 1, "modified": "2017-07-24T20:25:00", "published": "2017-07-24T20:25:00", "href": "https://support.f5.com/csp/article/K61164061", "id": "F5:K61164061", "title": "PHP vulnerability CVE-2017-9227", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-22T02:17:05", "bulletinFamily": "software", "cvelist": ["CVE-2017-9228"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP AAM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP ASM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP DNS| None| 13.0.0 \n12.0.0 - 12.1.2| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1| Not vulnerable| None \nBIG-IP GTM| None| 11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP Link Controller| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP PEM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.1| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1| Not vulnerable| None \nBIG-IP WebSafe| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.3.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.2.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.2| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "edition": 1, "modified": "2017-07-22T01:58:00", "published": "2017-07-22T01:58:00", "href": "https://support.f5.com/csp/article/K43292324", "id": "F5:K43292324", "title": "PHP vulnerability CVE-2017-9228", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "amazon": [{"lastseen": "2020-11-10T12:37:33", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9229", "CVE-2017-9227", "CVE-2017-7890"], "description": "**Issue Overview:**\n\nOut-of-bounds heap write in bitset_set_range(): \nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption. ([CVE-2017-9228 __](<https://access.redhat.com/security/cve/CVE-2017-9228>))\n\nBuffer over-read from unitialized data in gdImageCreateFromGifCtx function \nThe GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information. ([CVE-2017-7890 __](<https://access.redhat.com/security/cve/CVE-2017-7890>))\n\nInvalid pointer dereference in left_adjust_char_head(): \nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg-&gt;dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition. ([CVE-2017-9229 __](<https://access.redhat.com/security/cve/CVE-2017-9229>))\n\nHeap buffer overflow in next_state_val() during regular expression compilation: \nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of \\\\\\700 would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.([CVE-2017-9226 __](<https://access.redhat.com/security/cve/CVE-2017-9226>))\n\nOut-of-bounds stack read in mbc_enc_len() during regular expression searching: \nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg-&gt;dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer. ([CVE-2017-9227 __](<https://access.redhat.com/security/cve/CVE-2017-9227>))\n\nOut-of-bounds stack read in match_at() during regular expression searching: \nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer. ([CVE-2017-9224 __](<https://access.redhat.com/security/cve/CVE-2017-9224>))\n\n \n**Affected Packages:** \n\n\nphp70\n\n \n**Issue Correction:** \nRun _yum update php70_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n php70-imap-7.0.21-1.23.amzn1.i686 \n php70-gd-7.0.21-1.23.amzn1.i686 \n php70-fpm-7.0.21-1.23.amzn1.i686 \n php70-7.0.21-1.23.amzn1.i686 \n php70-pdo-dblib-7.0.21-1.23.amzn1.i686 \n php70-debuginfo-7.0.21-1.23.amzn1.i686 \n php70-common-7.0.21-1.23.amzn1.i686 \n php70-gmp-7.0.21-1.23.amzn1.i686 \n php70-ldap-7.0.21-1.23.amzn1.i686 \n php70-odbc-7.0.21-1.23.amzn1.i686 \n php70-devel-7.0.21-1.23.amzn1.i686 \n php70-enchant-7.0.21-1.23.amzn1.i686 \n php70-snmp-7.0.21-1.23.amzn1.i686 \n php70-json-7.0.21-1.23.amzn1.i686 \n php70-mcrypt-7.0.21-1.23.amzn1.i686 \n php70-process-7.0.21-1.23.amzn1.i686 \n php70-intl-7.0.21-1.23.amzn1.i686 \n php70-soap-7.0.21-1.23.amzn1.i686 \n php70-mysqlnd-7.0.21-1.23.amzn1.i686 \n php70-dbg-7.0.21-1.23.amzn1.i686 \n php70-dba-7.0.21-1.23.amzn1.i686 \n php70-pgsql-7.0.21-1.23.amzn1.i686 \n php70-recode-7.0.21-1.23.amzn1.i686 \n php70-pdo-7.0.21-1.23.amzn1.i686 \n php70-zip-7.0.21-1.23.amzn1.i686 \n php70-embedded-7.0.21-1.23.amzn1.i686 \n php70-mbstring-7.0.21-1.23.amzn1.i686 \n php70-pspell-7.0.21-1.23.amzn1.i686 \n php70-opcache-7.0.21-1.23.amzn1.i686 \n php70-xmlrpc-7.0.21-1.23.amzn1.i686 \n php70-bcmath-7.0.21-1.23.amzn1.i686 \n php70-tidy-7.0.21-1.23.amzn1.i686 \n php70-xml-7.0.21-1.23.amzn1.i686 \n php70-cli-7.0.21-1.23.amzn1.i686 \n \n src: \n php70-7.0.21-1.23.amzn1.src \n \n x86_64: \n php70-mysqlnd-7.0.21-1.23.amzn1.x86_64 \n php70-xml-7.0.21-1.23.amzn1.x86_64 \n php70-cli-7.0.21-1.23.amzn1.x86_64 \n php70-pspell-7.0.21-1.23.amzn1.x86_64 \n php70-fpm-7.0.21-1.23.amzn1.x86_64 \n php70-embedded-7.0.21-1.23.amzn1.x86_64 \n php70-intl-7.0.21-1.23.amzn1.x86_64 \n php70-recode-7.0.21-1.23.amzn1.x86_64 \n php70-common-7.0.21-1.23.amzn1.x86_64 \n php70-pgsql-7.0.21-1.23.amzn1.x86_64 \n php70-odbc-7.0.21-1.23.amzn1.x86_64 \n php70-mbstring-7.0.21-1.23.amzn1.x86_64 \n php70-dbg-7.0.21-1.23.amzn1.x86_64 \n php70-pdo-7.0.21-1.23.amzn1.x86_64 \n php70-devel-7.0.21-1.23.amzn1.x86_64 \n php70-enchant-7.0.21-1.23.amzn1.x86_64 \n php70-snmp-7.0.21-1.23.amzn1.x86_64 \n php70-process-7.0.21-1.23.amzn1.x86_64 \n php70-debuginfo-7.0.21-1.23.amzn1.x86_64 \n php70-imap-7.0.21-1.23.amzn1.x86_64 \n php70-zip-7.0.21-1.23.amzn1.x86_64 \n php70-ldap-7.0.21-1.23.amzn1.x86_64 \n php70-json-7.0.21-1.23.amzn1.x86_64 \n php70-xmlrpc-7.0.21-1.23.amzn1.x86_64 \n php70-tidy-7.0.21-1.23.amzn1.x86_64 \n php70-opcache-7.0.21-1.23.amzn1.x86_64 \n php70-bcmath-7.0.21-1.23.amzn1.x86_64 \n php70-dba-7.0.21-1.23.amzn1.x86_64 \n php70-soap-7.0.21-1.23.amzn1.x86_64 \n php70-mcrypt-7.0.21-1.23.amzn1.x86_64 \n php70-7.0.21-1.23.amzn1.x86_64 \n php70-gd-7.0.21-1.23.amzn1.x86_64 \n php70-pdo-dblib-7.0.21-1.23.amzn1.x86_64 \n php70-gmp-7.0.21-1.23.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2017-08-03T20:38:00", "published": "2017-08-03T20:38:00", "id": "ALAS-2017-867", "href": "https://alas.aws.amazon.com/ALAS-2017-867.html", "title": "Medium: php70", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-10T12:35:26", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9229", "CVE-2017-9227"], "description": "**Issue Overview:**\n\nOut-of-bounds heap write in bitset_set_range() \nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption. ([CVE-2017-9228 __](<https://access.redhat.com/security/cve/CVE-2017-9228>))\n\nInvalid pointer dereference in left_adjust_char_head() \nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg-&gt;dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition. ([CVE-2017-9229 __](<https://access.redhat.com/security/cve/CVE-2017-9229>))\n\nHeap buffer overflow in next_state_val() during regular expression compilation \nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\\\\\\700'; would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption. ([CVE-2017-9226 __](<https://access.redhat.com/security/cve/CVE-2017-9226>))\n\nOut-of-bounds stack read in mbc_enc_len() during regular expression searching \nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg>dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer. [CVE-2017-9227 __](<https://access.redhat.com/security/cve/CVE-2017-9227>)\n\nOut-of-bounds stack read in match_at() during regular expression searching \nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer. ([CVE-2017-9224 __](<https://access.redhat.com/security/cve/CVE-2017-9224>))\n\n \n**Affected Packages:** \n\n\nphp56\n\n \n**Issue Correction:** \nRun _yum update php56_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n php56-xmlrpc-5.6.31-1.134.amzn1.i686 \n php56-recode-5.6.31-1.134.amzn1.i686 \n php56-enchant-5.6.31-1.134.amzn1.i686 \n php56-intl-5.6.31-1.134.amzn1.i686 \n php56-odbc-5.6.31-1.134.amzn1.i686 \n php56-bcmath-5.6.31-1.134.amzn1.i686 \n php56-mcrypt-5.6.31-1.134.amzn1.i686 \n php56-mssql-5.6.31-1.134.amzn1.i686 \n php56-cli-5.6.31-1.134.amzn1.i686 \n php56-mysqlnd-5.6.31-1.134.amzn1.i686 \n php56-dbg-5.6.31-1.134.amzn1.i686 \n php56-tidy-5.6.31-1.134.amzn1.i686 \n php56-fpm-5.6.31-1.134.amzn1.i686 \n php56-gd-5.6.31-1.134.amzn1.i686 \n php56-process-5.6.31-1.134.amzn1.i686 \n php56-pgsql-5.6.31-1.134.amzn1.i686 \n php56-dba-5.6.31-1.134.amzn1.i686 \n php56-pdo-5.6.31-1.134.amzn1.i686 \n php56-pspell-5.6.31-1.134.amzn1.i686 \n php56-common-5.6.31-1.134.amzn1.i686 \n php56-gmp-5.6.31-1.134.amzn1.i686 \n php56-ldap-5.6.31-1.134.amzn1.i686 \n php56-5.6.31-1.134.amzn1.i686 \n php56-mbstring-5.6.31-1.134.amzn1.i686 \n php56-imap-5.6.31-1.134.amzn1.i686 \n php56-opcache-5.6.31-1.134.amzn1.i686 \n php56-soap-5.6.31-1.134.amzn1.i686 \n php56-xml-5.6.31-1.134.amzn1.i686 \n php56-embedded-5.6.31-1.134.amzn1.i686 \n php56-snmp-5.6.31-1.134.amzn1.i686 \n php56-devel-5.6.31-1.134.amzn1.i686 \n php56-debuginfo-5.6.31-1.134.amzn1.i686 \n \n src: \n php56-5.6.31-1.134.amzn1.src \n \n x86_64: \n php56-ldap-5.6.31-1.134.amzn1.x86_64 \n php56-mcrypt-5.6.31-1.134.amzn1.x86_64 \n php56-devel-5.6.31-1.134.amzn1.x86_64 \n php56-gd-5.6.31-1.134.amzn1.x86_64 \n php56-recode-5.6.31-1.134.amzn1.x86_64 \n php56-pdo-5.6.31-1.134.amzn1.x86_64 \n php56-tidy-5.6.31-1.134.amzn1.x86_64 \n php56-intl-5.6.31-1.134.amzn1.x86_64 \n php56-imap-5.6.31-1.134.amzn1.x86_64 \n php56-fpm-5.6.31-1.134.amzn1.x86_64 \n php56-soap-5.6.31-1.134.amzn1.x86_64 \n php56-snmp-5.6.31-1.134.amzn1.x86_64 \n php56-pgsql-5.6.31-1.134.amzn1.x86_64 \n php56-xmlrpc-5.6.31-1.134.amzn1.x86_64 \n php56-process-5.6.31-1.134.amzn1.x86_64 \n php56-dbg-5.6.31-1.134.amzn1.x86_64 \n php56-embedded-5.6.31-1.134.amzn1.x86_64 \n php56-mssql-5.6.31-1.134.amzn1.x86_64 \n php56-dba-5.6.31-1.134.amzn1.x86_64 \n php56-debuginfo-5.6.31-1.134.amzn1.x86_64 \n php56-5.6.31-1.134.amzn1.x86_64 \n php56-mysqlnd-5.6.31-1.134.amzn1.x86_64 \n php56-gmp-5.6.31-1.134.amzn1.x86_64 \n php56-odbc-5.6.31-1.134.amzn1.x86_64 \n php56-mbstring-5.6.31-1.134.amzn1.x86_64 \n php56-bcmath-5.6.31-1.134.amzn1.x86_64 \n php56-pspell-5.6.31-1.134.amzn1.x86_64 \n php56-opcache-5.6.31-1.134.amzn1.x86_64 \n php56-cli-5.6.31-1.134.amzn1.x86_64 \n php56-common-5.6.31-1.134.amzn1.x86_64 \n php56-enchant-5.6.31-1.134.amzn1.x86_64 \n php56-xml-5.6.31-1.134.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2017-08-17T18:16:00", "published": "2017-08-17T18:16:00", "id": "ALAS-2017-871", "href": "https://alas.aws.amazon.com/ALAS-2017-871.html", "title": "Medium: php56", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:22:25", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9229", "CVE-2017-9227"], "description": "Package : libonig\nVersion : 5.9.1-1+deb7u1\nCVE ID : CVE-2017-9224 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228\n CVE-2017-9229\nDebian Bug : 863312 863314 863315 863316 863318\n\nCVE-2017-9224\n\n An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in\n Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack\n out-of-bounds read occurs in match_at() during regular expression\n searching. A logical error involving order of validation and access in\n match_at() could result in an out-of-bounds read from a stack buffer.\n\nCVE-2017-9226\n\n An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in\n Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap\n out-of-bounds write or read occurs in next_state_val() during regular\n expression compilation. Octal numbers larger than 0xff are not handled\n correctly in fetch_token() and fetch_token_in_cc(). A malformed regular\n expression containing an octal number in the form of &#x27;\\700&#x27; would\n produce an invalid code point value larger than 0xff in\n next_state_val(), resulting in an out-of-bounds write memory\n corruption.\n\nCVE-2017-9227\n\n An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in\n Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack\n out-of-bounds read occurs in mbc_enc_len() during regular expression\n searching. Invalid handling of reg-&amp;gt;dmin in forward_search_range()\n could result in an invalid pointer dereference, as an out-of-bounds\n read from a stack buffer.\n\nCVE-2017-9228\n\n An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in\n Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap\n out-of-bounds write occurs in bitset_set_range() during regular\n expression compilation due to an uninitialized variable from an\n incorrect state transition. An incorrect state transition in\n parse_char_class() could create an execution path that leaves a\n critical local variable uninitialized until it&#x27;s used as an index,\n resulting in an out-of-bounds write memory corruption.\n\nCVE-2017-9229\n\n An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in\n Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs\n in left_adjust_char_head() during regular expression compilation.\n Invalid handling of reg-&amp;gt;dmax in forward_search_range() could result in\n an invalid pointer dereference, normally as an immediate\n denial-of-service condition.\n\n\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n5.9.1-1+deb7u1.\n\nWe recommend that you upgrade your libonig packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2017-05-28T13:50:35", "published": "2017-05-28T13:50:35", "id": "DEBIAN:DLA-958-1:E79D6", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201705/msg00029.html", "title": "[SECURITY] [DLA 958-1] libonig security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:21:42", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7890"], "description": "Package : libgd2\nVersion : 2.0.36~rc1~dfsg-6.1+deb7u9\nCVE ID : CVE-2017-7890\n\n\nMatviy Kotoniy reported that the gdImageCreateFromGifCtx() function used\nto load images from GIF format files in libgd2, a library for\nprogrammatic graphics creation and manipulation, does not zero stack\nallocated color map buffers before their use, which may result in\ninformation disclosure if a specially crafted file is processed.\n\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n2.0.36~rc1~dfsg-6.1+deb7u9.\n\nWe recommend that you upgrade your libgd2 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2017-08-12T21:40:36", "published": "2017-08-12T21:40:36", "id": "DEBIAN:DLA-1055-1:1D63E", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201708/msg00007.html", "title": "[SECURITY] [DLA 1055-1] libgd2 security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-08-12T00:52:04", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7890"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3938-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nAugust 12, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libgd2\nCVE ID : CVE-2017-7890\nDebian Bug : 869263\n\nMatviy Kotoniy reported that the gdImageCreateFromGifCtx() function used\nto load images from GIF format files in libgd2, a library for\nprogrammatic graphics creation and manipulation, does not zero stack\nallocated color map buffers before their use, which may result in\ninformation disclosure if a specially crafted file is processed.\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 2.1.0-5+deb8u10.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 2.2.4-2+deb9u1.\n\nWe recommend that you upgrade your libgd2 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 6, "modified": "2017-08-12T12:37:36", "published": "2017-08-12T12:37:36", "id": "DEBIAN:DSA-3938-1:63905", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00199.html", "title": "[SECURITY] [DSA 3938-1] libgd2 security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "slackware": [{"lastseen": "2020-10-25T16:36:23", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229"], "description": "New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/php-5.6.31-i586-1_slack14.2.txz: Upgraded.\n This release fixes bugs and security issues.\n For more information, see:\n https://php.net/ChangeLog-5.php#5.6.31\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9224\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9226\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9227\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9228\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9229\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.6.31-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.6.31-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.6.31-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.6.31-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/php-5.6.31-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/php-5.6.31-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.31-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.31-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\n9d84dc917f30f144b7001476e16c61ad php-5.6.31-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n79a0b931a46d8f4e74d4cabcd83c3cca php-5.6.31-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\na08ff003d4467b54fd1db431a178f39a php-5.6.31-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n090724d926672595678dba11f4c8a784 php-5.6.31-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n4c3518403b7114c64d26892e405626a6 php-5.6.31-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n4dc2e1cc2b25a1fee220c23035f5b5b4 php-5.6.31-x86_64-1_slack14.2.txz\n\nSlackware -current package:\nc5326035ae4a5f4463808c50e80c52eb n/php-5.6.31-i586-1.txz\n\nSlackware x86_64 -current package:\n731d6e7969ba150589e29813aa3ad12a n/php-5.6.31-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg php-5.6.31-i586-1_slack14.2.txz\n\nThen, restart Apache httpd:\n > /etc/rc.d/rc.httpd stop\n > /etc/rc.d/rc.httpd start", "modified": "2017-07-08T00:39:45", "published": "2017-07-08T00:39:45", "id": "SSA-2017-188-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.438658", "type": "slackware", "title": "[slackware-security] php", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-10-25T16:36:23", "bulletinFamily": "unix", "cvelist": ["CVE-2017-6362", "CVE-2017-7890"], "description": "New gd packages are available for Slackware 14.2 and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\nThis update fixes two security issues:\n Double-free in gdImagePngPtr() (denial of service).\n Buffer over-read into uninitialized memory (information leak).\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6362\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7890\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/gd-2.2.5-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/gd-2.2.5-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/gd-2.2.5-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/gd-2.2.5-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.2 package:\n00f7ac709aebd7e2d83c106496a67503 gd-2.2.5-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n55090c6941dea831bdc6ad78d47055d9 gd-2.2.5-x86_64-1_slack14.2.txz\n\nSlackware -current package:\nc996a52a4eed3ccc5af79320d27ef9f8 l/gd-2.2.5-i586-1.txz\n\nSlackware x86_64 -current package:\ne9a5c2882717f1df8d25c7b1ae03ecb5 l/gd-2.2.5-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg gd-2.2.5-i586-1_slack14.2.txz", "modified": "2018-04-19T01:44:39", "published": "2018-04-19T01:44:39", "id": "SSA-2018-108-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.341792", "type": "slackware", "title": "[slackware-security] gd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "hackerone": [{"lastseen": "2019-10-23T18:01:36", "bulletinFamily": "bugbounty", "bounty": 1500.0, "cvelist": ["CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229"], "description": "Oniguruma [1] by K. Kosako is a BSD licensed regular expression library that supports a variety of character encodings. The Ruby programming language, in version 1.9, as well as PHP's multi-byte string module (since PHP5), use Oniguruma as their regular expression engine. It is also used in products such as Atom, Take Command Console, Tera Term, TextMate, Sublime Text and SubEthaEdit.\n\nWe've identified six remote memory corruption issues in Oniguruma that affect the latest stable release v6.2.0 and the develop branch, they have received upstream patch in the latest stable version v6.3.0; PHP upstream has now included 5 of the patches (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229) that are applicable to the mbstring module [2, 3]. The regular expression APIs may be exposed to regular expressions from the network, potentially allow remote exploitation or denial of service in products that use Oniguruma, such as when used in PHP5/7 and Ruby.\n\n[1] https://github.com/kkos/oniguruma\n[2] https://github.com/php/php-src/commit/20eacb787f4543604f3c657e191baf274bb943c2\n[3] https://github.com/php/php-src/commit/bee52f352f00d86593bef43ed4cec4dbfd9edfcf\n\nCVE-2017-9226: Heap Out-of-bounds Write\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption. Upstream issue report, fix and PHP commits as below:\n\nhttps://github.com/kkos/oniguruma/issues/55\nhttps://github.com/kkos/oniguruma/commit/f015fbdd95f76438cd86366467bb2b39870dd7c6\nhttps://github.com/kkos/oniguruma/commit/b4bf968ad52afe14e60a2dc8a95d3555c543353a\nhttps://github.com/php/php-src/commit/1e0c4386ab87c6f6392933450130470cbd1a2b19\n\nCVE-2017-9224: Stack Out-of-bounds Read\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer. Upstream issue report, fix and PHP commits as below:\n\nhttps://github.com/kkos/oniguruma/issues/57\nhttps://github.com/kkos/oniguruma/commit/690313a061f7a4fa614ec5cc8368b4f2284e059b\nhttps://github.com/php/php-src/commit/60b1829e1cd18facc696264fd830c4bbd593cfa9\n\nCVE-2017-9227: Invalid Dereference, Denial-of-Service\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer. Upstream issue report, fix and PHP commits as below:\n\nhttps://github.com/kkos/oniguruma/issues/58\nhttps://github.com/kkos/oniguruma/commit/9690d3ab1f9bcd2db8cbe1fe3ee4a5da606b8814\nhttps://github.com/php/php-src/commit/6a8ae7cf8db3ec8dabfd027e01cdbcbb52654c90\n\nCVE-2017-9228: Uninitialized Variable, Out-of-bounds Write\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption. Upstream issue report, fix and PHP commits as below:\n\nhttps://github.com/kkos/oniguruma/issues/60\nhttps://github.com/kkos/oniguruma/commit/3b63d12038c8d8fc278e81c942fa9bec7c704c8b\nhttps://github.com/php/php-src/commit/1c845d295037702d63097e2216b3c5db53f79273\n\nCVE-2017-9229: Denial-of-Service\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition. Upstream issue report, fix and PHP commits as below:\n\nhttps://github.com/kkos/oniguruma/issues/59\nhttps://github.com/kkos/oniguruma/commit/b690371bbf97794b4a1d3f295d4fb9a8b05d402d\nhttps://github.com/php/php-src/commit/5416deec665db293ae25548828791453d776a6bf\n\n\n\n\n", "modified": "2019-10-14T04:40:04", "published": "2017-06-08T06:55:30", "id": "H1:237915", "href": "https://hackerone.com/reports/237915", "type": "hackerone", "title": "PHP (IBB): PHP mbstring / Oniguruma multiple remote heap/stack corruptions", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229"], "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. ", "modified": "2017-07-19T01:49:32", "published": "2017-07-19T01:49:32", "id": "FEDORA:6380460600FA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: php-5.6.31-1.fc24", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229"], "description": "Oniguruma is a regular expressions library. The characteristics of this library is that different character encoding for every regular expression object can be specified. (supported APIs: GNU regex, POSIX and Oniguruma native) ", "modified": "2017-06-10T10:23:48", "published": "2017-06-10T10:23:48", "id": "FEDORA:577F0605A34A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: oniguruma-5.9.6-4.fc24", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229"], "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. ", "modified": "2017-07-18T22:25:50", "published": "2017-07-18T22:25:50", "id": "FEDORA:76D58601CED5", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: php-7.1.7-1.fc26", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229"], "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. ", "modified": "2017-07-13T19:20:35", "published": "2017-07-13T19:20:35", "id": "FEDORA:52FE460DF3A9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: php-7.0.21-1.fc25", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9224", "CVE-2017-9225", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229"], "description": "Oniguruma is a regular expressions library. The characteristics of this library is that different character encoding for every regular expression object can be specified. (supported APIs: GNU regex, POSIX and Oniguruma native) ", "modified": "2017-06-10T10:39:07", "published": "2017-06-10T10:39:07", "id": "FEDORA:D3F6E60877BD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: oniguruma-6.1.3-2.fc25", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9224", "CVE-2017-9225", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229"], "description": "Oniguruma is a regular expressions library. The characteristics of this library is that different character encoding for every regular expression object can be specified. (supported APIs: GNU regex, POSIX and Oniguruma native) ", "modified": "2017-06-09T20:18:08", "published": "2017-06-09T20:18:08", "id": "FEDORA:4DE9160C2673", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: oniguruma-6.3.0-1.fc26", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9224", "CVE-2017-9225", "CVE-2017-9226", "CVE-2017-9228", "CVE-2017-9229"], "description": "Oniguruma is a regular expressions library. The characteristics of this library is that different character encoding for every regular expression object can be specified. (supported APIs: GNU regex, POSIX and Oniguruma native) ", "modified": "2017-09-27T05:29:06", "published": "2017-09-27T05:29:06", "id": "FEDORA:4720460BA914", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: oniguruma-6.1.3-3.fc25", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-6362", "CVE-2017-7890"], "description": "The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the formats accepted for inline images by most browsers. Note that gd is not a paint program. ", "modified": "2017-09-02T22:27:10", "published": "2017-09-02T22:27:10", "id": "FEDORA:8AEC1604CC02", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: gd-2.2.5-1.fc26", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:34:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9229", "CVE-2017-9227"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-07-14T00:00:00", "id": "OPENVAS:1361412562310872877", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872877", "type": "openvas", "title": "Fedora Update for php FEDORA-2017-b674dc22ad", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_b674dc22ad_php_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for php FEDORA-2017-b674dc22ad\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872877\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-14 07:33:56 +0200 (Fri, 14 Jul 2017)\");\n script_cve_id(\"CVE-2017-9224\", \"CVE-2017-9226\", \"CVE-2017-9227\", \"CVE-2017-9228\", \"CVE-2017-9229\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for php FEDORA-2017-b674dc22ad\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"php on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-b674dc22ad\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BC5AZEXE75LNGA26U3TFT2XKBJTVLRFQ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~7.0.21~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9229", "CVE-2017-9227"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-06-11T00:00:00", "id": "OPENVAS:1361412562310872744", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872744", "type": "openvas", "title": "Fedora Update for oniguruma FEDORA-2017-e2d6d0067f", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for oniguruma FEDORA-2017-e2d6d0067f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872744\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-11 07:02:19 +0200 (Sun, 11 Jun 2017)\");\n script_cve_id(\"CVE-2017-9226\", \"CVE-2017-9224\", \"CVE-2017-9227\", \"CVE-2017-9229\",\n \"CVE-2017-9228\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for oniguruma FEDORA-2017-e2d6d0067f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'oniguruma'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"oniguruma on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-e2d6d0067f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7MMREOZ4U27UNG3D33I7ZGAHLMMFGMR\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"oniguruma\", rpm:\"oniguruma~5.9.6~4.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9229", "CVE-2017-9227"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-08-04T00:00:00", "id": "OPENVAS:1361412562310872929", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872929", "type": "openvas", "title": "Fedora Update for php FEDORA-2017-b8bb4b86e2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_b8bb4b86e2_php_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for php FEDORA-2017-b8bb4b86e2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872929\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-04 12:46:42 +0530 (Fri, 04 Aug 2017)\");\n script_cve_id(\"CVE-2017-9224\", \"CVE-2017-9226\", \"CVE-2017-9227\", \"CVE-2017-9228\",\n \"CVE-2017-9229\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for php FEDORA-2017-b8bb4b86e2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"php on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-b8bb4b86e2\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3M3UB76ODGDN6N3ESNHMWH76R372EGYC\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~7.1.7~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9229", "CVE-2017-9227"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-07-21T00:00:00", "id": "OPENVAS:1361412562310872898", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872898", "type": "openvas", "title": "Fedora Update for php FEDORA-2017-5ade380ab2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_5ade380ab2_php_fc24.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for php FEDORA-2017-5ade380ab2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872898\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-21 07:33:55 +0200 (Fri, 21 Jul 2017)\");\n script_cve_id(\"CVE-2017-9224\", \"CVE-2017-9226\", \"CVE-2017-9227\", \"CVE-2017-9228\",\n \"CVE-2017-9229\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for php FEDORA-2017-5ade380ab2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"php on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-5ade380ab2\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2TMO6AAFFZRWCXEL7MSQ3P7M6Z6NKL4J\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.6.31~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T20:07:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9229", "CVE-2017-9227"], "description": "CVE-2017-9224\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in\nRuby through 2.4.1 and mbstring in PHP through 7.1.5. A stack\nout-of-bounds read occurs in match_at() during regular expression\nsearching. A logical error involving order of validation and access in\nmatch_at() could result in an out-of-bounds read from a stack buffer.\n\nCVE-2017-9226\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in\nRuby through 2.4.1 and mbstring in PHP through 7.1.5. A heap\nout-of-bounds write or read occurs in next_state_val() during regular\nexpression compilation. Octal numbers larger than 0xff are not handled\ncorrectly in fetch_token() and fetch_token_in_cc(). A malformed regular\nexpression containing an octal number in the form of ", "modified": "2020-01-29T00:00:00", "published": "2018-01-25T00:00:00", "id": "OPENVAS:1361412562310890958", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310890958", "type": "openvas", "title": "Debian LTS: Security Advisory for libonig (DLA-958-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.890958\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-9224\", \"CVE-2017-9226\", \"CVE-2017-9227\", \"CVE-2017-9228\", \"CVE-2017-9229\");\n script_name(\"Debian LTS: Security Advisory for libonig (DLA-958-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-25 00:00:00 +0100 (Thu, 25 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/05/msg00029.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"libonig on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n5.9.1-1+deb7u1.\n\nWe recommend that you upgrade your libonig packages.\");\n\n script_tag(name:\"summary\", value:\"CVE-2017-9224\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in\nRuby through 2.4.1 and mbstring in PHP through 7.1.5. A stack\nout-of-bounds read occurs in match_at() during regular expression\nsearching. A logical error involving order of validation and access in\nmatch_at() could result in an out-of-bounds read from a stack buffer.\n\nCVE-2017-9226\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in\nRuby through 2.4.1 and mbstring in PHP through 7.1.5. A heap\nout-of-bounds write or read occurs in next_state_val() during regular\nexpression compilation. Octal numbers larger than 0xff are not handled\ncorrectly in fetch_token() and fetch_token_in_cc(). A malformed regular\nexpression containing an octal number in the form of '\\700' would\nproduce an invalid code point value larger than 0xff in\nnext_state_val(), resulting in an out-of-bounds write memory\ncorruption.\n\nCVE-2017-9227\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in\nRuby through 2.4.1 and mbstring in PHP through 7.1.5. A stack\nout-of-bounds read occurs in mbc_enc_len() during regular expression\nsearching. Invalid handling of reg->dmin in forward_search_range()\ncould result in an invalid pointer dereference, as an out-of-bounds\nread from a stack buffer.\n\nCVE-2017-9228\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in\nRuby through 2.4.1 and mbstring in PHP through 7.1.5. A heap\nout-of-bounds write occurs in bitset_set_range() during regular\nexpression compilation due to an uninitialized variable from an\nincorrect state transition. An incorrect state transition in\nparse_char_class() could create an execution path that leaves a\ncritical local variable uninitialized until it's used as an index,\nresulting in an out-of-bounds write memory corruption.\n\nCVE-2017-9229\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in\nRuby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs\nin left_adjust_char_head() during regular expression compilation.\nInvalid handling of reg->dmax in forward_search_range() could result in\nan invalid pointer dereference, normally as an immediate\ndenial-of-service condition.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libonig-dev\", ver:\"5.9.1-1+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libonig2\", ver:\"5.9.1-1+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libonig2-dbg\", ver:\"5.9.1-1+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9229", "CVE-2017-9227", "CVE-2017-9225"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-06-13T00:00:00", "id": "OPENVAS:1361412562310872753", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872753", "type": "openvas", "title": "Fedora Update for oniguruma FEDORA-2017-60997f0d14", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for oniguruma FEDORA-2017-60997f0d14\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872753\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-13 13:16:11 +0200 (Tue, 13 Jun 2017)\");\n script_cve_id(\"CVE-2017-9226\", \"CVE-2017-9225\", \"CVE-2017-9224\", \"CVE-2017-9227\",\n \"CVE-2017-9229\", \"CVE-2017-9228\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for oniguruma FEDORA-2017-60997f0d14\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'oniguruma'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"oniguruma on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-60997f0d14\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C4HTYAWIWVZWQBMLFEYJNQ6NII5KAHK5\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"oniguruma\", rpm:\"oniguruma~6.1.3~2.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9229", "CVE-2017-9227", "CVE-2017-9225"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-09-28T00:00:00", "id": "OPENVAS:1361412562310873447", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873447", "type": "openvas", "title": "Fedora Update for oniguruma FEDORA-2017-e314044789", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_e314044789_oniguruma_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for oniguruma FEDORA-2017-e314044789\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873447\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-28 09:14:51 +0200 (Thu, 28 Sep 2017)\");\n script_cve_id(\"CVE-2017-9228\", \"CVE-2017-9224\", \"CVE-2017-9225\", \"CVE-2017-9226\",\n \"CVE-2017-9227\", \"CVE-2017-9229\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for oniguruma FEDORA-2017-e314044789\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'oniguruma'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"oniguruma on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-e314044789\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/47PRMNMSFMVKZJD3BZ7VDOOTRWWYCXFF\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"oniguruma\", rpm:\"oniguruma~6.1.3~3.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:38:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9227"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192403", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192403", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2019-2403)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2403\");\n script_version(\"2020-01-23T12:53:31+0000\");\n script_cve_id(\"CVE-2017-9224\", \"CVE-2017-9226\", \"CVE-2017-9227\", \"CVE-2017-9228\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:53:31 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:53:31 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2019-2403)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2403\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2403\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ruby' package(s) announced via the EulerOS-SA-2019-2403 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.(CVE-2017-9224)\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.(CVE-2017-9226)\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg-dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.(CVE-2017-9227)\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.(CVE-2017-9228)\");\n\n script_tag(name:\"affected\", value:\"'ruby' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~2.0.0.648~33.h16\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~2.0.0.648~33.h16\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~2.0.0.648~33.h16\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:39:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9229", "CVE-2017-9227", "CVE-2015-9096"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191990", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191990", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2019-1990)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1990\");\n script_version(\"2020-01-23T12:30:10+0000\");\n script_cve_id(\"CVE-2015-9096\", \"CVE-2017-9224\", \"CVE-2017-9227\", \"CVE-2017-9228\", \"CVE-2017-9229\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:30:10 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:30:10 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2019-1990)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1990\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1990\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ruby' package(s) announced via the EulerOS-SA-2019-1990 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A SMTP command injection flaw was found in the way Ruby's Net::SMTP module handled CRLF sequences in certain SMTP commands. An attacker could potentially use this flaw to inject SMTP commands in a SMTP session in order to facilitate phishing attacks or spam campaigns.(CVE-2015-9096)\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.(CVE-2017-9224)\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.(CVE-2017-9228)\n\n An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg-dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.(CVE-2017-9227)\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg-dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.(CVE-2017-9229)\");\n\n script_tag(name:\"affected\", value:\"'ruby' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~2.0.0.648~33.h16.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~2.0.0.648~33.h16.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~2.0.0.648~33.h16.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10397", "CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-11143", "CVE-2017-9229", "CVE-2017-9227", "CVE-2017-11628", "CVE-2015-8994", "CVE-2017-11147", "CVE-2017-11362", "CVE-2017-11145", "CVE-2017-11144"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-08-11T00:00:00", "id": "OPENVAS:1361412562310843281", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843281", "type": "openvas", "title": "Ubuntu Update for php7.0 USN-3382-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3382_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for php7.0 USN-3382-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843281\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-11 07:22:54 +0200 (Fri, 11 Aug 2017)\");\n script_cve_id(\"CVE-2015-8994\", \"CVE-2016-10397\", \"CVE-2017-11143\", \"CVE-2017-11144\",\n \"CVE-2017-11145\", \"CVE-2017-11147\", \"CVE-2017-11362\", \"CVE-2017-11628\",\n \"CVE-2017-9224\", \"CVE-2017-9226\", \"CVE-2017-9227\", \"CVE-2017-9228\",\n \"CVE-2017-9229\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for php7.0 USN-3382-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php7.0'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the PHP opcache\n created keys for files it cached based on their filepath. A local attacker could\n possibly use this issue in a shared hosting environment to obtain sensitive\n information. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-8994) It was\n discovered that the PHP URL parser incorrectly handled certain URI components. A\n remote attacker could possibly use this issue to bypass hostname-specific URL\n checks. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-10397) It was\n discovered that PHP incorrectly handled certain boolean parameters when\n unserializing data. A remote attacker could possibly use this issue to cause PHP\n to crash, resulting in a denial of service. This issue only affected Ubuntu\n 14.04 LTS. (CVE-2017-11143) Sebastian Li, Wei Lei, Xie Xiaofei, and Liu Yang\n discovered that PHP incorrectly handled the OpenSSL sealing function. A remote\n attacker could possibly use this issue to cause PHP to crash, resulting in a\n denial of service. (CVE-2017-11144) Wei Lei and Liu Yang discovered that the PHP\n date extension incorrectly handled memory. A remote attacker could possibly use\n this issue to disclose sensitive information from the server. (CVE-2017-11145)\n It was discovered that PHP incorrectly handled certain PHAR archives. A remote\n attacker could use this issue to cause PHP to crash or disclose sensitive\n information. This issue only affected Ubuntu 14.04 LTS. (CVE-2017-11147) It was\n discovered that PHP incorrectly handled locale length. A remote attacker could\n possibly use this issue to cause PHP to crash, resulting in a denial of service.\n (CVE-2017-11362) Wei Lei and Liu Yang discovered that PHP incorrectly handled\n parsing ini files. An attacker could possibly use this issue to cause PHP to\n crash, resulting in a denial of service. (CVE-2017-11628) It was discovered that\n PHP mbstring incorrectly handled certain regular expressions. A remote attacker\n could use this issue to cause PHP to crash, resulting in a denial of service, or\n possibly execute arbitrary code. (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227,\n CVE-2017-9228, CVE-2017-9229)\");\n script_tag(name:\"affected\", value:\"php7.0 on Ubuntu 17.04,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3382-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3382-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.04|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.5.9+dfsg-1ubuntu4.22\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.5.9+dfsg-1ubuntu4.22\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.5.9+dfsg-1ubuntu4.22\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.5.9+dfsg-1ubuntu4.22\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php7.0\", ver:\"7.0.22-0ubuntu0.17.04.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php7.0-cgi\", ver:\"7.0.22-0ubuntu0.17.04.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php7.0-cli\", ver:\"7.0.22-0ubuntu0.17.04.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php7.0-fpm\", ver:\"7.0.22-0ubuntu0.17.04.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php7.0\", ver:\"7.0.22-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php7.0-cgi\", ver:\"7.0.22-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php7.0-cli\", ver:\"7.0.22-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php7.0-fpm\", ver:\"7.0.22-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-07T10:12:59", "description": "**PHP version 7.0.21** (06 Jul 2017)\n\n**Core:**\n\n - Fixed bug php#74738 (Multiple [PATH=] and [HOST=]\n sections not properly parsed). (Manuel Mausz)\n\n - Fixed bug php#74658 (Undefined constants in array\n properties result in broken properties). (Laruence)\n\n - Fixed misparsing of abstract unix domain socket names.\n (Sara)\n\n - Fixed bug php#74101, bug php#74614 (Unserialize Heap\n Use-After-Free (READ: 1) in zval_get_type). (Nikita)\n\n - Fixed bug php#74111 (Heap buffer overread (READ: 1)\n finish_nested_data from unserialize). (Nikita)\n\n - Fixed bug php#74603 (PHP INI Parsing Stack Buffer\n Overflow Vulnerability). (Stas)\n\n - Fixed bug php#74819 (wddx_deserialize() heap\n out-of-bound read via php_parse_date()). (Derick)\n\n**DOM:**\n\n - Fixed bug php#69373 (References to deleted XPath query\n results). (ttoohey)\n\n**Intl:**\n\n - Fixed bug php#73473 (Stack Buffer Overflow in\n msgfmt_parse_message). (libnex)\n\n - Fixed bug php#74705 (Wrong reflection on\n Collator::getSortKey and collator_get_sort_key). (Tyson\n Andre, Remi)\n\n - Fixed bug php#73634 (grapheme_strpos illegal memory\n access). (Stas)\n\n**Mbstring:**\n\n - Add oniguruma upstream fix (CVE-2017-9224,\n CVE-2017-9226, CVE-2017-9227, CVE-2017-9228,\n CVE-2017-9229) (Remi, Mamoru TASAKA)\n\n**Opcache:**\n\n - Fixed bug php#74663 (Segfault with\n opcache.memory_protect and validate_timestamp).\n (Laruence)\n\n**OpenSSL:**\n\n - Fixed bug php#74651 (negative-size-param (-1) in memcpy\n in zif_openssl_seal()). (Stas)\n\n**Reflection:**\n\n - Fixed bug php#74673 (Segfault when cast Reflection\n object to string with undefined constant). (Laruence)\n\n**SPL:**\n\n - Fixed bug php#74478 (null coalescing operator failing\n with SplFixedArray). (jhdxr)\n\n**Standard:**\n\n - Fixed bug php#74708 (Invalid Reflection signatures for\n random_bytes and random_int). (Tyson Andre, Remi)\n\n - Fixed bug php#73648 (Heap buffer overflow in substr).\n (Stas)\n\n**FTP:**\n\n - Fixed bug php#74598 (ftp:// wrapper ignores context\n arg). (Sara)\n\n**PHAR:**\n\n - Fixed bug php#74386 (Phar::__construct reflection\n incorrect). (villfa)\n\n**SOAP**\n\n - Fixed bug php#74679 (Incorrect conversion array with\n WSDL_CACHE_MEMORY). (Dmitry)\n\n**Streams:**\n\n - Fixed bug php#74556 (stream_socket_get_name() returns\n '\\0'). (Sara)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 19, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-14T00:00:00", "title": "Fedora 25 : php (2017-b674dc22ad)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9229", "CVE-2017-9227"], "modified": "2017-07-14T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:25", "p-cpe:/a:fedoraproject:fedora:php"], "id": "FEDORA_2017-B674DC22AD.NASL", "href": "https://www.tenable.com/plugins/nessus/101538", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-b674dc22ad.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101538);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-9224\", \"CVE-2017-9226\", \"CVE-2017-9227\", \"CVE-2017-9228\", \"CVE-2017-9229\");\n script_xref(name:\"FEDORA\", value:\"2017-b674dc22ad\");\n\n script_name(english:\"Fedora 25 : php (2017-b674dc22ad)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**PHP version 7.0.21** (06 Jul 2017)\n\n**Core:**\n\n - Fixed bug php#74738 (Multiple [PATH=] and [HOST=]\n sections not properly parsed). (Manuel Mausz)\n\n - Fixed bug php#74658 (Undefined constants in array\n properties result in broken properties). (Laruence)\n\n - Fixed misparsing of abstract unix domain socket names.\n (Sara)\n\n - Fixed bug php#74101, bug php#74614 (Unserialize Heap\n Use-After-Free (READ: 1) in zval_get_type). (Nikita)\n\n - Fixed bug php#74111 (Heap buffer overread (READ: 1)\n finish_nested_data from unserialize). (Nikita)\n\n - Fixed bug php#74603 (PHP INI Parsing Stack Buffer\n Overflow Vulnerability). (Stas)\n\n - Fixed bug php#74819 (wddx_deserialize() heap\n out-of-bound read via php_parse_date()). (Derick)\n\n**DOM:**\n\n - Fixed bug php#69373 (References to deleted XPath query\n results). (ttoohey)\n\n**Intl:**\n\n - Fixed bug php#73473 (Stack Buffer Overflow in\n msgfmt_parse_message). (libnex)\n\n - Fixed bug php#74705 (Wrong reflection on\n Collator::getSortKey and collator_get_sort_key). (Tyson\n Andre, Remi)\n\n - Fixed bug php#73634 (grapheme_strpos illegal memory\n access). (Stas)\n\n**Mbstring:**\n\n - Add oniguruma upstream fix (CVE-2017-9224,\n CVE-2017-9226, CVE-2017-9227, CVE-2017-9228,\n CVE-2017-9229) (Remi, Mamoru TASAKA)\n\n**Opcache:**\n\n - Fixed bug php#74663 (Segfault with\n opcache.memory_protect and validate_timestamp).\n (Laruence)\n\n**OpenSSL:**\n\n - Fixed bug php#74651 (negative-size-param (-1) in memcpy\n in zif_openssl_seal()). (Stas)\n\n**Reflection:**\n\n - Fixed bug php#74673 (Segfault when cast Reflection\n object to string with undefined constant). (Laruence)\n\n**SPL:**\n\n - Fixed bug php#74478 (null coalescing operator failing\n with SplFixedArray). (jhdxr)\n\n**Standard:**\n\n - Fixed bug php#74708 (Invalid Reflection signatures for\n random_bytes and random_int). (Tyson Andre, Remi)\n\n - Fixed bug php#73648 (Heap buffer overflow in substr).\n (Stas)\n\n**FTP:**\n\n - Fixed bug php#74598 (ftp:// wrapper ignores context\n arg). (Sara)\n\n**PHAR:**\n\n - Fixed bug php#74386 (Phar::__construct reflection\n incorrect). (villfa)\n\n**SOAP**\n\n - Fixed bug php#74679 (Incorrect conversion array with\n WSDL_CACHE_MEMORY). (Dmitry)\n\n**Streams:**\n\n - Fixed bug php#74556 (stream_socket_get_name() returns\n '\\0'). (Sara)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-b674dc22ad\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"php-7.0.21-1.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T01:21:37", "description": "Out-of-bounds heap write in bitset_set_range()\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod\nin Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap\nout-of-bounds write occurs in bitset_set_range() during regular\nexpression compilation due to an uninitialized variable from an\nincorrect state transition. An incorrect state transition in\nparse_char_class() could create an execution path that leaves a\ncritical local variable uninitialized until it's used as an index,\nresulting in an out-of-bounds write memory corruption. (CVE-2017-9228)\n\nInvalid pointer dereference in left_adjust_char_head()\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod\nin Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV\noccurs in left_adjust_char_head() during regular expression\ncompilation. Invalid handling of reg->dmax in forward_search_range()\ncould result in an invalid pointer dereference, normally as an\nimmediate denial-of-service condition. (CVE-2017-9229)\n\nHeap buffer overflow in next_state_val() during regular expression\ncompilation\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod\nin Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap\nout-of-bounds write or read occurs in next_state_val() during regular\nexpression compilation. Octal numbers larger than 0xff are not handled\ncorrectly in fetch_token() and fetch_token_in_cc(). A malformed\nregular expression containing an octal number in the form of '\\\\700';\nwould produce an invalid code point value larger than 0xff in\nnext_state_val(), resulting in an out-of-bounds write memory\ncorruption. (CVE-2017-9226)\n\nOut-of-bounds stack read in mbc_enc_len() during regular expression\nsearching\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod\nin Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack\nout-of-bounds read occurs in mbc_enc_len() during regular expression\nsearching. Invalid handling of reg>dmin in forward_search_range()\ncould result in an invalid pointer dereference, as an out-of-bounds\nread from a stack buffer. CVE-2017-9227 \n\nOut-of-bounds stack read in match_at() during regular expression\nsearching\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod\nin Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack\nout-of-bounds read occurs in match_at() during regular expression\nsearching. A logical error involving order of validation and access in\nmatch_at() could result in an out-of-bounds read from a stack buffer.\n(CVE-2017-9224)", "edition": 26, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-08-18T00:00:00", "title": "Amazon Linux AMI : php56 (ALAS-2017-871)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9229", "CVE-2017-9227"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:php56-embedded", "p-cpe:/a:amazon:linux:php56-devel", "p-cpe:/a:amazon:linux:php56-opcache", "p-cpe:/a:amazon:linux:php56-debuginfo", "p-cpe:/a:amazon:linux:php56-gmp", "p-cpe:/a:amazon:linux:php56-ldap", "p-cpe:/a:amazon:linux:php56-dbg", "p-cpe:/a:amazon:linux:php56-xml", "p-cpe:/a:amazon:linux:php56-tidy", "p-cpe:/a:amazon:linux:php56-cli", "p-cpe:/a:amazon:linux:php56-fpm", "p-cpe:/a:amazon:linux:php56-bcmath", "p-cpe:/a:amazon:linux:php56-snmp", "p-cpe:/a:amazon:linux:php56-mcrypt", "p-cpe:/a:amazon:linux:php56", "p-cpe:/a:amazon:linux:php56-xmlrpc", "p-cpe:/a:amazon:linux:php56-mssql", "p-cpe:/a:amazon:linux:php56-process", "p-cpe:/a:amazon:linux:php56-imap", "p-cpe:/a:amazon:linux:php56-pspell", "p-cpe:/a:amazon:linux:php56-intl", "p-cpe:/a:amazon:linux:php56-soap", "p-cpe:/a:amazon:linux:php56-mbstring", "p-cpe:/a:amazon:linux:php56-enchant", "p-cpe:/a:amazon:linux:php56-common", "p-cpe:/a:amazon:linux:php56-pgsql", "p-cpe:/a:amazon:linux:php56-pdo", "p-cpe:/a:amazon:linux:php56-mysqlnd", "p-cpe:/a:amazon:linux:php56-gd", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:php56-recode", "p-cpe:/a:amazon:linux:php56-odbc", "p-cpe:/a:amazon:linux:php56-dba"], "id": "ALA_ALAS-2017-871.NASL", "href": "https://www.tenable.com/plugins/nessus/102545", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-871.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102545);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2017-9224\", \"CVE-2017-9226\", \"CVE-2017-9227\", \"CVE-2017-9228\", \"CVE-2017-9229\");\n script_xref(name:\"ALAS\", value:\"2017-871\");\n\n script_name(english:\"Amazon Linux AMI : php56 (ALAS-2017-871)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Out-of-bounds heap write in bitset_set_range()\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod\nin Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap\nout-of-bounds write occurs in bitset_set_range() during regular\nexpression compilation due to an uninitialized variable from an\nincorrect state transition. An incorrect state transition in\nparse_char_class() could create an execution path that leaves a\ncritical local variable uninitialized until it's used as an index,\nresulting in an out-of-bounds write memory corruption. (CVE-2017-9228)\n\nInvalid pointer dereference in left_adjust_char_head()\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod\nin Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV\noccurs in left_adjust_char_head() during regular expression\ncompilation. Invalid handling of reg->dmax in forward_search_range()\ncould result in an invalid pointer dereference, normally as an\nimmediate denial-of-service condition. (CVE-2017-9229)\n\nHeap buffer overflow in next_state_val() during regular expression\ncompilation\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod\nin Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap\nout-of-bounds write or read occurs in next_state_val() during regular\nexpression compilation. Octal numbers larger than 0xff are not handled\ncorrectly in fetch_token() and fetch_token_in_cc(). A malformed\nregular expression containing an octal number in the form of '\\\\700';\nwould produce an invalid code point value larger than 0xff in\nnext_state_val(), resulting in an out-of-bounds write memory\ncorruption. (CVE-2017-9226)\n\nOut-of-bounds stack read in mbc_enc_len() during regular expression\nsearching\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod\nin Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack\nout-of-bounds read occurs in mbc_enc_len() during regular expression\nsearching. Invalid handling of reg>dmin in forward_search_range()\ncould result in an invalid pointer dereference, as an out-of-bounds\nread from a stack buffer. CVE-2017-9227 \n\nOut-of-bounds stack read in match_at() during regular expression\nsearching\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod\nin Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack\nout-of-bounds read occurs in match_at() during regular expression\nsearching. A logical error involving order of validation and access in\nmatch_at() could result in an out-of-bounds read from a stack buffer.\n(CVE-2017-9224)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-871.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update php56' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php56-5.6.31-1.134.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-bcmath-5.6.31-1.134.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-cli-5.6.31-1.134.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-common-5.6.31-1.134.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-dba-5.6.31-1.134.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-dbg-5.6.31-1.134.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-debuginfo-5.6.31-1.134.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-devel-5.6.31-1.134.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-embedded-5.6.31-1.134.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-enchant-5.6.31-1.134.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-fpm-5.6.31-1.134.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-gd-5.6.31-1.134.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-gmp-5.6.31-1.134.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-imap-5.6.31-1.134.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-intl-5.6.31-1.134.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-ldap-5.6.31-1.134.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mbstring-5.6.31-1.134.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mcrypt-5.6.31-1.134.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mssql-5.6.31-1.134.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mysqlnd-5.6.31-1.134.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-odbc-5.6.31-1.134.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-opcache-5.6.31-1.134.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-pdo-5.6.31-1.134.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-pgsql-5.6.31-1.134.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-process-5.6.31-1.134.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-pspell-5.6.31-1.134.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-recode-5.6.31-1.134.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-snmp-5.6.31-1.134.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-soap-5.6.31-1.134.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-tidy-5.6.31-1.134.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-xml-5.6.31-1.134.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-xmlrpc-5.6.31-1.134.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php56 / php56-bcmath / php56-cli / php56-common / php56-dba / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T09:11:01", "description": "New php packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix security issues.", "edition": 23, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-10T00:00:00", "title": "Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2017-188-01)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9229", "CVE-2017-9227"], "modified": "2017-07-10T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:14.2", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.0", "p-cpe:/a:slackware:slackware_linux:php", "cpe:/o:slackware:slackware_linux"], "id": "SLACKWARE_SSA_2017-188-01.NASL", "href": "https://www.tenable.com/plugins/nessus/101316", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2017-188-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101316);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-9224\", \"CVE-2017-9226\", \"CVE-2017-9227\", \"CVE-2017-9228\", \"CVE-2017-9229\");\n script_xref(name:\"SSA\", value:\"2017-188-01\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2017-188-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New php packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.438658\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b8c719d3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"php\", pkgver:\"5.6.31\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.6.31\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"php\", pkgver:\"5.6.31\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.6.31\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"php\", pkgver:\"5.6.31\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.6.31\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"php\", pkgver:\"5.6.31\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.6.31\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:44:30", "description": "CVE-2017-9224\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod\nin Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack\nout-of-bounds read occurs in match_at() during regular expression\nsearching. A logical error involving order of validation and access in\nmatch_at() could result in an out-of-bounds read from a stack buffer.\n\nCVE-2017-9226\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod\nin Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap\nout-of-bounds write or read occurs in next_state_val() during regular\nexpression compilation. Octal numbers larger than 0xff are not handled\ncorrectly in fetch_token() and fetch_token_in_cc(). A malformed\nregular expression containing an octal number in the form of '\\700'\nwould produce an invalid code point value larger than 0xff in\nnext_state_val(), resulting in an out-of-bounds write memory\ncorruption.\n\nCVE-2017-9227\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod\nin Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack\nout-of-bounds read occurs in mbc_enc_len() during regular expression\nsearching. Invalid handling of reg-&gt;dmin in forward_search_range()\ncould result in an invalid pointer dereference, as an out-of-bounds\nread from a stack buffer.\n\nCVE-2017-9228\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod\nin Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap\nout-of-bounds write occurs in bitset_set_range() during regular\nexpression compilation due to an uninitialized variable from an\nincorrect state transition. An incorrect state transition in\nparse_char_class() could create an execution path that leaves a\ncritical local variable uninitialized until it's used as an index,\nresulting in an out-of-bounds write memory corruption.\n\nCVE-2017-9229\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod\nin Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV\noccurs in left_adjust_char_head() during regular expression\ncompilation. Invalid handling of reg-&gt;dmax in\nforward_search_range() could result in an invalid pointer dereference,\nnormally as an immediate denial of service condition.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n5.9.1-1+deb7u1.\n\nWe recommend that you upgrade your libonig packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 20, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-05-30T00:00:00", "title": "Debian DLA-958-1 : libonig security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9229", "CVE-2017-9227"], "modified": "2017-05-30T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libonig-dev", "p-cpe:/a:debian:debian_linux:libonig2", "p-cpe:/a:debian:debian_linux:libonig2-dbg", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-958.NASL", "href": "https://www.tenable.com/plugins/nessus/100478", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-958-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100478);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-9224\", \"CVE-2017-9226\", \"CVE-2017-9227\", \"CVE-2017-9228\", \"CVE-2017-9229\");\n\n script_name(english:\"Debian DLA-958-1 : libonig security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2017-9224\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod\nin Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack\nout-of-bounds read occurs in match_at() during regular expression\nsearching. A logical error involving order of validation and access in\nmatch_at() could result in an out-of-bounds read from a stack buffer.\n\nCVE-2017-9226\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod\nin Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap\nout-of-bounds write or read occurs in next_state_val() during regular\nexpression compilation. Octal numbers larger than 0xff are not handled\ncorrectly in fetch_token() and fetch_token_in_cc(). A malformed\nregular expression containing an octal number in the form of '\\700'\nwould produce an invalid code point value larger than 0xff in\nnext_state_val(), resulting in an out-of-bounds write memory\ncorruption.\n\nCVE-2017-9227\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod\nin Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack\nout-of-bounds read occurs in mbc_enc_len() during regular expression\nsearching. Invalid handling of reg-&gt;dmin in forward_search_range()\ncould result in an invalid pointer dereference, as an out-of-bounds\nread from a stack buffer.\n\nCVE-2017-9228\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod\nin Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap\nout-of-bounds write occurs in bitset_set_range() during regular\nexpression compilation due to an uninitialized variable from an\nincorrect state transition. An incorrect state transition in\nparse_char_class() could create an execution path that leaves a\ncritical local variable uninitialized until it's used as an index,\nresulting in an out-of-bounds write memory corruption.\n\nCVE-2017-9229\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod\nin Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV\noccurs in left_adjust_char_head() during regular expression\ncompilation. Invalid handling of reg-&gt;dmax in\nforward_search_range() could result in an invalid pointer dereference,\nnormally as an immediate denial of service condition.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n5.9.1-1+deb7u1.\n\nWe recommend that you upgrade your libonig packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/05/msg00029.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libonig\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected libonig-dev, libonig2, and libonig2-dbg packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libonig-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libonig2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libonig2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libonig-dev\", reference:\"5.9.1-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libonig2\", reference:\"5.9.1-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libonig2-dbg\", reference:\"5.9.1-1+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:14:12", "description": "Multiple security flaws were found on oniguruma currently being\nshipped on Fedora. This new rpm should fix the issue. \n\nFixed CVEs: CVE-2017-9226 CVE-2017-9224 CVE-2017-9227 CVE-2017-9229\nCVE-2017-9228\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-06-13T00:00:00", "title": "Fedora 24 : oniguruma (2017-e2d6d0067f)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9229", "CVE-2017-9227"], "modified": "2017-06-13T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:oniguruma", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-E2D6D0067F.NASL", "href": "https://www.tenable.com/plugins/nessus/100748", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-e2d6d0067f.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100748);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-9224\", \"CVE-2017-9226\", \"CVE-2017-9227\", \"CVE-2017-9228\", \"CVE-2017-9229\");\n script_xref(name:\"FEDORA\", value:\"2017-e2d6d0067f\");\n\n script_name(english:\"Fedora 24 : oniguruma (2017-e2d6d0067f)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security flaws were found on oniguruma currently being\nshipped on Fedora. This new rpm should fix the issue. \n\nFixed CVEs: CVE-2017-9226 CVE-2017-9224 CVE-2017-9227 CVE-2017-9229\nCVE-2017-9228\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2d6d0067f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected oniguruma package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:oniguruma\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"oniguruma-5.9.6-4.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"oniguruma\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:13:01", "description": "**PHP version 7.1.7** (06 Jul 2017)\n\n**Core:**\n\n - Fixed bug php#74738 (Multiple [PATH=] and [HOST=]\n sections not properly parsed). (Manuel Mausz)\n\n - Fixed bug php#74658 (Undefined constants in array\n properties result in broken properties). (Laruence)\n\n - Fixed misparsing of abstract unix domain socket names.\n (Sara)\n\n - Fixed bug php#74603 (PHP INI Parsing Stack Buffer\n Overflow Vulnerability). (Stas)\n\n - Fixed bug php#74101, bug php#74614 (Unserialize Heap\n Use-After-Free (READ: 1) in zval_get_type). (Nikita)\n\n - Fixed bug php#74111 (Heap buffer overread (READ: 1)\n finish_nested_data from unserialize). (Nikita)\n\n - Fixed bug php#74819 (wddx_deserialize() heap\n out-of-bound read via php_parse_date()). (Derick)\n\n**Date:**\n\n - Fixed bug php#74639 (implement clone for DatePeriod and\n DateInterval). (andrewnester)\n\n**DOM:**\n\n - Fixed bug php#69373 (References to deleted XPath query\n results). (ttoohey)\n\n**Intl:**\n\n - Fixed bug php#73473 (Stack Buffer Overflow in\n msgfmt_parse_message). (libnex)\n\n - Fixed bug php#74705 (Wrong reflection on\n Collator::getSortKey and collator_get_sort_key). (Tyson\n Andre, Remi)\n\n**Mbstring:**\n\n - Add oniguruma upstream fix (CVE-2017-9224,\n CVE-2017-9226, CVE-2017-9227, CVE-2017-9228,\n CVE-2017-9229) (Remi, Mamoru TASAKA)\n\n**Opcache:**\n\n - Fixed bug php#74663 (Segfault with\n opcache.memory_protect and validate_timestamp).\n (Laruence)\n\n - Revert opcache.enable_cli to default disabled. (Nikita)\n\n**OpenSSL:**\n\n - Fixed bug php#74720 (pkcs7_en/decrypt does not work if\n \\x1a is used in content). (Anatol)\n\n - Fixed bug php#74651 (negative-size-param (-1) in memcpy\n in zif_openssl_seal()). (Stas)\n\n**Reflection:**\n\n - Fixed bug php#74673 (Segfault when cast Reflection\n object to string with undefined constant). (Laruence)\n\n**SPL:**\n\n - Fixed bug php#74478 (null coalescing operator failing\n with SplFixedArray). (jhdxr)\n\n**FTP:**\n\n - Fixed bug php#74598 (ftp:// wrapper ignores context\n arg). (Sara)\n\n**PHAR:**\n\n - Fixed bug php#74386 (Phar::__construct reflection\n incorrect). (villfa)\n\n**SOAP**\n\n - Fixed bug php#74679 (Incorrect conversion array with\n WSDL_CACHE_MEMORY). (Dmitry)\n\n**Streams:**\n\n - Fixed bug php#74556 (stream_socket_get_name() returns\n '\\0'). (Sara)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 19, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-19T00:00:00", "title": "Fedora 26 : php (2017-b8bb4b86e2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9229", "CVE-2017-9227"], "modified": "2017-07-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-B8BB4B86E2.NASL", "href": "https://www.tenable.com/plugins/nessus/101797", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-b8bb4b86e2.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101797);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-9224\", \"CVE-2017-9226\", \"CVE-2017-9227\", \"CVE-2017-9228\", \"CVE-2017-9229\");\n script_xref(name:\"FEDORA\", value:\"2017-b8bb4b86e2\");\n\n script_name(english:\"Fedora 26 : php (2017-b8bb4b86e2)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**PHP version 7.1.7** (06 Jul 2017)\n\n**Core:**\n\n - Fixed bug php#74738 (Multiple [PATH=] and [HOST=]\n sections not properly parsed). (Manuel Mausz)\n\n - Fixed bug php#74658 (Undefined constants in array\n properties result in broken properties). (Laruence)\n\n - Fixed misparsing of abstract unix domain socket names.\n (Sara)\n\n - Fixed bug php#74603 (PHP INI Parsing Stack Buffer\n Overflow Vulnerability). (Stas)\n\n - Fixed bug php#74101, bug php#74614 (Unserialize Heap\n Use-After-Free (READ: 1) in zval_get_type). (Nikita)\n\n - Fixed bug php#74111 (Heap buffer overread (READ: 1)\n finish_nested_data from unserialize). (Nikita)\n\n - Fixed bug php#74819 (wddx_deserialize() heap\n out-of-bound read via php_parse_date()). (Derick)\n\n**Date:**\n\n - Fixed bug php#74639 (implement clone for DatePeriod and\n DateInterval). (andrewnester)\n\n**DOM:**\n\n - Fixed bug php#69373 (References to deleted XPath query\n results). (ttoohey)\n\n**Intl:**\n\n - Fixed bug php#73473 (Stack Buffer Overflow in\n msgfmt_parse_message). (libnex)\n\n - Fixed bug php#74705 (Wrong reflection on\n Collator::getSortKey and collator_get_sort_key). (Tyson\n Andre, Remi)\n\n**Mbstring:**\n\n - Add oniguruma upstream fix (CVE-2017-9224,\n CVE-2017-9226, CVE-2017-9227, CVE-2017-9228,\n CVE-2017-9229) (Remi, Mamoru TASAKA)\n\n**Opcache:**\n\n - Fixed bug php#74663 (Segfault with\n opcache.memory_protect and validate_timestamp).\n (Laruence)\n\n - Revert opcache.enable_cli to default disabled. (Nikita)\n\n**OpenSSL:**\n\n - Fixed bug php#74720 (pkcs7_en/decrypt does not work if\n \\x1a is used in content). (Anatol)\n\n - Fixed bug php#74651 (negative-size-param (-1) in memcpy\n in zif_openssl_seal()). (Stas)\n\n**Reflection:**\n\n - Fixed bug php#74673 (Segfault when cast Reflection\n object to string with undefined constant). (Laruence)\n\n**SPL:**\n\n - Fixed bug php#74478 (null coalescing operator failing\n with SplFixedArray). (jhdxr)\n\n**FTP:**\n\n - Fixed bug php#74598 (ftp:// wrapper ignores context\n arg). (Sara)\n\n**PHAR:**\n\n - Fixed bug php#74386 (Phar::__construct reflection\n incorrect). (villfa)\n\n**SOAP**\n\n - Fixed bug php#74679 (Incorrect conversion array with\n WSDL_CACHE_MEMORY). (Dmitry)\n\n**Streams:**\n\n - Fixed bug php#74556 (stream_socket_get_name() returns\n '\\0'). (Sara)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-b8bb4b86e2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"php-7.1.7-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:11:10", "description": "**PHP version 5.6.31** (06 Jul 2017)\n\n**Core:**\n\n - Fixed bug php#73807 (Performance problem with processing\n post request over 2000000 chars). (Nikita)\n\n - Fixed bug php#74111 (Heap buffer overread (READ: 1)\n finish_nested_data from unserialize). (Nikita)\n\n - Fixed bug php#74603 (PHP INI Parsing Stack Buffer\n Overflow Vulnerability). (Stas)\n\n - Fixed bug php#74819 (wddx_deserialize() heap\n out-of-bound read via php_parse_date()). (Derick)\n\n**mbstring:**\n\n - Add oniguruma upstream fix (CVE-2017-9224,\n CVE-2017-9226, CVE-2017-9227, CVE-2017-9228,\n CVE-2017-9229) (Remi, Mamoru TASAKA)\n\n**OpenSSL:**\n\n - Fixed bug php#74651 (negative-size-param (-1) in memcpy\n in zif_openssl_seal()). (Stas)\n\n**WDDX:**\n\n - Fixed bug php#74145 (wddx parsing empty boolean tag\n leads to SIGSEGV). (Stas)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-21T00:00:00", "title": "Fedora 24 : php (2017-5ade380ab2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9229", "CVE-2017-9227"], "modified": "2017-07-21T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-5ADE380AB2.NASL", "href": "https://www.tenable.com/plugins/nessus/101864", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-5ade380ab2.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101864);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-9224\", \"CVE-2017-9226\", \"CVE-2017-9227\", \"CVE-2017-9228\", \"CVE-2017-9229\");\n script_xref(name:\"FEDORA\", value:\"2017-5ade380ab2\");\n\n script_name(english:\"Fedora 24 : php (2017-5ade380ab2)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**PHP version 5.6.31** (06 Jul 2017)\n\n**Core:**\n\n - Fixed bug php#73807 (Performance problem with processing\n post request over 2000000 chars). (Nikita)\n\n - Fixed bug php#74111 (Heap buffer overread (READ: 1)\n finish_nested_data from unserialize). (Nikita)\n\n - Fixed bug php#74603 (PHP INI Parsing Stack Buffer\n Overflow Vulnerability). (Stas)\n\n - Fixed bug php#74819 (wddx_deserialize() heap\n out-of-bound read via php_parse_date()). (Derick)\n\n**mbstring:**\n\n - Add oniguruma upstream fix (CVE-2017-9224,\n CVE-2017-9226, CVE-2017-9227, CVE-2017-9228,\n CVE-2017-9229) (Remi, Mamoru TASAKA)\n\n**OpenSSL:**\n\n - Fixed bug php#74651 (negative-size-param (-1) in memcpy\n in zif_openssl_seal()). (Stas)\n\n**WDDX:**\n\n - Fixed bug php#74145 (wddx parsing empty boolean tag\n leads to SIGSEGV). (Stas)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-5ade380ab2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"php-5.6.31-1.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:14:31", "description": "Multiple security flaws were found on the previous version of\noniguruma. This new version should fix the issue. \n\nFixed CVEs: CVE-2017-9226 CVE-2017-9225 CVE-2017-9224 CVE-2017-9227\nCVE-2017-9229 CVE-2017-9228\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-17T00:00:00", "title": "Fedora 26 : oniguruma (2017-ee01a2ced6)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9229", "CVE-2017-9227", "CVE-2017-9225"], "modified": "2017-07-17T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:oniguruma", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-EE01A2CED6.NASL", "href": "https://www.tenable.com/plugins/nessus/101745", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-ee01a2ced6.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101745);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-9224\", \"CVE-2017-9225\", \"CVE-2017-9226\", \"CVE-2017-9227\", \"CVE-2017-9228\", \"CVE-2017-9229\");\n script_xref(name:\"FEDORA\", value:\"2017-ee01a2ced6\");\n\n script_name(english:\"Fedora 26 : oniguruma (2017-ee01a2ced6)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security flaws were found on the previous version of\noniguruma. This new version should fix the issue. \n\nFixed CVEs: CVE-2017-9226 CVE-2017-9225 CVE-2017-9224 CVE-2017-9227\nCVE-2017-9229 CVE-2017-9228\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-ee01a2ced6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected oniguruma package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:oniguruma\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"oniguruma-6.3.0-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"oniguruma\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:11:21", "description": "Multiple security flaws were found on oniguruma currently being\nshipped on Fedora. This new rpm should fix the issue. \n\nFixed CVEs: CVE-2017-9226 CVE-2017-9225 CVE-2017-9224 CVE-2017-9227\nCVE-2017-9229 CVE-2017-9228\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-06-12T00:00:00", "title": "Fedora 25 : oniguruma (2017-60997f0d14)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9229", "CVE-2017-9227", "CVE-2017-9225"], "modified": "2017-06-12T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:25", "p-cpe:/a:fedoraproject:fedora:oniguruma"], "id": "FEDORA_2017-60997F0D14.NASL", "href": "https://www.tenable.com/plugins/nessus/100730", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-60997f0d14.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100730);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-9224\", \"CVE-2017-9225\", \"CVE-2017-9226\", \"CVE-2017-9227\", \"CVE-2017-9228\", \"CVE-2017-9229\");\n script_xref(name:\"FEDORA\", value:\"2017-60997f0d14\");\n\n script_name(english:\"Fedora 25 : oniguruma (2017-60997f0d14)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security flaws were found on oniguruma currently being\nshipped on Fedora. This new rpm should fix the issue. \n\nFixed CVEs: CVE-2017-9226 CVE-2017-9225 CVE-2017-9224 CVE-2017-9227\nCVE-2017-9229 CVE-2017-9228\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-60997f0d14\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected oniguruma package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:oniguruma\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"oniguruma-6.1.3-2.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"oniguruma\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T09:00:51", "description": "According to the versions of the ruby packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in Oniguruma 6.2.0, as used in\n Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP\n through 7.1.5. A stack out-of-bounds read occurs in\n match_at() during regular expression searching. A\n logical error involving order of validation and access\n in match_at() could result in an out-of-bounds read\n from a stack buffer.(CVE-2017-9224)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in\n Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP\n through 7.1.5. A heap out-of-bounds write or read\n occurs in next_state_val() during regular expression\n compilation. Octal numbers larger than 0xff are not\n handled correctly in fetch_token() and\n fetch_token_in_cc(). A malformed regular expression\n containing an octal number in the form of '\\700' would\n produce an invalid code point value larger than 0xff in\n next_state_val(), resulting in an out-of-bounds write\n memory corruption.(CVE-2017-9226)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in\n Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP\n through 7.1.5. A stack out-of-bounds read occurs in\n mbc_enc_len() during regular expression searching.\n Invalid handling of reg->dmin in forward_search_range()\n could result in an invalid pointer dereference, as an\n out-of-bounds read from a stack buffer.(CVE-2017-9227)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in\n Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP\n through 7.1.5. A heap out-of-bounds write occurs in\n bitset_set_range() during regular expression\n compilation due to an uninitialized variable from an\n incorrect state transition. An incorrect state\n transition in parse_char_class() could create an\n execution path that leaves a critical local variable\n uninitialized until it's used as an index, resulting in\n an out-of-bounds write memory\n corruption.(CVE-2017-9228)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-12-10T00:00:00", "title": "EulerOS 2.0 SP2 : ruby (EulerOS-SA-2019-2403)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9227"], "modified": "2019-12-10T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:ruby-libs", "p-cpe:/a:huawei:euleros:ruby-irb", "p-cpe:/a:huawei:euleros:ruby", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2403.NASL", "href": "https://www.tenable.com/plugins/nessus/131895", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131895);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-9224\",\n \"CVE-2017-9226\",\n \"CVE-2017-9227\",\n \"CVE-2017-9228\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : ruby (EulerOS-SA-2019-2403)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ruby packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in Oniguruma 6.2.0, as used in\n Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP\n through 7.1.5. A stack out-of-bounds read occurs in\n match_at() during regular expression searching. A\n logical error involving order of validation and access\n in match_at() could result in an out-of-bounds read\n from a stack buffer.(CVE-2017-9224)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in\n Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP\n through 7.1.5. A heap out-of-bounds write or read\n occurs in next_state_val() during regular expression\n compilation. Octal numbers larger than 0xff are not\n handled correctly in fetch_token() and\n fetch_token_in_cc(). A malformed regular expression\n containing an octal number in the form of '\\700' would\n produce an invalid code point value larger than 0xff in\n next_state_val(), resulting in an out-of-bounds write\n memory corruption.(CVE-2017-9226)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in\n Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP\n through 7.1.5. A stack out-of-bounds read occurs in\n mbc_enc_len() during regular expression searching.\n Invalid handling of reg->dmin in forward_search_range()\n could result in an invalid pointer dereference, as an\n out-of-bounds read from a stack buffer.(CVE-2017-9227)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in\n Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP\n through 7.1.5. A heap out-of-bounds write occurs in\n bitset_set_range() during regular expression\n compilation due to an uninitialized variable from an\n incorrect state transition. An incorrect state\n transition in parse_char_class() could create an\n execution path that leaves a critical local variable\n uninitialized until it's used as an index, resulting in\n an out-of-bounds write memory\n corruption.(CVE-2017-9228)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2403\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bde7aae9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"ruby-2.0.0.648-33.h16\",\n \"ruby-irb-2.0.0.648-33.h16\",\n \"ruby-libs-2.0.0.648-33.h16\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2021-02-02T06:36:51", "description": "An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-05-24T15:29:00", "title": "CVE-2017-9224", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9224"], "modified": "2018-10-31T10:30:00", "cpe": ["cpe:/a:ruby-lang:ruby:2.4.1", "cpe:/a:php:php:7.1.5", "cpe:/a:oniguruma_project:oniguruma:6.2.0"], "id": "CVE-2017-9224", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9224", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:php:php:7.1.5:*:*:*:*:oniguruma-mod:*:*", "cpe:2.3:a:oniguruma_project:oniguruma:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ruby-lang:ruby:2.4.1:*:*:*:*:oniguruma-mod:*:*"]}, {"lastseen": "2021-02-02T06:36:51", "description": "An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-05-24T15:29:00", "title": "CVE-2017-9229", "type": "cve", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9229"], "modified": "2018-05-04T01:29:00", "cpe": ["cpe:/a:ruby-lang:ruby:2.4.1", "cpe:/a:php:php:7.1.5", "cpe:/a:oniguruma_project:oniguruma:6.2.0"], "id": "CVE-2017-9229", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9229", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:php:php:7.1.5:*:*:*:*:oniguruma-mod:*:*", "cpe:2.3:a:oniguruma_project:oniguruma:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ruby-lang:ruby:2.4.1:*:*:*:*:oniguruma-mod:*:*"]}, {"lastseen": "2021-02-02T06:36:51", "description": "An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-05-24T15:29:00", "title": "CVE-2017-9227", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9227"], "modified": "2018-05-04T01:29:00", "cpe": ["cpe:/a:ruby-lang:ruby:2.4.1", "cpe:/a:php:php:7.1.5", "cpe:/a:oniguruma_project:oniguruma:6.2.0"], "id": "CVE-2017-9227", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9227", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:php:php:7.1.5:*:*:*:*:oniguruma-mod:*:*", "cpe:2.3:a:oniguruma_project:oniguruma:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ruby-lang:ruby:2.4.1:*:*:*:*:oniguruma-mod:*:*"]}, {"lastseen": "2021-02-02T06:36:50", "description": "The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.", "edition": 6, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-08-02T19:29:00", "title": "CVE-2017-7890", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7890"], "modified": "2018-05-04T01:29:00", "cpe": ["cpe:/a:php:php:7.0.7", "cpe:/a:php:php:7.0.6", "cpe:/a:php:php:5.6.30", "cpe:/a:php:php:7.1.4", "cpe:/a:php:php:7.0.20", "cpe:/a:php:php:7.0.18", "cpe:/a:php:php:7.0.3", "cpe:/a:php:php:7.0.2", "cpe:/a:php:php:7.0.14", "cpe:/a:php:php:7.0.9", "cpe:/a:php:php:7.1.6", "cpe:/a:php:php:7.0.5", "cpe:/a:php:php:7.0.16", "cpe:/a:php:php:7.1.5", "cpe:/a:php:php:7.1.3", "cpe:/a:php:php:7.0.10", "cpe:/a:php:php:7.0.15", "cpe:/a:php:php:7.1.1", "cpe:/a:php:php:7.0.0", "cpe:/a:php:php:7.1.0", "cpe:/a:php:php:7.0.19", "cpe:/a:php:php:7.0.1", "cpe:/a:php:php:7.0.8", "cpe:/a:php:php:7.1.2", "cpe:/a:php:php:7.0.17", "cpe:/a:php:php:7.0.11", "cpe:/a:php:php:7.0.4", "cpe:/a:php:php:7.0.13", "cpe:/a:php:php:7.0.12"], "id": "CVE-2017-7890", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7890", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:php:php:7.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.30:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:51", "description": "An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-05-24T15:29:00", "title": "CVE-2017-9226", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9226"], "modified": "2018-10-31T10:30:00", "cpe": ["cpe:/a:ruby-lang:ruby:2.4.1", "cpe:/a:php:php:7.1.5", "cpe:/a:oniguruma_project:oniguruma:6.2.0"], "id": "CVE-2017-9226", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9226", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:php:php:7.1.5:*:*:*:*:oniguruma-mod:*:*", "cpe:2.3:a:oniguruma_project:oniguruma:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ruby-lang:ruby:2.4.1:*:*:*:*:oniguruma-mod:*:*"]}, {"lastseen": "2021-02-02T06:36:51", "description": "An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-05-24T15:29:00", "title": "CVE-2017-9228", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9228"], "modified": "2018-05-04T01:29:00", "cpe": ["cpe:/a:ruby-lang:ruby:2.4.1", "cpe:/a:php:php:7.1.5", "cpe:/a:oniguruma_project:oniguruma:6.2.0"], "id": "CVE-2017-9228", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9228", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:php:php:7.1.5:*:*:*:*:oniguruma-mod:*:*", "cpe:2.3:a:oniguruma_project:oniguruma:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ruby-lang:ruby:2.4.1:*:*:*:*:oniguruma-mod:*:*"]}], "freebsd": [{"lastseen": "2019-05-29T18:32:15", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9227"], "description": "\nthe PHP project reports:\n\n\nA stack out-of-bounds read occurs in match_at() during regular\n\t expression searching. A logical error involving order of validation\n\t and access in match_at() could result in an out-of-bounds read from\n\t a stack buffer (CVE-2017-9224).\nA heap out-of-bounds write or read occurs in next_state_val()\n\t during regular expression compilation. Octal numbers larger than 0xff\n\t are not handled correctly in fetch_token() and fetch_token_in_cc().\n\t A malformed regular expression containing an octal number in the form\n\t of '\\700' would produce an invalid code point value larger than 0xff\n\t in next_state_val(), resulting in an out-of-bounds write memory\n\t corruption (CVE-2017-9226).\nA stack out-of-bounds read occurs in mbc_enc_len() during regular\n\t expression searching. Invalid handling of reg->dmin in\n\t forward_search_range() could result in an invalid pointer dereference,\n\t as an out-of-bounds read from a stack buffer (CVE-2017-9227).\nA heap out-of-bounds write occurs in bitset_set_range() during\n\t regular expression compilation due to an uninitialized variable from\n\t an incorrect state transition. An incorrect state transition in\n\t parse_char_class() could create an execution path that leaves a\n\t critical local variable uninitialized until it's used as an index,\n\t resulting in an out-of-bounds write memory corruption (CVE-2017-9228).\nA SIGSEGV occurs in left_adjust_char_head() during regular expression\n\t compilation. Invalid handling of reg->dmax in forward_search_range() could\n\t result in an invalid pointer dereference, normally as an immediate\n\t denial-of-service condition (CVE-2017-9228).\n\n\n", "edition": 7, "modified": "2018-01-04T00:00:00", "published": "2017-07-06T00:00:00", "id": "B396CF6C-62E6-11E7-9DEF-B499BAEBFEAF", "href": "https://vuxml.freebsd.org/freebsd/b396cf6c-62e6-11e7-9def-b499baebfeaf.html", "title": "oniguruma -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:10", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7890"], "description": "\nPHP developers report:\n\nThe GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.\n\n", "edition": 4, "modified": "2017-08-02T00:00:00", "published": "2017-08-02T00:00:00", "id": "5033E2FC-98EC-4EF5-8E0B-87CFBBC73081", "href": "https://vuxml.freebsd.org/freebsd/5033e2fc-98ec-4ef5-8e0b-87cfbbc73081.html", "title": "php-gd and gd -- Buffer over-read into uninitialized memory", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "ubuntu": [{"lastseen": "2020-07-02T11:39:41", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10397", "CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-11143", "CVE-2017-9229", "CVE-2017-9227", "CVE-2017-11628", "CVE-2017-11147", "CVE-2017-11145", "CVE-2017-11144"], "description": "USN-3382-1 fixed several vulnerabilities in PHP. This update provides \nthe corresponding update for Ubuntu 12.04 ESM.\n\nOriginal advisory details:\n\nIt was discovered that the PHP URL parser incorrectly handled certain URI \ncomponents. A remote attacker could possibly use this issue to bypass \nhostname-specific URL checks. (CVE-2016-10397)\n\nIt was discovered that PHP incorrectly handled certain boolean parameters \nwhen unserializing data. A remote attacker could possibly use this issue to \ncause PHP to crash, resulting in a denial of service. (CVE-2017-11143)\n\nSebastian Li, Wei Lei, Xie Xiaofei, and Liu Yang discovered that PHP \nincorrectly handled the OpenSSL sealing function. A remote attacker could \npossibly use this issue to cause PHP to crash, resulting in a denial of \nservice. (CVE-2017-11144)\n\nWei Lei and Liu Yang discovered that the PHP date extension incorrectly \nhandled memory. A remote attacker could possibly use this issue to disclose \nsensitive information from the server. (CVE-2017-11145)\n\nIt was discovered that PHP incorrectly handled certain PHAR archives. A \nremote attacker could use this issue to cause PHP to crash or disclose \nsensitive information. This issue only affected Ubuntu 14.04 LTS. \n(CVE-2017-11147)\n\nWei Lei and Liu Yang discovered that PHP incorrectly handled parsing ini \nfiles. An attacker could possibly use this issue to cause PHP to crash, \nresulting in a denial of service. (CVE-2017-11628)\n\nIt was discovered that PHP mbstring incorrectly handled certain regular \nexpressions. A remote attacker could use this issue to cause PHP to crash, \nresulting in a denial of service, or possibly execute arbitrary code. \n(CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229)", "edition": 6, "modified": "2017-12-18T00:00:00", "published": "2017-12-18T00:00:00", "id": "USN-3382-2", "href": "https://ubuntu.com/security/notices/USN-3382-2", "title": "PHP vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T11:44:38", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10397", "CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-11143", "CVE-2017-9229", "CVE-2017-9227", "CVE-2017-11628", "CVE-2015-8994", "CVE-2017-11147", "CVE-2017-11362", "CVE-2017-11145", "CVE-2017-11144"], "description": "It was discovered that the PHP opcache created keys for files it cached \nbased on their filepath. A local attacker could possibly use this issue in \na shared hosting environment to obtain sensitive information. This issue \nonly affected Ubuntu 14.04 LTS. (CVE-2015-8994)\n\nIt was discovered that the PHP URL parser incorrectly handled certain URI \ncomponents. A remote attacker could possibly use this issue to bypass \nhostname-specific URL checks. This issue only affected Ubuntu 14.04 LTS. \n(CVE-2016-10397)\n\nIt was discovered that PHP incorrectly handled certain boolean parameters \nwhen unserializing data. A remote attacker could possibly use this issue to \ncause PHP to crash, resulting in a denial of service. This issue only \naffected Ubuntu 14.04 LTS. (CVE-2017-11143)\n\nSebastian Li, Wei Lei, Xie Xiaofei, and Liu Yang discovered that PHP \nincorrectly handled the OpenSSL sealing function. A remote attacker could \npossibly use this issue to cause PHP to crash, resulting in a denial of \nservice. (CVE-2017-11144)\n\nWei Lei and Liu Yang discovered that the PHP date extension incorrectly \nhandled memory. A remote attacker could possibly use this issue to disclose \nsensitive information from the server. (CVE-2017-11145)\n\nIt was discovered that PHP incorrectly handled certain PHAR archives. A \nremote attacker could use this issue to cause PHP to crash or disclose \nsensitive information. This issue only affected Ubuntu 14.04 LTS. \n(CVE-2017-11147)\n\nIt was discovered that PHP incorrectly handled locale length. A remote \nattacker could possibly use this issue to cause PHP to crash, resulting in \na denial of service. (CVE-2017-11362)\n\nWei Lei and Liu Yang discovered that PHP incorrectly handled parsing ini \nfiles. An attacker could possibly use this issue to cause PHP to crash, \nresulting in a denial of service. (CVE-2017-11628)\n\nIt was discovered that PHP mbstring incorrectly handled certain regular \nexpressions. A remote attacker could use this issue to cause PHP to crash, \nresulting in a denial of service, or possibly execute arbitrary code. \n(CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229)", "edition": 5, "modified": "2017-08-10T00:00:00", "published": "2017-08-10T00:00:00", "id": "USN-3382-1", "href": "https://ubuntu.com/security/notices/USN-3382-1", "title": "PHP vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T11:40:52", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7890"], "description": "USN-3389-1 fixed a vulnerability in GD Graphics Library. \nThis update provides the corresponding update for Ubuntu 12.04 ESM.\n\nOriginal advisory details:\n\nA vulnerability was discovered in GD Graphics Library (aka libgd), \nas used in PHP that does not zero colorMap arrays before use. \nA specially crafted GIF image could use the uninitialized tables to \nread bytes from the top of the stack.", "edition": 6, "modified": "2017-08-14T00:00:00", "published": "2017-08-14T00:00:00", "id": "USN-3389-2", "href": "https://ubuntu.com/security/notices/USN-3389-2", "title": "GD vulnerability", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-07-02T11:39:15", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7890"], "description": "A vulnerability was discovered in GD Graphics Library (aka libgd), \nas used in PHP that does not zero colorMap arrays before use. \nA specially crafted GIF image could use the uninitialized tables to \nread bytes from the top of the stack.", "edition": 5, "modified": "2017-08-14T00:00:00", "published": "2017-08-14T00:00:00", "id": "USN-3389-1", "href": "https://ubuntu.com/security/notices/USN-3389-1", "title": "GD vulnerability", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:46:45", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7890"], "description": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nSecurity Fix(es):\n\n* php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function (CVE-2017-7890)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2018-04-12T03:32:39", "published": "2018-03-06T23:36:35", "id": "RHSA-2018:0406", "href": "https://access.redhat.com/errata/RHSA-2018:0406", "type": "redhat", "title": "(RHSA-2018:0406) Moderate: php security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "centos": [{"lastseen": "2020-12-08T03:35:14", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7890"], "description": "**CentOS Errata and Security Advisory** CESA-2018:0406\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nSecurity Fix(es):\n\n* php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function (CVE-2017-7890)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2018-March/034810.html\n\n**Affected packages:**\nphp\nphp-bcmath\nphp-cli\nphp-common\nphp-dba\nphp-devel\nphp-embedded\nphp-enchant\nphp-fpm\nphp-gd\nphp-intl\nphp-ldap\nphp-mbstring\nphp-mysql\nphp-mysqlnd\nphp-odbc\nphp-pdo\nphp-pgsql\nphp-process\nphp-pspell\nphp-recode\nphp-snmp\nphp-soap\nphp-xml\nphp-xmlrpc\n\n**Upstream details at:**\n", "edition": 4, "modified": "2018-03-10T01:07:54", "published": "2018-03-10T01:07:54", "href": "http://lists.centos.org/pipermail/centos-announce/2018-March/034810.html", "id": "CESA-2018:0406", "type": "centos", "title": "php security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:25", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7890"], "description": "[5.4.16-43.1]\n- gd: fix buffer over-read into uninitialized memory CVE-2017-7890", "edition": 4, "modified": "2018-03-07T00:00:00", "published": "2018-03-07T00:00:00", "id": "ELSA-2018-0406", "href": "http://linux.oracle.com/errata/ELSA-2018-0406.html", "title": "php security update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}]}