Lucene search

K

Fedora 22 : php-5.6.13-1.fc22 (2015-14977)

🗓️ 15 Sep 2015 00:00:00Reported by This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.Type 
nessus
 nessus
🔗 www.tenable.com👁 24 Views

PHP 5.6.13 security updates with vulnerability fixe

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
OSV
php5 - security update
13 Sep 201500:00
osv
OSV
php5 - security update
8 Nov 201500:00
osv
OSV
CVE-2016-9936
4 Jan 201720:59
osv
OpenVAS
Debian: Security Advisory (DSA-3358-1)
12 Sep 201500:00
openvas
OpenVAS
Debian Security Advisory DSA 3358-1 (php5 - security update)
13 Sep 201500:00
openvas
OpenVAS
Fedora Update for php FEDORA-2015-14976
7 Oct 201500:00
openvas
OpenVAS
Amazon Linux: Security Advisory (ALAS-2016-670)
17 Mar 201600:00
openvas
OpenVAS
Mageia: Security Advisory (MGASA-2015-0365)
28 Jan 202200:00
openvas
OpenVAS
Fedora Update for php FEDORA-2015-14977
7 Oct 201500:00
openvas
OpenVAS
Slackware: Security Advisory (SSA:2015-274-02)
21 Apr 202200:00
openvas
Rows per page
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2015-14977.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(85934);
  script_version("2.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838");
  script_xref(name:"FEDORA", value:"2015-14977");

  script_name(english:"Fedora 22 : php-5.6.13-1.fc22 (2015-14977)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"03 Sep 2015, **PHP 5.6.13** **Core:** * Fixed bug #69900 (Too long
timeout on pipes). (Anatol) * Fixed bug #69487 (SAPI may truncate POST
data). (cmb) * Fixed bug #70198 (Checking liveness does not work as
expected). (Shafreeck Sea, Anatol Belski) * Fixed bug #70172 (Use
After Free Vulnerability in unserialize()). (Stas) * Fixed bug #70219
(Use after free vulnerability in session deserializer). (taoguangchen
at icloud dot com) **CLI server:** * Fixed bug #66606 (Sets
HTTP_CONTENT_TYPE but not CONTENT_TYPE). (wusuopu, cmb) * Fixed bug
#70264 (CLI server directory traversal). (cmb) **Date:** * Fixed bug
#70266 (DateInterval::__construct.interval_spec is not supposed to be
optional). (cmb)

  - Fixed bug #70277 (new DateTimeZone($foo) is ignoring
    text after null byte). (cmb) **EXIF:** * Fixed bug
    #70385 (Buffer over-read in exif_read_data with TIFF IFD
    tag byte value of 32 bytes). (Stas) **hash:** * Fixed
    bug #70312 (HAVAL gives wrong hashes in specific cases).
    (letsgolee at naver dot com) **MCrypt:** * Fixed bug
    #69833 (mcrypt fd caching not working). (Anatol)
    **Opcache:** * Fixed bug #70237 (Empty while and
    do-while segmentation fault with opcode on CLI enabled).
    (Dmitry, Laruence) **PCRE:** * Fixed bug #70232
    (Incorrect bump-along behavior with \K and empty string
    match). (cmb) * Fixed bug #70345 (Multiple
    vulnerabilities related to PCRE functions). (Anatol
    Belski) **SOAP:** * Fixed bug #70388 (SOAP
    serialize_function_call() type confusion / RCE). (Stas)
    **SPL:** * Fixed bug #70290 (NULL pointer deref
    (segfault) in spl_autoload via ob_start). (hugh at
    allthethings dot co dot nz) * Fixed bug #70303
    (Incorrect constructor reflection for ArrayObject).
    (cmb) * Fixed bug #70365 (Use-after-free vulnerability
    in unserialize() with SplObjectStorage). (taoguangchen
    at icloud dot com) * Fixed bug #70366 (Use-after-free
    vulnerability in unserialize() with
    SplDoublyLinkedList). (taoguangchen at icloud dot com)
    **Standard:** * Fixed bug #70052 (getimagesize() fails
    for very large and very small WBMP). (cmb) * Fixed bug
    #70157 (parse_ini_string() segmentation fault with
    INI_SCANNER_TYPED). (Tjerk) **XSLT:** * Fixed bug #69782
    (NULL pointer dereference). (Stas)

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260642"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260647"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260667"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260671"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260674"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260683"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260695"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260707"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260711"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260734"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260741"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260748"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2015-September/166357.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?a6eb2851"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected php package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/09/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/15");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^22([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC22", reference:"php-5.6.13-1.fc22")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php");
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
15 Sep 2015 00:00Current
8.9High risk
Vulners AI Score8.9
CVSS27.5
CVSS39.8
EPSS0.201
24
.json
Report