Lucene search
K

Fedora 22 : php-5.6.14-1.fc22 (2015-b24a52fc97)

🗓️ 04 Mar 2016 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 11 Views

PHP 5.6.14 security updates including fixes for various PHP module

Refs
Code
SourceLink
nessuswww.nessus.org/u
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2015-b24a52fc97.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(89374);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_xref(name:"FEDORA", value:"2015-b24a52fc97");

  script_name(english:"Fedora 22 : php-5.6.14-1.fc22 (2015-b24a52fc97)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"01 Oct 2015, **PHP 5.6.14** **Core:** * Fixed bug php#70370 (Bundled
libtool.m4 doesn't handle FreeBSD 10 when building extensions). (Adam)
**CLI server:** * Fixed bug php#68291 (404 on urls with '+'). (cmb)
**DOM:** * Fixed bug php#70001 (Assigning to DOMNode::textContent does
additional entity encoding). (cmb) **Mysqlnd:** * Fixed bug php#70456
(mysqlnd doesn't activate TCP keep-alive when connecting to a server).
(Sergei Turchanov) **OpenSSL:** * Fixed bug php#55259 (openssl
extension does not get the DH parameters from DH key resource). (Jakub
Zelenka) * Fixed bug php#70395 (Missing ARG_INFO for openssl_seal()).
(cmb) * Fixed bug php#60632 (openssl_seal fails with AES). (Jakub
Zelenka) * Fixed bug php#68312 (Lookup for openssl.cnf causes a
message box). (Anatol) **PDO:** * Fixed bug php#70389 (PDO constructor
changes unrelated variables). (Laruence) **Phar:** * Fixed bug
php#69720 (NULL pointer dereference in phar_get_fp_offset()). (Stas) *
Fixed bug php#70433 (Uninitialized pointer in phar_make_dirstream when
zip entry filename is '/'). (Stas) **Phpdbg:** * Fix
phpdbg_break_next() sometimes not breaking. (Bob) **Standard:** *
Fixed bug php#67131 (setcookie() conditional for empty values not
met). (cmb) **Streams:** * Fixed bug php#70361 (HTTP stream wrapper
doesn't close keep-alive connections). (Niklas Keller)

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2015-October/169288.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?727bc06f"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected php package.");
  script_set_attribute(attribute:"risk_factor", value:"High");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/10/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/04");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^22([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC22", reference:"php-5.6.14-1.fc22")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php");
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

11 Jan 2021 00:00Current
5.5Medium risk
Vulners AI Score5.5
11