Lucene search

K

Fedora 30 : php (2019-ec40d89812)

PHP version 7.2.21 update with multiple bug fixes and security patches including heap-buffer-overflow, memory leak, and segmentation fault vulnerabilities

Show more
Related
Refs
Code
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2019-ec40d89812.
#

include('compat.inc');

if (description)
{
  script_id(127535);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/07");

  script_cve_id("CVE-2019-11041", "CVE-2019-11042");
  script_xref(name:"FEDORA", value:"2019-ec40d89812");

  script_name(english:"Fedora 30 : php (2019-ec40d89812)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"**PHP version 7.2.21** (01 Aug 2019)

**Date:**

  - Fixed bug php#69044 (discrepency between time and
    microtime). (krakjoe)

**EXIF:**

  - Fixed bug php#78256 (heap-buffer-overflow on
    exif_process_user_comment). (CVE-2019-11042) (Stas)

  - Fixed bug php#78222 (heap-buffer-overflow on
    exif_scan_thumbnail). (CVE-2019-11041) (Stas)

**Fileinfo:**

  - Fixed bug php#78183 (finfo_file shows wrong mime-type
    for .tga file). (Joshua Westerheide)

**FTP:**

  - Fixed bug php#77124 (FTP with SSL memory leak). (Nikita)

**Libxml:**

  - Fixed bug php#78279 (libxml_disable_entity_loader
    settings is shared between requests (cgi-fcgi)).
    (Nikita)

**LiteSpeed:**

  - Updated to LiteSpeed SAPI V7.4.3 (increased response
    header count limit from 100 to 1000, added crash handler
    to cleanly shutdown PHP request, added CloudLinux
    mod_lsapi mode). (George Wang)

  - Fixed bug php#76058 (After 'POST data can't be
    buffered', using php://input makes huge tmp files).
    (George Wang)

**Openssl:**

  - Fixed bug php#78231 (Segmentation fault upon
    stream_socket_accept of exported socket-to-stream).
    (Nikita)

**OPcache:**

  - Fixed bug php#78189 (file cache strips last character of
    uname hash). (cmb)

  - Fixed bug php#78202 (Opcache stats for cache hits are
    capped at 32bit NUM). (cmb)

  - Fixed bug php#78291 (opcache_get_configuration doesn't
    list all directives). (Andrew Collington)

**Phar:**

  - Fixed bug php#77919 (Potential UAF in Phar RSHUTDOWN).
    (cmb)

**Phpdbg:**

  - Fixed bug php#78297 (Include unexistent file memory
    leak). (Nikita)

**PDO_Sqlite:**

  - Fixed bug php#78192 (SegFault when reuse statement after
    schema has changed). (Vincent Quatrevieux)

**Standard:**

  - Fixed bug php#78241 (touch() does not handle dates after
    2038 in PHP 64-bit). (cmb)

  - Fixed bug php#78269 (password_hash uses weak options for
    argon2). (Remi)

**XMLRPC:**

  - Fixed bug php#78173 (XML-RPC mutates immutable objects
    during encoding). (Asher Baker)

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-ec40d89812");
  script_set_attribute(attribute:"solution", value:
"Update the affected php package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11042");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/08/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC30", reference:"php-7.3.8-1.fc30")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php");
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo