Lucene search
This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.MANDRIVA_MDVSA-2014-130.NASLHistoryJul 10, 2014 - 12:00 a.m.
Mandriva Linux Security Advisory : php (MDVSA-2014:130)
2014-07-1000:00:00
This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.
www.tenable.com
12
Updated php packages fix security vulnerabilities :
The unserialize() function in PHP before 5.4.30 and 5.5.14 has a Type Confusion issue related to the SPL ArrayObject and SPLObjectStorage Types (CVE-2014-3515).
It was discovered that PHP is vulnerable to a heap-based buffer overflow in the DNS TXT record parsing. A malicious server or man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application uses dns_get_record() to perform a DNS query (CVE-2014-4049).
A flaw was found in the way file parsed property information from Composite Document Files (CDF) files, where the mconvert() function did not correctly compute the truncated pascal string size (CVE-2014-3478).
Multiple flaws were found in the way file parsed property information from Composite Document Files (CDF) files, due to insufficient boundary checks on buffers (CVE-2014-0207, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487).
PHP contains a bundled copy of the file utility’s libmagic library, so it was vulnerable to this issue. It has been updated to versions 5.5.14, which fix this issue and several other bugs.
The phpinfo() function in PHP before 5.4.30 and 5.5.14 has a Type Confusion issue that can cause it to leak arbitrary process memory (CVE-2014-4721).
Additionally, php-apc has been rebuilt against the updated php packages and the php-timezonedb packages has been upgraded to the 2014.5 version.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandriva Linux Security Advisory MDVSA-2014:130.
# The text itself is copyright (C) Mandriva S.A.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(76438);
script_version("1.11");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2014-0207", "CVE-2014-3478", "CVE-2014-3479", "CVE-2014-3480", "CVE-2014-3487", "CVE-2014-3515", "CVE-2014-4049", "CVE-2014-4721");
script_bugtraq_id(68007, 68120, 68237, 68238, 68239, 68241, 68243, 68423);
script_xref(name:"MDVSA", value:"2014:130");
script_name(english:"Mandriva Linux Security Advisory : php (MDVSA-2014:130)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Mandriva Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated php packages fix security vulnerabilities :
The unserialize() function in PHP before 5.4.30 and 5.5.14 has a Type
Confusion issue related to the SPL ArrayObject and SPLObjectStorage
Types (CVE-2014-3515).
It was discovered that PHP is vulnerable to a heap-based buffer
overflow in the DNS TXT record parsing. A malicious server or
man-in-the-middle attacker could possibly use this flaw to execute
arbitrary code as the PHP interpreter if a PHP application uses
dns_get_record() to perform a DNS query (CVE-2014-4049).
A flaw was found in the way file parsed property information from
Composite Document Files (CDF) files, where the mconvert() function
did not correctly compute the truncated pascal string size
(CVE-2014-3478).
Multiple flaws were found in the way file parsed property information
from Composite Document Files (CDF) files, due to insufficient
boundary checks on buffers (CVE-2014-0207, CVE-2014-3479,
CVE-2014-3480, CVE-2014-3487).
PHP contains a bundled copy of the file utility's libmagic library, so
it was vulnerable to this issue. It has been updated to versions
5.5.14, which fix this issue and several other bugs.
The phpinfo() function in PHP before 5.4.30 and 5.5.14 has a Type
Confusion issue that can cause it to leak arbitrary process memory
(CVE-2014-4721).
Additionally, php-apc has been rebuilt against the updated php
packages and the php-timezonedb packages has been upgraded to the
2014.5 version."
);
script_set_attribute(
attribute:"see_also",
value:"http://advisories.mageia.org/MGASA-2014-0284.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.php.net/ChangeLog-5.php#5.5.14"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_php");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64php5_common5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-apc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-apc-admin");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-bcmath");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-bz2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-calendar");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-cgi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-cli");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-ctype");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-curl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-dba");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-dom");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-enchant");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-exif");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-fileinfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-filter");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-fpm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-ftp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-gd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-gettext");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-gmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-hash");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-iconv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-imap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-ini");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-intl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-json");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-ldap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mbstring");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mcrypt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mssql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mysqli");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mysqlnd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-odbc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-opcache");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-openssl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pcntl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pdo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pdo_dblib");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pdo_mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pdo_odbc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pdo_pgsql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pdo_sqlite");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pgsql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-phar");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-posix");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-readline");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-recode");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-session");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-shmop");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-snmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-soap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sockets");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sqlite3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sybase_ct");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sysvmsg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sysvsem");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sysvshm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-tidy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-timezonedb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-tokenizer");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-wddx");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-xml");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-xmlreader");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-xmlrpc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-xmlwriter");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-xsl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-zip");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-zlib");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");
script_set_attribute(attribute:"patch_publication_date", value:"2014/07/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/10");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"apache-mod_php-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64php5_common5-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-apc-3.1.15-1.8.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-apc-admin-3.1.15-1.8.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-bcmath-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-bz2-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-calendar-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-cgi-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-cli-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-ctype-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-curl-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-dba-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-devel-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", reference:"php-doc-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-dom-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-enchant-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-exif-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-fileinfo-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-filter-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-fpm-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-ftp-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-gd-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-gettext-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-gmp-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-hash-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-iconv-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-imap-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-ini-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-intl-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-json-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-ldap-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-mbstring-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-mcrypt-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-mssql-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-mysql-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-mysqli-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-mysqlnd-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-odbc-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-opcache-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-openssl-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-pcntl-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-pdo-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-pdo_dblib-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-pdo_mysql-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-pdo_odbc-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-pdo_pgsql-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-pdo_sqlite-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-pgsql-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-phar-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-posix-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-readline-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-recode-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-session-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-shmop-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-snmp-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-soap-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-sockets-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-sqlite3-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-sybase_ct-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-sysvmsg-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-sysvsem-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-sysvshm-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-tidy-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-timezonedb-2014.5-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-tokenizer-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-wddx-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-xml-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-xmlreader-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-xmlrpc-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-xmlwriter-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-xsl-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-zip-5.5.14-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"php-zlib-5.5.14-1.mbs1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mandriva | linux | apache-mod_php | p-cpe:/a:mandriva:linux:apache-mod_php |
| mandriva | linux | lib64php5_common5 | p-cpe:/a:mandriva:linux:lib64php5_common5 |
| mandriva | linux | php-apc | p-cpe:/a:mandriva:linux:php-apc |
| mandriva | linux | php-apc-admin | p-cpe:/a:mandriva:linux:php-apc-admin |
| mandriva | linux | php-bcmath | p-cpe:/a:mandriva:linux:php-bcmath |
| mandriva | linux | php-bz2 | p-cpe:/a:mandriva:linux:php-bz2 |
| mandriva | linux | php-calendar | p-cpe:/a:mandriva:linux:php-calendar |
| mandriva | linux | php-cgi | p-cpe:/a:mandriva:linux:php-cgi |
| mandriva | linux | php-cli | p-cpe:/a:mandriva:linux:php-cli |
| mandriva | linux | php-ctype | p-cpe:/a:mandriva:linux:php-ctype |
References
advisories.mageia.org/MGASA-2014-0284.html
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721
www.php.net/ChangeLog-5.php#5.5.14
Related
mageia
mageia
Updated php packages fix multiple vulnerabilities
2014-07-09 02:30:04
Updated php packages fix multiple vulnerabilities
2014-07-09 02:29:20
Updated file packages fix security vulnerabilities
2014-07-04 22:26:27
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0284)
2022-01-28 00:00:00
Debian Security Advisory DSA 2974-1 (php5 - security update)
2014-07-08 00:00:00
Debian: Security Advisory (DSA-2974-1)
2014-07-07 00:00:00
osv
osv
php5 - security update
2014-07-08 00:00:00
php5 - security update
2014-07-23 00:00:00
file - security update
2014-07-31 00:00:00
debian
debian
[SECURITY] [DSA 2974-1] php5 security update
2014-07-08 21:34:45
[SECURITY] [DSA 2974-1] php5 security update
2014-07-08 21:34:45
[DLA-0018-1] php5 security update
2014-07-23 19:10:58
nessus
nessus
PHP 5.5.x < 5.5.14 Multiple Vulnerabilities
2014-06-27 00:00:00
PHP 5.4.x < 5.4.30 Multiple Vulnerabilities
2014-06-27 00:00:00
Debian DSA-2974-1 : php5 - security update
2014-07-09 00:00:00
f5
f5
K15498 : Multiple PHP vulnerabilities
2014-08-12 00:00:00
SOL15498 - Multiple PHP vulnerabilities
2014-08-12 00:00:00
K17313 : PHP vulnerability CVE-2014-4721
2015-10-06 00:00:00
amazon
amazon
slackware
slackware
[slackware-security] php
2014-07-12 03:48:04
securityvulns
securityvulns
[USN-2276-1] PHP vulnerabilities
2014-07-14 00:00:00
file / PHP multiple security vulnerabilities
2014-07-14 00:00:00
APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004
2014-09-21 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2014-07-09 00:00:00
file vulnerabilities
2014-07-15 00:00:00
redhat
redhat
(RHSA-2014:1013) Moderate: php security update
2014-08-06 00:00:00
(RHSA-2014:1012) Moderate: php53 and php security update
2014-08-06 00:00:00
(RHSA-2014:1766) Important: php55-php security update
2014-10-30 00:00:00
oraclelinux
oraclelinux
php security update
2014-08-06 00:00:00
php53 and php security update
2014-08-06 00:00:00
file security and bug fix update
2015-11-23 00:00:00
centos
centos
php security update
2014-08-06 14:38:20
php, php53 security update
2014-08-06 14:53:37
file, python security update
2015-11-30 19:28:42
fedora
fedora
[SECURITY] Fedora 20 Update: php-5.5.14-1.fc20
2014-06-30 10:25:38
[SECURITY] Fedora 19 Update: php-5.5.14-1.fc19
2014-07-08 00:57:33
[SECURITY] Fedora 20 Update: file-5.19-1.fc20
2014-07-05 14:54:09
ibm
ibm
Security Bulletin: Multiple vulnerabilities in file affect PowerKVM
2018-06-18 01:30:43
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:04:17
Denial Of Service (DoS)
2019-05-02 05:04:17
Denial Of Service (DoS)
2019-05-02 05:04:16
freebsd
freebsd
PHP multiple vulnerabilities
2014-08-14 00:00:00
cve
cve
prion
prion
Type confusion
2014-07-06 23:55:00
Buffer overflow
2014-07-09 11:07:00
Design/Logic Flaw
2014-07-09 11:07:00
kaspersky
kaspersky
KLA10289 OSI vulnerability in PHP
2014-07-06 00:00:00
ubuntucve
ubuntucve
debiancve
debiancve
checkpoint_advisories
checkpoint_advisories
PHP php_parserr DNS_TXT Heap Buffer Overflow (CVE-2014-4049)
2014-07-16 00:00:00
hackerone
hackerone
suse
suse
Security update for PHP5 (important)
2014-07-04 00:04:20
Security update for PHP5 (important)
2014-07-07 19:04:42
Related for MANDRIVA_MDVSA-2014-130.NASL