Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2015-1219.NASLHistorySep 07, 2023 - 12:00 a.m.
Oracle Linux 6 / 7 : php54-php (ELSA-2015-1219)
2023-09-0700:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
6
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1219 advisory.
-
The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive. (CVE-2015-4021)
-
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. (CVE-2015-4022)
-
Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.
(CVE-2015-4024) -
PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. (CVE-2015-4025)
-
The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. (CVE-2015-4026)
-
PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\0.html attack that bypasses an intended configuration in which client users may write to only .html files. (CVE-2015-4598)
-
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022. (CVE-2015-4643)
-
The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352.
(CVE-2015-4644)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2015-1219.
##
include('compat.inc');
if (description)
{
script_id(181016);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/07");
script_cve_id(
"CVE-2015-4021",
"CVE-2015-4022",
"CVE-2015-4024",
"CVE-2015-4025",
"CVE-2015-4026",
"CVE-2015-4598",
"CVE-2015-4643",
"CVE-2015-4644"
);
script_xref(name:"IAVB", value:"2016-B-0054-S");
script_name(english:"Oracle Linux 6 / 7 : php54-php (ELSA-2015-1219)");
script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in
the ELSA-2015-1219 advisory.
- The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x
before 5.6.9 does not verify that the first character of a filename is different from the \0 character,
which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a
crafted entry in a tar archive. (CVE-2015-4021)
- Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25,
and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST
command, leading to a heap-based buffer overflow. (CVE-2015-4022)
- Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP
before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of
service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.
(CVE-2015-4024)
- PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a
\x00 character in certain situations, which allows remote attackers to bypass intended extension
restrictions and access files or directories with unexpected names via a crafted argument to (1)
set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an
incomplete fix for CVE-2006-7243. (CVE-2015-4025)
- The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates
a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended
extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this
vulnerability exists because of an incomplete fix for CVE-2006-7243. (CVE-2015-4026)
- PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00
sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an
application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as
demonstrated by a filename\0.html attack that bypasses an intended configuration in which client users may
write to only .html files. (CVE-2015-4598)
- Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26,
and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST
command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete
fix for CVE-2015-4022. (CVE-2015-4643)
- The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42,
5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which
might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash)
via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352.
(CVE-2015-4644)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2015-1219.html");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-4643");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/05/12");
script_set_attribute(attribute:"patch_publication_date", value:"2016/02/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/09/07");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php54-php");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php54-php-bcmath");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php54-php-cli");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php54-php-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php54-php-dba");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php54-php-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php54-php-enchant");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php54-php-fpm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php54-php-gd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php54-php-imap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php54-php-intl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php54-php-ldap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php54-php-mbstring");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php54-php-mysqlnd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php54-php-odbc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php54-php-pdo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php54-php-pgsql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php54-php-process");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php54-php-pspell");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php54-php-recode");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php54-php-snmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php54-php-soap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php54-php-tidy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php54-php-xml");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php54-php-xmlrpc");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Oracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/local_checks_enabled");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_release = get_kb_item("Host/RedHat/release");
if (isnull(os_release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^(6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);
if ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);
var pkgs = [
{'reference':'php54-php-5.4.40-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-bcmath-5.4.40-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-cli-5.4.40-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-common-5.4.40-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-dba-5.4.40-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-devel-5.4.40-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-enchant-5.4.40-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-fpm-5.4.40-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-gd-5.4.40-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-imap-5.4.40-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-intl-5.4.40-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-ldap-5.4.40-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-mbstring-5.4.40-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-mysqlnd-5.4.40-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-odbc-5.4.40-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-pdo-5.4.40-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-pgsql-5.4.40-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-process-5.4.40-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-pspell-5.4.40-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-recode-5.4.40-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-snmp-5.4.40-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-soap-5.4.40-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-tidy-5.4.40-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-xml-5.4.40-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-xmlrpc-5.4.40-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-5.4.40-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-bcmath-5.4.40-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-cli-5.4.40-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-common-5.4.40-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-dba-5.4.40-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-devel-5.4.40-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-enchant-5.4.40-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-fpm-5.4.40-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-gd-5.4.40-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-intl-5.4.40-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-ldap-5.4.40-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-mbstring-5.4.40-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-mysqlnd-5.4.40-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-odbc-5.4.40-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-pdo-5.4.40-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-pgsql-5.4.40-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-process-5.4.40-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-pspell-5.4.40-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-recode-5.4.40-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-snmp-5.4.40-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-soap-5.4.40-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-xml-5.4.40-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php54-php-xmlrpc-5.4.40-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release) {
if (exists_check) {
if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
} else {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'php54-php / php54-php-bcmath / php54-php-cli / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| oracle | linux | 6 | cpe:/o:oracle:linux:6 |
| oracle | linux | 7 | cpe:/o:oracle:linux:7 |
| oracle | linux | php54-php | p-cpe:/a:oracle:linux:php54-php |
| oracle | linux | php54-php-bcmath | p-cpe:/a:oracle:linux:php54-php-bcmath |
| oracle | linux | php54-php-cli | p-cpe:/a:oracle:linux:php54-php-cli |
| oracle | linux | php54-php-common | p-cpe:/a:oracle:linux:php54-php-common |
| oracle | linux | php54-php-dba | p-cpe:/a:oracle:linux:php54-php-dba |
| oracle | linux | php54-php-devel | p-cpe:/a:oracle:linux:php54-php-devel |
| oracle | linux | php54-php-enchant | p-cpe:/a:oracle:linux:php54-php-enchant |
| oracle | linux | php54-php-fpm | p-cpe:/a:oracle:linux:php54-php-fpm |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4021
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4022
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4024
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4025
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4026
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4598
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4643
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4644
linux.oracle.com/errata/ELSA-2015-1219.html
Related
oraclelinux
oraclelinux
php54-php security update
2016-02-04 00:00:00
php55-php security update
2016-02-04 00:00:00
php security update
2014-03-18 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2015-1219)
2016-02-05 00:00:00
Fedora Update for php FEDORA-2015-8383
2015-06-09 00:00:00
Fedora Update for php FEDORA-2015-8281
2015-07-07 00:00:00
redhat
redhat
(RHSA-2015:1219) Moderate: php54-php security update
2015-07-09 00:00:00
(RHSA-2015:1186) Important: php55-php security update
2015-06-25 00:00:00
(RHSA-2015:1187) Important: rh-php56-php security update
2015-06-25 00:00:00
nessus
nessus
Fedora 20 : php-5.5.25-1.fc20 (2015-8370)
2015-05-29 00:00:00
Fedora 21 : php-5.6.9-1.fc21 (2015-8383)
2015-05-29 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: php-5.6.9-1.fc22
2015-05-26 03:40:42
[SECURITY] Fedora 21 Update: php-5.6.9-1.fc21
2015-05-27 16:13:20
[SECURITY] Fedora 20 Update: php-5.5.25-1.fc20
2015-05-27 16:23:41
freebsd
freebsd
php -- multiple vulnerabilities
2015-05-14 00:00:00
php5 -- multiple vulnerabilities
2015-06-11 00:00:00
php -- NULL byte poisoning
2010-12-10 00:00:00
securityvulns
securityvulns
PHP multiple security vulnerabilities
2015-06-13 00:00:00
[SECURITY] [DSA 3280-1] php5 security update
2015-06-08 00:00:00
PHP multiple security vulnerabilities
2015-07-13 00:00:00
amazon
amazon
Medium: php55
2015-06-02 22:21:00
Important: php56
2015-06-02 22:22:00
Important: php54
2015-06-02 22:20:00
mageia
mageia
Updated php packages fix security vulnerabilities
2015-05-18 22:08:05
Updated php package fixes security vulnerability
2015-07-05 20:22:03
slackware
slackware
[slackware-security] php
2015-06-11 23:01:25
f5
f5
SOL16993 - PHP vulnerabilities CVE-2015-4025 and CVE-2015-4026
2015-07-22 00:00:00
K16993 : PHP vulnerabilities CVE-2015-4025 and CVE-2015-4026
2015-07-22 00:00:00
ubuntucve
ubuntucve
debian
debian
[SECURITY] [DSA 3280-1] php5 security update
2015-06-07 17:06:52
[SECURITY] [DSA 3344-1] php5 security update
2015-08-27 15:00:09
[SECURITY] [DSA 3344-1] php5 security update
2015-08-27 15:00:09
osv
osv
php5 - security update
2015-06-07 00:00:00
php5 - security update
2015-09-07 00:00:00
php5 - security update
2015-08-27 00:00:00
prion
prion
Design/Logic Flaw
2015-06-09 18:59:00
Code injection
2015-06-09 18:59:00
Null pointer dereference
2016-05-16 10:59:00
cve
cve
suse
suse
Security update for php5 (important)
2015-07-17 11:08:12
Security update for php5 (important)
2015-07-17 10:12:10
Security update for PHP (important)
2015-07-17 20:09:41
ubuntu
ubuntu
PHP vulnerabilities
2015-07-06 00:00:00
veracode
veracode
Arbitrary File Write
2019-05-02 05:39:55
Heap-based Buffer Overflow
2019-05-02 05:39:55
Arbitrary File Write
2019-05-02 05:39:55
ibm
ibm
seebug
seebug
PHP空字符安全限制绕过漏洞(CVE-2006-7243)
2012-04-12 00:00:00
hackerone
hackerone
checkpoint_advisories
checkpoint_advisories
PHP Multipart Remote Denial of Service (CVE-2015-4024)
2015-06-30 00:00:00
PHP phar_parse_tarfile method Integer Overflow (CVE-2015-4021)
2015-07-20 00:00:00
PHP ftp_genlist method Integer Overflow (CVE-2015-4022)
2015-07-01 00:00:00
thn
thn
Seagate NAS Zero-Day Vulnerability allows Unauthorized Root Access Remotely
2015-03-01 00:50:00
centos
centos
php security update
2015-06-24 03:28:02
php security update
2014-03-19 01:15:26
php security update
2015-07-09 19:23:41
gentoo
gentoo
PHP: Multiple vulnerabilities
2016-06-19 00:00:00
redhatcve
redhatcve
CVE-2019-11044
2020-03-28 20:00:41
Related for ORACLELINUX_ELSA-2015-1219.NASL