DATABASE RESOURCES PRICING ABOUT US

{"id": "SUSE_11_3_ICU-120117.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE Security Update : icu (openSUSE-SU-2012:0100-1)", "description": "Specially crafted strings could cause a buffer overflow in icu (CVE-2011-4599).\n\nAn integer overflow in the getSymbol() function could crash applications using icu (CVE-2010-4409)", "published": "2014-06-13T00:00:00", "modified": "2021-01-19T00:00:00", "epss": [{"cve": "CVE-2010-4409", "epss": 0.02398, "percentile": 0.88711, "modified": "2023-12-06"}, {"cve": "CVE-2011-4599", "epss": 0.21899, "percentile": 0.95973, "modified": "2023-12-06"}], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/75530", "reporter": "This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=657910", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4409", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4599", "https://bugzilla.novell.com/show_bug.cgi?id=736146", "https://lists.opensuse.org/opensuse-updates/2012-01/msg00035.html"], "cvelist": ["CVE-2010-4409", "CVE-2011-4599"], "immutableFields": [], "lastseen": "2023-12-07T15:32:53", "viewCount": 22, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2012-033"]}, {"type": "centos", "idList": ["CESA-2011:1815"]}, {"type": "cve", "idList": ["CVE-2010-4409", "CVE-2011-1467", "CVE-2011-4599"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2397-1:E10AA"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2011-4599"]}, {"type": "exploitdb", "idList": ["EDB-ID:15722"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:56454A05D1777D8A4A95A5104783A7BE"]}, {"type": "fedora", "idList": ["FEDORA:2490A22E48", "FEDORA:391DF22C92", "FEDORA:C9FB11110D9", "FEDORA:D1042111102", "FEDORA:D3AAD11111B", "FEDORA:E1A0E1110CE", "FEDORA:E5BC01110D2", "FEDORA:E97781110D7"]}, {"type": "gentoo", "idList": ["GLSA-201110-06", "GLSA-201209-07"]}, {"type": "ibm", "idList": ["30F126C0FEE1D6C0436DFF1A6751EE8FDE2C7921F8AC99F5FF4DF624573C80E8", "3851D26A1B7DF88EA8BA11EEB80A7341FC47BF9EE9F99E03682D841ED55868A9", "3D3BF59CC576F554C3F716540167D85670B56CE61C0AA690764AE05CC62E23C5", "49A9410654EB766988B46A73827B3DF899A15C1A5733735C8DA39DB5FFF51A21", "C89C0CABC7F5977904A5DFEBAEC12ACED8C9E518E016F739A4925A93313A703B"]}, {"type": "nessus", "idList": ["5732.PRM", "6589.PRM", "801074.PRM", "ALA_ALAS-2012-33.NASL", "APPLETV_5_1.NASL", "APPLE_IOS_60_CHECK.NBIN", "CENTOS_RHSA-2011-1815.NASL", "DEBIAN_DSA-2397.NASL", "FEDORA_2010-18976.NASL", "FEDORA_2010-19011.NASL", "FEDORA_2011-17101.NASL", "FEDORA_2011-17119.NASL", "GENTOO_GLSA-201110-06.NASL", "GENTOO_GLSA-201209-07.NASL", "HPSMH_7_0_0_24.NASL", "MACOSX_10_6_7.NASL", "MACOSX_10_7_5.NASL", "MACOSX_SECUPD2012-004.NASL", "MANDRIVA_MDVSA-2010-254.NASL", "MANDRIVA_MDVSA-2011-052.NASL", "MANDRIVA_MDVSA-2011-053.NASL", "MANDRIVA_MDVSA-2011-194.NASL", "OPENSUSE-2012-57.NASL", "ORACLELINUX_ELSA-2011-1815.NASL", "PHP_5_3_4.NASL", "REDHAT-RHSA-2011-1815.NASL", "SL_20111213_ICU_ON_SL5_X.NASL", "SOLARIS11_ICU_20120918.NASL", "SUSE_11_4_ICU-120117.NASL", "SUSE_11_ICU-120116.NASL", "SUSE_11_ICU-121219.NASL", "SUSE_ICU-7928.NASL", "SUSE_LIBREOFFICE-345-8022.NASL", "UBUNTU_USN-1042-1.NASL", "UBUNTU_USN-1348-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310110181", "OPENVAS:1361412562310120216", "OPENVAS:1361412562310122044", "OPENVAS:136141256231070714", "OPENVAS:136141256231070769", "OPENVAS:136141256231072424", "OPENVAS:1361412562310802968", "OPENVAS:1361412562310831283", "OPENVAS:1361412562310831285", "OPENVAS:1361412562310831352", "OPENVAS:1361412562310831353", "OPENVAS:1361412562310831516", "OPENVAS:1361412562310840564", "OPENVAS:1361412562310840881", "OPENVAS:1361412562310862764", "OPENVAS:1361412562310862766", "OPENVAS:1361412562310862767", "OPENVAS:1361412562310862769", "OPENVAS:1361412562310862777", "OPENVAS:1361412562310862778", "OPENVAS:1361412562310863666", "OPENVAS:1361412562310863979", "OPENVAS:1361412562310870523", "OPENVAS:1361412562310881058", "OPENVAS:1361412562310881290", "OPENVAS:1361412562310881453", "OPENVAS:1361412562310902470", "OPENVAS:70714", "OPENVAS:70769", "OPENVAS:72424", "OPENVAS:802968", "OPENVAS:831283", "OPENVAS:831285", "OPENVAS:831352", "OPENVAS:831353", "OPENVAS:831516", "OPENVAS:840564", "OPENVAS:840881", "OPENVAS:862764", "OPENVAS:862766", "OPENVAS:862767", "OPENVAS:862769", "OPENVAS:862777", "OPENVAS:862778", "OPENVAS:863666", "OPENVAS:863979", "OPENVAS:870523", "OPENVAS:881058", "OPENVAS:881290", "OPENVAS:881453", "OPENVAS:902470"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-1815"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:96615"]}, {"type": "prion", "idList": ["PRION:CVE-2010-4409", "PRION:CVE-2011-1467", "PRION:CVE-2011-4599"]}, {"type": "redhat", "idList": ["RHSA-2011:1815"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:25291", "SECURITYVULNS:DOC:25489", "SECURITYVULNS:DOC:25963", "SECURITYVULNS:DOC:27147", "SECURITYVULNS:DOC:27505", "SECURITYVULNS:DOC:28576", "SECURITYVULNS:DOC:28577", "SECURITYVULNS:DOC:28598", "SECURITYVULNS:VULN:11291", "SECURITYVULNS:VULN:11518", "SECURITYVULNS:VULN:12123", "SECURITYVULNS:VULN:12596", "SECURITYVULNS:VULN:12597", "SECURITYVULNS:VULN:12610"]}, {"type": "seebug", "idList": ["SSV:70379"]}, {"type": "ubuntu", "idList": ["USN-1042-1", "USN-1348-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2010-4409", "UB:CVE-2011-1467", "UB:CVE-2011-4599"]}, {"type": "veracode", "idList": ["VERACODE:24905"]}]}, "score": {"value": 0.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2011:1815"]}, {"type": "cve", "idList": ["CVE-2010-4409"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2397-1:E10AA"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2011-4599"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:56454A05D1777D8A4A95A5104783A7BE"]}, {"type": "fedora", "idList": ["FEDORA:391DF22C92"]}, {"type": "gentoo", "idList": ["GLSA-201110-06", "GLSA-201209-07"]}, {"type": "ibm", "idList": ["3851D26A1B7DF88EA8BA11EEB80A7341FC47BF9EE9F99E03682D841ED55868A9"]}, {"type": "nessus", "idList": ["APPLE_IOS_60_CHECK.NBIN", "FEDORA_2011-17119.NASL", "SUSE_ICU-7928.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:72424", "OPENVAS:862767"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-1815"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:96615"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:28598", "SECURITYVULNS:VULN:11291"]}, {"type": "seebug", "idList": ["SSV:70379"]}, {"type": "ubuntu", "idList": ["USN-1348-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2010-4409"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2010-4409", "epss": 0.02398, "percentile": 0.88241, "modified": "2023-04-04"}, {"cve": "CVE-2011-4599", "epss": 0.21899, "percentile": 0.95682, "modified": "2023-04-04"}], "vulnersScore": 0.5}, "_state": {"dependencies": 1701980487, "score": 1701980238, "epss": 0}, "_internal": {"score_hash": "d6d24674a305340a4e908da148e12fa6"}, "pluginID": "75530", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update icu-5658.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75530);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-4409\", \"CVE-2011-4599\");\n\n script_name(english:\"openSUSE Security Update : icu (openSUSE-SU-2012:0100-1)\");\n script_summary(english:\"Check for the icu-5658 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted strings could cause a buffer overflow in icu\n(CVE-2011-4599).\n\nAn integer overflow in the getSymbol() function could crash\napplications using icu (CVE-2010-4409)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=657910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=736146\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-01/msg00035.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected icu packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icu-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libicu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libicu-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libicu-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libicu-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"icu-4.2-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"icu-data-4.2-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libicu-4.2-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libicu-devel-4.2-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libicu-32bit-4.2-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libicu-devel-32bit-4.2-7.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icu / icu-data / libicu / libicu-32bit / libicu-devel / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:icu", "p-cpe:/a:novell:opensuse:icu-data", "p-cpe:/a:novell:opensuse:libicu", "p-cpe:/a:novell:opensuse:libicu-32bit", "p-cpe:/a:novell:opensuse:libicu-devel", "p-cpe:/a:novell:opensuse:libicu-devel-32bit", "cpe:/o:novell:opensuse:11.3"], "solution": "Update the affected icu packages.", "nessusSeverity": "High", "cvssScoreSource": "", "vendor_cvss2": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "vendor_cvss3": {"score": null, "vector": null}, "vpr": {"risk factor": "Medium", "score": "5.9"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2012-01-17T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": []}

{"nessus": [{"lastseen": "2023-12-08T15:04:25", "description": "This update is rereleased because some architectures were missed on the first try. It fixes the following security issues :\n\n - Specially crafted strings could cause a buffer overflow in icu. (CVE-2011-4599)\n\n - An integer overflow in the getSymbol() function could crash applications using icu (CVE-2010-4409)", "cvss3": {}, "published": "2013-01-25T00:00:00", "type": "nessus", "title": "SuSE 11.2 Security Update : icu (SAT Patch Number 7204)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4409", "CVE-2011-4599"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:icu", "p-cpe:/a:novell:suse_linux:11:libicu", "p-cpe:/a:novell:suse_linux:11:libicu-32bit", "p-cpe:/a:novell:suse_linux:11:libicu-doc", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_ICU-121219.NASL", "href": "https://www.tenable.com/plugins/nessus/64157", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64157);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-4409\", \"CVE-2011-4599\");\n\n script_name(english:\"SuSE 11.2 Security Update : icu (SAT Patch Number 7204)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update is rereleased because some architectures were missed on\nthe first try. It fixes the following security issues :\n\n - Specially crafted strings could cause a buffer overflow\n in icu. (CVE-2011-4599)\n\n - An integer overflow in the getSymbol() function could\n crash applications using icu (CVE-2010-4409)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=657910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=736146\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4409.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4599.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 7204.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:icu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libicu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libicu-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libicu-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"icu-4.0-7.26.15\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"libicu-4.0-7.26.15\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"icu-4.0-7.26.15\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libicu-4.0-7.26.15\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"libicu-4.0-7.26.15\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"libicu-doc-4.0-7.26.15\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"libicu-32bit-4.0-7.26.15\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"libicu-32bit-4.0-7.26.15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T17:16:10", "description": "Specially crafted strings could cause a buffer overflow in icu (CVE-2011-4599).\n\nAn integer overflow in the getSymbol() function could crash applications using icu (CVE-2010-4409)", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : icu (openSUSE-SU-2012:0100-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4409", "CVE-2011-4599"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:icu", "p-cpe:/a:novell:opensuse:icu-data", "p-cpe:/a:novell:opensuse:icu-debuginfo", "p-cpe:/a:novell:opensuse:icu-debugsource", "p-cpe:/a:novell:opensuse:libicu", "p-cpe:/a:novell:opensuse:libicu-32bit", "p-cpe:/a:novell:opensuse:libicu-debuginfo", "p-cpe:/a:novell:opensuse:libicu-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libicu-devel", "p-cpe:/a:novell:opensuse:libicu-devel-32bit", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_ICU-120117.NASL", "href": "https://www.tenable.com/plugins/nessus/75866", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update icu-5658.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75866);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-4409\", \"CVE-2011-4599\");\n\n script_name(english:\"openSUSE Security Update : icu (openSUSE-SU-2012:0100-1)\");\n script_summary(english:\"Check for the icu-5658 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted strings could cause a buffer overflow in icu\n(CVE-2011-4599).\n\nAn integer overflow in the getSymbol() function could crash\napplications using icu (CVE-2010-4409)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=657910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=736146\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-01/msg00035.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected icu packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icu-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icu-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libicu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libicu-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libicu-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libicu-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libicu-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libicu-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"icu-4.4.2-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"icu-data-4.4.2-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"icu-debuginfo-4.4.2-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"icu-debugsource-4.4.2-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libicu-4.4.2-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libicu-debuginfo-4.4.2-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libicu-devel-4.4.2-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libicu-32bit-4.4.2-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libicu-debuginfo-32bit-4.4.2-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libicu-devel-32bit-4.4.2-4.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icu / icu-data / libicu / libicu-32bit / libicu-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T15:21:52", "description": "The following bugs have been fixed :\n\n - Specially crafted strings could cause a buffer overflow in icu. (CVE-2011-4599)\n\n - An integer overflow in the getSymbol() function could crash applications using icu (CVE-2010-4409)", "cvss3": {}, "published": "2012-01-20T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : icu (SAT Patch Number 5653)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4409", "CVE-2011-4599"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:icu", "p-cpe:/a:novell:suse_linux:11:libicu", "p-cpe:/a:novell:suse_linux:11:libicu-32bit", "p-cpe:/a:novell:suse_linux:11:libicu-doc", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_ICU-120116.NASL", "href": "https://www.tenable.com/plugins/nessus/57613", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57613);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-4409\", \"CVE-2011-4599\");\n\n script_name(english:\"SuSE 11.1 Security Update : icu (SAT Patch Number 5653)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following bugs have been fixed :\n\n - Specially crafted strings could cause a buffer overflow\n in icu. (CVE-2011-4599)\n\n - An integer overflow in the getSymbol() function could\n crash applications using icu (CVE-2010-4409)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=657910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=736146\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4409.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4599.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5653.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:icu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libicu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libicu-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libicu-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"icu-4.0-7.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libicu-4.0-7.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"icu-4.0-7.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libicu-4.0-7.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"libicu-4.0-7.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"libicu-doc-4.0-7.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libicu-4.0-7.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libicu-32bit-4.0-7.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libicu-doc-4.0-7.26.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T15:31:44", "description": "The remote host is affected by the vulnerability described in GLSA-201209-07 (International Components for Unicode: User-assisted execution of arbitrary code)\n\n An error in the _canonicalize() function in uloc.cpp could cause a stack-based buffer overflow.\n Impact :\n\n A remote attacker could entice a user to open a specially crafted locale representation using an application linked against ICU, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2012-09-25T00:00:00", "type": "nessus", "title": "GLSA-201209-07 : International Components for Unicode: User-assisted execution of arbitrary code", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4599"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:icu", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201209-07.NASL", "href": "https://www.tenable.com/plugins/nessus/62288", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201209-07.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62288);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-4599\");\n script_bugtraq_id(51006);\n script_xref(name:\"GLSA\", value:\"201209-07\");\n\n script_name(english:\"GLSA-201209-07 : International Components for Unicode: User-assisted execution of arbitrary code\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201209-07\n(International Components for Unicode: User-assisted execution of arbitrary code)\n\n An error in the _canonicalize() function in uloc.cpp could cause a\n stack-based buffer overflow.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted locale\n representation using an application linked against ICU, possibly\n resulting in execution of arbitrary code with the privileges of the\n process or a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201209-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All ICU users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/icu-49.1.1-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:icu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-libs/icu\", unaffected:make_list(\"ge 49.1.1-r1\"), vulnerable:make_list(\"lt 49.1.1-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"International Components for Unicode\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T15:06:49", "description": "Updated icu packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe International Components for Unicode (ICU) library provides robust and full-featured Unicode services.\n\nA stack-based buffer overflow flaw was found in the way ICU performed variant canonicalization for some locale identifiers. If a specially crafted locale representation was opened in an application linked against ICU, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-4599)\n\nAll users of ICU should upgrade to these updated packages, which contain a backported patch to resolve this issue. All applications linked against ICU must be restarted for this update to take effect.", "cvss3": {}, "published": "2011-12-14T00:00:00", "type": "nessus", "title": "CentOS 5 / 6 : icu (CESA-2011:1815)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4599"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:icu", "p-cpe:/a:centos:centos:libicu", "p-cpe:/a:centos:centos:libicu-devel", "p-cpe:/a:centos:centos:libicu-doc", "cpe:/o:centos:centos:5", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2011-1815.NASL", "href": "https://www.tenable.com/plugins/nessus/57291", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1815 and \n# CentOS Errata and Security Advisory 2011:1815 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57291);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-4599\");\n script_bugtraq_id(51006);\n script_xref(name:\"RHSA\", value:\"2011:1815\");\n\n script_name(english:\"CentOS 5 / 6 : icu (CESA-2011:1815)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated icu packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe International Components for Unicode (ICU) library provides robust\nand full-featured Unicode services.\n\nA stack-based buffer overflow flaw was found in the way ICU performed\nvariant canonicalization for some locale identifiers. If a specially\ncrafted locale representation was opened in an application linked\nagainst ICU, it could cause the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-4599)\n\nAll users of ICU should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. All applications\nlinked against ICU must be restarted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-December/018323.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0f6df519\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-December/018324.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e0ec6869\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-December/018340.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bd404633\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected icu packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:icu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libicu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libicu-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libicu-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"icu-3.6-5.16.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libicu-3.6-5.16.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libicu-devel-3.6-5.16.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libicu-doc-3.6-5.16.1\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"icu-4.2.1-9.1.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libicu-4.2.1-9.1.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libicu-devel-4.2.1-9.1.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libicu-doc-4.2.1-9.1.el6_2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icu / libicu / libicu-devel / libicu-doc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T15:06:43", "description": "Fixes CVE-2011-4599\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-12-23T00:00:00", "type": "nessus", "title": "Fedora 16 : icu-4.6-3.fc16 (2011-17101)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4599"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:icu", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2011-17101.NASL", "href": "https://www.tenable.com/plugins/nessus/57386", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-17101.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57386);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-4599\");\n script_bugtraq_id(51006);\n script_xref(name:\"FEDORA\", value:\"2011-17101\");\n\n script_name(english:\"Fedora 16 : icu-4.6-3.fc16 (2011-17101)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2011-4599\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=766542\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-December/071318.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7b19ba06\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected icu package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:icu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"icu-4.6-3.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icu\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T15:06:56", "description": "Updated icu packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe International Components for Unicode (ICU) library provides robust and full-featured Unicode services.\n\nA stack-based buffer overflow flaw was found in the way ICU performed variant canonicalization for some locale identifiers. If a specially crafted locale representation was opened in an application linked against ICU, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-4599)\n\nAll users of ICU should upgrade to these updated packages, which contain a backported patch to resolve this issue. All applications linked against ICU must be restarted for this update to take effect.", "cvss3": {}, "published": "2011-12-14T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : icu (RHSA-2011:1815)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4599"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:icu", "p-cpe:/a:redhat:enterprise_linux:icu-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libicu", "p-cpe:/a:redhat:enterprise_linux:libicu-devel", "p-cpe:/a:redhat:enterprise_linux:libicu-doc", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.2"], "id": "REDHAT-RHSA-2011-1815.NASL", "href": "https://www.tenable.com/plugins/nessus/57296", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1815. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57296);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4599\");\n script_bugtraq_id(51006);\n script_xref(name:\"RHSA\", value:\"2011:1815\");\n\n script_name(english:\"RHEL 5 / 6 : icu (RHSA-2011:1815)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated icu packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe International Components for Unicode (ICU) library provides robust\nand full-featured Unicode services.\n\nA stack-based buffer overflow flaw was found in the way ICU performed\nvariant canonicalization for some locale identifiers. If a specially\ncrafted locale representation was opened in an application linked\nagainst ICU, it could cause the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-4599)\n\nAll users of ICU should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. All applications\nlinked against ICU must be restarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1815\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:icu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:icu-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libicu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libicu-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libicu-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1815\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"icu-3.6-5.16.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"icu-3.6-5.16.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"icu-3.6-5.16.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"libicu-3.6-5.16.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"libicu-devel-3.6-5.16.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libicu-doc-3.6-5.16.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"libicu-doc-3.6-5.16.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libicu-doc-3.6-5.16.1\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"icu-4.2.1-9.1.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"icu-4.2.1-9.1.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"icu-4.2.1-9.1.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"icu-debuginfo-4.2.1-9.1.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libicu-4.2.1-9.1.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libicu-devel-4.2.1-9.1.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libicu-doc-4.2.1-9.1.el6_2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icu / icu-debuginfo / libicu / libicu-devel / libicu-doc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T15:21:42", "description": "It was discovered that a buffer overflow in the Unicode library ICU could lead to the execution of arbitrary code.", "cvss3": {}, "published": "2012-01-31T00:00:00", "type": "nessus", "title": "Debian DSA-2397-1 : icu - buffer underflow", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4599"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:icu", "cpe:/o:debian:debian_linux:5.0", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2397.NASL", "href": "https://www.tenable.com/plugins/nessus/57737", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2397. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57737);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-4599\");\n script_bugtraq_id(51006);\n script_xref(name:\"DSA\", value:\"2397\");\n\n script_name(english:\"Debian DSA-2397-1 : icu - buffer underflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that a buffer overflow in the Unicode library ICU\ncould lead to the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/icu\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2397\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the icu packages.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 3.8.1-3+lenny3.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 4.4.1-8.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"icu\", reference:\"3.8.1-3+lenny3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"icu-doc\", reference:\"4.4.1-8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"lib32icu-dev\", reference:\"4.4.1-8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"lib32icu44\", reference:\"4.4.1-8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libicu-dev\", reference:\"4.4.1-8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libicu44\", reference:\"4.4.1-8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libicu44-dbg\", reference:\"4.4.1-8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T17:17:16", "description": "Fix overflows in icu", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : icu (openSUSE-2012-57)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4409"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:icu", "p-cpe:/a:novell:opensuse:icu-data", "p-cpe:/a:novell:opensuse:icu-debuginfo", "p-cpe:/a:novell:opensuse:icu-debugsource", "p-cpe:/a:novell:opensuse:libicu", "p-cpe:/a:novell:opensuse:libicu-32bit", "p-cpe:/a:novell:opensuse:libicu-debuginfo", "p-cpe:/a:novell:opensuse:libicu-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libicu-devel", "p-cpe:/a:novell:opensuse:libicu-devel-32bit", "cpe:/o:novell:opensuse:12.1"], "id": "OPENSUSE-2012-57.NASL", "href": "https://www.tenable.com/plugins/nessus/74743", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-57.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74743);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-4409\");\n\n script_name(english:\"openSUSE Security Update : icu (openSUSE-2012-57)\");\n script_summary(english:\"Check for the openSUSE-2012-57 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(attribute:\"description\", value:\"Fix overflows in icu\");\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=657910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=736146\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected icu packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icu-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icu-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libicu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libicu-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libicu-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libicu-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libicu-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libicu-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"icu-4.6.1-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"icu-data-4.6.1-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"icu-debuginfo-4.6.1-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"icu-debugsource-4.6.1-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libicu-4.6.1-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libicu-debuginfo-4.6.1-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libicu-devel-4.6.1-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libicu-32bit-4.6.1-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libicu-debuginfo-32bit-4.6.1-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libicu-devel-32bit-4.6.1-5.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icu / icu-data / icu-debuginfo / icu-debugsource / libicu-32bit / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T15:07:07", "description": "A vulnerability has been discovered and corrected in icu :\n\nA stack-based buffer overflow flaw was found in the way ICU performed variant canonicalization for some locale identifiers. If a specially crafted locale representation was opened in an application linked against ICU, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application (CVE-2011-4599).\n\nThe updated packages have been patched to correct this issue.", "cvss3": {}, "published": "2011-12-28T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : icu (MDVSA-2011:194)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4599"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:icu", "p-cpe:/a:mandriva:linux:icu-doc", "p-cpe:/a:mandriva:linux:lib64icu-devel", "p-cpe:/a:mandriva:linux:lib64icu44", "p-cpe:/a:mandriva:linux:lib64icu48", "p-cpe:/a:mandriva:linux:libicu-devel", "p-cpe:/a:mandriva:linux:libicu44", "p-cpe:/a:mandriva:linux:libicu48", "cpe:/o:mandriva:linux:2010.1", "cpe:/o:mandriva:linux:2011"], "id": "MANDRIVA_MDVSA-2011-194.NASL", "href": "https://www.tenable.com/plugins/nessus/57407", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:194. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57407);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-4599\");\n script_bugtraq_id(51006);\n script_xref(name:\"MDVSA\", value:\"2011:194\");\n\n script_name(english:\"Mandriva Linux Security Advisory : icu (MDVSA-2011:194)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been discovered and corrected in icu :\n\nA stack-based buffer overflow flaw was found in the way ICU performed\nvariant canonicalization for some locale identifiers. If a specially\ncrafted locale representation was opened in an application linked\nagainst ICU, it could cause the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication (CVE-2011-4599).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=765812\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:icu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:icu-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64icu-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64icu44\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64icu48\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libicu-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libicu44\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libicu48\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", reference:\"icu-4.4-2.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"icu-doc-4.4-2.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64icu-devel-4.4-2.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64icu44-4.4-2.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libicu-devel-4.4-2.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libicu44-4.4-2.1mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", reference:\"icu-4.8-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"icu-doc-4.8-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64icu-devel-4.8-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64icu48-4.8-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libicu-devel-4.8-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libicu48-4.8-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T15:19:18", "description": "A stack-based buffer overflow flaw was found in the way ICU performed variant canonicalization for some locale identifiers. If a specially crafted locale representation was opened in an application linked against ICU, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-4599)", "cvss3": {}, "published": "2013-09-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : icu (ALAS-2012-33)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4599"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:icu", "p-cpe:/a:amazon:linux:icu-debuginfo", "p-cpe:/a:amazon:linux:libicu", "p-cpe:/a:amazon:linux:libicu-devel", "p-cpe:/a:amazon:linux:libicu-doc", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2012-33.NASL", "href": "https://www.tenable.com/plugins/nessus/69640", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-33.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69640);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2011-4599\");\n script_xref(name:\"ALAS\", value:\"2012-33\");\n script_xref(name:\"RHSA\", value:\"2011:1815\");\n\n script_name(english:\"Amazon Linux AMI : icu (ALAS-2012-33)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A stack-based buffer overflow flaw was found in the way ICU performed\nvariant canonicalization for some locale identifiers. If a specially\ncrafted locale representation was opened in an application linked\nagainst ICU, it could cause the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-4599)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-33.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update icu' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:icu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:icu-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libicu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libicu-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libicu-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"icu-4.2.1-9.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"icu-debuginfo-4.2.1-9.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libicu-4.2.1-9.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libicu-devel-4.2.1-9.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libicu-doc-4.2.1-9.9.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icu / icu-debuginfo / libicu / libicu-devel / libicu-doc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T15:21:10", "description": "It was discovered that ICU did not properly handle invalid locale data during Unicode conversion. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-01-27T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : icu vulnerability (USN-1348-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4599"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libicu42", "p-cpe:/a:canonical:ubuntu_linux:libicu44", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:11.10"], "id": "UBUNTU_USN-1348-1.NASL", "href": "https://www.tenable.com/plugins/nessus/57706", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1348-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57706);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-4599\");\n script_bugtraq_id(51006);\n script_xref(name:\"USN\", value:\"1348-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : icu vulnerability (USN-1348-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that ICU did not properly handle invalid locale data\nduring Unicode conversion. If an application using ICU processed\ncrafted data, an attacker could cause it to crash or potentially\nexecute arbitrary code with the privileges of the user invoking the\nprogram.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1348-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libicu42 and / or libicu44 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libicu42\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libicu44\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|10\\.10|11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10 / 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libicu42\", pkgver:\"4.2.1-3ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libicu42\", pkgver:\"4.2.1-3ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libicu44\", pkgver:\"4.4.2-2ubuntu0.11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libicu44\", pkgver:\"4.4.2-2ubuntu0.11.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libicu42 / libicu44\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T15:21:52", "description": "The following bug has been fixed :\n\n - An integer overflow in the getSymbol() function could crash applications using icu. (CVE-2010-4409)", "cvss3": {}, "published": "2012-01-20T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : icu (ZYPP Patch Number 7928)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4409"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_ICU-7928.NASL", "href": "https://www.tenable.com/plugins/nessus/57614", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57614);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-4409\");\n\n script_name(english:\"SuSE 10 Security Update : icu (ZYPP Patch Number 7928)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following bug has been fixed :\n\n - An integer overflow in the getSymbol() function could\n crash applications using icu. (CVE-2010-4409)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4409.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7928.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"icu-3.4-16.13.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libicu-3.4-16.13.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"libicu-32bit-3.4-16.13.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"libicu-3.4-16.13.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"libicu-devel-3.4-16.13.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"libicu-doc-3.4-16.13.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"libicu-32bit-3.4-16.13.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"libicu-devel-32bit-3.4-16.13.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T16:35:51", "description": "From Red Hat Security Advisory 2011:1815 :\n\nUpdated icu packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe International Components for Unicode (ICU) library provides robust and full-featured Unicode services.\n\nA stack-based buffer overflow flaw was found in the way ICU performed variant canonicalization for some locale identifiers. If a specially crafted locale representation was opened in an application linked against ICU, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-4599)\n\nAll users of ICU should upgrade to these updated packages, which contain a backported patch to resolve this issue. All applications linked against ICU must be restarted for this update to take effect.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 / 6 : icu (ELSA-2011-1815)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4599"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:icu", "p-cpe:/a:oracle:linux:libicu", "p-cpe:/a:oracle:linux:libicu-devel", "p-cpe:/a:oracle:linux:libicu-doc", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2011-1815.NASL", "href": "https://www.tenable.com/plugins/nessus/68406", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1815 and \n# Oracle Linux Security Advisory ELSA-2011-1815 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68406);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4599\");\n script_bugtraq_id(51006);\n script_xref(name:\"RHSA\", value:\"2011:1815\");\n\n script_name(english:\"Oracle Linux 5 / 6 : icu (ELSA-2011-1815)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1815 :\n\nUpdated icu packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe International Components for Unicode (ICU) library provides robust\nand full-featured Unicode services.\n\nA stack-based buffer overflow flaw was found in the way ICU performed\nvariant canonicalization for some locale identifiers. If a specially\ncrafted locale representation was opened in an application linked\nagainst ICU, it could cause the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-4599)\n\nAll users of ICU should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. All applications\nlinked against ICU must be restarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-December/002503.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-December/002512.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected icu packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:icu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libicu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libicu-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libicu-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"icu-3.6-5.16.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libicu-3.6-5.16.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libicu-devel-3.6-5.16.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libicu-doc-3.6-5.16.1\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"icu-4.2.1-9.1.el6_2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libicu-4.2.1-9.1.el6_2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libicu-devel-4.2.1-9.1.el6_2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libicu-doc-4.2.1-9.1.el6_2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icu / libicu / libicu-devel / libicu-doc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T15:27:35", "description": "The International Components for Unicode (ICU) library provides robust and full-featured Unicode services.\n\nA stack-based buffer overflow flaw was found in the way ICU performed variant canonicalization for some locale identifiers. If a specially crafted locale representation was opened in an application linked against ICU, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-4599)\n\nAll users of ICU should upgrade to these updated packages, which contain a backported patch to resolve this issue. All applications linked against ICU must be restarted for this update to take effect.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : icu on SL5.x, SL6.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4599"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20111213_ICU_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61205", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61205);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4599\");\n\n script_name(english:\"Scientific Linux Security Update : icu on SL5.x, SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The International Components for Unicode (ICU) library provides robust\nand full-featured Unicode services.\n\nA stack-based buffer overflow flaw was found in the way ICU performed\nvariant canonicalization for some locale identifiers. If a specially\ncrafted locale representation was opened in an application linked\nagainst ICU, it could cause the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-4599)\n\nAll users of ICU should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. All applications\nlinked against ICU must be restarted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1112&L=scientific-linux-errata&T=0&P=3147\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9c86831f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"icu-3.6-5.16.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"icu-debuginfo-3.6-5.16.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libicu-3.6-5.16.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libicu-devel-3.6-5.16.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libicu-doc-3.6-5.16.1\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"icu-4.2.1-9.1.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"icu-debuginfo-4.2.1-9.1.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libicu-4.2.1-9.1.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libicu-devel-4.2.1-9.1.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libicu-doc-4.2.1-9.1.el6_2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T15:06:43", "description": "Fixes CVE-2011-4599\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-12-23T00:00:00", "type": "nessus", "title": "Fedora 15 : icu-4.4.2-9.fc15 (2011-17119)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4599"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:icu", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2011-17119.NASL", "href": "https://www.tenable.com/plugins/nessus/57388", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-17119.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57388);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-4599\");\n script_bugtraq_id(51006);\n script_xref(name:\"FEDORA\", value:\"2011-17119\");\n\n script_name(english:\"Fedora 15 : icu-4.4.2-9.fc15 (2011-17119)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2011-4599\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=766542\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-December/071316.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a2b1e59b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected icu package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:icu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"icu-4.4.2-9.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icu\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T15:30:34", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - The International Components for Unicode (ICU) functionality in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.\n (CVE-2011-2791)\n\n - Stack-based buffer overflow in the _canonicalize function in common/uloc.c in International Components for Unicode (ICU) before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization.\n (CVE-2011-4599)", "cvss3": {}, "published": "2015-01-19T00:00:00", "type": "nessus", "title": "Oracle Solaris Third-Party Patch Update : icu (multiple_vulnerabilities_in_international_components)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2791", "CVE-2011-4599"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.0", "p-cpe:/a:oracle:solaris:icu"], "id": "SOLARIS11_ICU_20120918.NASL", "href": "https://www.tenable.com/plugins/nessus/80641", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80641);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2791\", \"CVE-2011-4599\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : icu (multiple_vulnerabilities_in_international_components)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - The International Components for Unicode (ICU)\n functionality in Google Chrome before 13.0.782.107\n allows remote attackers to cause a denial of service or\n possibly have unspecified other impact via unknown\n vectors that trigger an out-of-bounds write.\n (CVE-2011-2791)\n\n - Stack-based buffer overflow in the _canonicalize\n function in common/uloc.c in International Components\n for Unicode (ICU) before 49.1 allows remote attackers to\n execute arbitrary code via a crafted locale ID that is\n not properly handled during variant canonicalization.\n (CVE-2011-4599)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-international-components-for-unicode-icu\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?20721c50\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11/11 SRU 11.4.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:icu\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^icu$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icu\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.0.11.0.4.1\", sru:\"SRU 11.4\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : icu\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_hole(port:0, extra:error_extra);\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"icu\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T15:24:39", "description": "LibreOffice 3.4.5 includes many fixes over the previous LibreOffice 3.4.2.6 update.\n\nThe update fixes the following security issues :\n\n - 740453: Vulnerability in RDF handling. (CVE-2012-0037)\n\n - 752595: overflow in jpeg handling. (CVE-2012-1149)\n\n - 736146: buffer overflow in the build in icu copy (736146) This update also fixes the following non-security issues :\n\nExtras :\n\n - add SUSE color palette (fate#312645) Filters :\n\n - crash when loading embedded elements. (bnc#693238)\n\n - crash when importing an empty paragraph (rh#667082)\n\n - more on bentConnectors. (bnc#736495)\n\n - wrong text color in smartArt. (bnc#746996)\n\n - reading of w:textbox contents. (bnc#693388)\n\n - textbox position and size DOCX import (fdo#45560)\n\n - RTF/DOCX import of transparent frames. (bnc#695479)\n\n - consecutive frames in RTF/DOCX import. (bnc#703032)\n\n - handling of frame properties in RTF import. (bnc#417818)\n\n - force imported XLSX active tab to be shown. (bnc#748198)\n\n - create TableManager for inside shapes. (bnc#747471, bnc#693238)\n\n - textboxes import with OLE objects inside. (bnc#747471, bnc#693238)\n\n - table style. (bnc#705991)\n\n - text rotation fixes. (bnc#734734)\n\n - crash in PPTX import. (bnc#706792)\n\n - read w:sdt* contents. (bnc#705949)\n\n - connector shape fixes. (bnc#719989)\n\n - legacy fragment import. (bnc#699334)\n\n - non-working Excel macros. (bnc#705977)\n\n - free drawn curves import. (bnc#657909)\n\n - group shape transformations. (bnc#621739)\n\n - extLst of drawings in diagrams import. (bnc#655408)\n\n - flip properties of custom shapes import. (bnc#705985)\n\n - line spacing is used from previous values. (bnc#734734)\n\n - missing ooxml customshape->mso shape name entries.\n (bnc#737921)\n\n - word doesn't break the numberings and prefers hiding them. (bnc#707157)\n\nBase :\n\n - iterator misuse (fdo #44040, bnc#742178) Writer :\n\n - do not use an invalidated iterator (fdo#46337)\n\n - field refreshing (fdo#39694)\n\n - more layout crashers (i#101776, fdo#39510)\n\n - textbox borders style and width in DOCX import (fdo#45560)\n\n - expand all text fields when setting properties (fdo#42073)\n\n - version 3.4.5.3, tag suse-3.4.5.3 (SUSE LO 3.4.5-rc1)\n\n - SmartArt import\n\n - custom shapes import\n\n - Oracle Java 1.7.0 detection\n\n - reading AES-encrypted ODF 1.2 documents as generated by LO 3.5\n\n - frame selection. (bnc#740117)\n\n - crash when editing index. (bnc#726174)\n\n - order database properties. (bnc#740032)\n\n - numbering levels in DOC import. (bnc#715115)\n\n - image size issue in DOC import. (bnc#718971)\n\n - pointless forward moving of a table. (bnc#706138)\n\n - tabs set after the end margin in DOCX import.\n (bnc#693238)\n\n - add hyperlinks by default in Table of Contents (bnc#705956) Calc :\n\n - pie charts colors messed in XLS import (fdo#40320)\n\n - correctly import data point formats in data series (fdo#40320) Components :\n\n - crash when parsing XML signatures (fdo#39657)\n\n - broken getDataArray (fdo#46165, fdo#38441, i#117010)\n\n - don't paint a frame around the list of edit boxes (fdo#42543)\n\n - inconsistent compression method for encrypted documents.\n (bnc#653688)\n\n - allow pasting to multiple ranges. (bnc#715094)\n\n - correctly convert chart data ranges. (bnc#727504)\n\n - definedName corruption for XLSX export. (bnc#741182)\n\n - adjust/shrink the ranges while copying. (bnc#677811)\n\n - extra graph data is displayed for label. (bnc#717290)\n\n - getCellRangeByName failure for named range. (bnc#738113)\n\n - graph in XLS file has dates displayed wrong.\n (bnc#720443)\n\n - improve performance of large Excel documents.\n (bnc#715104)\n\n - display page background color/image properly.\n (bnc#722045)\n\n - pivot table output becoming empty on re-save.\n (bnc#715543)\n\n - encode virtual paths to local volume correctly.\n (bnc#719887)\n\n - avoid adjusting cell-anchored objects on other sheets.\n (bnc#726152)\n\n - make sure to adjust the sheet index of drawing objects.\n (bnc#733864)\n\n - make the data validation popup more reliable (fdo #36851, bnc#737190) Impress :\n\n - do not create an empty slide when printing handouts (fdo#31966)\n\n - undo corruption. (bnc#685123)\n\n - do not set duplicate master slide names (bnc#735533) Libraries :\n\n - default shortcut for .uno:SearchDialog should be Ctrl+H\n\n - crash using instances dialog of dataform navigator (fdo#44816)\n\n - disable problematic reading of external entities in raptor\n\n - correctly calculate leap year\n\n - use proper Indian Rupee currency symbol U+20B9 (rh#794679)\n\n - handle copy and paste from ConsoleOne. (bnc#704274)\n\n - VBA control events not working, broken eventattacher.\n (bnc#718227)\n\n - 'General Error' when double-click graphic in presentation. (bnc#720948)\n\n - upgrade graphite to 1.0.3 fix surrogate support\n\n - crash at exit. (bnc#728603)\n\n - radial gradient offset. (bnc#714787)\n\n - horizontal scrollbars with KDE oxygen style.\n (bnc#722918)\n\n - rendering of metafiles embedded in EMF+ (updated) (bnc#705956) Postprocess :\n\n - make the 3D transitions work again (bnc#728559) URE :\n\n - make Duden Korrektor 5 and 6 work General :\n\n - add compat symlinks for the old main desktop icon.\n (bnc#724087)\n\n - Fix tooltips are all black in KDE4 (bnc#723074, fdo#40461)\n\n - do-not-display-math-in-desktop-menu.diff: do not display math in desktop menu (fdo#41681)\n\n - desktop-submenu.diff: display LO application in the right desktop submenu. (bnc#718694)\n\n - bash-completion-for-loffice.diff: define bash completion for 'loffice' wrapper. (bnc#719656)\n\n - svx-globlmn-hrc-build-dep.diff: fix build dependency problem in svx", "cvss3": {}, "published": "2012-04-03T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : LibreOffice (ZYPP Patch Number 8022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4599", "CVE-2012-0037", "CVE-2012-1149"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_LIBREOFFICE-345-8022.NASL", "href": "https://www.tenable.com/plugins/nessus/58577", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58577);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-4599\", \"CVE-2012-0037\", \"CVE-2012-1149\");\n\n script_name(english:\"SuSE 10 Security Update : LibreOffice (ZYPP Patch Number 8022)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"LibreOffice 3.4.5 includes many fixes over the previous LibreOffice\n3.4.2.6 update.\n\nThe update fixes the following security issues :\n\n - 740453: Vulnerability in RDF handling. (CVE-2012-0037)\n\n - 752595: overflow in jpeg handling. (CVE-2012-1149)\n\n - 736146: buffer overflow in the build in icu copy\n (736146) This update also fixes the following\n non-security issues :\n\nExtras :\n\n - add SUSE color palette (fate#312645) Filters :\n\n - crash when loading embedded elements. (bnc#693238)\n\n - crash when importing an empty paragraph (rh#667082)\n\n - more on bentConnectors. (bnc#736495)\n\n - wrong text color in smartArt. (bnc#746996)\n\n - reading of w:textbox contents. (bnc#693388)\n\n - textbox position and size DOCX import (fdo#45560)\n\n - RTF/DOCX import of transparent frames. (bnc#695479)\n\n - consecutive frames in RTF/DOCX import. (bnc#703032)\n\n - handling of frame properties in RTF import. (bnc#417818)\n\n - force imported XLSX active tab to be shown. (bnc#748198)\n\n - create TableManager for inside shapes. (bnc#747471,\n bnc#693238)\n\n - textboxes import with OLE objects inside. (bnc#747471,\n bnc#693238)\n\n - table style. (bnc#705991)\n\n - text rotation fixes. (bnc#734734)\n\n - crash in PPTX import. (bnc#706792)\n\n - read w:sdt* contents. (bnc#705949)\n\n - connector shape fixes. (bnc#719989)\n\n - legacy fragment import. (bnc#699334)\n\n - non-working Excel macros. (bnc#705977)\n\n - free drawn curves import. (bnc#657909)\n\n - group shape transformations. (bnc#621739)\n\n - extLst of drawings in diagrams import. (bnc#655408)\n\n - flip properties of custom shapes import. (bnc#705985)\n\n - line spacing is used from previous values. (bnc#734734)\n\n - missing ooxml customshape->mso shape name entries.\n (bnc#737921)\n\n - word doesn't break the numberings and prefers hiding\n them. (bnc#707157)\n\nBase :\n\n - iterator misuse (fdo #44040, bnc#742178) Writer :\n\n - do not use an invalidated iterator (fdo#46337)\n\n - field refreshing (fdo#39694)\n\n - more layout crashers (i#101776, fdo#39510)\n\n - textbox borders style and width in DOCX import\n (fdo#45560)\n\n - expand all text fields when setting properties\n (fdo#42073)\n\n - version 3.4.5.3, tag suse-3.4.5.3 (SUSE LO 3.4.5-rc1)\n\n - SmartArt import\n\n - custom shapes import\n\n - Oracle Java 1.7.0 detection\n\n - reading AES-encrypted ODF 1.2 documents as generated by\n LO 3.5\n\n - frame selection. (bnc#740117)\n\n - crash when editing index. (bnc#726174)\n\n - order database properties. (bnc#740032)\n\n - numbering levels in DOC import. (bnc#715115)\n\n - image size issue in DOC import. (bnc#718971)\n\n - pointless forward moving of a table. (bnc#706138)\n\n - tabs set after the end margin in DOCX import.\n (bnc#693238)\n\n - add hyperlinks by default in Table of Contents\n (bnc#705956) Calc :\n\n - pie charts colors messed in XLS import (fdo#40320)\n\n - correctly import data point formats in data series\n (fdo#40320) Components :\n\n - crash when parsing XML signatures (fdo#39657)\n\n - broken getDataArray (fdo#46165, fdo#38441, i#117010)\n\n - don't paint a frame around the list of edit boxes\n (fdo#42543)\n\n - inconsistent compression method for encrypted documents.\n (bnc#653688)\n\n - allow pasting to multiple ranges. (bnc#715094)\n\n - correctly convert chart data ranges. (bnc#727504)\n\n - definedName corruption for XLSX export. (bnc#741182)\n\n - adjust/shrink the ranges while copying. (bnc#677811)\n\n - extra graph data is displayed for label. (bnc#717290)\n\n - getCellRangeByName failure for named range. (bnc#738113)\n\n - graph in XLS file has dates displayed wrong.\n (bnc#720443)\n\n - improve performance of large Excel documents.\n (bnc#715104)\n\n - display page background color/image properly.\n (bnc#722045)\n\n - pivot table output becoming empty on re-save.\n (bnc#715543)\n\n - encode virtual paths to local volume correctly.\n (bnc#719887)\n\n - avoid adjusting cell-anchored objects on other sheets.\n (bnc#726152)\n\n - make sure to adjust the sheet index of drawing objects.\n (bnc#733864)\n\n - make the data validation popup more reliable (fdo\n #36851, bnc#737190) Impress :\n\n - do not create an empty slide when printing handouts\n (fdo#31966)\n\n - undo corruption. (bnc#685123)\n\n - do not set duplicate master slide names (bnc#735533)\n Libraries :\n\n - default shortcut for .uno:SearchDialog should be Ctrl+H\n\n - crash using instances dialog of dataform navigator\n (fdo#44816)\n\n - disable problematic reading of external entities in\n raptor\n\n - correctly calculate leap year\n\n - use proper Indian Rupee currency symbol U+20B9\n (rh#794679)\n\n - handle copy and paste from ConsoleOne. (bnc#704274)\n\n - VBA control events not working, broken eventattacher.\n (bnc#718227)\n\n - 'General Error' when double-click graphic in\n presentation. (bnc#720948)\n\n - upgrade graphite to 1.0.3 fix surrogate support\n\n - crash at exit. (bnc#728603)\n\n - radial gradient offset. (bnc#714787)\n\n - horizontal scrollbars with KDE oxygen style.\n (bnc#722918)\n\n - rendering of metafiles embedded in EMF+ (updated)\n (bnc#705956) Postprocess :\n\n - make the 3D transitions work again (bnc#728559) URE :\n\n - make Duden Korrektor 5 and 6 work General :\n\n - add compat symlinks for the old main desktop icon.\n (bnc#724087)\n\n - Fix tooltips are all black in KDE4 (bnc#723074,\n fdo#40461)\n\n - do-not-display-math-in-desktop-menu.diff: do not display\n math in desktop menu (fdo#41681)\n\n - desktop-submenu.diff: display LO application in the\n right desktop submenu. (bnc#718694)\n\n - bash-completion-for-loffice.diff: define bash completion\n for 'loffice' wrapper. (bnc#719656)\n\n - svx-globlmn-hrc-build-dep.diff: fix build dependency\n problem in svx\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4599.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0037.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1149.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8022.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libreoffice-3.4.5.5-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libreoffice-af-3.4.5.5-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libreoffice-ar-3.4.5.5-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libreoffice-ca-3.4.5.5-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libreoffice-cs-3.4.5.5-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libreoffice-da-3.4.5.5-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libreoffice-de-3.4.5.5-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libreoffice-el-3.4.5.5-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libreoffice-en-GB-3.4.5.5-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libreoffice-es-3.4.5.5-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libreoffice-fi-3.4.5.5-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libreoffice-fr-3.4.5.5-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libreoffice-galleries-3.4.5.5-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libreoffice-gnome-3.4.5.5-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libreoffice-gu-IN-3.4.5.5-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libreoffice-hi-IN-3.4.5.5-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libreoffice-hu-3.4.5.5-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libreoffice-it-3.4.5.5-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libreoffice-ja-3.4.5.5-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libreoffice-kde-3.4.5.5-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libreoffice-ko-3.4.5.5-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libreoffice-mono-3.4.5.5-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libreoffice-nb-3.4.5.5-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libreoffice-nl-3.4.5.5-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libreoffice-nn-3.4.5.5-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libreoffice-pl-3.4.5.5-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libreoffice-pt-BR-3.4.5.5-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libreoffice-ru-3.4.5.5-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libreoffice-sk-3.4.5.5-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libreoffice-sv-3.4.5.5-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libreoffice-xh-3.4.5.5-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libreoffice-zh-CN-3.4.5.5-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libreoffice-zh-TW-3.4.5.5-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libreoffice-zu-3.4.5.5-0.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T16:32:38", "description": "This is a maintenance and security update that upgrades php to 5.3.4 for 2010.0/2010.1.\n\nSecurity Enhancements and Fixes in PHP 5.3.4 :\n\n - Paths with NULL in them (foo\\0bar.txt) are now considered as invalid (CVE-2006-7243).\n\n - Fixed bug #53512 (NumberFormatter::setSymbol crash on bogus values) (CVE-2010-4409)\n\nPlease note that CVE-2010-4150, CVE-2010-3870, CVE-2010-3436, CVE-2010-3709, CVE-2010-3710 were fixed in previous advisories.\n\nKey Bug Fixes in PHP 5.3.4 include :\n\n - Added stat support for zip stream.\n\n - Added follow_location (enabled by default) option for the http stream support.\n\n - Added a 3rd parameter to get_html_translation_table. It now takes a charset hint, like htmlentities et al.\n\n - Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend multibyte at runtime.\n\n - Multiple improvements to the FPM SAPI.\n\n - Over 100 other bug fixes.\n\nAdditional post 5.3.4 fixes :\n\n - Fixed bug #53517 (segfault in pgsql_stmt_execute() when postgres is down).\n\n - Fixed bug #53541 (format string bug in ext/phar).\n\nAdditionally some of the PECL extensions has been upgraded and/or rebuilt for the new php version.", "cvss3": {}, "published": "2010-12-16T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : php (MDVSA-2010:254)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-7243", "CVE-2010-2950", "CVE-2010-3436", "CVE-2010-3709", "CVE-2010-3710", "CVE-2010-3870", "CVE-2010-4150", "CVE-2010-4409"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:apache-mod_php", "p-cpe:/a:mandriva:linux:lib64php5_common5", "p-cpe:/a:mandriva:linux:libphp5_common5", "p-cpe:/a:mandriva:linux:php-apc", "p-cpe:/a:mandriva:linux:php-apc-admin", "p-cpe:/a:mandriva:linux:php-bcmath", "p-cpe:/a:mandriva:linux:php-bz2", "p-cpe:/a:mandriva:linux:php-calendar", "p-cpe:/a:mandriva:linux:php-cgi", "p-cpe:/a:mandriva:linux:php-cli", "p-cpe:/a:mandriva:linux:php-ctype", "p-cpe:/a:mandriva:linux:php-curl", "p-cpe:/a:mandriva:linux:php-dba", "p-cpe:/a:mandriva:linux:php-devel", "p-cpe:/a:mandriva:linux:php-dio", "p-cpe:/a:mandriva:linux:php-doc", "p-cpe:/a:mandriva:linux:php-dom", "p-cpe:/a:mandriva:linux:php-eaccelerator", "p-cpe:/a:mandriva:linux:php-eaccelerator-admin", "p-cpe:/a:mandriva:linux:php-enchant", "p-cpe:/a:mandriva:linux:php-exif", "p-cpe:/a:mandriva:linux:php-fam", "p-cpe:/a:mandriva:linux:php-fileinfo", "p-cpe:/a:mandriva:linux:php-filepro", "p-cpe:/a:mandriva:linux:php-filter", "p-cpe:/a:mandriva:linux:php-fpm", "p-cpe:/a:mandriva:linux:php-ftp", "p-cpe:/a:mandriva:linux:php-gd", "p-cpe:/a:mandriva:linux:php-mysql", "p-cpe:/a:mandriva:linux:php-mysqli", "p-cpe:/a:mandriva:linux:php-odbc", "p-cpe:/a:mandriva:linux:php-openssl", "p-cpe:/a:mandriva:linux:php-optimizer", "p-cpe:/a:mandriva:linux:php-pcntl", "p-cpe:/a:mandriva:linux:php-pdo", "p-cpe:/a:mandriva:linux:php-pdo_dblib", "p-cpe:/a:mandriva:linux:php-pdo_mysql", "p-cpe:/a:mandriva:linux:php-pdo_odbc", "p-cpe:/a:mandriva:linux:php-pdo_pgsql", "p-cpe:/a:mandriva:linux:php-pdo_sqlite", "p-cpe:/a:mandriva:linux:php-pgsql", "p-cpe:/a:mandriva:linux:php-phar", "p-cpe:/a:mandriva:linux:php-pinba", "p-cpe:/a:mandriva:linux:php-posix", "p-cpe:/a:mandriva:linux:php-pspell", "p-cpe:/a:mandriva:linux:php-readline", "p-cpe:/a:mandriva:linux:php-recode", "p-cpe:/a:mandriva:linux:php-sasl", "p-cpe:/a:mandriva:linux:php-session", "p-cpe:/a:mandriva:linux:php-shmop", "p-cpe:/a:mandriva:linux:php-snmp", "p-cpe:/a:mandriva:linux:php-soap", "p-cpe:/a:mandriva:linux:php-sockets", "p-cpe:/a:mandriva:linux:php-sphinx", "p-cpe:/a:mandriva:linux:php-sqlite3", "p-cpe:/a:mandriva:linux:php-ssh2", "p-cpe:/a:mandriva:linux:php-suhosin", "p-cpe:/a:mandriva:linux:php-sybase_ct", "p-cpe:/a:mandriva:linux:php-sysvmsg", "p-cpe:/a:mandriva:linux:php-sysvsem", "p-cpe:/a:mandriva:linux:php-sysvshm", "p-cpe:/a:mandriva:linux:php-tclink", "p-cpe:/a:mandriva:linux:php-tidy", "p-cpe:/a:mandriva:linux:php-timezonedb", "p-cpe:/a:mandriva:linux:php-tokenizer", "p-cpe:/a:mandriva:linux:php-translit", "p-cpe:/a:mandriva:linux:php-gearman", "p-cpe:/a:mandriva:linux:php-gettext", "p-cpe:/a:mandriva:linux:php-gmp", "p-cpe:/a:mandriva:linux:php-hash", "p-cpe:/a:mandriva:linux:php-iconv", "p-cpe:/a:mandriva:linux:php-idn", "p-cpe:/a:mandriva:linux:php-imap", "p-cpe:/a:mandriva:linux:php-ini", "p-cpe:/a:mandriva:linux:php-intl", "p-cpe:/a:mandriva:linux:php-json", "p-cpe:/a:mandriva:linux:php-ldap", "p-cpe:/a:mandriva:linux:php-mailparse", "p-cpe:/a:mandriva:linux:php-mbstring", "p-cpe:/a:mandriva:linux:php-mcal", "p-cpe:/a:mandriva:linux:php-mcrypt", "p-cpe:/a:mandriva:linux:php-mssql", "p-cpe:/a:mandriva:linux:php-vld", "p-cpe:/a:mandriva:linux:php-wddx", "p-cpe:/a:mandriva:linux:php-xattr", "p-cpe:/a:mandriva:linux:php-xdebug", "p-cpe:/a:mandriva:linux:php-xml", "p-cpe:/a:mandriva:linux:php-xmlreader", "p-cpe:/a:mandriva:linux:php-xmlrpc", "p-cpe:/a:mandriva:linux:php-xmlwriter", "p-cpe:/a:mandriva:linux:php-xsl", "p-cpe:/a:mandriva:linux:php-zip", "p-cpe:/a:mandriva:linux:php-zlib", "cpe:/o:mandriva:linux:2010.0", "cpe:/o:mandriva:linux:2010.1"], "id": "MANDRIVA_MDVSA-2010-254.NASL", "href": "https://www.tenable.com/plugins/nessus/51196", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:254. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51196);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-7243\", \"CVE-2010-2950\", \"CVE-2010-4409\");\n script_bugtraq_id(44951, 45119);\n script_xref(name:\"MDVSA\", value:\"2010:254\");\n\n script_name(english:\"Mandriva Linux Security Advisory : php (MDVSA-2010:254)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is a maintenance and security update that upgrades php to 5.3.4\nfor 2010.0/2010.1.\n\nSecurity Enhancements and Fixes in PHP 5.3.4 :\n\n - Paths with NULL in them (foo\\0bar.txt) are now\n considered as invalid (CVE-2006-7243).\n\n - Fixed bug #53512 (NumberFormatter::setSymbol crash on\n bogus values) (CVE-2010-4409)\n\nPlease note that CVE-2010-4150, CVE-2010-3870, CVE-2010-3436,\nCVE-2010-3709, CVE-2010-3710 were fixed in previous advisories.\n\nKey Bug Fixes in PHP 5.3.4 include :\n\n - Added stat support for zip stream.\n\n - Added follow_location (enabled by default) option for\n the http stream support.\n\n - Added a 3rd parameter to get_html_translation_table. It\n now takes a charset hint, like htmlentities et al.\n\n - Implemented FR #52348, added new constant ZEND_MULTIBYTE\n to detect zend multibyte at runtime.\n\n - Multiple improvements to the FPM SAPI.\n\n - Over 100 other bug fixes.\n\nAdditional post 5.3.4 fixes :\n\n - Fixed bug #53517 (segfault in pgsql_stmt_execute() when\n postgres is down).\n\n - Fixed bug #53541 (format string bug in ext/phar).\n\nAdditionally some of the PECL extensions has been upgraded and/or\nrebuilt for the new php version.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.php.net/bug.php?id=53517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.php.net/bug.php?id=53541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/ChangeLog-5.php#5.3.4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64php5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libphp5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-apc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-apc-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-eaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-eaccelerator-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-filepro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gearman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-idn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mailparse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mcal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysqli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-optimizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_dblib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pinba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sasl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sphinx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sqlite3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ssh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sybase_ct\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tclink\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-timezonedb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-translit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-vld\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xattr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.0\", reference:\"apache-mod_php-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libphp5_common5-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-apc-3.1.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-apc-admin-3.1.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-bcmath-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-bz2-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-calendar-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-cgi-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-cli-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-ctype-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-curl-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-dba-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-devel-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-dio-0.0.2-6.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-doc-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-dom-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-eaccelerator-0.9.6.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-eaccelerator-admin-0.9.6.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-enchant-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-exif-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-fam-5.0.1-10.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-fileinfo-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-filepro-5.1.6-20.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-filter-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-fpm-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-ftp-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-gd-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-gettext-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-gmp-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-hash-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-iconv-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-idn-1.2b-18.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-imap-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-ini-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-intl-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-json-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-ldap-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mailparse-2.1.5-3.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mbstring-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mcal-0.6-30.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mcrypt-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mssql-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mysql-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mysqli-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-odbc-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-openssl-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-optimizer-0.1-0.alpha2.3.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pcntl-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pdo-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pdo_dblib-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pdo_mysql-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pdo_odbc-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pdo_pgsql-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pdo_sqlite-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pgsql-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-phar-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-posix-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pspell-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-readline-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-recode-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sasl-0.1.0-28.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-session-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-shmop-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-snmp-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-soap-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sockets-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sqlite3-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-ssh2-0.11.2-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-suhosin-0.9.32.1-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sybase_ct-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sysvmsg-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sysvsem-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sysvshm-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-tclink-3.4.5-1.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-tidy-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-timezonedb-2010.15-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-tokenizer-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-translit-0.6.0-10.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-vld-0.10.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-wddx-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xattr-1.1.0-9.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xdebug-2.1.0-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xml-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xmlreader-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xmlrpc-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xmlwriter-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xsl-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-zip-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-zlib-5.3.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_php-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libphp5_common5-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-apc-3.1.6-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-apc-admin-3.1.6-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-bcmath-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-bz2-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-calendar-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-cgi-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-cli-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-ctype-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-curl-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-dba-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-devel-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-doc-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-dom-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-eaccelerator-0.9.6.1-1.2mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-eaccelerator-admin-0.9.6.1-1.2mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-enchant-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-exif-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-fileinfo-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-filter-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-fpm-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-ftp-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-gd-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-gearman-0.7.0-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-gettext-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-gmp-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-hash-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-iconv-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-imap-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-ini-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-intl-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-json-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-ldap-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mailparse-2.1.5-8.2mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mbstring-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mcal-0.6-35.2mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mcrypt-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mssql-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mysql-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mysqli-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-odbc-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-openssl-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-optimizer-0.1-0.alpha2.8.2mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pcntl-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_dblib-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_mysql-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_odbc-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_pgsql-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_sqlite-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pgsql-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-phar-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pinba-0.0.5-2.2mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-posix-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pspell-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-readline-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-recode-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sasl-0.1.0-33.2mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-session-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-shmop-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-snmp-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-soap-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sockets-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sphinx-1.0.4-2.2mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sqlite3-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-ssh2-0.11.2-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-suhosin-0.9.32.1-0.2mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sybase_ct-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sysvmsg-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sysvsem-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sysvshm-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-tclink-3.4.5-7.2mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-tidy-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-timezonedb-2010.15-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-tokenizer-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-translit-0.6.0-15.2mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-vld-0.10.1-1.2mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-wddx-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xattr-1.1.0-13.2mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xdebug-2.1.0-0.3mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xml-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xmlreader-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xmlrpc-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xmlwriter-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xsl-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-zip-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-zlib-5.3.4-0.1mdv2010.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T14:52:59", "description": "It was discovered that an integer overflow in the XML UTF-8 decoding code could allow an attacker to bypass cross-site scripting (XSS) protections. This issue only affected Ubuntu 6.06 LTS, Ubuntu 8.04 LTS, and Ubuntu 9.10. (CVE-2009-5016)\n\nIt was discovered that the XML UTF-8 decoding code did not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which could allow an attacker to bypass cross-site scripting (XSS) protections. (CVE-2010-3870)\n\nIt was discovered that attackers might be able to bypass open_basedir() restrictions by passing a specially crafted filename.\n(CVE-2010-3436)\n\nMaksymilian Arciemowicz discovered that a NULL pointer derefence in the ZIP archive handling code could allow an attacker to cause a denial of service through a specially crafted ZIP archive. This issue only affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, and Ubuntu 10.10. (CVE-2010-3709)\n\nIt was discovered that a stack consumption vulnerability in the filter_var() PHP function when in FILTER_VALIDATE_EMAIL mode, could allow a remote attacker to cause a denial of service. This issue only affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, and Ubuntu 10.10. (CVE-2010-3710)\n\nIt was discovered that the mb_strcut function in the Libmbfl library within PHP could allow an attacker to read arbitrary memory within the application process. This issue only affected Ubuntu 10.10.\n(CVE-2010-4156)\n\nMaksymilian Arciemowicz discovered that an integer overflow in the NumberFormatter::getSymbol function could allow an attacker to cause a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 10.10. (CVE-2010-4409)\n\nRick Regan discovered that when handing PHP textual representations of the largest subnormal double-precision floating-point number, the zend_strtod function could go into an infinite loop on 32bit x86 processors, allowing an attacker to cause a denial of service.\n(CVE-2010-4645).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-01-12T00:00:00", "type": "nessus", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : php5 vulnerabilities (USN-1042-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-5016", "CVE-2010-3436", "CVE-2010-3709", "CVE-2010-3710", "CVE-2010-3870", "CVE-2010-4156", "CVE-2010-4409", "CVE-2010-4645"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5", "p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5filter", "p-cpe:/a:canonical:ubuntu_linux:php-pear", "p-cpe:/a:canonical:ubuntu_linux:php5", "p-cpe:/a:canonical:ubuntu_linux:php5-cgi", "p-cpe:/a:canonical:ubuntu_linux:php5-cli", "p-cpe:/a:canonical:ubuntu_linux:php5-common", "p-cpe:/a:canonical:ubuntu_linux:php5-curl", "p-cpe:/a:canonical:ubuntu_linux:php5-dbg", "p-cpe:/a:canonical:ubuntu_linux:php5-dev", "p-cpe:/a:canonical:ubuntu_linux:php5-enchant", "p-cpe:/a:canonical:ubuntu_linux:php5-fpm", "p-cpe:/a:canonical:ubuntu_linux:php5-gd", "p-cpe:/a:canonical:ubuntu_linux:php5-gmp", "p-cpe:/a:canonical:ubuntu_linux:php5-intl", "p-cpe:/a:canonical:ubuntu_linux:php5-ldap", "p-cpe:/a:canonical:ubuntu_linux:php5-mhash", "p-cpe:/a:canonical:ubuntu_linux:php5-mysql", "p-cpe:/a:canonical:ubuntu_linux:php5-mysqli", "p-cpe:/a:canonical:ubuntu_linux:php5-odbc", "p-cpe:/a:canonical:ubuntu_linux:php5-pgsql", "p-cpe:/a:canonical:ubuntu_linux:php5-pspell", "p-cpe:/a:canonical:ubuntu_linux:php5-recode", "p-cpe:/a:canonical:ubuntu_linux:php5-snmp", "p-cpe:/a:canonical:ubuntu_linux:php5-sqlite", "p-cpe:/a:canonical:ubuntu_linux:php5-sybase", "p-cpe:/a:canonical:ubuntu_linux:php5-tidy", "p-cpe:/a:canonical:ubuntu_linux:php5-xmlrpc", "p-cpe:/a:canonical:ubuntu_linux:php5-xsl", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:9.10"], "id": "UBUNTU_USN-1042-1.NASL", "href": "https://www.tenable.com/plugins/nessus/51502", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1042-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(51502);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2009-5016\", \"CVE-2010-3436\", \"CVE-2010-3709\", \"CVE-2010-3710\", \"CVE-2010-3870\", \"CVE-2010-4156\", \"CVE-2010-4409\", \"CVE-2010-4645\");\n script_bugtraq_id(43926, 44605, 44718, 44723, 44727, 44889, 45119, 45668);\n script_xref(name:\"USN\", value:\"1042-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : php5 vulnerabilities (USN-1042-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that an integer overflow in the XML UTF-8 decoding\ncode could allow an attacker to bypass cross-site scripting (XSS)\nprotections. This issue only affected Ubuntu 6.06 LTS, Ubuntu 8.04\nLTS, and Ubuntu 9.10. (CVE-2009-5016)\n\nIt was discovered that the XML UTF-8 decoding code did not properly\nhandle non-shortest form UTF-8 encoding and ill-formed subsequences in\nUTF-8 data, which could allow an attacker to bypass cross-site\nscripting (XSS) protections. (CVE-2010-3870)\n\nIt was discovered that attackers might be able to bypass\nopen_basedir() restrictions by passing a specially crafted filename.\n(CVE-2010-3436)\n\nMaksymilian Arciemowicz discovered that a NULL pointer derefence in\nthe ZIP archive handling code could allow an attacker to cause a\ndenial of service through a specially crafted ZIP archive. This issue\nonly affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, and\nUbuntu 10.10. (CVE-2010-3709)\n\nIt was discovered that a stack consumption vulnerability in the\nfilter_var() PHP function when in FILTER_VALIDATE_EMAIL mode, could\nallow a remote attacker to cause a denial of service. This issue only\naffected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, and Ubuntu\n10.10. (CVE-2010-3710)\n\nIt was discovered that the mb_strcut function in the Libmbfl library\nwithin PHP could allow an attacker to read arbitrary memory within the\napplication process. This issue only affected Ubuntu 10.10.\n(CVE-2010-4156)\n\nMaksymilian Arciemowicz discovered that an integer overflow in the\nNumberFormatter::getSymbol function could allow an attacker to cause a\ndenial of service. This issue only affected Ubuntu 10.04 LTS and\nUbuntu 10.10. (CVE-2010-4409)\n\nRick Regan discovered that when handing PHP textual representations of\nthe largest subnormal double-precision floating-point number, the\nzend_strtod function could go into an infinite loop on 32bit x86\nprocessors, allowing an attacker to cause a denial of service.\n(CVE-2010-4645).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1042-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-mhash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-mysqli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/10/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(6\\.06|8\\.04|9\\.10|10\\.04|10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 9.10 / 10.04 / 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.1.2-1ubuntu3.20\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php-pear\", pkgver:\"5.1.2-1ubuntu3.20\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5\", pkgver:\"5.1.2-1ubuntu3.20\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-cgi\", pkgver:\"5.1.2-1ubuntu3.20\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-cli\", pkgver:\"5.1.2-1ubuntu3.20\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-common\", pkgver:\"5.1.2-1ubuntu3.20\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-curl\", pkgver:\"5.1.2-1ubuntu3.20\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-dev\", pkgver:\"5.1.2-1ubuntu3.20\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-gd\", pkgver:\"5.1.2-1ubuntu3.20\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-ldap\", pkgver:\"5.1.2-1ubuntu3.20\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-mhash\", pkgver:\"5.1.2-1ubuntu3.20\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-mysql\", pkgver:\"5.1.2-1ubuntu3.20\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-mysqli\", pkgver:\"5.1.2-1ubuntu3.20\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-odbc\", pkgver:\"5.1.2-1ubuntu3.20\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-pgsql\", pkgver:\"5.1.2-1ubuntu3.20\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-recode\", pkgver:\"5.1.2-1ubuntu3.20\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-snmp\", pkgver:\"5.1.2-1ubuntu3.20\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-sqlite\", pkgver:\"5.1.2-1ubuntu3.20\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-sybase\", pkgver:\"5.1.2-1ubuntu3.20\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-xmlrpc\", pkgver:\"5.1.2-1ubuntu3.20\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-xsl\", pkgver:\"5.1.2-1ubuntu3.20\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.2.4-2ubuntu5.13\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php-pear\", pkgver:\"5.2.4-2ubuntu5.13\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5\", pkgver:\"5.2.4-2ubuntu5.13\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-cgi\", pkgver:\"5.2.4-2ubuntu5.13\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-cli\", pkgver:\"5.2.4-2ubuntu5.13\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-common\", pkgver:\"5.2.4-2ubuntu5.13\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-curl\", pkgver:\"5.2.4-2ubuntu5.13\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-dev\", pkgver:\"5.2.4-2ubuntu5.13\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-gd\", pkgver:\"5.2.4-2ubuntu5.13\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-gmp\", pkgver:\"5.2.4-2ubuntu5.13\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-ldap\", pkgver:\"5.2.4-2ubuntu5.13\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-mhash\", pkgver:\"5.2.4-2ubuntu5.13\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-mysql\", pkgver:\"5.2.4-2ubuntu5.13\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-odbc\", pkgver:\"5.2.4-2ubuntu5.13\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-pgsql\", pkgver:\"5.2.4-2ubuntu5.13\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-pspell\", pkgver:\"5.2.4-2ubuntu5.13\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-recode\", pkgver:\"5.2.4-2ubuntu5.13\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-snmp\", pkgver:\"5.2.4-2ubuntu5.13\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-sqlite\", pkgver:\"5.2.4-2ubuntu5.13\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-sybase\", pkgver:\"5.2.4-2ubuntu5.13\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-tidy\", pkgver:\"5.2.4-2ubuntu5.13\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-xmlrpc\", pkgver:\"5.2.4-2ubuntu5.13\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-xsl\", pkgver:\"5.2.4-2ubuntu5.13\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libapache2-mod-php5filter\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php-pear\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-cgi\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-cli\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-common\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-curl\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-dbg\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-dev\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-gd\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-gmp\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-ldap\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-mhash\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-mysql\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-odbc\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-pgsql\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-pspell\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-recode\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-snmp\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-sqlite\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-sybase\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-tidy\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-xmlrpc\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-xsl\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.6\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.3.2-1ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libapache2-mod-php5filter\", pkgver:\"5.3.2-1ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php-pear\", pkgver:\"5.3.2-1ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5\", pkgver:\"5.3.2-1ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-cgi\", pkgver:\"5.3.2-1ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-cli\", pkgver:\"5.3.2-1ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-common\", pkgver:\"5.3.2-1ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-curl\", pkgver:\"5.3.2-1ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-dbg\", pkgver:\"5.3.2-1ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-dev\", pkgver:\"5.3.2-1ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-enchant\", pkgver:\"5.3.2-1ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-gd\", pkgver:\"5.3.2-1ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-gmp\", pkgver:\"5.3.2-1ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-intl\", pkgver:\"5.3.2-1ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-ldap\", pkgver:\"5.3.2-1ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-mysql\", pkgver:\"5.3.2-1ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-odbc\", pkgver:\"5.3.2-1ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-pgsql\", pkgver:\"5.3.2-1ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-pspell\", pkgver:\"5.3.2-1ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-recode\", pkgver:\"5.3.2-1ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-snmp\", pkgver:\"5.3.2-1ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-sqlite\", pkgver:\"5.3.2-1ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-sybase\", pkgver:\"5.3.2-1ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-tidy\", pkgver:\"5.3.2-1ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-xmlrpc\", pkgver:\"5.3.2-1ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-xsl\", pkgver:\"5.3.2-1ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.3.3-1ubuntu9.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libapache2-mod-php5filter\", pkgver:\"5.3.3-1ubuntu9.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php-pear\", pkgver:\"5.3.3-1ubuntu9.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5\", pkgver:\"5.3.3-1ubuntu9.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-cgi\", pkgver:\"5.3.3-1ubuntu9.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-cli\", pkgver:\"5.3.3-1ubuntu9.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-common\", pkgver:\"5.3.3-1ubuntu9.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-curl\", pkgver:\"5.3.3-1ubuntu9.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-dbg\", pkgver:\"5.3.3-1ubuntu9.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-dev\", pkgver:\"5.3.3-1ubuntu9.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-enchant\", pkgver:\"5.3.3-1ubuntu9.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-fpm\", pkgver:\"5.3.3-1ubuntu9.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-gd\", pkgver:\"5.3.3-1ubuntu9.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-gmp\", pkgver:\"5.3.3-1ubuntu9.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-intl\", pkgver:\"5.3.3-1ubuntu9.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-ldap\", pkgver:\"5.3.3-1ubuntu9.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-mysql\", pkgver:\"5.3.3-1ubuntu9.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-odbc\", pkgver:\"5.3.3-1ubuntu9.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-pgsql\", pkgver:\"5.3.3-1ubuntu9.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-pspell\", pkgver:\"5.3.3-1ubuntu9.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-recode\", pkgver:\"5.3.3-1ubuntu9.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-snmp\", pkgver:\"5.3.3-1ubuntu9.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-sqlite\", pkgver:\"5.3.3-1ubuntu9.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-sybase\", pkgver:\"5.3.3-1ubuntu9.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-tidy\", pkgver:\"5.3.3-1ubuntu9.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-xmlrpc\", pkgver:\"5.3.3-1ubuntu9.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-xsl\", pkgver:\"5.3.3-1ubuntu9.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libapache2-mod-php5 / libapache2-mod-php5filter / php-pear / php5 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:54:51", "description": "Security Enhancements and Fixes in PHP 5.3.4 :\n\n - Fixed crash in zip extract method (possible CWE-170).\n\n - Paths with NULL in them (foo\\0bar.txt) are now considered as invalid (CVE-2006-7243).\n\n - Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150).\n\n - Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709).\n\n - Fixed possible flaw in open_basedir (CVE-2010-3436).\n\n - Fixed MOPS-2010-24, fix string validation.\n (CVE-2010-2950).\n\n - Fixed symbolic resolution support when the target is a DFS share.\n\n - Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) (CVE-2010-3710).\n\nKey Bug Fixes in PHP 5.3.4 include :\n\n - Added stat support for zip stream.\n\n - Added follow_location (enabled by default) option for the http stream support.\n\n - Added a 3rd parameter to get_html_translation_table.\n It now takes a charset hint, like htmlentities et al.\n\n - Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend multibyte at runtime.\n\nFull upstream Changelog : http://www.php.net/ChangeLog-5.php#5.3.4\n\nThis update also provides php-eaccelerator and maniadrive packages rebuild against update php.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-01-05T00:00:00", "type": "nessus", "title": "Fedora 13 : maniadrive-1.2-23.fc13 / php-5.3.4-1.fc13.1 / php-eaccelerator-0.9.6.1-3.fc13 (2010-19011)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-7243", "CVE-2009-5016", "CVE-2010-2950", "CVE-2010-3436", "CVE-2010-3709", "CVE-2010-3710", "CVE-2010-3870", "CVE-2010-4150", "CVE-2010-4156", "CVE-2010-4409"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:maniadrive", "p-cpe:/a:fedoraproject:fedora:php", "p-cpe:/a:fedoraproject:fedora:php-eaccelerator", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2010-19011.NASL", "href": "https://www.tenable.com/plugins/nessus/51413", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-19011.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51413);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-5016\", \"CVE-2010-3709\", \"CVE-2010-3710\", \"CVE-2010-3870\", \"CVE-2010-4150\", \"CVE-2010-4156\", \"CVE-2010-4409\");\n script_bugtraq_id(43926, 44605, 44718, 44727, 44889, 44980, 45119);\n script_xref(name:\"FEDORA\", value:\"2010-19011\");\n\n script_name(english:\"Fedora 13 : maniadrive-1.2-23.fc13 / php-5.3.4-1.fc13.1 / php-eaccelerator-0.9.6.1-3.fc13 (2010-19011)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Enhancements and Fixes in PHP 5.3.4 :\n\n - Fixed crash in zip extract method (possible CWE-170).\n\n - Paths with NULL in them (foo\\0bar.txt) are now\n considered as invalid (CVE-2006-7243).\n\n - Fixed a possible double free in imap extension\n (Identified by Mateusz Kocielski). (CVE-2010-4150).\n\n - Fixed NULL pointer dereference in\n ZipArchive::getArchiveComment. (CVE-2010-3709).\n\n - Fixed possible flaw in open_basedir (CVE-2010-3436).\n\n - Fixed MOPS-2010-24, fix string validation.\n (CVE-2010-2950).\n\n - Fixed symbolic resolution support when the target is a\n DFS share.\n\n - Fixed bug #52929 (Segfault in filter_var with\n FILTER_VALIDATE_EMAIL with large amount of data)\n (CVE-2010-3710).\n\nKey Bug Fixes in PHP 5.3.4 include :\n\n - Added stat support for zip stream.\n\n - Added follow_location (enabled by default) option for\n the http stream support.\n\n - Added a 3rd parameter to get_html_translation_table.\n It now takes a charset hint, like htmlentities et al.\n\n - Implemented FR #52348, added new constant\n ZEND_MULTIBYTE to detect zend multibyte at runtime.\n\nFull upstream Changelog : http://www.php.net/ChangeLog-5.php#5.3.4\n\nThis update also provides php-eaccelerator and maniadrive packages\nrebuild against update php.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/ChangeLog-5.php#5.3.4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=646684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=649056\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=651206\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=651682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=652836\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=656917\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=660382\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-January/052835.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6016f929\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9c46c86e\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-January/052837.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ea13a1e7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected maniadrive, php and / or php-eaccelerator\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:maniadrive\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-eaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/10/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"maniadrive-1.2-23.fc13\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"php-5.3.4-1.fc13.1\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"php-eaccelerator-0.9.6.1-3.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"maniadrive / php / php-eaccelerator\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:55:26", "description": "Security Enhancements and Fixes in PHP 5.3.4 :\n\n - Fixed crash in zip extract method (possible CWE-170).\n\n - Paths with NULL in them (foo\\0bar.txt) are now considered as invalid (CVE-2006-7243).\n\n - Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150).\n\n - Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709).\n\n - Fixed possible flaw in open_basedir (CVE-2010-3436).\n\n - Fixed MOPS-2010-24, fix string validation.\n (CVE-2010-2950).\n\n - Fixed symbolic resolution support when the target is a DFS share.\n\n - Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) (CVE-2010-3710).\n\nKey Bug Fixes in PHP 5.3.4 include :\n\n - Added stat support for zip stream.\n\n - Added follow_location (enabled by default) option for the http stream support.\n\n - Added a 3rd parameter to get_html_translation_table.\n It now takes a charset hint, like htmlentities et al.\n\n - Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend multibyte at runtime.\n\nFull upstream Changelog : http://www.php.net/ChangeLog-5.php#5.3.4\n\nThis update also provides php-eaccelerator and maniadrive packages rebuild against update php.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-01-05T00:00:00", "type": "nessus", "title": "Fedora 14 : maniadrive-1.2-23.fc14 / php-5.3.4-1.fc14.1 / php-eaccelerator-0.9.6.1-3.fc14 (2010-18976)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-7243", "CVE-2009-5016", "CVE-2010-2950", "CVE-2010-3436", "CVE-2010-3709", "CVE-2010-3710", "CVE-2010-3870", "CVE-2010-4150", "CVE-2010-4156", "CVE-2010-4409"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:maniadrive", "p-cpe:/a:fedoraproject:fedora:php", "p-cpe:/a:fedoraproject:fedora:php-eaccelerator", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2010-18976.NASL", "href": "https://www.tenable.com/plugins/nessus/51412", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-18976.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51412);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-5016\", \"CVE-2010-3709\", \"CVE-2010-3710\", \"CVE-2010-3870\", \"CVE-2010-4150\", \"CVE-2010-4156\", \"CVE-2010-4409\");\n script_bugtraq_id(43926, 44605, 44718, 44727, 44889, 44980, 45119);\n script_xref(name:\"FEDORA\", value:\"2010-18976\");\n\n script_name(english:\"Fedora 14 : maniadrive-1.2-23.fc14 / php-5.3.4-1.fc14.1 / php-eaccelerator-0.9.6.1-3.fc14 (2010-18976)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Enhancements and Fixes in PHP 5.3.4 :\n\n - Fixed crash in zip extract method (possible CWE-170).\n\n - Paths with NULL in them (foo\\0bar.txt) are now\n considered as invalid (CVE-2006-7243).\n\n - Fixed a possible double free in imap extension\n (Identified by Mateusz Kocielski). (CVE-2010-4150).\n\n - Fixed NULL pointer dereference in\n ZipArchive::getArchiveComment. (CVE-2010-3709).\n\n - Fixed possible flaw in open_basedir (CVE-2010-3436).\n\n - Fixed MOPS-2010-24, fix string validation.\n (CVE-2010-2950).\n\n - Fixed symbolic resolution support when the target is a\n DFS share.\n\n - Fixed bug #52929 (Segfault in filter_var with\n FILTER_VALIDATE_EMAIL with large amount of data)\n (CVE-2010-3710).\n\nKey Bug Fixes in PHP 5.3.4 include :\n\n - Added stat support for zip stream.\n\n - Added follow_location (enabled by default) option for\n the http stream support.\n\n - Added a 3rd parameter to get_html_translation_table.\n It now takes a charset hint, like htmlentities et al.\n\n - Implemented FR #52348, added new constant\n ZEND_MULTIBYTE to detect zend multibyte at runtime.\n\nFull upstream Changelog : http://www.php.net/ChangeLog-5.php#5.3.4\n\nThis update also provides php-eaccelerator and maniadrive packages\nrebuild against update php.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/ChangeLog-5.php#5.3.4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=646684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=649056\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=651206\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=651682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=652836\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=656917\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=660382\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-January/052843.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?730c2771\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-January/052844.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7a183384\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?85fdc87e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected maniadrive, php and / or php-eaccelerator\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:maniadrive\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-eaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/10/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"maniadrive-1.2-23.fc14\")) flag++;\nif (rpm_check(release:\"FC14\", reference:\"php-5.3.4-1.fc14.1\")) flag++;\nif (rpm_check(release:\"FC14\", reference:\"php-eaccelerator-0.9.6.1-3.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"maniadrive / php / php-eaccelerator\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T14:59:40", "description": "Multiple vulnerabilities has been identified and fixed in php :\n\nThe _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (application crash) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation (CVE-2011-0421).\n\nexif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read (CVE-2011-0708).\n\nInteger overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop_read function (CVE-2011-1092).\n\nMultiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call (CVE-2011-1153).\n\nBuffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow context-dependent attackers to cause a denial of service (application crash) via a small numerical value in the argument (CVE-2011-1464).\n\nInteger overflow in the SdnToJulian function in the Calendar extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a large integer in the first argument to the cal_from_jd function (CVE-2011-1466).\n\nUnspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a related issue to CVE-2010-4409 (CVE-2011-1467).\n\nUnspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) by accessing an ftp:// URL during use of an HTTP proxy with the FTP wrapper (CVE-2011-1469).\n\nThe Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function (CVE-2011-1470).\n\nInteger signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls (CVE-2011-1471).\n\nThe previous fix for #43486 got lost along the line and is now being fixed again.\n\nNote: the php-phar (CVE-2011-1153) and php-intl (CVE-2011-1467) packages was shipped with Enterprise Server 5 only and is also being fixed with this advisory.\n\nAdditionally sqlite3 was upgraded to 3.7.3 for Corporate Server 4 which has numerous bug fixes and enhancements over the previous version.\n\nPackages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct these issues.", "cvss3": {}, "published": "2011-03-24T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : php (MDVSA-2011:052)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4409", "CVE-2011-0421", "CVE-2011-0708", "CVE-2011-1092", "CVE-2011-1153", "CVE-2011-1464", "CVE-2011-1466", "CVE-2011-1467", "CVE-2011-1469", "CVE-2011-1470", "CVE-2011-1471"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64php5_common5", "p-cpe:/a:mandriva:linux:libphp5_common5", "p-cpe:/a:mandriva:linux:php-bcmath", "p-cpe:/a:mandriva:linux:php-bz2", "p-cpe:/a:mandriva:linux:php-calendar", "p-cpe:/a:mandriva:linux:php-cgi", "p-cpe:/a:mandriva:linux:php-cli", "p-cpe:/a:mandriva:linux:php-ctype", "p-cpe:/a:mandriva:linux:php-curl", "p-cpe:/a:mandriva:linux:php-dba", "p-cpe:/a:mandriva:linux:php-dbase", "p-cpe:/a:mandriva:linux:php-devel", "p-cpe:/a:mandriva:linux:php-dom", "p-cpe:/a:mandriva:linux:php-exif", "p-cpe:/a:mandriva:linux:php-fcgi", "p-cpe:/a:mandriva:linux:php-filter", "p-cpe:/a:mandriva:linux:php-ftp", "p-cpe:/a:mandriva:linux:php-gd", "p-cpe:/a:mandriva:linux:php-gettext", "p-cpe:/a:mandriva:linux:php-gmp", "p-cpe:/a:mandriva:linux:php-hash", "p-cpe:/a:mandriva:linux:php-posix", "p-cpe:/a:mandriva:linux:php-iconv", "p-cpe:/a:mandriva:linux:php-pspell", "p-cpe:/a:mandriva:linux:php-imap", "p-cpe:/a:mandriva:linux:php-readline", "p-cpe:/a:mandriva:linux:php-recode", "p-cpe:/a:mandriva:linux:php-json", "p-cpe:/a:mandriva:linux:php-session", "p-cpe:/a:mandriva:linux:php-ldap", "p-cpe:/a:mandriva:linux:php-shmop", "p-cpe:/a:mandriva:linux:php-snmp", "p-cpe:/a:mandriva:linux:php-mbstring", "p-cpe:/a:mandriva:linux:php-soap", "p-cpe:/a:mandriva:linux:php-mcrypt", "p-cpe:/a:mandriva:linux:php-sockets", "p-cpe:/a:mandriva:linux:php-mhash", "p-cpe:/a:mandriva:linux:php-sqlite", "p-cpe:/a:mandriva:linux:php-sybase", "p-cpe:/a:mandriva:linux:php-sysvmsg", "p-cpe:/a:mandriva:linux:php-mime_magic", "p-cpe:/a:mandriva:linux:php-sysvsem", "p-cpe:/a:mandriva:linux:php-ming", "p-cpe:/a:mandriva:linux:php-sysvshm", "p-cpe:/a:mandriva:linux:php-tidy", "p-cpe:/a:mandriva:linux:php-mssql", "p-cpe:/a:mandriva:linux:php-tokenizer", "p-cpe:/a:mandriva:linux:php-mysql", "p-cpe:/a:mandriva:linux:php-wddx", "p-cpe:/a:mandriva:linux:php-xml", "p-cpe:/a:mandriva:linux:php-xmlreader", "p-cpe:/a:mandriva:linux:php-xmlrpc", "p-cpe:/a:mandriva:linux:php-mysqli", "p-cpe:/a:mandriva:linux:php-xmlwriter", "p-cpe:/a:mandriva:linux:php-xsl", "p-cpe:/a:mandriva:linux:php-ncurses", "p-cpe:/a:mandriva:linux:php-zip", "p-cpe:/a:mandriva:linux:php-odbc", "p-cpe:/a:mandriva:linux:php-zlib", "p-cpe:/a:mandriva:linux:php-openssl", "cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:php-pcntl", "p-cpe:/a:mandriva:linux:php-pdo", "p-cpe:/a:mandriva:linux:php-pdo_dblib", "p-cpe:/a:mandriva:linux:php-pdo_mysql", "p-cpe:/a:mandriva:linux:php-pdo_odbc", "p-cpe:/a:mandriva:linux:php-pdo_pgsql", "p-cpe:/a:mandriva:linux:php-pdo_sqlite", "p-cpe:/a:mandriva:linux:php-pgsql"], "id": "MANDRIVA_MDVSA-2011-052.NASL", "href": "https://www.tenable.com/plugins/nessus/52957", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:052. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52957);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-0421\", \"CVE-2011-0708\", \"CVE-2011-1092\", \"CVE-2011-1153\", \"CVE-2011-1464\", \"CVE-2011-1466\", \"CVE-2011-1467\", \"CVE-2011-1469\", \"CVE-2011-1470\", \"CVE-2011-1471\");\n script_bugtraq_id(46354, 46365, 46786, 46854, 46967, 46968, 46969, 46970, 46975);\n script_xref(name:\"MDVSA\", value:\"2011:052\");\n\n script_name(english:\"Mandriva Linux Security Advisory : php (MDVSA-2011:052)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been identified and fixed in php :\n\nThe _zip_name_locate function in zip_name_locate.c in the Zip\nextension in PHP before 5.3.6 does not properly handle a\nZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent\nattackers to cause a denial of service (application crash) via an\nempty ZIP archive that is processed with a (1) locateName or (2)\nstatName operation (CVE-2011-0421).\n\nexif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms\nperforms an incorrect cast, which allows remote attackers to cause a\ndenial of service (application crash) via an image with a crafted\nImage File Directory (IFD) that triggers a buffer over-read\n(CVE-2011-0708).\n\nInteger overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows\ncontext-dependent attackers to cause a denial of service (crash) and\npossibly read sensitive memory via a large third argument to the\nshmop_read function (CVE-2011-1092).\n\nMultiple format string vulnerabilities in phar_object.c in the phar\nextension in PHP 5.3.5 and earlier allow context-dependent attackers\nto obtain sensitive information from process memory, cause a denial of\nservice (memory corruption), or possibly execute arbitrary code via\nformat string specifiers in an argument to a class method, leading to\nan incorrect zend_throw_exception_ex call (CVE-2011-1153).\n\nBuffer overflow in the strval function in PHP before 5.3.6, when the\nprecision configuration option has a large value, might allow\ncontext-dependent attackers to cause a denial of service (application\ncrash) via a small numerical value in the argument (CVE-2011-1464).\n\nInteger overflow in the SdnToJulian function in the Calendar extension\nin PHP before 5.3.6 allows context-dependent attackers to cause a\ndenial of service (application crash) via a large integer in the first\nargument to the cal_from_jd function (CVE-2011-1466).\n\nUnspecified vulnerability in the NumberFormatter::setSymbol (aka\nnumfmt_set_symbol) function in the Intl extension in PHP before 5.3.6\nallows context-dependent attackers to cause a denial of service\n(application crash) via an invalid argument, a related issue to\nCVE-2010-4409 (CVE-2011-1467).\n\nUnspecified vulnerability in the Streams component in PHP before 5.3.6\nallows context-dependent attackers to cause a denial of service\n(application crash) by accessing an ftp:// URL during use of an HTTP\nproxy with the FTP wrapper (CVE-2011-1469).\n\nThe Zip extension in PHP before 5.3.6 allows context-dependent\nattackers to cause a denial of service (application crash) via a\nziparchive stream that is not properly handled by the\nstream_get_contents function (CVE-2011-1470).\n\nInteger signedness error in zip_stream.c in the Zip extension in PHP\nbefore 5.3.6 allows context-dependent attackers to cause a denial of\nservice (CPU consumption) via a malformed archive file that triggers\nerrors in zip_fread function calls (CVE-2011-1471).\n\nThe previous fix for #43486 got lost along the line and is now being\nfixed again.\n\nNote: the php-phar (CVE-2011-1153) and php-intl (CVE-2011-1467)\npackages was shipped with Enterprise Server 5 only and is also being\nfixed with this advisory.\n\nAdditionally sqlite3 was upgraded to 3.7.3 for Corporate Server 4\nwhich has numerous bug fixes and enhancements over the previous\nversion.\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://qa.mandriva.com/43486\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64php5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libphp5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mhash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mime_magic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysqli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_dblib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libphp5_common5-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-bcmath-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-bz2-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-calendar-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-cgi-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-cli-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-ctype-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-curl-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-dba-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-dbase-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-devel-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-dom-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-exif-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-fcgi-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-filter-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-ftp-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-gd-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-gettext-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-gmp-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-hash-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-iconv-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-imap-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-json-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-ldap-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-mbstring-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-mcrypt-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-mhash-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-mime_magic-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-ming-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-mssql-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-mysql-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-mysqli-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-ncurses-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-odbc-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-openssl-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pcntl-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pdo-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pdo_dblib-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pdo_mysql-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pdo_odbc-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pdo_pgsql-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pdo_sqlite-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pgsql-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-posix-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pspell-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-readline-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-recode-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-session-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-shmop-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-snmp-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-soap-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-sockets-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-sqlite-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-sybase-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-sysvmsg-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-sysvsem-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-sysvshm-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-tidy-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-tokenizer-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-wddx-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-xml-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-xmlreader-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-xmlrpc-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-xmlwriter-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-xsl-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-zip-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-zlib-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T14:59:42", "description": "Multiple vulnerabilities has been identified and fixed in php :\n\nThe _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (application crash) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation (CVE-2011-0421).\n\nexif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read (CVE-2011-0708).\n\nInteger overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop_read function (CVE-2011-1092).\n\nMultiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call (CVE-2011-1153).\n\nBuffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow context-dependent attackers to cause a denial of service (application crash) via a small numerical value in the argument (CVE-2011-1464).\n\nInteger overflow in the SdnToJulian function in the Calendar extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a large integer in the first argument to the cal_from_jd function (CVE-2011-1466).\n\nUnspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a related issue to CVE-2010-4409 (CVE-2011-1467).\n\nMultiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service (memory consumption) via (1) plaintext data to the openssl_encrypt function or (2) ciphertext data to the openssl_decrypt function (CVE-2011-1468).\n\nUnspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) by accessing an ftp:// URL during use of an HTTP proxy with the FTP wrapper (CVE-2011-1469).\n\nThe Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function (CVE-2011-1470).\n\nInteger signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls (CVE-2011-1471).\n\nThe updated php packages have been upgraded to 5.3.6 which is not vulnerable to these issues.\n\nAdditionally some of the PECL extensions has been upgraded and/or rebuilt for the new php version.", "cvss3": {}, "published": "2011-03-24T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : php (MDVSA-2011:053)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4409", "CVE-2011-0421", "CVE-2011-0708", "CVE-2011-1092", "CVE-2011-1153", "CVE-2011-1464", "CVE-2011-1466", "CVE-2011-1467", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-1470", "CVE-2011-1471"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:apache-mod_php", "p-cpe:/a:mandriva:linux:lib64php5_common5", "p-cpe:/a:mandriva:linux:libphp5_common5", "p-cpe:/a:mandriva:linux:php-gettext", "p-cpe:/a:mandriva:linux:php-apc", "p-cpe:/a:mandriva:linux:php-apc-admin", "p-cpe:/a:mandriva:linux:php-bcmath", "p-cpe:/a:mandriva:linux:php-gmp", "p-cpe:/a:mandriva:linux:php-bz2", "p-cpe:/a:mandriva:linux:php-hash", "p-cpe:/a:mandriva:linux:php-calendar", "p-cpe:/a:mandriva:linux:php-iconv", "p-cpe:/a:mandriva:linux:php-cgi", "p-cpe:/a:mandriva:linux:php-idn", "p-cpe:/a:mandriva:linux:php-cli", "p-cpe:/a:mandriva:linux:php-ctype", "p-cpe:/a:mandriva:linux:php-imap", "p-cpe:/a:mandriva:linux:php-curl", "p-cpe:/a:mandriva:linux:php-ini", "p-cpe:/a:mandriva:linux:php-dba", "p-cpe:/a:mandriva:linux:php-intl", "p-cpe:/a:mandriva:linux:php-devel", "p-cpe:/a:mandriva:linux:php-dio", "p-cpe:/a:mandriva:linux:php-json", "p-cpe:/a:mandriva:linux:php-doc", "p-cpe:/a:mandriva:linux:php-ldap", "p-cpe:/a:mandriva:linux:php-dom", "p-cpe:/a:mandriva:linux:php-eaccelerator", "p-cpe:/a:mandriva:linux:php-mailparse", "p-cpe:/a:mandriva:linux:php-eaccelerator-admin", "p-cpe:/a:mandriva:linux:php-enchant", "p-cpe:/a:mandriva:linux:php-exif", "p-cpe:/a:mandriva:linux:php-fam", "p-cpe:/a:mandriva:linux:php-mbstring", "p-cpe:/a:mandriva:linux:php-fileinfo", "p-cpe:/a:mandriva:linux:php-mcal", "p-cpe:/a:mandriva:linux:php-filepro", "p-cpe:/a:mandriva:linux:php-mcrypt", "p-cpe:/a:mandriva:linux:php-filter", "p-cpe:/a:mandriva:linux:php-fpm", "p-cpe:/a:mandriva:linux:php-mssql", "p-cpe:/a:mandriva:linux:php-ftp", "p-cpe:/a:mandriva:linux:php-mysql", "p-cpe:/a:mandriva:linux:php-gd", "p-cpe:/a:mandriva:linux:php-mysqli", "p-cpe:/a:mandriva:linux:php-gearman", "p-cpe:/a:mandriva:linux:php-odbc", "p-cpe:/a:mandriva:linux:php-suhosin", "p-cpe:/a:mandriva:linux:php-sybase_ct", "p-cpe:/a:mandriva:linux:php-openssl", "p-cpe:/a:mandriva:linux:php-sysvmsg", "p-cpe:/a:mandriva:linux:php-optimizer", "p-cpe:/a:mandriva:linux:php-sysvsem", "p-cpe:/a:mandriva:linux:php-sysvshm", "p-cpe:/a:mandriva:linux:php-pcntl", "p-cpe:/a:mandriva:linux:php-tclink", "p-cpe:/a:mandriva:linux:php-pdo", "p-cpe:/a:mandriva:linux:php-tidy", "p-cpe:/a:mandriva:linux:php-timezonedb", "p-cpe:/a:mandriva:linux:php-tokenizer", "p-cpe:/a:mandriva:linux:php-translit", "p-cpe:/a:mandriva:linux:php-pdo_dblib", "p-cpe:/a:mandriva:linux:php-vld", "p-cpe:/a:mandriva:linux:php-pdo_mysql", "p-cpe:/a:mandriva:linux:php-wddx", "p-cpe:/a:mandriva:linux:php-pdo_odbc", "p-cpe:/a:mandriva:linux:php-xattr", "p-cpe:/a:mandriva:linux:php-xdebug", "p-cpe:/a:mandriva:linux:php-pdo_pgsql", "p-cpe:/a:mandriva:linux:php-xml", "p-cpe:/a:mandriva:linux:php-pdo_sqlite", "p-cpe:/a:mandriva:linux:php-xmlreader", "p-cpe:/a:mandriva:linux:php-pgsql", "p-cpe:/a:mandriva:linux:php-xmlrpc", "p-cpe:/a:mandriva:linux:php-xmlwriter", "p-cpe:/a:mandriva:linux:php-phar", "p-cpe:/a:mandriva:linux:php-xsl", "p-cpe:/a:mandriva:linux:php-zip", "p-cpe:/a:mandriva:linux:php-pinba", "p-cpe:/a:mandriva:linux:php-zlib", "p-cpe:/a:mandriva:linux:php-posix", "cpe:/o:mandriva:linux:2010.0", "p-cpe:/a:mandriva:linux:php-pspell", "cpe:/o:mandriva:linux:2010.1", "p-cpe:/a:mandriva:linux:php-readline", "p-cpe:/a:mandriva:linux:php-recode", "p-cpe:/a:mandriva:linux:php-sasl", "p-cpe:/a:mandriva:linux:php-session", "p-cpe:/a:mandriva:linux:php-shmop", "p-cpe:/a:mandriva:linux:php-snmp", "p-cpe:/a:mandriva:linux:php-soap", "p-cpe:/a:mandriva:linux:php-sockets", "p-cpe:/a:mandriva:linux:php-sphinx", "p-cpe:/a:mandriva:linux:php-sqlite3", "p-cpe:/a:mandriva:linux:php-ssh2"], "id": "MANDRIVA_MDVSA-2011-053.NASL", "href": "https://www.tenable.com/plugins/nessus/52958", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:053. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52958);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-0421\", \"CVE-2011-0708\", \"CVE-2011-1092\", \"CVE-2011-1153\", \"CVE-2011-1464\", \"CVE-2011-1466\", \"CVE-2011-1467\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1470\", \"CVE-2011-1471\");\n script_bugtraq_id(46354, 46365, 46786, 46854, 46967, 46968, 46969, 46970, 46975, 46977);\n script_xref(name:\"MDVSA\", value:\"2011:053\");\n\n script_name(english:\"Mandriva Linux Security Advisory : php (MDVSA-2011:053)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been identified and fixed in php :\n\nThe _zip_name_locate function in zip_name_locate.c in the Zip\nextension in PHP before 5.3.6 does not properly handle a\nZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent\nattackers to cause a denial of service (application crash) via an\nempty ZIP archive that is processed with a (1) locateName or (2)\nstatName operation (CVE-2011-0421).\n\nexif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms\nperforms an incorrect cast, which allows remote attackers to cause a\ndenial of service (application crash) via an image with a crafted\nImage File Directory (IFD) that triggers a buffer over-read\n(CVE-2011-0708).\n\nInteger overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows\ncontext-dependent attackers to cause a denial of service (crash) and\npossibly read sensitive memory via a large third argument to the\nshmop_read function (CVE-2011-1092).\n\nMultiple format string vulnerabilities in phar_object.c in the phar\nextension in PHP 5.3.5 and earlier allow context-dependent attackers\nto obtain sensitive information from process memory, cause a denial of\nservice (memory corruption), or possibly execute arbitrary code via\nformat string specifiers in an argument to a class method, leading to\nan incorrect zend_throw_exception_ex call (CVE-2011-1153).\n\nBuffer overflow in the strval function in PHP before 5.3.6, when the\nprecision configuration option has a large value, might allow\ncontext-dependent attackers to cause a denial of service (application\ncrash) via a small numerical value in the argument (CVE-2011-1464).\n\nInteger overflow in the SdnToJulian function in the Calendar extension\nin PHP before 5.3.6 allows context-dependent attackers to cause a\ndenial of service (application crash) via a large integer in the first\nargument to the cal_from_jd function (CVE-2011-1466).\n\nUnspecified vulnerability in the NumberFormatter::setSymbol (aka\nnumfmt_set_symbol) function in the Intl extension in PHP before 5.3.6\nallows context-dependent attackers to cause a denial of service\n(application crash) via an invalid argument, a related issue to\nCVE-2010-4409 (CVE-2011-1467).\n\nMultiple memory leaks in the OpenSSL extension in PHP before 5.3.6\nmight allow remote attackers to cause a denial of service (memory\nconsumption) via (1) plaintext data to the openssl_encrypt function or\n(2) ciphertext data to the openssl_decrypt function (CVE-2011-1468).\n\nUnspecified vulnerability in the Streams component in PHP before 5.3.6\nallows context-dependent attackers to cause a denial of service\n(application crash) by accessing an ftp:// URL during use of an HTTP\nproxy with the FTP wrapper (CVE-2011-1469).\n\nThe Zip extension in PHP before 5.3.6 allows context-dependent\nattackers to cause a denial of service (application crash) via a\nziparchive stream that is not properly handled by the\nstream_get_contents function (CVE-2011-1470).\n\nInteger signedness error in zip_stream.c in the Zip extension in PHP\nbefore 5.3.6 allows context-dependent attackers to cause a denial of\nservice (CPU consumption) via a malformed archive file that triggers\nerrors in zip_fread function calls (CVE-2011-1471).\n\nThe updated php packages have been upgraded to 5.3.6 which is not\nvulnerable to these issues.\n\nAdditionally some of the PECL extensions has been upgraded and/or\nrebuilt for the new php version.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64php5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libphp5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-apc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-apc-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-eaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-eaccelerator-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-filepro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gearman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-idn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mailparse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mcal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysqli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-optimizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_dblib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pinba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sasl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sphinx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sqlite3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ssh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sybase_ct\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tclink\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-timezonedb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-translit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-vld\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xattr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.0\", reference:\"apache-mod_php-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libphp5_common5-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-apc-3.1.6-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-apc-admin-3.1.6-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-bcmath-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-bz2-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-calendar-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-cgi-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-cli-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-ctype-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-curl-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-dba-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-devel-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-dio-0.0.2-6.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-doc-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-dom-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-eaccelerator-0.9.6.1-0.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-eaccelerator-admin-0.9.6.1-0.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-enchant-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-exif-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-fam-5.0.1-10.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-fileinfo-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-filepro-5.1.6-20.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-filter-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-fpm-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-ftp-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-gd-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-gettext-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-gmp-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-hash-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-iconv-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-idn-1.2b-18.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-imap-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-ini-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-intl-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-json-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-ldap-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mailparse-2.1.5-3.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mbstring-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mcal-0.6-30.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mcrypt-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mssql-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mysql-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mysqli-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-odbc-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-openssl-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-optimizer-0.1-0.alpha2.3.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pcntl-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pdo-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pdo_dblib-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pdo_mysql-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pdo_odbc-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pdo_pgsql-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pdo_sqlite-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pgsql-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-phar-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-posix-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pspell-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-readline-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-recode-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sasl-0.1.0-28.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-session-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-shmop-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-snmp-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-soap-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sockets-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sqlite3-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-ssh2-0.11.2-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-suhosin-0.9.32.1-0.4mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sybase_ct-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sysvmsg-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sysvsem-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sysvshm-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-tclink-3.4.5-1.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-tidy-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-timezonedb-2011.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-tokenizer-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-translit-0.6.0-10.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-vld-0.10.1-0.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-wddx-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xattr-1.1.0-9.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xdebug-2.1.0-0.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xml-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xmlreader-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xmlrpc-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xmlwriter-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xsl-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-zip-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-zlib-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_php-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libphp5_common5-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-apc-3.1.6-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-apc-admin-3.1.6-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-bcmath-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-bz2-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-calendar-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-cgi-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-cli-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-ctype-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-curl-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-dba-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-devel-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-doc-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-dom-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-eaccelerator-0.9.6.1-1.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-eaccelerator-admin-0.9.6.1-1.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-enchant-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-exif-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-fileinfo-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-filter-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-fpm-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-ftp-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-gd-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-gearman-0.7.0-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-gettext-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-gmp-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-hash-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-iconv-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-imap-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-ini-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-intl-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-json-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-ldap-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mailparse-2.1.5-8.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mbstring-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mcal-0.6-35.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mcrypt-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mssql-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mysql-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mysqli-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-odbc-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-openssl-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-optimizer-0.1-0.alpha2.8.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pcntl-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_dblib-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_mysql-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_odbc-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_pgsql-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_sqlite-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pgsql-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-phar-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pinba-0.0.5-2.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-posix-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pspell-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-readline-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-recode-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sasl-0.1.0-33.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-session-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-shmop-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-snmp-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-soap-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sockets-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sphinx-1.0.4-2.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sqlite3-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-ssh2-0.11.2-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-suhosin-0.9.32.1-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sybase_ct-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sysvmsg-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sysvsem-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sysvshm-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-tclink-3.4.5-7.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-tidy-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-timezonedb-2011.4-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-tokenizer-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-translit-0.6.0-15.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-vld-0.10.1-1.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-wddx-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xattr-1.1.0-13.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xdebug-2.1.0-0.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xml-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xmlreader-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xmlrpc-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xmlwriter-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xsl-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-zip-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-zlib-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:58:27", "description": "According to its banner, the version of PHP 5.3 installed on the remote host is older than 5.3.4. Such versions may be affected by several security issues :\n\n - A crash in the zip extract method.\n\n - A stack-based buffer overflow in impagepstext() of the GD extension.\n\n - An unspecified vulnerability related to symbolic resolution when using a DFS share.\n\n - A security bypass vulnerability related to using pathnames containing NULL bytes.\n (CVE-2006-7243)\n\n - Multiple format string vulnerabilities.\n (CVE-2010-2094, CVE-2010-2950)\n\n - An unspecified security bypass vulnerability in open_basedir(). (CVE-2010-3436)\n\n - A NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709)\n\n - Memory corruption in php_filter_validate_email().\n (CVE-2010-3710)\n\n - An input validation vulnerability in xml_utf8_decode(). (CVE-2010-3870)\n\n - A possible double free in the IMAP extension.\n (CVE-2010-4150)\n\n - An information disclosure vulnerability in 'mb_strcut()'. (CVE-2010-4156)\n\n - An integer overflow vulnerability in 'getSymbol()'.\n (CVE-2010-4409)\n\n - A use-after-free vulnerability in the Zend engine when a '__set()', '__get()', '__isset()' or '__unset()' method is called can allow for a denial of service attack. (Bug #52879 / CVE-2010-4697)\n\n - A stack-based buffer overflow exists in the 'imagepstext()' function in the GD extension. (Bug #53492 / CVE-2010-4698)\n\n - The 'iconv_mime_decode_headers()' function in the iconv extension fails to properly handle encodings that are not recognized by the iconv and mbstring implementations. (Bug #52941 / CVE-2010-4699)\n\n - The 'set_magic_quotes_runtime()' function when the MySQLi extension is used does not properly interact with the 'mysqli_fetch_assoc()' function. (Bug #52221 / CVE-2010-4700)\n\n - A race condition exists in the PCNTL extension.\n (CVE-2011-0753)\n\n - The SplFileInfo::getType function in the Standard PHP Library extension does not properly detect symbolic links. (CVE-2011-0754)\n\n - An integer overflow exists in the mt_rand function.\n (CVE-2011-0755)", "cvss3": {}, "published": "2010-12-13T00:00:00", "type": "nessus", "title": "PHP 5.3 < 5.3.4 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-7243", "CVE-2010-2094", "CVE-2010-2950", "CVE-2010-3436", "CVE-2010-3709", "CVE-2010-3710", "CVE-2010-3870", "CVE-2010-4150", "CVE-2010-4156", "CVE-2010-4409", "CVE-2010-4697", "CVE-2010-4698", "CVE-2010-4699", "CVE-2010-4700", "CVE-2011-0753", "CVE-2011-0754", "CVE-2011-0755"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_3_4.NASL", "href": "https://www.tenable.com/plugins/nessus/51140", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51140);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2006-7243\",\n \"CVE-2010-2094\",\n \"CVE-2010-2950\",\n \"CVE-2010-3436\",\n \"CVE-2010-3709\",\n \"CVE-2010-3710\",\n \"CVE-2010-3870\",\n \"CVE-2010-4150\",\n \"CVE-2010-4156\",\n \"CVE-2010-4409\",\n \"CVE-2010-4697\",\n \"CVE-2010-4698\",\n \"CVE-2010-4699\",\n \"CVE-2010-4700\",\n \"CVE-2011-0753\",\n \"CVE-2011-0754\",\n \"CVE-2011-0755\"\n );\n script_bugtraq_id(\n 40173,\n 43926,\n 44605,\n 44718,\n 44723,\n 44951,\n 44980,\n 45119,\n 45335,\n 45338,\n 45339,\n 45952,\n 45954,\n 46056,\n 46168\n );\n script_xref(name:\"CERT\", value:\"479900\");\n\n script_name(english:\"PHP 5.3 < 5.3.4 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple flaws.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP 5.3 installed on the\nremote host is older than 5.3.4. Such versions may be affected by\nseveral security issues :\n\n - A crash in the zip extract method.\n\n - A stack-based buffer overflow in impagepstext()\n of the GD extension.\n\n - An unspecified vulnerability related to\n symbolic resolution when using a DFS share.\n\n - A security bypass vulnerability related\n to using pathnames containing NULL bytes.\n (CVE-2006-7243)\n\n - Multiple format string vulnerabilities.\n (CVE-2010-2094, CVE-2010-2950)\n\n - An unspecified security bypass vulnerability\n in open_basedir(). (CVE-2010-3436)\n\n - A NULL pointer dereference in\n ZipArchive::getArchiveComment. (CVE-2010-3709)\n\n - Memory corruption in php_filter_validate_email().\n (CVE-2010-3710)\n\n - An input validation vulnerability in\n xml_utf8_decode(). (CVE-2010-3870)\n\n - A possible double free in the IMAP extension.\n (CVE-2010-4150)\n\n - An information disclosure vulnerability in\n 'mb_strcut()'. (CVE-2010-4156)\n\n - An integer overflow vulnerability in 'getSymbol()'.\n (CVE-2010-4409)\n\n - A use-after-free vulnerability in the Zend engine when\n a '__set()', '__get()', '__isset()' or '__unset()'\n method is called can allow for a denial of service\n attack. (Bug #52879 / CVE-2010-4697)\n\n - A stack-based buffer overflow exists in the\n 'imagepstext()' function in the GD extension. (Bug\n #53492 / CVE-2010-4698)\n\n - The 'iconv_mime_decode_headers()' function in the iconv\n extension fails to properly handle encodings that are\n not recognized by the iconv and mbstring\n implementations. (Bug #52941 / CVE-2010-4699)\n\n - The 'set_magic_quotes_runtime()' function when the\n MySQLi extension is used does not properly interact\n with the 'mysqli_fetch_assoc()' function. (Bug #52221 /\n CVE-2010-4700)\n\n - A race condition exists in the PCNTL extension.\n (CVE-2011-0753)\n\n - The SplFileInfo::getType function in the Standard PHP\n Library extension does not properly detect symbolic\n links. (CVE-2011-0754)\n\n - An integer overflow exists in the mt_rand function.\n (CVE-2011-0755)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/releases/5_3_4.php\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/ChangeLog-5.php#5.3.4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP 5.3.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2010-4700\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"audit.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\nif (version =~ \"^5\\.3\\.[0-3]($|[^0-9])\") \n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version+\n '\\n Fixed version : 5.3.4\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T15:54:23", "description": "According to its banner the version of PHP installed on the remote host is 5.3.x earlier than 5.3.4. Such versions are potentially affected by multiple vulnerabilities :\n\n - A crash in the zip extract method.\n\n - A stack buffer overflow in impagepstext() of the GD extension.\n\n - An unspecified vulnerability related to symbolic resolution when using a DFS share.\n\n - A security bypass vulnerability related to using pathnames containing NULL bytes. (CVE-2006-7243)\n\n - Multiple format string vulnerabilities. (CVE-2010-2094, CVE-2010-2950)\n\n - An unspecified security bypass vulnerability in open_basedir(). (CVE-2010-3436)\n\n - A NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709)\n\n - Memory corruption in php_filter_validate_email(). (CVE-2010-3710)\n\n - An input validation vulnerability in xml_utf8_decode(). (CVE-2010-3870)\n\n - A possible double free in the IMAP extension. (CVE-2010-4150)\n - An information disclosure vulnerability in 'mb_strcut()'. (CVE-2010-4156)\n\n - An integer overflow vulnerability in 'getSymbol()'. (CVE-2010-4409)\n\n - A use-after-free vulnerability in the Zend engine when a '__set()', '__get()', '__isset()' or '__unset()' method is called can allow for a denial of service attack. (Bug #52879 / CVE-2010-4697)\n\n - A stack-based buffer overflow exists in the 'imagepstext()' function in the GD extension. (Bug #53492 / CVE-2010-4698)\n\n - The 'iconv_mime_decode_headers()' function in the iconv extension fails to properly handle encodings that are not recognized by the iconv and mbstring implementations. (Bug #52941 / CVE-2010-4699)\n\n - The 'set_magic_quotes_runtime()' function when the MySQLi extension is used does not properly interact with the 'mysqli_fetch_assoc()' function. (Bug #52221 / CVE-2010-4700)\n\n - A race condition exists in the PCNTL extension. (CVE-2011-0753)\n\n - The SplFileInfo::getType function in the Standard PHP Library extension does not properly detect symbolic links. (CVE-2011-0754)\n\n - An integer overflow exists in the mt_rand function. (CVE-2011-0755)", "cvss3": {}, "published": "2010-12-10T00:00:00", "type": "nessus", "title": "PHP 5.3 < 5.3.4 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-7243", "CVE-2010-2094", "CVE-2010-2950", "CVE-2010-3436", "CVE-2010-3709", "CVE-2010-3710", "CVE-2010-3870", "CVE-2010-4150", "CVE-2010-4156", "CVE-2010-4409", "CVE-2010-4697", "CVE-2010-4698", "CVE-2010-4699", "CVE-2010-4700", "CVE-2011-0753", "CVE-2011-0754", "CVE-2011-0755"], "modified": "2010-12-10T00:00:00", "cpe": [], "id": "801074.PRM", "href": "https://www.tenable.com/plugins/lce/801074", "sourceData": "Binary data 801074.prm", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T15:54:25", "description": "According to its banner the version of PHP installed on the remote host is 5.3.x earlier than 5.3.4. Such versions are potentially affected by multiple vulnerabilities :\n\n - A crash in the zip extract method.\n - A stack buffer overflow in impagepstext() of the GD extension.\n - An unspecified vulnerability related to symbolic resolution when using a DFS share.\n - A security bypass vulnerability related to using pathnames containing NULL bytes. (CVE-2006-7243)\n - Multiple format string vulnerabilities. (CVE-2010-2094, CVE-2010-2950)\n - An unspecified security bypass vulnerability in open_basedir(). (CVE-2010-3436)\n - A NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709)\n - Memory corruption in php_filter_validate_email(). (CVE-2010-3710)\n - An input validation vulnerability in xml_utf8_decode(). (CVE-2010-3870)\n - A possible double free in the IMAP extension. (CVE-2010-4150)\n - An information disclosure vulnerability in 'mb_strcut()'. (CVE-2010-4156)\n - An integer overflow vulnerability in 'getSymbol()'. (CVE-2010-4409)\n - A use-after-free vulnerability in the Zend engine when a '__set()', '__get()', '__isset()' or '__unset()' method is called can allow for a denial of service attack. (Bug #52879 / CVE-2010-4697)\n - A stack-based buffer overflow exists in the 'imagepstext()' function in the GD extension. (Bug #53492 / CVE-2010-4698)\n - The 'iconv_mime_decode_headers()' function in the iconv extension fails to properly handle encodings that are not recognized by the iconv and mbstring implementations. (Bug #52941 / CVE-2010-4699)\n - The 'set_magic_quotes_runtime()' function when the MySQLi extension is used does not properly interact with the 'mysqli_fetch_assoc()' function. (Bug #52221 / CVE-2010-4700)\n - A race condition exists in the PCNTL extension. (CVE-2011-0753)\n - The SplFileInfo::getType function in the Standard PHP Library extension does not properly detect symbolic links. (CVE-2011-0754)\n - An integer overflow exists in the mt_rand function. (CVE-2011-0755)", "cvss3": {}, "published": "2010-12-10T00:00:00", "type": "nessus", "title": "PHP 5.3.x < 5.3.4 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-7243", "CVE-2010-2094", "CVE-2010-2950", "CVE-2010-3436", "CVE-2010-3709", "CVE-2010-3710", "CVE-2010-3870", "CVE-2010-4150", "CVE-2010-4156", "CVE-2010-4409", "CVE-2010-4697", "CVE-2010-4698", "CVE-2010-4699", "CVE-2010-4700", "CVE-2011-0753", "CVE-2011-0754", "CVE-2011-0755"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "5732.PRM", "href": "https://www.tenable.com/plugins/nnm/5732", "sourceData": "Binary data 5732.prm", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T15:31:57", "description": "According to its banner, the remote Apple TV 2nd generation or later device has a version of iOS that is prior to 5.1. It is, therefore, reportedly affected by several vulnerabilities :\n\n - An uninitialized memory access issue in the handling of Sorenson encoded movie files could lead to arbitrary code execution. (CVE-2012-3722)\n\n - Following the DNAv4 protocol, the device may broadcast MAC addresses of previously accessed networks when connecting to a Wi-Fi network. (CVE-2012-3725)\n\n - A buffer overflow in libtiff's handling of ThunderScan encoded TIFF images could lead to arbitrary code execution. (CVE-2011-1167)\n\n - Multiple memory corruption issues in libpng's handling of PNG images could lead to arbitrary code execution.\n (CVE-2011-3026 / CVE-2011-3048 / CVE-2011-3328)\n\n - A double free issue in ImageIO's handling of JPEG images could lead to arbitrary code execution.\n (CVE-2012-3726)\n\n - An integer overflow issue in libTIFF's handling of TIFF images could lead to arbitrary code execution.\n (CVE-2012-1173)\n\n - A stack-based buffer overflow in the handling of ICU locale IDs could lead to arbitrary code execution.\n (CVE-2011-4599)\n\n - Multiple vulnerabilities in libxml could have a variety of impacts, including arbitrary code execution.\n (CVE-2011-1944 / CVE-2011-2821 / CVE-2011-2834 / CVE-2011-3919)\n\n - Multiple memory corruption issues in JavaScriptCore could lead to arbitrary code execution.\n (CVE-2012-0682 / CVE-2012-0683 / CVE-2012-3589 / CVE-2012-3590 / CVE-2012-3591 / CVE-2012-3592 / CVE-2012-3678 / CVE-2012-3679)", "cvss3": {}, "published": "2012-09-27T00:00:00", "type": "nessus", "title": "Apple TV < 5.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1167", "CVE-2011-1944", "CVE-2011-2821", "CVE-2011-2834", "CVE-2011-3026", "CVE-2011-3048", "CVE-2011-3328", "CVE-2011-3919", "CVE-2011-4599", "CVE-2012-0682", "CVE-2012-0683", "CVE-2012-1173", "CVE-2012-3589", "CVE-2012-3590", "CVE-2012-3591", "CVE-2012-3592", "CVE-2012-3678", "CVE-2012-3679", "CVE-2012-3722", "CVE-2012-3725", "CVE-2012-3726"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:apple:apple_tv"], "id": "APPLETV_5_1.NASL", "href": "https://www.tenable.com/plugins/nessus/62357", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62357);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/11/15 20:50:22\");\n\n script_cve_id(\n \"CVE-2011-1167\",\n \"CVE-2011-1944\",\n \"CVE-2011-2821\",\n \"CVE-2011-2834\",\n \"CVE-2011-3026\",\n \"CVE-2011-3048\",\n \"CVE-2011-3328\",\n \"CVE-2011-3919\",\n \"CVE-2011-4599\",\n \"CVE-2012-0682\",\n \"CVE-2012-0683\",\n \"CVE-2012-1173\",\n \"CVE-2012-3589\",\n \"CVE-2012-3590\",\n \"CVE-2012-3591\",\n \"CVE-2012-3592\",\n \"CVE-2012-3678\",\n \"CVE-2012-3679\",\n \"CVE-2012-3722\",\n \"CVE-2012-3725\",\n \"CVE-2012-3726\"\n );\n script_bugtraq_id(\n 46951,\n 48056,\n 49279,\n 49658,\n 49744,\n 51006,\n 51300,\n 52049,\n 52830,\n 52891,\n 54680,\n 56264,\n 56268,\n 56273\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2012-09-24-1\");\n\n script_name(english:\"Apple TV < 5.1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version in banner\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote Apple TV 2nd generation or later\ndevice has a version of iOS that is prior to 5.1. It is, therefore,\nreportedly affected by several vulnerabilities :\n\n - An uninitialized memory access issue in the handling of\n Sorenson encoded movie files could lead to arbitrary\n code execution. (CVE-2012-3722)\n\n - Following the DNAv4 protocol, the device may broadcast\n MAC addresses of previously accessed networks when\n connecting to a Wi-Fi network. (CVE-2012-3725)\n\n - A buffer overflow in libtiff's handling of ThunderScan\n encoded TIFF images could lead to arbitrary code\n execution. (CVE-2011-1167)\n\n - Multiple memory corruption issues in libpng's handling\n of PNG images could lead to arbitrary code execution.\n (CVE-2011-3026 / CVE-2011-3048 / CVE-2011-3328)\n\n - A double free issue in ImageIO's handling of JPEG\n images could lead to arbitrary code execution.\n (CVE-2012-3726)\n\n - An integer overflow issue in libTIFF's handling of TIFF\n images could lead to arbitrary code execution.\n (CVE-2012-1173)\n\n - A stack-based buffer overflow in the handling of ICU\n locale IDs could lead to arbitrary code execution.\n (CVE-2011-4599)\n\n - Multiple vulnerabilities in libxml could have a variety\n of impacts, including arbitrary code execution.\n (CVE-2011-1944 / CVE-2011-2821 / CVE-2011-2834 /\n CVE-2011-3919)\n\n - Multiple memory corruption issues in JavaScriptCore\n could lead to arbitrary code execution.\n (CVE-2012-0682 / CVE-2012-0683 / CVE-2012-3589 /\n CVE-2012-3590 / CVE-2012-3591 / CVE-2012-3592 /\n CVE-2012-3678 / CVE-2012-3679)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT202614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.apple.com/archives/security-announce/2012/Sep/msg00006.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/524229/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the Apple TV to iOS 5.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:apple_tv\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gain a shell remotely\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"appletv_detect.nasl\");\n script_require_keys(\"www/appletv\");\n script_require_ports(3689);\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = 3689;\nbanner = get_http_banner(port:port, broken:TRUE, exit_on_fail:TRUE);\nif (\n \"DAAP-Server: iTunes/\" >!< banner &&\n \"RIPT-Server: iTunesLib/\" >!< banner\n) audit(AUDIT_WRONG_WEB_SERVER, port, 'iTunes');\n\npat = \"^DAAP-Server: iTunes/([0-9][0-9.]+)[a-z]([0-9]+) \\((Mac )?OS X\\)\";\nif (\n \"DAAP-Server: iTunes/\" >< banner &&\n !egrep(pattern:pat, string:banner)\n) exit(0, \"The web server listening on port \"+port+\" does not appear to be from iTunes on an Apple TV.\");\n\n\nfixed_major = \"11.0\";\nfixed_minor = \"46\";\n\nreport = \"\";\n\n# Check first for 3rd gen and recent 2nd gen models.\nmatches = egrep(pattern:pat, string:banner);\nif (matches)\n{\n foreach line (split(matches, keep:FALSE))\n {\n match = eregmatch(pattern:pat, string:line);\n if (!isnull(match))\n {\n major = match[1];\n minor = match[2];\n\n if (\n ver_compare(ver:major, fix:fixed_major, strict:FALSE) < 0 ||\n (\n ver_compare(ver:major, fix:fixed_major, strict:FALSE) == 0 &&\n int(minor) < int(fixed_minor)\n )\n )\n {\n report = '\\n Source : ' + line +\n '\\n Installed iTunes version : ' + major + 'd' + minor +\n '\\n Fixed iTunes version : ' + fixed_major + 'd' + fixed_minor +\n '\\n';\n }\n break;\n }\n }\n}\nelse\n{\n pat2 = \"^RIPT-Server: iTunesLib/([0-9]+)\\.\";\n matches = egrep(pattern:pat2, string:banner);\n if (matches)\n {\n foreach line (split(matches, keep:FALSE))\n {\n match = eregmatch(pattern:pat2, string:line);\n if (!isnull(match))\n {\n major = int(match[1]);\n if (major < 4) exit(0, \"The web server listening on port \"+port+\" is from iTunes on a 1st generation Apple TV, which is no longer supported.\");\n else if (major >= 4 && major <= 9)\n {\n report = '\\n Source : ' + line +\n '\\n';\n }\n break;\n }\n }\n }\n}\n\n\nif (report)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:report);\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T15:31:47", "description": "The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2012-004 applied. This update contains multiple security-related fixes for the following components :\n\n - Apache\n - Data Security\n - DirectoryService\n - ImageIO\n - International Components for Unicode\n - Mail\n - PHP\n - QuickLook\n - QuickTime\n - Ruby", "cvss3": {}, "published": "2012-09-20T00:00:00", "type": "nessus", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2012-004) (BEAST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026", "CVE-2011-3048", "CVE-2011-3368", "CVE-2011-3389", "CVE-2011-3607", "CVE-2011-4317", "CVE-2011-4599", "CVE-2012-0021", "CVE-2012-0031", "CVE-2012-0053", "CVE-2012-0650", "CVE-2012-0668", "CVE-2012-0670", "CVE-2012-0671", "CVE-2012-0831", "CVE-2012-1172", "CVE-2012-1173", "CVE-2012-1667", "CVE-2012-1823", "CVE-2012-2143", "CVE-2012-2311", "CVE-2012-2386", "CVE-2012-2688", "CVE-2012-3719", "CVE-2012-3722"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2012-004.NASL", "href": "https://www.tenable.com/plugins/nessus/62213", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62213);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2011-3026\",\n \"CVE-2011-3048\",\n \"CVE-2011-3368\",\n \"CVE-2011-3389\",\n \"CVE-2011-3607\",\n \"CVE-2011-4317\",\n \"CVE-2011-4599\",\n \"CVE-2012-0021\",\n \"CVE-2012-0031\",\n \"CVE-2012-0053\",\n \"CVE-2012-0650\",\n \"CVE-2012-0668\",\n \"CVE-2012-0670\",\n \"CVE-2012-0671\",\n \"CVE-2012-0831\",\n \"CVE-2012-1172\",\n \"CVE-2012-1173\",\n \"CVE-2012-1667\",\n \"CVE-2012-1823\",\n \"CVE-2012-2143\",\n \"CVE-2012-2311\",\n \"CVE-2012-2386\",\n \"CVE-2012-2688\",\n \"CVE-2012-3719\",\n \"CVE-2012-3722\"\n );\n script_bugtraq_id(\n 47545,\n 49778,\n 49957,\n 50494,\n 50802,\n 51006,\n 51407,\n 51705,\n 51706,\n 51954,\n 52049,\n 52830,\n 52891,\n 53388,\n 53403,\n 53579,\n 53582,\n 53584,\n 53729,\n 53772,\n 54638,\n 56240,\n 56241\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2012-09-19-2\");\n script_xref(name:\"CERT\", value:\"864643\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2012-004) (BEAST)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes multiple\nsecurity vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.6 that does not\nhave Security Update 2012-004 applied. This update contains multiple\nsecurity-related fixes for the following components :\n\n - Apache\n - Data Security\n - DirectoryService\n - ImageIO\n - International Components for Unicode\n - Mail\n - PHP\n - QuickLook\n - QuickTime\n - Ruby\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-12-185/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/fulldisclosure/2012/Nov/111\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT5501\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2011/09/23/chromeandbeast.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/tls-cbc.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2012-004 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-2688\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP CGI Argument Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\nif (!ereg(pattern:\"Mac OS X 10\\.6([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X 10.6\");\n\npackages = get_kb_item_or_exit(\"Host/MacOSX/packages/boms\", exit_code:1);\nif (\n egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.(2012\\.00[4-9]|201[3-9]\\.[0-9]+)(\\.snowleopard[0-9.]*)?\\.bom\", string:packages) ||\n egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.2012\\.004(\\.snowleopard)?\\.1\\.0\\.bom\", string:packages)\n) exit(0, \"The host has Security Update 2012-004 or later installed and is therefore not affected.\");\nelse\n{\n if (report_verbosity > 0)\n {\n security_boms = egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\", string:packages);\n\n report = '\\n Installed security updates : ';\n if (security_boms) report += str_replace(find:'\\n', replace:'\\n ', string:security_boms);\n else report += 'n/a';\n report += '\\n';\n\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T15:31:58", "description": "The remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.5. The newer version contains multiple security-related fixes for the following components :\n\n - Apache\n - BIND\n - CoreText\n - Data Security\n - ImageIO\n - Installer\n - International Components for Unicode\n - Kernel\n - Mail\n - PHP\n - Profile Manager\n - QuickLook\n - QuickTime\n - Ruby\n - USB", "cvss3": {}, "published": "2012-09-20T00:00:00", "type": "nessus", "title": "Mac OS X 10.7.x < 10.7.5 Multiple Vulnerabilities (BEAST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026", "CVE-2011-3048", "CVE-2011-3368", "CVE-2011-3389", "CVE-2011-3607", "CVE-2011-4313", "CVE-2011-4317", "CVE-2011-4599", "CVE-2012-0021", "CVE-2012-0031", "CVE-2012-0053", "CVE-2012-0643", "CVE-2012-0652", "CVE-2012-0668", "CVE-2012-0670", "CVE-2012-0671", "CVE-2012-0831", "CVE-2012-1172", "CVE-2012-1173", "CVE-2012-1667", "CVE-2012-1823", "CVE-2012-2143", "CVE-2012-2311", "CVE-2012-2386", "CVE-2012-2688", "CVE-2012-3716", "CVE-2012-3719", "CVE-2012-3721", "CVE-2012-3722", "CVE-2012-3723"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_10_7_5.NASL", "href": "https://www.tenable.com/plugins/nessus/62214", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62214);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2011-3026\",\n \"CVE-2011-3048\",\n \"CVE-2011-3368\",\n \"CVE-2011-3389\",\n \"CVE-2011-3607\",\n \"CVE-2011-4313\",\n \"CVE-2011-4317\",\n \"CVE-2011-4599\",\n \"CVE-2012-0021\",\n \"CVE-2012-0031\",\n \"CVE-2012-0053\",\n \"CVE-2012-0643\",\n \"CVE-2012-0652\",\n \"CVE-2012-0668\",\n \"CVE-2012-0670\",\n \"CVE-2012-0671\",\n \"CVE-2012-0831\",\n \"CVE-2012-1172\",\n \"CVE-2012-1173\",\n \"CVE-2012-1667\",\n \"CVE-2012-1823\",\n \"CVE-2012-2143\",\n \"CVE-2012-2311\",\n \"CVE-2012-2386\",\n \"CVE-2012-2688\",\n \"CVE-2012-3716\",\n \"CVE-2012-3719\",\n \"CVE-2012-3721\",\n \"CVE-2012-3722\",\n \"CVE-2012-3723\"\n );\n script_bugtraq_id(\n 47545,\n 49778,\n 49957,\n 50494,\n 50690,\n 50802,\n 51006,\n 51407,\n 51705,\n 51706,\n 51954,\n 52049,\n 52364,\n 52830,\n 52891,\n 53388,\n 53403,\n 53445,\n 53457,\n 53579,\n 53582,\n 53584,\n 53729,\n 53772,\n 54638,\n 56241,\n 56244,\n 56246,\n 56247\n );\n script_xref(name:\"CERT\", value:\"864643\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"Mac OS X 10.7.x < 10.7.5 Multiple Vulnerabilities (BEAST)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes multiple\nsecurity vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.7.x that is prior\nto 10.7.5. The newer version contains multiple security-related fixes\nfor the following components :\n\n - Apache\n - BIND\n - CoreText\n - Data Security\n - ImageIO\n - Installer\n - International Components for Unicode\n - Kernel\n - Mail\n - PHP\n - Profile Manager\n - QuickLook\n - QuickTime\n - Ruby\n - USB\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/bugtraq/2012/Sep/94\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT5501\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2011/09/23/chromeandbeast.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/tls-cbc.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mac OS X 10.7.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-2688\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP CGI Argument Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Mac OS X\" >!< os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nif (ereg(pattern:\"Mac OS X 10\\.7($|\\.[0-4]([^0-9]|$))\", string:os)) security_hole(0);\nelse exit(0, \"The host is not affected as it is running \"+os+\".\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T15:25:25", "description": "According to the web server's banner, the version of HP System Management Homepage (SMH) hosted on the remote host is earlier than 7.0. As such, it is reportedly affected by the following vulnerabilities :\n\n - An error exists in the 'generate-id' function in the bundled libxslt library that can allow disclosure of heap memory addresses. (CVE-2011-0195)\n\n - An unspecified input validation error exists and can allow cross-site request forgery attacks. (CVE-2011-3846)\n\n - Unspecified errors can allow attackers to carry out denial of service attacks via unspecified vectors.\n (CVE-2012-0135, CVE-2012-1993)\n\n - The bundled version of PHP contains multiple vulnerabilities. (CVE-2010-3436, CVE-2010-4409, CVE-2010-4645, CVE-2011-1148, CVE-2011-1153, CVE-2011-1464, CVE-2011-1467, CVE-2011-1468, CVE-2011-1470, CVE-2011-1471, CVE-2011-1938, CVE-2011-2202, CVE-2011-2483, CVE-2011-3182, CVE-2011-3189, CVE-2011-3267, CVE-2011-3268)\n\n - The bundled version of Apache contains multiple vulnerabilities. (CVE-2010-1452, CVE-2010-1623, CVE-2010-2068, CVE-2010-2791, CVE-2011-0419, CVE-2011-1928, CVE-2011-3192, CVE-2011-3348, CVE-2011-3368, CVE-2011-3639)\n\n - OpenSSL libraries are contained in several of the bundled components and contain multiple vulnerabilities.\n (CVE-2011-0014, CVE-2011-1468, CVE-2011-1945, CVE-2011-3207,CVE-2011-3210)\n\n - Curl libraries are contained in several of the bundled components and contain multiple vulnerabilities.\n (CVE-2009-0037, CVE-2010-0734, CVE-2011-2192)", "cvss3": {}, "published": "2012-04-20T00:00:00", "type": "nessus", "title": "HP System Management Homepage < 7.0 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0037", "CVE-2010-0734", "CVE-2010-1452", "CVE-2010-1623", "CVE-2010-2068", "CVE-2010-2791", "CVE-2010-3436", "CVE-2010-4409", "CVE-2010-4645", "CVE-2011-0014", "CVE-2011-0195", "CVE-2011-0419", "CVE-2011-1148", "CVE-2011-1153", "CVE-2011-1464", "CVE-2011-1467", "CVE-2011-1468", "CVE-2011-1470", "CVE-2011-1471", "CVE-2011-1928", "CVE-2011-1938", "CVE-2011-1945", "CVE-2011-2192", "CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-3189", "CVE-2011-3192", "CVE-2011-3207", "CVE-2011-3210", "CVE-2011-3267", "CVE-2011-3268", "CVE-2011-3348", "CVE-2011-3368", "CVE-2011-3639", "CVE-2011-3846", "CVE-2012-0135", "CVE-2012-1993"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:hp:system_management_homepage"], "id": "HPSMH_7_0_0_24.NASL", "href": "https://www.tenable.com/plugins/nessus/58811", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58811);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2009-0037\",\n \"CVE-2010-0734\",\n \"CVE-2010-1452\",\n \"CVE-2010-1623\",\n \"CVE-2010-2068\",\n \"CVE-2010-2791\",\n \"CVE-2010-3436\",\n \"CVE-2010-4409\",\n \"CVE-2010-4645\",\n \"CVE-2011-0014\",\n \"CVE-2011-0195\",\n \"CVE-2011-0419\",\n \"CVE-2011-1148\",\n \"CVE-2011-1153\",\n \"CVE-2011-1464\",\n \"CVE-2011-1467\",\n \"CVE-2011-1468\",\n \"CVE-2011-1470\",\n \"CVE-2011-1471\",\n \"CVE-2011-1928\",\n \"CVE-2011-1938\",\n \"CVE-2011-1945\",\n \"CVE-2011-2192\",\n \"CVE-2011-2202\",\n \"CVE-2011-2483\",\n \"CVE-2011-3182\",\n \"CVE-2011-3189\",\n \"CVE-2011-3192\",\n \"CVE-2011-3207\",\n \"CVE-2011-3210\",\n \"CVE-2011-3267\",\n \"CVE-2011-3268\",\n \"CVE-2011-3348\",\n \"CVE-2011-3368\",\n \"CVE-2011-3639\",\n \"CVE-2011-3846\",\n \"CVE-2012-0135\",\n \"CVE-2012-1993\"\n );\n script_bugtraq_id(\n 33962,\n 38162,\n 40827,\n 41963,\n 42102,\n 43673,\n 44723,\n 45119,\n 45668,\n 46264,\n 46843,\n 46854,\n 46968,\n 46969,\n 46975,\n 46977,\n 47668,\n 47820,\n 47888,\n 47929,\n 47950,\n 48259,\n 48434,\n 49241,\n 49249,\n 49303,\n 49376,\n 49469,\n 49471,\n 49616,\n 49957,\n 52974,\n 53121\n );\n\n script_name(english:\"HP System Management Homepage < 7.0 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the web server's banner, the version of HP System\nManagement Homepage (SMH) hosted on the remote host is earlier than\n7.0. As such, it is reportedly affected by the following\nvulnerabilities :\n\n - An error exists in the 'generate-id' function in the\n bundled libxslt library that can allow disclosure of\n heap memory addresses. (CVE-2011-0195)\n\n - An unspecified input validation error exists and can\n allow cross-site request forgery attacks. (CVE-2011-3846)\n\n - Unspecified errors can allow attackers to carry out \n denial of service attacks via unspecified vectors.\n (CVE-2012-0135, CVE-2012-1993)\n\n - The bundled version of PHP contains multiple\n vulnerabilities. (CVE-2010-3436, CVE-2010-4409,\n CVE-2010-4645, CVE-2011-1148, CVE-2011-1153,\n CVE-2011-1464, CVE-2011-1467, CVE-2011-1468,\n CVE-2011-1470, CVE-2011-1471, CVE-2011-1938,\n CVE-2011-2202, CVE-2011-2483, CVE-2011-3182,\n CVE-2011-3189, CVE-2011-3267, CVE-2011-3268)\n\n - The bundled version of Apache contains multiple\n vulnerabilities. (CVE-2010-1452, CVE-2010-1623,\n CVE-2010-2068, CVE-2010-2791, CVE-2011-0419,\n CVE-2011-1928, CVE-2011-3192, CVE-2011-3348,\n CVE-2011-3368, CVE-2011-3639)\n\n - OpenSSL libraries are contained in several of the\n bundled components and contain multiple vulnerabilities.\n (CVE-2011-0014, CVE-2011-1468, CVE-2011-1945,\n CVE-2011-3207,CVE-2011-3210)\n\n - Curl libraries are contained in several of the bundled\n components and contain multiple vulnerabilities.\n (CVE-2009-0037, CVE-2010-0734, CVE-2011-2192)\");\n # http://web.archive.org/web/20130916143957/http://h20000.www2.hp.com:80/bizsupport/TechSupport/Document.jsp?objectID=c03280632\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?106ec533\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to HP System Management Homepage 7.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-14-410\");\n script_cwe_id(352);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:hp:system_management_homepage\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"compaq_wbem_detect.nasl\");\n script_require_keys(\"www/hp_smh\");\n script_require_ports(\"Services/www\", 2301, 2381);\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"audit.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\n\nport = get_http_port(default:2381, embedded:TRUE);\ninstall = get_install_from_kb(appname:'hp_smh', port:port, exit_on_fail:TRUE);\ndir = install['dir'];\nversion = install['ver'];\nprod = get_kb_item_or_exit(\"www/\"+port+\"/hp_smh/variant\");\n\nif (version == UNKNOWN_VER) \n exit(1, 'The version of '+prod+' installed at '+build_url(port:port, qs:dir+\"/\")+' is unknown.');\n\n# nb: 'version' can have non-numeric characters in it so we'll create \n# an alternate form and make sure that's safe for use in 'ver_compare()'.\nversion_alt = ereg_replace(pattern:\"[_-]\", replace:\".\", string:version);\nif (!ereg(pattern:\"^[0-9][0-9.]+$\", string:version_alt))\n exit(1, 'The version of '+prod+' installed at '+build_url(port:port, qs:dir+\"/\")+' does not look valid ('+version+').');\n\nfixed_version = '7.0.0.24';\nif (ver_compare(ver:version_alt, fix:fixed_version, strict:FALSE) == -1)\n{\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n set_kb_item(name:'www/'+port+'/XSRF', value:TRUE);\n if (report_verbosity > 0)\n {\n source_line = get_kb_item(\"www/\"+port+\"/hp_smh/source\");\n\n report = '\\n Product : ' + prod;\n if (!isnull(source_line)) \n report += '\\n Version source : ' + source_line;\n report += \n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, prod, port, version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:58:51", "description": "The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.7.\n\nMac OS X 10.6.7 contains security fixes for the following products :\n\n - AirPort\n - Apache\n - AppleScript\n - ATS\n - bzip2\n - CarbonCore\n - ClamAV\n - CoreText\n - File Quarantine\n - HFS\n - ImageIO\n - Image RAW\n - Installer\n - Kerberos\n - Kernel\n - Libinfo\n - libxml\n - Mailman\n - PHP\n - QuickLook\n - QuickTime\n - Ruby\n - Samba\n - Subversion\n - Terminal\n - X11", "cvss3": {}, "published": "2011-03-22T00:00:00", "type": "nessus", "title": "Mac OS X 10.6.x < 10.6.7 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-7243", "CVE-2010-0405", "CVE-2010-1323", "CVE-2010-1324", "CVE-2010-1452", "CVE-2010-2068", "CVE-2010-2950", "CVE-2010-3069", "CVE-2010-3089", "CVE-2010-3315", "CVE-2010-3434", "CVE-2010-3709", "CVE-2010-3710", "CVE-2010-3801", "CVE-2010-3802", "CVE-2010-3814", "CVE-2010-3855", "CVE-2010-3870", "CVE-2010-4008", "CVE-2010-4009", "CVE-2010-4020", "CVE-2010-4021", "CVE-2010-4150", "CVE-2010-4260", "CVE-2010-4261", "CVE-2010-4409", "CVE-2010-4479", "CVE-2010-4494", "CVE-2011-0170", "CVE-2011-0172", "CVE-2011-0173", "CVE-2011-0174", "CVE-2011-0175", "CVE-2011-0176", "CVE-2011-0177", "CVE-2011-0178", "CVE-2011-0179", "CVE-2011-0180", "CVE-2011-0181", "CVE-2011-0182", "CVE-2011-0183", "CVE-2011-0184", "CVE-2011-0186", "CVE-2011-0187", "CVE-2011-0188", "CVE-2011-0189", "CVE-2011-0190", "CVE-2011-0191", "CVE-2011-0192", "CVE-2011-0193", "CVE-2011-0194", "CVE-2011-1417"], "modified": "2018-08-22T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_10_6_7.NASL", "href": "https://www.tenable.com/plugins/nessus/52754", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3000) exit(0); # Avoid problems with large number of xrefs.\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(52754);\n script_version(\"1.33\");\n script_cvs_date(\"Date: 2018/08/22 16:49:14\");\n\n script_cve_id(\n \"CVE-2006-7243\",\n \"CVE-2010-0405\",\n \"CVE-2010-1323\",\n \"CVE-2010-1324\",\n \"CVE-2010-1452\",\n \"CVE-2010-2068\",\n \"CVE-2010-2950\",\n \"CVE-2010-3069\",\n \"CVE-2010-3089\",\n \"CVE-2010-3315\",\n \"CVE-2010-3434\",\n \"CVE-2010-3709\",\n \"CVE-2010-3710\",\n \"CVE-2010-3801\",\n \"CVE-2010-3802\",\n \"CVE-2010-3814\",\n \"CVE-2010-3855\",\n \"CVE-2010-3870\",\n \"CVE-2010-4008\",\n \"CVE-2010-4009\",\n \"CVE-2010-4020\",\n \"CVE-2010-4021\",\n \"CVE-2010-4150\",\n \"CVE-2010-4260\",\n \"CVE-2010-4261\",\n \"CVE-2010-4409\",\n \"CVE-2010-4479\",\n \"CVE-2010-4494\",\n \"CVE-2011-0170\",\n \"CVE-2011-0172\",\n \"CVE-2011-0173\",\n \"CVE-2011-0174\",\n \"CVE-2011-0175\",\n \"CVE-2011-0176\",\n \"CVE-2011-0177\",\n \"CVE-2011-0178\",\n \"CVE-2011-0179\",\n \"CVE-2011-0180\",\n \"CVE-2011-0181\",\n \"CVE-2011-0182\",\n \"CVE-2011-0183\",\n \"CVE-2011-0184\",\n \"CVE-2011-0186\",\n \"CVE-2011-0187\",\n \"CVE-2011-0188\",\n \"CVE-2011-0189\",\n \"CVE-2011-0190\",\n \"CVE-2011-0191\",\n \"CVE-2011-0192\",\n \"CVE-2011-0193\",\n \"CVE-2011-0194\",\n \"CVE-2011-1417\"\n );\n script_bugtraq_id(\n 40827,\n 43212,\n 43555,\n 43926,\n 44214,\n 44605,\n 44643,\n 44718,\n 44779,\n 44980,\n 45116,\n 45117,\n 45118,\n 45119,\n 45122,\n 45152,\n 46832,\n 46965,\n 46966,\n 46971,\n 46972,\n 46973,\n 46982,\n 46984,\n 46987,\n 46988,\n 46989,\n 46990,\n 46991,\n 46992,\n 46993,\n 46994,\n 46995,\n 46996,\n 46997,\n 47023\n );\n script_xref(name:\"EDB-ID\", value:\"17901\");\n script_xref(name:\"IAVB\", value:\"2010-B-0083\");\n\n script_name(english:\"Mac OS X 10.6.x < 10.6.7 Multiple Vulnerabilities\");\n script_summary(english:\"Check the version of Mac OS X\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host is missing a Mac OS X update that fixes several\nsecurity issues.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is running a version of Mac OS X 10.6.x that is prior\nto 10.6.7.\n\nMac OS X 10.6.7 contains security fixes for the following products :\n\n - AirPort\n - Apache\n - AppleScript\n - ATS\n - bzip2\n - CarbonCore\n - ClamAV\n - CoreText\n - File Quarantine\n - HFS\n - ImageIO\n - Image RAW\n - Installer\n - Kerberos\n - Kernel\n - Libinfo\n - libxml\n - Mailman\n - PHP\n - QuickLook\n - QuickTime\n - Ruby\n - Samba\n - Subversion\n - Terminal\n - X11\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://support.apple.com/kb/HT4581\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade to Mac OS X 10.6.7 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n \n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n\n exit(0);\n}\n\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item(\"Host/OS\");\n if (isnull(os)) exit(0, \"The 'Host/OS' KB item is missing.\");\n if (\"Mac OS X\" >!< os) exit(0, \"The host does not appear to be running Mac OS X.\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) exit(0, \"The host does not appear to be running Mac OS X.\");\n\n\nif (ereg(pattern:\"Mac OS X 10\\.6($|\\.[0-6]([^0-9]|$))\", string:os)) security_hole(0);\nelse exit(0, \"The host is not affected as it is running \"+os+\".\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:09:48", "description": "The remote host is affected by the vulnerability described in GLSA-201110-06 (PHP: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A context-dependent attacker could execute arbitrary code, obtain sensitive information from process memory, bypass intended access restrictions, or cause a Denial of Service in various ways.\n A remote attacker could cause a Denial of Service in various ways, bypass spam detections, or bypass open_basedir restrictions.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2011-10-12T00:00:00", "type": "nessus", "title": "GLSA-201110-06 : PHP: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-7243", "CVE-2009-5016", "CVE-2010-1128", "CVE-2010-1129", "CVE-2010-1130", "CVE-2010-1860", "CVE-2010-1861", "CVE-2010-1862", "CVE-2010-1864", "CVE-2010-1866", "CVE-2010-1868", "CVE-2010-1914", "CVE-2010-1915", "CVE-2010-1917", "CVE-2010-2093", "CVE-2010-2094", "CVE-2010-2097", "CVE-2010-2100", "CVE-2010-2101", "CVE-2010-2190", "CVE-2010-2191", "CVE-2010-2225", "CVE-2010-2484", "CVE-2010-2531", "CVE-2010-2950", "CVE-2010-3062", "CVE-2010-3063", "CVE-2010-3064", "CVE-2010-3065", "CVE-2010-3436", "CVE-2010-3709", "CVE-2010-3710", "CVE-2010-3870", "CVE-2010-4150", "CVE-2010-4409", "CVE-2010-4645", "CVE-2010-4697", "CVE-2010-4698", "CVE-2010-4699", "CVE-2010-4700", "CVE-2011-0420", "CVE-2011-0421", "CVE-2011-0708", "CVE-2011-0752", "CVE-2011-0753", "CVE-2011-0755", "CVE-2011-1092", "CVE-2011-1148", "CVE-2011-1153", "CVE-2011-1464", "CVE-2011-1466", "CVE-2011-1467", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-1470", "CVE-2011-1471", "CVE-2011-1657", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-3189", "CVE-2011-3267", "CVE-2011-3268"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:php", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201110-06.NASL", "href": "https://www.tenable.com/plugins/nessus/56459", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201110-06.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56459);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-7243\", \"CVE-2009-5016\", \"CVE-2010-1128\", \"CVE-2010-1129\", \"CVE-2010-1130\", \"CVE-2010-1860\", \"CVE-2010-1861\", \"CVE-2010-1862\", \"CVE-2010-1864\", \"CVE-2010-1866\", \"CVE-2010-1868\", \"CVE-2010-1914\", \"CVE-2010-1915\", \"CVE-2010-1917\", \"CVE-2010-2093\", \"CVE-2010-2094\", \"CVE-2010-2097\", \"CVE-2010-2100\", \"CVE-2010-2101\", \"CVE-2010-2190\", \"CVE-2010-2191\", \"CVE-2010-2225\", \"CVE-2010-2484\", \"CVE-2010-2531\", \"CVE-2010-2950\", \"CVE-2010-3062\", \"CVE-2010-3063\", \"CVE-2010-3064\", \"CVE-2010-3065\", \"CVE-2010-3436\", \"CVE-2010-3709\", \"CVE-2010-3710\", \"CVE-2010-3870\", \"CVE-2010-4150\", \"CVE-2010-4409\", \"CVE-2010-4645\", \"CVE-2010-4697\", \"CVE-2010-4698\", \"CVE-2010-4699\", \"CVE-2010-4700\", \"CVE-2011-0420\", \"CVE-2011-0421\", \"CVE-2011-0708\", \"CVE-2011-0752\", \"CVE-2011-0753\", \"CVE-2011-0755\", \"CVE-2011-1092\", \"CVE-2011-1148\", \"CVE-2011-1153\", \"CVE-2011-1464\", \"CVE-2011-1466\", \"CVE-2011-1467\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1470\", \"CVE-2011-1471\", \"CVE-2011-1657\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3182\", \"CVE-2011-3189\", \"CVE-2011-3267\", \"CVE-2011-3268\");\n script_xref(name:\"GLSA\", value:\"201110-06\");\n\n script_name(english:\"GLSA-201110-06 : PHP: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201110-06\n(PHP: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in PHP. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n A context-dependent attacker could execute arbitrary code, obtain\n sensitive information from process memory, bypass intended access\n restrictions, or cause a Denial of Service in various ways.\n A remote attacker could cause a Denial of Service in various ways,\n bypass spam detections, or bypass open_basedir restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201110-06\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All PHP users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/php-5.3.8'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-lang/php\", unaffected:make_list(\"ge 5.3.8\"), vulnerable:make_list(\"lt 5.3.8\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"PHP\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-27T14:56:12", "description": "The mobile device is running a version of iOS that is older than version 6.0. Version 6.0 contains numerous security-related fixes for the following vulnerabilities :\n\n - Numerous memory errors exist related to handling 'TIFF', 'PNG' and 'JPEG' images and 'ImageIO' that could allow arbitrary code execution. (CVE-2011-1167, CVE-2011-3026, CVE-2011-3048, CVE-2011-3328, CVE-2012-1173, CVE-2012-3726)\n\n - Several issues exist related to 'CoreGraphics' and 'FreeType' (CVE-2012-1126, CVE-2012-1127, CVE-2012-1128, CVE-2012-1129, CVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1133, CVE-2012-1134, CVE-2012-1135, CVE-2012-1136, CVE-2012-1137, CVE-2012-1138, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141, CVE-2012-1142, CVE-2012-1143, CVE-2012-1144)\n\n - Numerous issues exist related to libxml and could lead to application crashes or arbitrary code execution.\n (CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3919)\n\n - A stack-based buffer overflow exists related to 'locale ID' and 'International Components for Unicode' (ICU).\n (CVE-2011-4599)\n\n - An unitialized memory access issue exists related to 'Sorenson' encoded movie files and 'CoreMedia'.\n (CVE-2012-3722)\n\n - An URL handling issue exists related to 'CFNetwork' that can disclose sensitive information. (CVE-2012-3724)\n\n - The 'DNAv4' protocol discloses sensitive information when connecting to unencrypted WiFi networks.\n (CVE-2012-3725)\n\n - A buffer overflow error exists related to 'IPSec' and 'racoon' configuration files. (CVE-2012-3727)\n\n - An invalid pointer dereference error exists related to the kernel and packet filter ioctls. (CVE-2012-3728)\n\n - An uninitialized memory access error exists related to the kernel and the Berkeley Packet Filter interpreter.\n (CVE-2012-3729)\n\n - Several issues exist related to 'Mail' and the handling of attachments and 'S/MIME' signed messages.\n (CVE-2012-3730, CVE-2012-3731, CVE-2012-3732)\n\n - Information disclosure issues exist related to 'Messages', 'Office Viewer', system logs, and 'UIKit'.\n (CVE-2012-3733, CVE-2012-3734, CVE-2012-3743, CVE-2012-3746)\n\n - Memory corruption errors exist related to 'OpenGL'.\n (CVE-2011-3457)\n\n - Numerous errors exist related to 'Passcode Lock'.\n (CVE-2012-3735, CVE-2012-3736, CVE-2012-3737, CVE-2012-3738, CVE-2012-3739, CVE-2012-3740)\n\n - An error exists in 'Restrictions' that could allow unauthorized purchases. (CVE-2012-3741)\n\n - Errors exist in 'Safari' that are related to misleading URL characters and password auto complete.\n (CVE-2012-3742, CVE-2012-0680)\n\n - A buffer overflow error exists related to 'Telephony' and SMS handling. (CVE-2012-3745)\n\n - Many errors exist related to the bundled 'WebKit' components. (CVE-2011-2845, CVE-2011-3016, CVE-2011-3021, CVE-2011-3027, CVE-2011-3032, CVE-2011-3034, CVE-2011-3035, CVE-2011-3036, CVE-2011-3037, CVE-2011-3038, CVE-2011-3039, CVE-2011-3040, CVE-2011-3041, CVE-2011-3042, CVE-2011-3043, CVE-2011-3044, CVE-2011-3050, CVE-2011-3053, CVE-2011-3059, CVE-2011-3060, CVE-2011-3064, CVE-2011-3067, CVE-2011-3068, CVE-2011-3069, CVE-2011-3071, CVE-2011-3073, CVE-2011-3074, CVE-2011-3075, CVE-2011-3076, CVE-2011-3078, CVE-2011-3081, CVE-2011-3086, CVE-2011-3089, CVE-2011-3090, CVE-2011-3105, CVE-2011-3913, CVE-2011-3924, CVE-2011-3926, CVE-2011-3958, CVE-2011-3966, CVE-2011-3968, CVE-2011-3969, CVE-2011-3971, CVE-2012-0682, CVE-2012-0683, CVE-2012-1520, CVE-2012-1521, CVE-2012-2815, CVE-2012-2818, CVE-2012-3589, CVE-2012-3590, CVE-2012-3591, CVE-2012-3592, CVE-2012-3593, CVE-2012-3594, CVE-2012-3595, CVE-2012-3596, CVE-2012-3597, CVE-2012-3598, CVE-2012-3599, CVE-2012-3600, CVE-2012-3601, CVE-2012-3602, CVE-2012-3603, CVE-2012-3604, CVE-2012-3605, CVE-2012-3608, CVE-2012-3609, CVE-2012-3610, CVE-2012-3611, CVE-2012-3612, CVE-2012-3613, CVE-2012-3614, CVE-2012-3615, CVE-2012-3617, CVE-2012-3618, CVE-2012-3620, CVE-2012-3624, CVE-2012-3625, CVE-2012-3626, CVE-2012-3627, CVE-2012-3628, CVE-2012-3629, CVE-2012-3630, CVE-2012-3631, CVE-2012-3633, CVE-2012-3634, CVE-2012-3635, CVE-2012-3636, CVE-2012-3637, CVE-2012-3638, CVE-2012-3639, CVE-2012-3640, CVE-2012-3641, CVE-2012-3642, CVE-2012-3644, CVE-2012-3645, CVE-2012-3646, CVE-2012-3647, CVE-2012-3648, CVE-2012-3650, CVE-2012-3651, CVE-2012-3652, CVE-2012-3653, CVE-2012-3655, CVE-2012-3656, CVE-2012-3658, CVE-2012-3659, CVE-2012-3660, CVE-2012-3661, CVE-2012-3663, CVE-2012-3664, CVE-2012-3665, CVE-2012-3666, CVE-2012-3667, CVE-2012-3668, CVE-2012-3669, CVE-2012-3670, CVE-2012-3671, CVE-2012-3672, CVE-2012-3673, CVE-2012-3674, CVE-2012-3676, CVE-2012-3677, CVE-2012-3678, CVE-2012-3679, CVE-2012-3680, CVE-2012-3681, CVE-2012-3682, CVE-2012-3683, CVE-2012-3684, CVE-2012-3686, CVE-2012-3691, CVE-2012-3693, CVE-2012-3695, CVE-2012-3696, CVE-2012-3703, CVE-2012-3704, CVE-2012-3706, CVE-2012-3708, CVE-2012-3710, CVE-2012-3747)", "cvss3": {}, "published": "2012-09-24T00:00:00", "type": "nessus", "title": "Apple iOS < 6.0 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1167", "CVE-2011-1944", "CVE-2011-2821", "CVE-2011-2834", "CVE-2011-2845", "CVE-2011-3016", "CVE-2011-3021", "CVE-2011-3026", "CVE-2011-3027", "CVE-2011-3032", "CVE-2011-3034", "CVE-2011-3035", "CVE-2011-3036", "CVE-2011-3037", "CVE-2011-3038", "CVE-2011-3039", "CVE-2011-3040", "CVE-2011-3041", "CVE-2011-3042", "CVE-2011-3043", "CVE-2011-3044", "CVE-2011-3048", "CVE-2011-3050", "CVE-2011-3053", "CVE-2011-3059", "CVE-2011-3060", "CVE-2011-3064", "CVE-2011-3067", "CVE-2011-3068", "CVE-2011-3069", "CVE-2011-3071", "CVE-2011-3073", "CVE-2011-3074", "CVE-2011-3075", "CVE-2011-3076", "CVE-2011-3078", "CVE-2011-3081", "CVE-2011-3086", "CVE-2011-3089", "CVE-2011-3090", "CVE-2011-3105", "CVE-2011-3328", "CVE-2011-3457", "CVE-2011-3913", "CVE-2011-3919", "CVE-2011-3924", "CVE-2011-3926", "CVE-2011-3958", "CVE-2011-3966", "CVE-2011-3968", "CVE-2011-3969", "CVE-2011-3971", "CVE-2011-4599", "CVE-2012-0680", "CVE-2012-0682", "CVE-2012-0683", "CVE-2012-1126", "CVE-2012-1127", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1130", "CVE-2012-1131", "CVE-2012-1132", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1135", "CVE-2012-1136", "CVE-2012-1137", "CVE-2012-1138", "CVE-2012-1139", "CVE-2012-1140", "CVE-2012-1141", "CVE-2012-1142", "CVE-2012-1143", "CVE-2012-1144", "CVE-2012-1173", "CVE-2012-1520", "CVE-2012-1521", "CVE-2012-2815", "CVE-2012-2818", "CVE-2012-3589", "CVE-2012-3590", "CVE-2012-3591", "CVE-2012-3592", "CVE-2012-3593", "CVE-2012-3594", "CVE-2012-3595", "CVE-2012-3596", "CVE-2012-3597", "CVE-2012-3598", "CVE-2012-3599", "CVE-2012-3600", "CVE-2012-3601", "CVE-2012-3602", "CVE-2012-3603", "CVE-2012-3604", "CVE-2012-3605", "CVE-2012-3608", "CVE-2012-3609", "CVE-2012-3610", "CVE-2012-3611", "CVE-2012-3612", "CVE-2012-3613", "CVE-2012-3614", "CVE-2012-3615", "CVE-2012-3617", "CVE-2012-3618", "CVE-2012-3620", "CVE-2012-3624", "CVE-2012-3625", "CVE-2012-3626", "CVE-2012-3627", "CVE-2012-3628", "CVE-2012-3629", "CVE-2012-3630", "CVE-2012-3631", "CVE-2012-3633", "CVE-2012-3634", "CVE-2012-3635", "CVE-2012-3636", "CVE-2012-3637", "CVE-2012-3638", "CVE-2012-3639", "CVE-2012-3640", "CVE-2012-3641", "CVE-2012-3642", "CVE-2012-3644", "CVE-2012-3645", "CVE-2012-3646", "CVE-2012-3647", "CVE-2012-3648", "CVE-2012-3650", "CVE-2012-3651", "CVE-2012-3652", "CVE-2012-3653", "CVE-2012-3655", "CVE-2012-3656", "CVE-2012-3658", "CVE-2012-3659", "CVE-2012-3660", "CVE-2012-3661", "CVE-2012-3663", "CVE-2012-3664", "CVE-2012-3665", "CVE-2012-3666", "CVE-2012-3667", "CVE-2012-3668", "CVE-2012-3669", "CVE-2012-3670", "CVE-2012-3671", "CVE-2012-3672", "CVE-2012-3673", "CVE-2012-3674", "CVE-2012-3676", "CVE-2012-3677", "CVE-2012-3678", "CVE-2012-3679", "CVE-2012-3680", "CVE-2012-3681", "CVE-2012-3682", "CVE-2012-3683", "CVE-2012-3684", "CVE-2012-3686", "CVE-2012-3691", "CVE-2012-3693", "CVE-2012-3695", "CVE-2012-3696", "CVE-2012-3703", "CVE-2012-3704", "CVE-2012-3706", "CVE-2012-3708", "CVE-2012-3710", "CVE-2012-3722", "CVE-2012-3724", "CVE-2012-3725", "CVE-2012-3726", "CVE-2012-3727", "CVE-2012-3728", "CVE-2012-3729", "CVE-2012-3730", "CVE-2012-3731", "CVE-2012-3732", "CVE-2012-3733", "CVE-2012-3734", "CVE-2012-3735", "CVE-2012-3736", "CVE-2012-3737", "CVE-2012-3738", "CVE-2012-3739", "CVE-2012-3740", "CVE-2012-3741", "CVE-2012-3742", "CVE-2012-3743", "CVE-2012-3745", "CVE-2012-3746", "CVE-2012-3747"], "modified": "2023-09-25T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "APPLE_IOS_60_CHECK.NBIN", "href": "https://www.tenable.com/plugins/nessus/62242", "sourceData": "Binary data apple_ios_60_check.nbin", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:47", "description": "According to its banner, the remote Apple iOS device is missing a security update. Versions of Apple iOS prior to 6.0 are exposed to the following vulnerabilities :\n\n - Numerous memory errors exist related to handling 'TIFF', 'PNG' and 'JPEG' images and 'ImageIO' that can allow arbitrary code execution. (CVE-2011-1167, CVE-2011-3026, CVE-2011-3048, CVE-2011-3328, CVE-2012-1173, CVE-2012-3726)\n\n - Several issues exist related to 'CoreGraphics' and 'FreeType' (CVE-2012-1126, CVE-2012-1127, CVE-2012-1128, CVE-2012-1129, CVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1133, CVE-2012-1134, CVE-2012-1135, CVE-2012-1136, CVE-2012-1137, CVE-2012-1138, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141, CVE-2012-1142, CVE-2012-1143, CVE-2012-1144)\n\n - Numerous issues exist related to libxml and can lead to application crashes or arbitrary code execution. (CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3919)\n\n - A stack-based buffer overflow exists related to 'locale ID' and 'International Components for Unicode' (ICU). (CVE-2011-4599)\n\n - An unitialized memory access issue exists related to 'Sorenson' encoded movie files and 'CoreMedia'. (CVE-2012-3722)\n\n - An URL handling issue exists related to 'CFNetwork' that can disclose sensitive information. (CVE-2012-3724)\n\n - The 'DNAv4' protocol discloses sensitive information when connecting to unencrypted Wi-Fi networks. (CVE-2012-3725)\n\n - A buffer overflow error exists related to 'IPSec' and 'racoon' configuration files. (CVE-2012-3727)\n\n - An invalid pointer dereference error exists related to the kernel and packet filter ioctls. (CVE-2012-3728)\n\n - An uninitialized memory access error exists related to the kernel and the Berkeley Packet Filter interpreter. (CVE-2012-3729)\n\n - Several issues exist related to 'Mail' and the handling of attachments and 'S/MIME' signed messages. (CVE-2012-3730, CVE-2012-3731, CVE-2012-3732)\n\n - Information disclosure issues exist related to 'Messages', 'Office Viewer', system logs, and 'UIKit'. (CVE-2012-3733, CVE-2012-3734, CVE-2012-3743, CVE-2012-3746)\n\n - Memory corruption errors exist related to 'OpenGL'. (CVE-2011-3457)\n\n - Numerous errors exist related to 'Passcode Lock'. (CVE-2012-3735, CVE-2012-3736, CVE-2012-3737, CVE-2012-3738, CVE-2012-3739, CVE-2012-3740)\n\n - An error exists in 'Restrictions' that can allow unauthorized purchases. (CVE-2012-3741)\n\n - Errors exist in 'Safari' that are related to misleading URL characters and password auto complete. (CVE-2012-3742, CVE-2012-0680)\n\n - A buffer overflow error exists related to 'Telephony' and SMS handling. (CVE-2012-3745)\n\n - Many errors exist related to the bundled 'WebKit' components. (CVE-2011-2845, CVE-2011-3016, CVE-2011-3021, CVE-2011-3027, CVE-2011-3032, CVE-2011-3034, CVE-2011-3035, CVE-2011-3036, CVE-2011-3037, CVE-2011-3038, CVE-2011-3039, CVE-2011-3040, CVE-2011-3041, CVE-2011-3042, CVE-2011-3043, CVE-2011-3044, CVE-2011-3050, CVE-2011-3053, CVE-2011-3059, CVE-2011-3060, CVE-2011-3064, CVE-2011-3067, CVE-2011-3068, CVE-2011-3069, CVE-2011-3071, CVE-2011-3073, CVE-2011-3074, CVE-2011-3075, CVE-2011-3076, CVE-2011-3078, CVE-2011-3081, CVE-2011-3086, CVE-2011-3089, CVE-2011-3090, CVE-2011-3105, CVE-2011-3913, CVE-2011-3924, CVE-2011-3926, CVE-2011-3958, CVE-2011-3966, CVE-2011-3968, CVE-2011-3969, CVE-2011-3971, CVE-2012-0682, CVE-2012-0683, CVE-2012-1520, CVE-2012-1521, CVE-2012-2815, CVE-2012-2818, CVE-2012-3589, CVE-2012-3590, CVE-2012-3591, CVE-2012-3592, CVE-2012-3593, CVE-2012-3594, CVE-2012-3595, CVE-2012-3596, CVE-2012-3597, CVE-2012-3598, CVE-2012-3599, CVE-2012-3600, CVE-2012-3601, CVE-2012-3602, CVE-2012-3603, CVE-2012-3604, CVE-2012-3605, CVE-2012-3608, CVE-2012-3609, CVE-2012-3610, CVE-2012-3611, CVE-2012-3612, CVE-2012-3613, CVE-2012-3614, CVE-2012-3615, CVE-2012-3617, CVE-2012-3618, CVE-2012-3620, CVE-2012-3624, CVE-2012-3625, CVE-2012-3626, CVE-2012-3627, CVE-2012-3628, CVE-2012-3629, CVE-2012-3630, CVE-2012-3631, CVE-2012-3633, CVE-2012-3634, CVE-2012-3635, CVE-2012-3636, CVE-2012-3637, CVE-2012-3638, CVE-2012-3639, CVE-2012-3640, CVE-2012-3641, CVE-2012-3642, CVE-2012-3644, CVE-2012-3645, CVE-2012-3646, CVE-2012-3647, CVE-2012-3648, CVE-2012-3650, CVE-2012-3651, CVE-2012-3652, CVE-2012-3653, CVE-2012-3655, CVE-2012-3656, CVE-2012-3658, CVE-2012-3659, CVE-2012-3660, CVE-2012-3661, CVE-2012-3663, CVE-2012-3664, CVE-2012-3665, CVE-2012-3666, CVE-2012-3667, CVE-2012-3668, CVE-2012-3669, CVE-2012-3670, CVE-2012-3671, CVE-2012-3672, CVE-2012-3673, CVE-2012-3674, CVE-2012-3676, CVE-2012-3677, CVE-2012-3678, CVE-2012-3679, CVE-2012-3680, CVE-2012-3681, CVE-2012-3682, CVE-2012-3683, CVE-2012-3684, CVE-2012-3686, CVE-2012-3691, CVE-2012-3693, CVE-2012-3695, CVE-2012-3696, CVE-2012-3703, CVE-2012-3704, CVE-2012-3706, CVE-2012-3708, CVE-2012-3710, CVE-2012-3747)", "cvss3": {}, "published": "2012-09-24T00:00:00", "type": "nessus", "title": "Apple iOS < 6.0 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1167", "CVE-2011-1944", "CVE-2011-2821", "CVE-2011-2834", "CVE-2011-2845", "CVE-2011-3016", "CVE-2011-3021", "CVE-2011-3026", "CVE-2011-3027", "CVE-2011-3032", "CVE-2011-3034", "CVE-2011-3035", "CVE-2011-3036", "CVE-2011-3037", "CVE-2011-3038", "CVE-2011-3039", "CVE-2011-3040", "CVE-2011-3041", "CVE-2011-3042", "CVE-2011-3043", "CVE-2011-3044", "CVE-2011-3048", "CVE-2011-3050", "CVE-2011-3053", "CVE-2011-3059", "CVE-2011-3060", "CVE-2011-3064", "CVE-2011-3067", "CVE-2011-3068", "CVE-2011-3069", "CVE-2011-3071", "CVE-2011-3073", "CVE-2011-3074", "CVE-2011-3075", "CVE-2011-3076", "CVE-2011-3078", "CVE-2011-3081", "CVE-2011-3086", "CVE-2011-3089", "CVE-2011-3090", "CVE-2011-3105", "CVE-2011-3328", "CVE-2011-3457", "CVE-2011-3913", "CVE-2011-3919", "CVE-2011-3924", "CVE-2011-3926", "CVE-2011-3958", "CVE-2011-3966", "CVE-2011-3968", "CVE-2011-3969", "CVE-2011-3971", "CVE-2011-4599", "CVE-2012-0680", "CVE-2012-0682", "CVE-2012-0683", "CVE-2012-1126", "CVE-2012-1127", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1130", "CVE-2012-1131", "CVE-2012-1132", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1135", "CVE-2012-1136", "CVE-2012-1137", "CVE-2012-1138", "CVE-2012-1139", "CVE-2012-1140", "CVE-2012-1141", "CVE-2012-1142", "CVE-2012-1143", "CVE-2012-1144", "CVE-2012-1173", "CVE-2012-1520", "CVE-2012-1521", "CVE-2012-2815", "CVE-2012-2818", "CVE-2012-3589", "CVE-2012-3590", "CVE-2012-3591", "CVE-2012-3592", "CVE-2012-3593", "CVE-2012-3594", "CVE-2012-3595", "CVE-2012-3596", "CVE-2012-3597", "CVE-2012-3598", "CVE-2012-3599", "CVE-2012-3600", "CVE-2012-3601", "CVE-2012-3602", "CVE-2012-3603", "CVE-2012-3604", "CVE-2012-3605", "CVE-2012-3608", "CVE-2012-3609", "CVE-2012-3610", "CVE-2012-3611", "CVE-2012-3612", "CVE-2012-3613", "CVE-2012-3614", "CVE-2012-3615", "CVE-2012-3617", "CVE-2012-3618", "CVE-2012-3620", "CVE-2012-3624", "CVE-2012-3625", "CVE-2012-3626", "CVE-2012-3627", "CVE-2012-3628", "CVE-2012-3629", "CVE-2012-3630", "CVE-2012-3631", "CVE-2012-3633", "CVE-2012-3634", "CVE-2012-3635", "CVE-2012-3636", "CVE-2012-3637", "CVE-2012-3638", "CVE-2012-3639", "CVE-2012-3640", "CVE-2012-3641", "CVE-2012-3642", "CVE-2012-3644", "CVE-2012-3645", "CVE-2012-3646", "CVE-2012-3647", "CVE-2012-3648", "CVE-2012-3650", "CVE-2012-3651", "CVE-2012-3652", "CVE-2012-3653", "CVE-2012-3655", "CVE-2012-3656", "CVE-2012-3658", "CVE-2012-3659", "CVE-2012-3660", "CVE-2012-3661", "CVE-2012-3663", "CVE-2012-3664", "CVE-2012-3665", "CVE-2012-3666", "CVE-2012-3667", "CVE-2012-3668", "CVE-2012-3669", "CVE-2012-3670", "CVE-2012-3671", "CVE-2012-3672", "CVE-2012-3673", "CVE-2012-3674", "CVE-2012-3676", "CVE-2012-3677", "CVE-2012-3678", "CVE-2012-3679", "CVE-2012-3680", "CVE-2012-3681", "CVE-2012-3682", "CVE-2012-3683", "CVE-2012-3684", "CVE-2012-3686", "CVE-2012-3691", "CVE-2012-3693", "CVE-2012-3695", "CVE-2012-3696", "CVE-2012-3703", "CVE-2012-3704", "CVE-2012-3706", "CVE-2012-3708", "CVE-2012-3710", "CVE-2012-3722", "CVE-2012-3724", "CVE-2012-3725", "CVE-2012-3726", "CVE-2012-3727", "CVE-2012-3728", "CVE-2012-3729", "CVE-2012-3730", "CVE-2012-3731", "CVE-2012-3732", "CVE-2012-3733", "CVE-2012-3734", "CVE-2012-3735", "CVE-2012-3736", "CVE-2012-3737", "CVE-2012-3738", "CVE-2012-3739", "CVE-2012-3740", "CVE-2012-3741", "CVE-2012-3742", "CVE-2012-3743", "CVE-2012-3745", "CVE-2012-3746", "CVE-2012-3747"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "6589.PRM", "href": "https://www.tenable.com/plugins/nnm/6589", "sourceData": "Binary data 6589.prm", "cvss": {"score": 0.0, "vector": "NONE"}}], "veracode": [{"lastseen": "2023-04-18T11:52:13", "description": "icu is vulnerable to arbitrary code execution. The vulnerability exists as a stack-based buffer overflow flaw was found in the way ICU performed variant canonicalization for some locale identifiers. If a specially-crafted locale representation was opened in an application linked against ICU, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.\n", "cvss3": {}, "published": "2020-04-10T01:08:51", "type": "veracode", "title": "Arbitrary Code Execution", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4599"], "modified": "2023-02-13T07:22:43", "id": "VERACODE:24905", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-24905/summary", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "description": "Tools and utilities for developing with icu. ", "cvss3": {}, "published": "2011-12-23T03:30:14", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: icu-4.4.2-9.fc15", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4599"], "modified": "2011-12-23T03:30:14", "id": "FEDORA:391DF22C92", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TKUBGGL2TVIZQI5BTZWKFEXR4DP35FBS/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "Tools and utilities for developing with icu. ", "cvss3": {}, "published": "2011-12-23T03:30:36", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: icu-4.6-3.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4599"], "modified": "2011-12-23T03:30:36", "id": "FEDORA:2490A22E48", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/X3HKYIXTQQ6ZDBV6VN7MH2PEEONXNTOR/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "ManiaDrive is an arcade car game on acrobatic tracks, with a quick and nerv ous gameplay (tracks almost never exceed one minute). Features: Complex car physics, Challenging \"story mode\", LAN and Internet mode, Live scores, Track editor, Dedicated server with HTTP interface and More than 30 blocks. ", "cvss3": {}, "published": "2011-01-04T20:53:11", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: maniadrive-1.2-23.fc13", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-5016", "CVE-2010-2950", "CVE-2010-3436", "CVE-2010-3709", "CVE-2010-3710", "CVE-2010-3870", "CVE-2010-4150", "CVE-2010-4156", "CVE-2010-4409"], "modified": "2011-01-04T20:53:11", "id": "FEDORA:E97781110D7", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TFQQ2EIFPLODZJHDHRBTACYK5GVELJU4/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "eAccelerator is a further development of the MMCache PHP Accelerator & Enco der. It increases performance of PHP scripts by caching them in compiled state, so that the overhead of compiling is almost completely eliminated. ", "cvss3": {}, "published": "2011-01-04T20:53:11", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: php-eaccelerator-0.9.6.1-3.fc13", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-5016", "CVE-2010-2950", "CVE-2010-3436", "CVE-2010-3709", "CVE-2010-3710", "CVE-2010-3870", "CVE-2010-4150", "CVE-2010-4156", "CVE-2010-4409"], "modified": "2011-01-04T20:53:11", "id": "FEDORA:E5BC01110D2", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BBAY2EYGMRB3HG6LADRUBQ2TWCHCV6EX/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module which adds support for the PHP language to Apache HTTP Server. ", "cvss3": {}, "published": "2011-01-04T20:55:36", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: php-5.3.4-1.fc14.1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-5016", "CVE-2010-2950", "CVE-2010-3436", "CVE-2010-3709", "CVE-2010-3710", "CVE-2010-3870", "CVE-2010-4150", "CVE-2010-4156", "CVE-2010-4409"], "modified": "2011-01-04T20:55:36", "id": "FEDORA:C9FB11110D9", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KLUOJWESKXRY45G2VR2BV6RFSWBII2IH/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module which adds support for the PHP language to Apache HTTP Server. ", "cvss3": {}, "published": "2011-01-04T20:53:11", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: php-5.3.4-1.fc13.1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-5016", "CVE-2010-2950", "CVE-2010-3436", "CVE-2010-3709", "CVE-2010-3710", "CVE-2010-3870", "CVE-2010-4150", "CVE-2010-4156", "CVE-2010-4409"], "modified": "2011-01-04T20:53:11", "id": "FEDORA:E1A0E1110CE", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TAHCVAHHGKCFXNAH24334RFGWKFH26Z2/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "eAccelerator is a further development of the MMCache PHP Accelerator & Enco der. It increases performance of PHP scripts by caching them in compiled state, so that the overhead of compiling is almost completely eliminated. ", "cvss3": {}, "published": "2011-01-04T20:55:36", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: php-eaccelerator-0.9.6.1-3.fc14", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-5016", "CVE-2010-2950", "CVE-2010-3436", "CVE-2010-3709", "CVE-2010-3710", "CVE-2010-3870", "CVE-2010-4150", "CVE-2010-4156", "CVE-2010-4409"], "modified": "2011-01-04T20:55:36", "id": "FEDORA:D1042111102", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KMTPJJZJ5Z7XVEHL7XARE7HVXV3CLPJZ/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "ManiaDrive is an arcade car game on acrobatic tracks, with a quick and nerv ous gameplay (tracks almost never exceed one minute). Features: Complex car physics, Challenging \"story mode\", LAN and Internet mode, Live scores, Track editor, Dedicated server with HTTP interface and More than 30 blocks. ", "cvss3": {}, "published": "2011-01-04T20:55:36", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: maniadrive-1.2-23.fc14", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-5016", "CVE-2010-2950", "CVE-2010-3436", "CVE-2010-3709", "CVE-2010-3710", "CVE-2010-3870", "CVE-2010-4150", "CVE-2010-4156", "CVE-2010-4409"], "modified": "2011-01-04T20:55:36", "id": "FEDORA:D3AAD11111B", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/G3FSJMZLDIIZGKF63C2QZQ3BQJHUC24U/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:45", "description": "Memory corruption on locale processing.", "cvss3": {}, "published": "2012-01-02T00:00:00", "type": "securityvulns", "title": "ICU library memory corruption", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-4599"], "modified": "2012-01-02T00:00:00", "id": "SECURITYVULNS:VULN:12123", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12123", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:43", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2011:194\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : icu\r\n Date : December 27, 2011\r\n Affected: 2010.1, 2011., Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A vulnerability has been discovered and corrected in icu:\r\n \r\n A stack-based buffer overflow flaw was found in the way ICU\r\n performed variant canonicalization for some locale identifiers. If a\r\n specially-crafted locale representation was opened in an application\r\n linked against ICU, it could cause the application to crash or,\r\n possibly, execute arbitrary code with the privileges of the user\r\n running the application &#40;CVE-2011-4599&#41;.\r\n \r\n The updated packages have been patched to correct this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4599\r\n http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=765812\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2010.1:\r\n f636ef5c8fc11c9ef228c888a5f1c375 2010.1/i586/icu-4.4-2.1mdv2010.2.i586.rpm\r\n 05305bca0946dd6a7af31a4644b10be6 2010.1/i586/icu-doc-4.4-2.1mdv2010.2.i586.rpm\r\n 641aeb15718c51525e66c24a0aa1372c 2010.1/i586/libicu44-4.4-2.1mdv2010.2.i586.rpm\r\n cb1dbefda3ae9267a598172ec0ba00a9 2010.1/i586/libicu-devel-4.4-2.1mdv2010.2.i586.rpm \r\n d480dfccb101762e8c11382b03996736 2010.1/SRPMS/icu-4.4-2.1mdv2010.2.src.rpm\r\n\r\n Mandriva Linux 2010.1/X86_64:\r\n bc6f3753043c82300093e5772646cabb 2010.1/x86_64/icu-4.4-2.1mdv2010.2.x86_64.rpm\r\n d301f0e3490e6af029c6b8a51aea63ae 2010.1/x86_64/icu-doc-4.4-2.1mdv2010.2.x86_64.rpm\r\n 98a1dcf68dc12d6c5189fc080d647541 2010.1/x86_64/lib64icu44-4.4-2.1mdv2010.2.x86_64.rpm\r\n 6ec9e6563d871b8a9f683915a4a6dfcf 2010.1/x86_64/lib64icu-devel-4.4-2.1mdv2010.2.x86_64.rpm \r\n d480dfccb101762e8c11382b03996736 2010.1/SRPMS/icu-4.4-2.1mdv2010.2.src.rpm\r\n\r\n Mandriva Linux 2011:\r\n c6184666829529808d7b65e4209ca391 2011/i586/icu-4.8-1.1-mdv2011.0.i586.rpm\r\n 77d6ea5d2ba58045febed9e6dd16b3c9 2011/i586/icu-doc-4.8-1.1-mdv2011.0.i586.rpm\r\n f80f2e5939004c39ff0ca904477663ca 2011/i586/libicu48-4.8-1.1-mdv2011.0.i586.rpm\r\n 6d7c5371aeab199d7b8d3ecaf8f34dda 2011/i586/libicu-devel-4.8-1.1-mdv2011.0.i586.rpm \r\n ee26c16f6df9d3fd286cf92e6e70498e 2011/SRPMS/icu-4.8-1.1.src.rpm\r\n\r\n Mandriva Linux 2011/X86_64:\r\n 6702892b293ac39440ee2d2fe0adf597 2011/x86_64/icu-4.8-1.1-mdv2011.0.x86_64.rpm\r\n 8189ac1634256646f111b3fe6e7aa365 2011/x86_64/icu-doc-4.8-1.1-mdv2011.0.x86_64.rpm\r\n 81d72178292ee239eb4e8d5efa0b8ced 2011/x86_64/lib64icu48-4.8-1.1-mdv2011.0.x86_64.rpm\r\n 355101426ad51b28a174dfe51d0605ce 2011/x86_64/lib64icu-devel-4.8-1.1-mdv2011.0.x86_64.rpm \r\n ee26c16f6df9d3fd286cf92e6e70498e 2011/SRPMS/icu-4.8-1.1.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n 9db3d3e64e0ecfcb43bfb3568df1b5b9 mes5/i586/icu-4.0-2.2mdvmes5.2.i586.rpm\r\n e5cf53874c0cdd9e0837d65976a3a33f mes5/i586/icu-doc-4.0-2.2mdvmes5.2.i586.rpm\r\n fc8920ecd40c9677051d6b43808cba2b mes5/i586/libicu40-4.0-2.2mdvmes5.2.i586.rpm\r\n 11802680627a69e7daf22b3ea3d3097e mes5/i586/libicu-devel-4.0-2.2mdvmes5.2.i586.rpm \r\n 03386290a0c985306d574d198df2870b mes5/SRPMS/icu-4.0-2.2mdvmes5.2.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n d4e8f9d23253330afde15792ee0da5c5 mes5/x86_64/icu-4.0-2.2mdvmes5.2.x86_64.rpm\r\n 42c2e4967eaf25f682af35c1d74c3fbb mes5/x86_64/icu-doc-4.0-2.2mdvmes5.2.x86_64.rpm\r\n f5856b5cb0239396ba96a58ee90eb123 mes5/x86_64/lib64icu40-4.0-2.2mdvmes5.2.x86_64.rpm\r\n b38aff30d218259d3645511166ce0643 mes5/x86_64/lib64icu-devel-4.0-2.2mdvmes5.2.x86_64.rpm \r\n 03386290a0c985306d574d198df2870b mes5/SRPMS/icu-4.0-2.2mdvmes5.2.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFO+aWMmqjQ0CJFipgRAu9bAJ9b3aDy3NX0LDWYBEnQnJZCBfWi4QCgxzsX\r\nSfy7BMjIZ7iQN2g0aDLaqxE=\r\n=/aTY\r\n-----END PGP SIGNATURE-----\r\n", "cvss3": {}, "published": "2012-01-02T00:00:00", "type": "securityvulns", "title": "[ MDVSA-2011:194 ] icu", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-4599"], "modified": "2012-01-02T00:00:00", "id": "SECURITYVULNS:DOC:27505", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27505", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T19:08:48", "description": "NumberFormatter::getSymbol integer overflow.", "cvss3": {}, "published": "2010-12-12T00:00:00", "type": "securityvulns", "title": "PHP integer overflow", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2010-4409"], "modified": "2010-12-12T00:00:00", "id": "SECURITYVULNS:VULN:11291", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11291", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:38", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n[ PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow ]\r\n\r\nAuthor: Maksymilian Arciemowicz\r\nhttp://securityreason.com/\r\nhttp://cxib.net/\r\nDate:\r\n- - Dis.: 11.11.2010\r\n- - Pub.: 10.12.2010\r\n\r\nCERT: VU#479900\r\nCVE: CVE-2010-4409\r\nCWE: CWE-189\r\nStatus: Fixed in PHP 5.3.4\r\n\r\nAffected Software:\r\n- - PHP 5.3.3\r\n\r\nOriginal URL:\r\nhttp://securityreason.com/achievement_securityalert/91\r\n\r\n\r\n- --- 0.Description ---\r\nInternationalization extension &#40;further is referred as Intl&#41; is a wrapper for ICU\r\nlibrary, enabling PHP programmers to perform UCA-conformant collation and\r\ndate/time/number/currency formatting in their scripts.\r\n\r\nNumber Formatter: allows to display number according to the localized format or\r\ngiven pattern or set of rules, and to parse strings into numbers. \r\n\r\n\r\n- --- 1. PoC for Integer Overflow ---\r\n$nx=new NumberFormatter&#40;&quot;pl&quot;,1&#41;;\r\n$nx-&gt;getSymbol&#40;2147483648&#41;;\r\n\r\n\r\n- --- 2. PHP 5.3.3/5.2.14 NumberFormatter::getSymbol Integer Overflow ---\r\nAs we can see in\r\n\r\n- ---\r\nPHP_FUNCTION&#40; numfmt_get_symbol &#41;\r\n{\r\n long symbol;\r\n UChar value_buf[4];\r\n UChar *value = value_buf;\r\n int length = USIZE&#40;value&#41;;\r\n FORMATTER_METHOD_INIT_VARS;\r\n\r\n /* Parse parameters. */\r\n if&#40; zend_parse_method_parameters&#40; ZEND_NUM_ARGS&#40;&#41; TSRMLS_CC, getThis&#40;&#41;,\r\n&quot;Ol&quot;,\r\n &amp;object, NumberFormatter_ce_ptr, &amp;symbol &#41; == FAILURE &#41;\r\n {\r\n intl_error_set&#40; NULL, U_ILLEGAL_ARGUMENT_ERROR,\r\n &quot;numfmt_get_symbol: unable to parse input params&quot;, 0\r\nTSRMLS_CC &#41;;\r\n\r\n RETURN_FALSE;\r\n }\r\n\r\n /* Fetch the object. */\r\n FORMATTER_METHOD_FETCH_OBJECT;\r\n\r\n length = unum_getSymbol&#40;FORMATTER_OBJECT&#40;nfo&#41;, symbol, value_buf,\r\nlength, &amp;INTL_DATA_ERROR_CODE&#40;nfo&#41;&#41;; &lt;================= !!!TO BIG INT HERE!!!\r\n...\r\n- ---\r\n\r\nwill crash for differ value. example {2444492804, 2147483648,\r\n2147483649, 2554462209} &#40;when rdi out off band &#40;range 2to31 2to32 under 64bits\r\nlinux&#41;\r\n\r\nProgram received signal SIGSEGV, Segmentation fault.\r\n0x00007fffedf317f5 in icu_4_2::UnicodeString::extract&#40;unsigned short*,\r\nint, UErrorCode&amp;&#41; const &#40;&#41; from /usr/lib/libicuuc.so.42\r\n&#40;gdb&#41; bt\r\n#0 0x00007fffedf317f5 in icu_4_2::UnicodeString::extract&#40;unsigned\r\nshort*, int, UErrorCode&amp;&#41; const &#40;&#41; from /usr/lib/libicuuc.so.42\r\n#1 0x00007fffee5d11c0 in zif_numfmt_get_symbol &#40;ht=17168120,\r\n return_value=0x105c928, return_value_ptr=0x4, this_ptr=0x105f710,\r\n return_value_used=17168144&#41;\r\n at /build/buildd/php5-5.3.3/ext/intl/formatter/formatter_attr.c:269\r\n...blabla\r\n\r\nrip 0x7fffedf317f5 0x7fffedf317f5\r\n&lt;icu_4_2::UnicodeString::extract&#40;unsigned short*, int, UErrorCode&amp;&#41;\r\nconst+21&gt;\r\neflags 0x10206 [ PF IF RF ]\r\n\r\nlet&#96;s see value ~4294901761\r\n\r\n$nx=new NumberFormatter&#40;&quot;pl&quot;,1&#41;;\r\n$nx-&gt;getSymbol&#40;4294901761&#41;;\r\n\r\nwill crash in memcpy&#40;3&#41; ;]\r\n\r\nProgram received signal SIGSEGV, Segmentation fault.\r\nmemcpy &#40;&#41; at ../sysdeps/x86_64/memcpy.S:90\r\n90 ../sysdeps/x86_64/memcpy.S: No such file or directory.\r\n in ../sysdeps/x86_64/memcpy.S\r\n&#40;gdb&#41; bt\r\n#0 memcpy &#40;&#41; at ../sysdeps/x86_64/memcpy.S:90\r\n#1 0x00007fffea74a86a in icu_4_2::UnicodeString::extract&#40;unsigned\r\nshort*, int, UErrorCode&amp;&#41; const &#40;&#41; from /usr/lib/libicuuc.so.42\r\n#2 0x00007fffeadea2b4 in zif_numfmt_get_symbol &#40;ht=17826952,\r\n return_value=0x10fecd0, return_value_ptr=0xc, this_ptr=0x11004a0,\r\n return_value_used=17826976&#41;\r\n at /build/buildd/php5-5.3.3/ext/intl/formatter/formatter_attr.c:274\r\n#3 0x00000000006e986a in zend_do_fcall_common_helper_SPEC &#40;\r\n execute_data=0x7ffff7eb8068&#41;\r\n at /build/buildd/php5-5.3.3/Zend/zend_vm_execute.h:316\r\n...\r\n\r\nlet&#39;s see ICU UnicodeString::extract&#40;unsigned short*, int, UErrorCode&amp;&#41;\r\n\r\n- ---\r\nint32_t\r\nUnicodeString::extract&#40;UChar *dest, int32_t destCapacity,\r\n UErrorCode &amp;errorCode&#41; const {\r\n int32_t len = length&#40;&#41;;\r\n if&#40;U_SUCCESS&#40;errorCode&#41;&#41; {\r\n if&#40;isBogus&#40;&#41; || destCapacity&lt;0 || &#40;destCapacity&gt;0 &amp;&amp; dest==0&#41;&#41; {\r\n errorCode=U_ILLEGAL_ARGUMENT_ERROR;\r\n } else {\r\n const UChar *array = getArrayStart&#40;&#41;;\r\n if&#40;len&gt;0 &amp;&amp; len&lt;=destCapacity &amp;&amp; array!=dest&#41; {\r\n uprv_memcpy&#40;dest, array, len*U_SIZEOF_UCHAR&#41;; &lt;======= MEMCPY REFERENCE\r\nHERE\r\n }\r\n return u_terminateUChars&#40;dest, destCapacity, len, &amp;errorCode&#41;;\r\n }\r\n }\r\n\r\n return len;\r\n\r\n}\r\n- ---\r\n\r\nso crash in rip=memcpy&#40;3&#41;. \r\n\r\nMethod getLocal&#40;&#41; also can generate simple crash &#40;CWE-170&#41;\r\n\r\n$nx=new IntlDateFormatter&#40;&quot;pl&quot;, IntlDateFormatter::FULL,\r\nIntlDateFormatter::FULL&#41;;\r\n$nx-&gt;getLocale&#40;1&#41;;\r\n\r\n\r\n- --- 3. Fix ---\r\nFix in next PHP Version 5.3.4:\r\nhttp://www.kb.cert.org/vuls/id/479900\r\n\r\nSVN:\r\nhttp://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/intl/dateformat/dateformat_attr.c?view=log\r\nhttp://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/intl/formatter/formatter_attr.c?view=log\r\n\r\n\r\n- --- 4. Greets ---\r\nSpecial thanks for Pierre Joye and Stas Malyshev for very quickly fix\r\nMichael Orlando for security support\r\n\r\nand sp3x, Infospec\r\n\r\n\r\n- --- 5. Contact ---\r\nAuthor: SecurityReason.com [ Maksymilian Arciemowicz ]\r\n\r\nEmail:\r\n- - cxib {a&#92;./t] securityreason [d=t} com\r\n\r\nGPG:\r\n- - http://securityreason.com/key/Arciemowicz.Maksymilian.gpg\r\n\r\nhttp://securityreason.com/\r\nhttp://cxib.net/\r\n-----BEGIN PGP SIGNATURE-----\r\n\r\niQIcBAEBAgAGBQJNAio1AAoJEIO8+dzW5bUwwxkP/AilUgATowi4jQiNIUcBBuD5\r\n3Jvirho7YJMAK4k8EsbGXpPkZ1JmiuE+km3IUHdhkazBO3coUPRNvudZQoG2NbBa\r\nUteHQaMzGDPHXy9uR4izxhGHVcpnmpYKG9841OfNBIJ3/EDAn5nBKrNPtO+4brkh\r\nvcaglVL4McA+ww4iTbQ7mDLkwmwGsADH0JHrxrCRfB3IzkbaqIueNe//EaSzf9Zy\r\n4AUUIOb98jGxGlNVgfEOK1odAQKW+WupyEtuPIy+SYh7ZAi+N/6a17yLcbfEAiWX\r\nWKEbSHG0QtleKhiRzEedahfsAzXgct5UB/Clyj5QZn+gsI/hFM+yBdsq9FH2Lnuu\r\nHG2JCbMlGrKNxH/vF8tz/kvh/cWF+czmHuisNC4H6XCUmljEV2OLmI9JtRL8qZcs\r\npUAcAPVCFF9mGOIOrVbdc4Hku6O/nvXmq/gKashiMbN5SFos/cNh/LxMICHq/HI0\r\naS0TX2h+nplNSPQsx+65DSl8SMZyciU9dufcyRTnOIKWwLJfqlSmpwX/gxC1AXJm\r\nWVrjw6tGg8wB5iEru4Wl1D3DTlc57kGBFdStPflSooJO+1ZCiz8zfSt0RFLals2N\r\nP+lXJzhNox53cAARhbByqIWV+dR/Hrpsjp4ai1kgvgPwI78rJXWKsnEgc3dcntZf\r\nBW/ksdPomtWGWej1c4s4\r\n=+/YF\r\n-----END PGP SIGNATURE-----", "cvss3": {}, "published": "2010-12-12T00:00:00", "type": "securityvulns", "title": "PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2010-4409"], "modified": "2010-12-12T00:00:00", "id": "SECURITYVULNS:DOC:25291", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25291", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:38", "description": "===========================================================\r\nUbuntu Security Notice USN-1042-1 January 11, 2011\r\nphp5 vulnerabilities\r\nCVE-2009-5016, CVE-2010-3436, CVE-2010-3709, CVE-2010-3710,\r\nCVE-2010-3870, CVE-2010-4156, CVE-2010-4409, CVE-2010-4645\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 6.06 LTS\r\nUbuntu 8.04 LTS\r\nUbuntu 9.10\r\nUbuntu 10.04 LTS\r\nUbuntu 10.10\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 6.06 LTS:\r\n libapache2-mod-php5 5.1.2-1ubuntu3.20\r\n php5-cgi 5.1.2-1ubuntu3.20\r\n php5-cli 5.1.2-1ubuntu3.20\r\n\r\nUbuntu 8.04 LTS:\r\n libapache2-mod-php5 5.2.4-2ubuntu5.13\r\n php5-cgi 5.2.4-2ubuntu5.13\r\n php5-cli 5.2.4-2ubuntu5.13\r\n\r\nUbuntu 9.10:\r\n libapache2-mod-php5 5.2.10.dfsg.1-2ubuntu6.6\r\n php5-cgi 5.2.10.dfsg.1-2ubuntu6.6\r\n php5-cli 5.2.10.dfsg.1-2ubuntu6.6\r\n\r\nUbuntu 10.04 LTS:\r\n libapache2-mod-php5 5.3.2-1ubuntu4.6\r\n php5-cgi 5.3.2-1ubuntu4.6\r\n php5-cli 5.3.2-1ubuntu4.6\r\n\r\nUbuntu 10.10:\r\n libapache2-mod-php5 5.3.3-1ubuntu9.2\r\n php5-cgi 5.3.3-1ubuntu9.2\r\n php5-cli 5.3.3-1ubuntu9.2\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nDetails follow:\r\n\r\nIt was discovered that an integer overflow in the XML UTF-8 decoding\r\ncode could allow an attacker to bypass cross-site scripting &#40;XSS&#41;\r\nprotections. This issue only affected Ubuntu 6.06 LTS, Ubuntu 8.04 LTS,\r\nand Ubuntu 9.10. &#40;CVE-2009-5016&#41;\r\n\r\nIt was discovered that the XML UTF-8 decoding code did not properly\r\nhandle non-shortest form UTF-8 encoding and ill-formed subsequences\r\nin UTF-8 data, which could allow an attacker to bypass cross-site\r\nscripting &#40;XSS&#41; protections. &#40;CVE-2010-3870&#41;\r\n\r\nIt was discovered that attackers might be able to bypass open_basedir&#40;&#41;\r\nrestrictions by passing a specially crafted filename. &#40;CVE-2010-3436&#41;\r\n\r\nMaksymilian Arciemowicz discovered that a NULL pointer derefence in the\r\nZIP archive handling code could allow an attacker to cause a denial\r\nof service through a specially crafted ZIP archive. This issue only\r\naffected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, and Ubuntu\r\n10.10. &#40;CVE-2010-3709&#41;\r\n\r\nIt was discovered that a stack consumption vulnerability in the\r\nfilter_var&#40;&#41; PHP function when in FILTER_VALIDATE_EMAIL mode, could\r\nallow a remote attacker to cause a denial of service. This issue\r\nonly affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, and\r\nUbuntu 10.10. &#40;CVE-2010-3710&#41;\r\n\r\nIt was discovered that the mb_strcut function in the Libmbfl\r\nlibrary within PHP could allow an attacker to read arbitrary memory\r\nwithin the application process. This issue only affected Ubuntu\r\n10.10. &#40;CVE-2010-4156&#41;\r\n\r\nMaksymilian Arciemowicz discovered that an integer overflow in the\r\nNumberFormatter::getSymbol function could allow an attacker to cause\r\na denial of service. This issue only affected Ubuntu 10.04 LTS and\r\nUbuntu 10.10. &#40;CVE-2010-4409&#41;\r\n\r\nRick Regan discovered that when handing PHP textual representations\r\nof the largest subnormal double-precision floating-point number,\r\nthe zend_strtod function could go into an infinite loop on 32bit\r\nx86 processors, allowing an attacker to cause a denial of service.\r\n&#40;CVE-2010-4645&#41;\r\n\r\n\r\nUpdated packages for Ubuntu 6.06 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.1.2-1ubuntu3.20.diff.gz\r\n Size/MD5: 156750 6df1d4b9735ef95cff0607b842416b52\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.1.2-1ubuntu3.20.dsc\r\n Size/MD5: 2417 d21e7bcbc26a369b84afdfa9649953a2\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.1.2.orig.tar.gz\r\n Size/MD5: 8064193 b5b6564e8c6a0d5bc1d2b4787480d792\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php-pear_5.1.2-1ubuntu3.20_all.deb\r\n Size/MD5: 306838 8a061474b0d03b280bd4ad66e0951e4b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.1.2-1ubuntu3.20_all.deb\r\n Size/MD5: 1036 67a5ec2ab802e6a9c1fd35b66c762ac6\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/libapache2-mod-php5_5.1.2-1ubuntu3.20_amd64.deb\r\n Size/MD5: 2438326 6205e0a4f786423e602c09eb23be56f1\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cgi_5.1.2-1ubuntu3.20_amd64.deb\r\n Size/MD5: 4764272 367b69faa1d9d2b6cadc9511b953626b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cli_5.1.2-1ubuntu3.20_amd64.deb\r\n Size/MD5: 2395226 e11c91162fc2036bee7339836eb9a553\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-common_5.1.2-1ubuntu3.20_amd64.deb\r\n Size/MD5: 140418 433d226f3cccc27740d706099922a80e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-curl_5.1.2-1ubuntu3.20_amd64.deb\r\n Size/MD5: 24600 bc8694d0a2678ef21d6ee6abea6680b5\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-dev_5.1.2-1ubuntu3.20_amd64.deb\r\n Size/MD5: 316032 2d9e23883469510f6caac1795c9c66f3\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gd_5.1.2-1ubuntu3.20_amd64.deb\r\n Size/MD5: 36828 4472d4ece18fc3eabcdf1b40d3c9d215\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-ldap_5.1.2-1ubuntu3.20_amd64.deb\r\n Size/MD5: 22122 71d6b55889541f048fbdc5fa62e657e0\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mhash_5.1.2-1ubuntu3.20_amd64.deb\r\n Size/MD5: 8768 a5e9619a423332627296a017df2c978e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mysql_5.1.2-1ubuntu3.20_amd64.deb\r\n Size/MD5: 25214 d14ebe6db092a95d8627aaeea0eeb857\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mysqli_5.1.2-1ubuntu3.20_amd64.deb\r\n Size/MD5: 43896 84033eb9680d41b141fe0210c39e7d2a\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-odbc_5.1.2-1ubuntu3.20_amd64.deb\r\n Size/MD5: 30112 ea65f8215a9e38a8bfe865fdb46a6a62\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-pgsql_5.1.2-1ubuntu3.20_amd64.deb\r\n Size/MD5: 44370 5d56c29b3b694d372c5059b348bc9eb9\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-recode_5.1.2-1ubuntu3.20_amd64.deb\r\n Size/MD5: 8330 0bc0f2961048bbe8a6f2922da4198370\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-snmp_5.1.2-1ubuntu3.20_amd64.deb\r\n Size/MD5: 15294 83f1e743ad9caf9dbfe34224f1468701\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sqlite_5.1.2-1ubuntu3.20_amd64.deb\r\n Size/MD5: 29164 5186beb6e81d1620772f3bf5aa49d13b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sybase_5.1.2-1ubuntu3.20_amd64.deb\r\n Size/MD5: 22690 e3beb25b0775bbbe9161bf7c4421d673\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xmlrpc_5.1.2-1ubuntu3.20_amd64.deb\r\n Size/MD5: 42362 b5c7666f26cc79cbd937b57d6dbbea9d\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xsl_5.1.2-1ubuntu3.20_amd64.deb\r\n Size/MD5: 16374 9ff514d7bcd76baa2d3a503efdf05081\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/libapache2-mod-php5_5.1.2-1ubuntu3.20_i386.deb\r\n Size/MD5: 2267012 2ccb06cd58a2d06bb9d255782e03483d\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cgi_5.1.2-1ubuntu3.20_i386.deb\r\n Size/MD5: 4481678 d0f646be5441b533437e507176e1966c\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cli_5.1.2-1ubuntu3.20_i386.deb\r\n Size/MD5: 2251090 0570932503f87be605c05f790b31ec2b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-common_5.1.2-1ubuntu3.20_i386.deb\r\n Size/MD5: 137014 4a54054a6b0620c3b693027861ff34f2\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-curl_5.1.2-1ubuntu3.20_i386.deb\r\n Size/MD5: 22836 fe34a1d69d6efdf07f3b358a27b41189\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-dev_5.1.2-1ubuntu3.20_i386.deb\r\n Size/MD5: 315402 06f284d124ac44700915f4119a29a2a2\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gd_5.1.2-1ubuntu3.20_i386.deb\r\n Size/MD5: 32858 7e0703ec220a5586c2a829163d97d1b8\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-ldap_5.1.2-1ubuntu3.20_i386.deb\r\n Size/MD5: 19784 23a54b3eef95a2cee27626abc32ba4be\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mhash_5.1.2-1ubuntu3.20_i386.deb\r\n Size/MD5: 8364 34fdb1f5579d5c70d0659f0b195988cb\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mysql_5.1.2-1ubuntu3.20_i386.deb\r\n Size/MD5: 21984 4db62bb53d1921923073d9529182c6dd\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mysqli_5.1.2-1ubuntu3.20_i386.deb\r\n Size/MD5: 37344 5b5ee561731b9dd445e22ffb75137542\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-odbc_5.1.2-1ubuntu3.20_i386.deb\r\n Size/MD5: 27030 036fe474948a99473ba9349009fed160\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-pgsql_5.1.2-1ubuntu3.20_i386.deb\r\n Size/MD5: 39760 207456519b08617331f807e91575e747\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-recode_5.1.2-1ubuntu3.20_i386.deb\r\n Size/MD5: 8042 8d16fe1e6df1fdd4b17b2d6d76eaf029\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-snmp_5.1.2-1ubuntu3.20_i386.deb\r\n Size/MD5: 14156 2e8d99978fd0d854e87e6ac6b825465d\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sqlite_5.1.2-1ubuntu3.20_i386.deb\r\n Size/MD5: 25618 8ab7fd1cd3bae30c369ffc334f81ed26\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sybase_5.1.2-1ubuntu3.20_i386.deb\r\n Size/MD5: 20540 95e156995b3365adab701282aede4be9\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xmlrpc_5.1.2-1ubuntu3.20_i386.deb\r\n Size/MD5: 37852 c0b06ab1e0bcacd602c8d29c79a3b904\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xsl_5.1.2-1ubuntu3.20_i386.deb\r\n Size/MD5: 15120 4b6e4f1e017e6e1bb9916ebc3be4dc8f\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/libapache2-mod-php5_5.1.2-1ubuntu3.20_powerpc.deb\r\n Size/MD5: 2401198 2d06c5ffa08caeb2d8c9718f50544976\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cgi_5.1.2-1ubuntu3.20_powerpc.deb\r\n Size/MD5: 4701998 dfc3daa250dea139dbb4dac4d80ee4e9\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cli_5.1.2-1ubuntu3.20_powerpc.deb\r\n Size/MD5: 2360384 9a4ac201dc8aa798b2166f3d65e4177a\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-common_5.1.2-1ubuntu3.20_powerpc.deb\r\n Size/MD5: 137966 eaded17d1477bc75406e07a62f40a4fd\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-curl_5.1.2-1ubuntu3.20_powerpc.deb\r\n Size/MD5: 26614 9b38dd68ee68b8dfed86536fde3b151d\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-dev_5.1.2-1ubuntu3.20_powerpc.deb\r\n Size/MD5: 312672 825c798d8d4108e089966eb1e2a6a16f\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gd_5.1.2-1ubuntu3.20_powerpc.deb\r\n Size/MD5: 36606 081215692548857abde055dad94c55e4\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-ldap_5.1.2-1ubuntu3.20_powerpc.deb\r\n Size/MD5: 22552 80140509accf361dc9238d484a46386e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mhash_5.1.2-1ubuntu3.20_powerpc.deb\r\n Size/MD5: 10130 2dba82dcecbb081c67c503c6421dd4ab\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mysql_5.1.2-1ubuntu3.20_powerpc.deb\r\n Size/MD5: 24822 69f3e6511a1f16439d9d0686aa2fe89f\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mysqli_5.1.2-1ubuntu3.20_powerpc.deb\r\n Size/MD5: 41786 1d40730ad2ed4da551cee84e01dc964a\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-odbc_5.1.2-1ubuntu3.20_powerpc.deb\r\n Size/MD5: 30092 5951418c3f9eb982e6c918890de03f06\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-pgsql_5.1.2-1ubuntu3.20_powerpc.deb\r\n Size/MD5: 43424 34a02daf5576fa22c15698a4d62d20f4\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-recode_5.1.2-1ubuntu3.20_powerpc.deb\r\n Size/MD5: 9804 088a2fd5a7b604c4357afdfe7641a2b0\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-snmp_5.1.2-1ubuntu3.20_powerpc.deb\r\n Size/MD5: 15950 233247ebcfd513c2945a38967865ba5b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sqlite_5.1.2-1ubuntu3.20_powerpc.deb\r\n Size/MD5: 29416 8bbcddb58173430ae73020454bf15836\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sybase_5.1.2-1ubuntu3.20_powerpc.deb\r\n Size/MD5: 23586 c15fc17c672d170a21e387a346f1d449\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xmlrpc_5.1.2-1ubuntu3.20_powerpc.deb\r\n Size/MD5: 40954 26401a69a69927373e5f9daeea85b682\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xsl_5.1.2-1ubuntu3.20_powerpc.deb\r\n Size/MD5: 17246 d4001af094f32f3c32001f62700bf770\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/libapache2-mod-php5_5.1.2-1ubuntu3.20_sparc.deb\r\n Size/MD5: 2327780 90c88edd450d7925984ee50e652c96ec\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cgi_5.1.2-1ubuntu3.20_sparc.deb\r\n Size/MD5: 4539816 47539ebeb163e569f98271070eaf80a0\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cli_5.1.2-1ubuntu3.20_sparc.deb\r\n Size/MD5: 2280616 d43427d389008f8b0b976c2e3df4a6f6\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-common_5.1.2-1ubuntu3.20_sparc.deb\r\n Size/MD5: 137976 78abc54cf0d4c7b7927e0ac808fcc247\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-curl_5.1.2-1ubuntu3.20_sparc.deb\r\n Size/MD5: 24552 315c1ed349cdda96360409d109ffd0cf\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-dev_5.1.2-1ubuntu3.20_sparc.deb\r\n Size/MD5: 312626 3c12d7adaa527cdd8e3e7106ffb018da\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gd_5.1.2-1ubuntu3.20_sparc.deb\r\n Size/MD5: 33362 f1fd0f99d964284ee14edb6c949ad5f4\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-ldap_5.1.2-1ubuntu3.20_sparc.deb\r\n Size/MD5: 20080 f55a764602e59a7fc1eafdb1d7ad015f\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mhash_5.1.2-1ubuntu3.20_sparc.deb\r\n Size/MD5: 8370 81e6b9a3b7fea0c36ba8f78c588e64ff\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mysql_5.1.2-1ubuntu3.20_sparc.deb\r\n Size/MD5: 22360 23050f4d29e964079eb0fc9fc08f0710\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mysqli_5.1.2-1ubuntu3.20_sparc.deb\r\n Size/MD5: 38658 4b742d4b77da6e7aa6cc964d2fc9f802\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-odbc_5.1.2-1ubuntu3.20_sparc.deb\r\n Size/MD5: 26834 e959a6b1c9477e88c23f2c5b53825f15\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-pgsql_5.1.2-1ubuntu3.20_sparc.deb\r\n Size/MD5: 40610 634e73b50f57281bb2fe8e780d0c9035\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-recode_5.1.2-1ubuntu3.20_sparc.deb\r\n Size/MD5: 8102 8c0ce1bcecc40cb984b194332061d620\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-snmp_5.1.2-1ubuntu3.20_sparc.deb\r\n Size/MD5: 14054 c7f290c7e9f9de708058dfb0103a0e0d\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sqlite_5.1.2-1ubuntu3.20_sparc.deb\r\n Size/MD5: 25970 9eaab0db3b90087976116fde5e7ee6be\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sybase_5.1.2-1ubuntu3.20_sparc.deb\r\n Size/MD5: 20794 46add82a433b9b8f09e35d69bedabf77\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xmlrpc_5.1.2-1ubuntu3.20_sparc.deb\r\n Size/MD5: 38124 e37c5de7eda52f8ab997423ce98b8852\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xsl_5.1.2-1ubuntu3.20_sparc.deb\r\n Size/MD5: 15086 3c16f4c7daba21a9b401ff42b21e37b7\r\n\r\nUpdated packages for Ubuntu 8.04 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.2.4-2ubuntu5.13.diff.gz\r\n Size/MD5: 171074 a44e8c0fa732ae9fe40ef2f1e6307941\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.2.4-2ubuntu5.13.dsc\r\n Size/MD5: 2612 9efc7b0526b8067a1364304629818cbd\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.2.4.orig.tar.gz\r\n Size/MD5: 9705468 0826e231c3148b29fd039d7a8c893ad3\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php-pear_5.2.4-2ubuntu5.13_all.deb\r\n Size/MD5: 355276 6160ef91a87f96ab428bc7fdc2d1eb92\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.2.4-2ubuntu5.13_all.deb\r\n Size/MD5: 1076 8006ffb358c740e25f71eceb680c5fe8\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/libapache2-mod-php5_5.2.4-2ubuntu5.13_amd64.deb\r\n Size/MD5: 2616100 7beec735eb5ac08c5dbe818ca9c8fba1\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cgi_5.2.4-2ubuntu5.13_amd64.deb\r\n Size/MD5: 5094540 66dac028b7aa32f8e68a9c34a47e97f2\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cli_5.2.4-2ubuntu5.13_amd64.deb\r\n Size/MD5: 2572396 006e777ed02775f25afc06c71018c6d2\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-common_5.2.4-2ubuntu5.13_amd64.deb\r\n Size/MD5: 321866 1326ad95614faefe093000d9557e22fc\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-curl_5.2.4-2ubuntu5.13_amd64.deb\r\n Size/MD5: 25036 46c208f78ec2cbc0fb912ab8c7aa848b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-dev_5.2.4-2ubuntu5.13_amd64.deb\r\n Size/MD5: 364482 611ff75b91254ef374c3555fdc2f8ce6\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gd_5.2.4-2ubuntu5.13_amd64.deb\r\n Size/MD5: 37340 5a952976d5c22929ba0ac612954cae7e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gmp_5.2.4-2ubuntu5.13_amd64.deb\r\n Size/MD5: 17622 258d6460217d62fce16f086050d8329e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-ldap_5.2.4-2ubuntu5.13_amd64.deb\r\n Size/MD5: 20266 2452a414801248d829bea1f3bc13b537\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mhash_5.2.4-2ubuntu5.13_amd64.deb\r\n Size/MD5: 5544 cebc96b844fe51589b615269fa221c65\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mysql_5.2.4-2ubuntu5.13_amd64.deb\r\n Size/MD5: 74404 be190b3bf4e5dc3a924b1e16f955246e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-odbc_5.2.4-2ubuntu5.13_amd64.deb\r\n Size/MD5: 37708 26572dd45f6095629944d23820aa1e4f\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-pgsql_5.2.4-2ubuntu5.13_amd64.deb\r\n Size/MD5: 56164 c0dcba6243459b08efbafe092f307657\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-pspell_5.2.4-2ubuntu5.13_amd64.deb\r\n Size/MD5: 9544 e33f7cf6e3e73e0991106899a7ff1e5f\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-recode_5.2.4-2ubuntu5.13_amd64.deb\r\n Size/MD5: 5034 ad2d560443a15df3bbe3e9d3f3f45cf6\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-snmp_5.2.4-2ubuntu5.13_amd64.deb\r\n Size/MD5: 12416 604db098f7cfac7df6ff1fc638870f4c\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sqlite_5.2.4-2ubuntu5.13_amd64.deb\r\n Size/MD5: 39644 aad3d6f567fb8936b8064df1b74dd01c\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sybase_5.2.4-2ubuntu5.13_amd64.deb\r\n Size/MD5: 28668 df959ee0757efa78bb291753e26a1b25\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-tidy_5.2.4-2ubuntu5.13_amd64.deb\r\n Size/MD5: 17890 e00eca078a62b63123e439be84e31825\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xmlrpc_5.2.4-2ubuntu5.13_amd64.deb\r\n Size/MD5: 38614 fec69650848d20fccc3345fe3d50a35c\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xsl_5.2.4-2ubuntu5.13_amd64.deb\r\n Size/MD5: 13544 9b1d125654d7552bf3de1c4c67f0092f\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/libapache2-mod-php5_5.2.4-2ubuntu5.13_i386.deb\r\n Size/MD5: 2474744 cd6fcf94a90f7256be37c64896c69f9b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cgi_5.2.4-2ubuntu5.13_i386.deb\r\n Size/MD5: 4917798 f3e2dfc0a615c2db115ba41a386a3385\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cli_5.2.4-2ubuntu5.13_i386.deb\r\n Size/MD5: 2481476 e5cbf699729ce00b5fa40a27bc9af4cb\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-common_5.2.4-2ubuntu5.13_i386.deb\r\n Size/MD5: 317982 af1f67fb46fe323f6aaa2354f4488403\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-curl_5.2.4-2ubuntu5.13_i386.deb\r\n Size/MD5: 23638 03fe02f2cda8ba24c3886fd1c002df3e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-dev_5.2.4-2ubuntu5.13_i386.deb\r\n Size/MD5: 364508 1fbce7a79857dadbf4f4106f8a72d6e8\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gd_5.2.4-2ubuntu5.13_i386.deb\r\n Size/MD5: 32896 6946ec293d522855a6388de9720c9f84\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gmp_5.2.4-2ubuntu5.13_i386.deb\r\n Size/MD5: 14756 c627a7399bf79b236f6385408ca517ed\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-ldap_5.2.4-2ubuntu5.13_i386.deb\r\n Size/MD5: 18104 044ab2018b85a394993a3dd551ee76d6\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mhash_5.2.4-2ubuntu5.13_i386.deb\r\n Size/MD5: 5206 ec5e9d32c3fa85bd8e6cf5d71614c9ee\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mysql_5.2.4-2ubuntu5.13_i386.deb\r\n Size/MD5: 65230 9138f8688689590cd2b15dbd87815735\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-odbc_5.2.4-2ubuntu5.13_i386.deb\r\n Size/MD5: 34262 7e4364d542a044a35426824c93ee089b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-pgsql_5.2.4-2ubuntu5.13_i386.deb\r\n Size/MD5: 51294 f60bcad4c5c9ccce7f313c0f2c77638a\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-pspell_5.2.4-2ubuntu5.13_i386.deb\r\n Size/MD5: 8612 92ce8ad07cfee588cadf80086b99ea8e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-recode_5.2.4-2ubuntu5.13_i386.deb\r\n Size/MD5: 4780 e30ff35edb09dc326713b52f72b0780e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-snmp_5.2.4-2ubuntu5.13_i386.deb\r\n Size/MD5: 11720 523ec2a184d4b4fe2b02d7af721da871\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sqlite_5.2.4-2ubuntu5.13_i386.deb\r\n Size/MD5: 34358 0bdd1e833d93796bc0d457cac37c5b7a\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sybase_5.2.4-2ubuntu5.13_i386.deb\r\n Size/MD5: 26244 d9449bfbbcfa675b1544c4e356895922\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-tidy_5.2.4-2ubuntu5.13_i386.deb\r\n Size/MD5: 16264 0a81440dc52136c2e39f91aa140c6ea6\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xmlrpc_5.2.4-2ubuntu5.13_i386.deb\r\n Size/MD5: 35660 fc8f9510a79eea6029bed3dfd0e05514\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xsl_5.2.4-2ubuntu5.13_i386.deb\r\n Size/MD5: 12580 0f8427e6247809d909018f602c515d25\r\n\r\n lpia architecture &#40;Low Power Intel Architecture&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/p/php5/libapache2-mod-php5_5.2.4-2ubuntu5.13_lpia.deb\r\n Size/MD5: 2453872 1ae8c91383ee6ce1e0a12b61347f1cd3\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-cgi_5.2.4-2ubuntu5.13_lpia.deb\r\n Size/MD5: 4879916 ae2a5bcde341eb4fe862b094687ab98c\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-cli_5.2.4-2ubuntu5.13_lpia.deb\r\n Size/MD5: 2462284 b21bc257ae8150be9812d0d1c78012e2\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-common_5.2.4-2ubuntu5.13_lpia.deb\r\n Size/MD5: 317714 8015f6a0afd98e6b90c9645135ca73e7\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-curl_5.2.4-2ubuntu5.13_lpia.deb\r\n Size/MD5: 23288 ab2b5787ec116b7628efc9e04c7826e9\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-dev_5.2.4-2ubuntu5.13_lpia.deb\r\n Size/MD5: 364484 69dbb37941bc5d7044a57bd15669caa8\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-gd_5.2.4-2ubuntu5.13_lpia.deb\r\n Size/MD5: 33076 94c05af0d9feb3ab44c86a9555fd7330\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-gmp_5.2.4-2ubuntu5.13_lpia.deb\r\n Size/MD5: 15026 5213479934cecf31e7bb6c382ec739ca\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-ldap_5.2.4-2ubuntu5.13_lpia.deb\r\n Size/MD5: 18106 2a7e858b86e3ffab3cf2ec1db723f696\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-mhash_5.2.4-2ubuntu5.13_lpia.deb\r\n Size/MD5: 5106 d967ee89b93ca865fa81e59af11aa1d8\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-mysql_5.2.4-2ubuntu5.13_lpia.deb\r\n Size/MD5: 64308 5ee184afe3b114b2372bb26862b4320f\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-odbc_5.2.4-2ubuntu5.13_lpia.deb\r\n Size/MD5: 33938 b981f0cc796e73f746f8bc811b31ffbd\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-pgsql_5.2.4-2ubuntu5.13_lpia.deb\r\n Size/MD5: 50868 81868c02e0b0de38357c3efa49b6f314\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-pspell_5.2.4-2ubuntu5.13_lpia.deb\r\n Size/MD5: 8646 3679a882f8ba6999896745dc3e238dd6\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-recode_5.2.4-2ubuntu5.13_lpia.deb\r\n Size/MD5: 4726 165788a7d2fe0050e4acabe01a5b678b\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-snmp_5.2.4-2ubuntu5.13_lpia.deb\r\n Size/MD5: 11580 9cd9cd4cfb88641ae59e21a439e02ed0\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-sqlite_5.2.4-2ubuntu5.13_lpia.deb\r\n Size/MD5: 33748 92c398f5f7e20fc755fb7186d29c8029\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-sybase_5.2.4-2ubuntu5.13_lpia.deb\r\n Size/MD5: 26132 172927305ef4d6e98d08bf663ed135e4\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-tidy_5.2.4-2ubuntu5.13_lpia.deb\r\n Size/MD5: 16058 83c38911dc8947118941bf2feddd037d\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-xmlrpc_5.2.4-2ubuntu5.13_lpia.deb\r\n Size/MD5: 35468 2bb59d1df4295d6dc7c9354860a50fef\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-xsl_5.2.4-2ubuntu5.13_lpia.deb\r\n Size/MD5: 12440 65771d601dc4f508681f8d2f89bf544c\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/p/php5/libapache2-mod-php5_5.2.4-2ubuntu5.13_powerpc.deb\r\n Size/MD5: 2627098 2ea0c7201de4faa9cd6e533b94ed1ef8\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-cgi_5.2.4-2ubuntu5.13_powerpc.deb\r\n Size/MD5: 5117984 fd1d61e174192f89888cc6ae1248ec91\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-cli_5.2.4-2ubuntu5.13_powerpc.deb\r\n Size/MD5: 2581196 7b41e05ef8600719eb4aa56e0343c897\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-common_5.2.4-2ubuntu5.13_powerpc.deb\r\n Size/MD5: 324770 469867b7acbe05282ede997b37d0c129\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-curl_5.2.4-2ubuntu5.13_powerpc.deb\r\n Size/MD5: 28232 0265ff21a3ebc9db35eeb802d9794a41\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-dev_5.2.4-2ubuntu5.13_powerpc.deb\r\n Size/MD5: 364536 de7261f01bfc1474e03a0090ad4b9f80\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-gd_5.2.4-2ubuntu5.13_powerpc.deb\r\n Size/MD5: 38778 ff6b2fbc45f74aa03fdef8fe2cd656a9\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-gmp_5.2.4-2ubuntu5.13_powerpc.deb\r\n Size/MD5: 17628 efc321cdde34856bebf7209d8ccb8f26\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-ldap_5.2.4-2ubuntu5.13_powerpc.deb\r\n Size/MD5: 21732 50a20e6bb888fbdb0271460e06ab35c2\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-mhash_5.2.4-2ubuntu5.13_powerpc.deb\r\n Size/MD5: 7666 fda0551a869970e819f45928d886e411\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-mysql_5.2.4-2ubuntu5.13_powerpc.deb\r\n Size/MD5: 78012 4a4c683d806c57e35c95fd71262e9558\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-odbc_5.2.4-2ubuntu5.13_powerpc.deb\r\n Size/MD5: 41296 a8f0a4a5f13960b45cac90d2cf547111\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-pgsql_5.2.4-2ubuntu5.13_powerpc.deb\r\n Size/MD5: 59732 db5dcb81d0eb6d0ecf16ec011579649a\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-pspell_5.2.4-2ubuntu5.13_powerpc.deb\r\n Size/MD5: 11156 12f72fcd36613f4df042d75f4e578cdf\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-recode_5.2.4-2ubuntu5.13_powerpc.deb\r\n Size/MD5: 7182 8062ae277b5dfaa0e311d7592a3f79cd\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-snmp_5.2.4-2ubuntu5.13_powerpc.deb\r\n Size/MD5: 14240 2707fa0cc46d8d597e4a99f4506c9d33\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-sqlite_5.2.4-2ubuntu5.13_powerpc.deb\r\n Size/MD5: 42400 b848cb3f8841b3eb4bb9f53ac212d64b\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-sybase_5.2.4-2ubuntu5.13_powerpc.deb\r\n Size/MD5: 31368 fdeaf2703cb004749b885cc7e2b3f49e\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-tidy_5.2.4-2ubuntu5.13_powerpc.deb\r\n Size/MD5: 20070 4f0728b7421ce2139422b3df642707df\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-xmlrpc_5.2.4-2ubuntu5.13_powerpc.deb\r\n Size/MD5: 40500 86fcd4ae3eab0a4eca21a070dd5624be\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-xsl_5.2.4-2ubuntu5.13_powerpc.deb\r\n Size/MD5: 15700 5290122aa597571547b0b375a2a439c5\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/p/php5/libapache2-mod-php5_5.2.4-2ubuntu5.13_sparc.deb\r\n Size/MD5: 2495580 0b428f07d47d07890df1e13941f5bda5\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-cgi_5.2.4-2ubuntu5.13_sparc.deb\r\n Size/MD5: 4886918 5de4f5d898efdfb86207b8993d5ca289\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-cli_5.2.4-2ubuntu5.13_sparc.deb\r\n Size/MD5: 2464692 9731b34362f6954875112d3152a07917\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-common_5.2.4-2ubuntu5.13_sparc.deb\r\n Size/MD5: 317978 417444c6772985ae77423fcf039bf2cd\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-curl_5.2.4-2ubuntu5.13_sparc.deb\r\n Size/MD5: 24278 d2cf0b6dc45a55e1932f6f6b402922f0\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-dev_5.2.4-2ubuntu5.13_sparc.deb\r\n Size/MD5: 364506 f7d99c4e7386a533a1b6a5661fce2b53\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-gd_5.2.4-2ubuntu5.13_sparc.deb\r\n Size/MD5: 33592 32c1709573c19a08e6016521757a4867\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-gmp_5.2.4-2ubuntu5.13_sparc.deb\r\n Size/MD5: 14148 7224bf620ad663d0cfee733119c73706\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-ldap_5.2.4-2ubuntu5.13_sparc.deb\r\n Size/MD5: 17700 0b5b9edd0e251422129b9d6752bb829a\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-mhash_5.2.4-2ubuntu5.13_sparc.deb\r\n Size/MD5: 5062 f769b758006b3cb80f73ed305dd25233\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-mysql_5.2.4-2ubuntu5.13_sparc.deb\r\n Size/MD5: 63412 875895c9881f5dec590b84984bbf855f\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-odbc_5.2.4-2ubuntu5.13_sparc.deb\r\n Size/MD5: 32424 e55f27d7e5cd8728448d8229ac77ec53\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-pgsql_5.2.4-2ubuntu5.13_sparc.deb\r\n Size/MD5: 49702 afb8c3d1b49e3b175455542908e1ae2e\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-pspell_5.2.4-2ubuntu5.13_sparc.deb\r\n Size/MD5: 8482 4d76c31583e95d259ad6e23e8082c275\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-recode_5.2.4-2ubuntu5.13_sparc.deb\r\n Size/MD5: 4746 b335c34c9edeb6a031c9309f82b375ef\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-snmp_5.2.4-2ubuntu5.13_sparc.deb\r\n Size/MD5: 11552 1ed20d609b199474d4eb4b843d45498b\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-sqlite_5.2.4-2ubuntu5.13_sparc.deb\r\n Size/MD5: 32808 a1a3ce68a90fb694c7bae9c190ea2a3d\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-sybase_5.2.4-2ubuntu5.13_sparc.deb\r\n Size/MD5: 24966 a3dcb64e83e46342dad573eb8d2ee6bb\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-tidy_5.2.4-2ubuntu5.13_sparc.deb\r\n Size/MD5: 16344 2b01b04265c64ca9b7cfa82ff04f7eb9\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-xmlrpc_5.2.4-2ubuntu5.13_sparc.deb\r\n Size/MD5: 34840 fc9d2e899480688ff1bcf04d7d7c9419\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-xsl_5.2.4-2ubuntu5.13_sparc.deb\r\n Size/MD5: 12012 858e5a81894880219cb9f6303563b043\r\n\r\nUpdated packages for Ubuntu 9.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.2.10.dfsg.1-2ubuntu6.6.diff.gz\r\n Size/MD5: 977757 a7e34cb5e5bc4d4ee749f057ba475aca\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.2.10.dfsg.1-2ubuntu6.6.dsc\r\n Size/MD5: 3170 034498da31761183638dbef943a49bf6\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.2.10.dfsg.1.orig.tar.gz\r\n Size/MD5: 11418363 4708aa3cbd1c50411634482e26525344\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php-pear_5.2.10.dfsg.1-2ubuntu6.6_all.deb\r\n Size/MD5: 329230 c8c7bb4ede697317236eb47ac4e60aa7\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.2.10.dfsg.1-2ubuntu6.6_all.deb\r\n Size/MD5: 1120 c530a928a17f918cc74854b4f22e6e14\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/libapache2-mod-php5_5.2.10.dfsg.1-2ubuntu6.6_amd64.deb\r\n Size/MD5: 2643724 e851d35af52d9452c2df527219965853\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cgi_5.2.10.dfsg.1-2ubuntu6.6_amd64.deb\r\n Size/MD5: 5150004 05747c3905d4e14d5be64716c06cb539\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cli_5.2.10.dfsg.1-2ubuntu6.6_amd64.deb\r\n Size/MD5: 2597488 a565e8688dd57343cce6d26af96ad415\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-common_5.2.10.dfsg.1-2ubuntu6.6_amd64.deb\r\n Size/MD5: 428258 9580e8fc70aa8f40353b0d745754f3f1\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-curl_5.2.10.dfsg.1-2ubuntu6.6_amd64.deb\r\n Size/MD5: 25498 2571658a1409d47b1dd636dc5fef90b9\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-dbg_5.2.10.dfsg.1-2ubuntu6.6_amd64.deb\r\n Size/MD5: 8311558 6e34cb16c5514aad7d2146ded841d1dd\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-dev_5.2.10.dfsg.1-2ubuntu6.6_amd64.deb\r\n Size/MD5: 366974 6fe061c0dde3b01792c44229f7fb546e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gd_5.2.10.dfsg.1-2ubuntu6.6_amd64.deb\r\n Size/MD5: 37546 43cd10e9f19c88e194f62a5c9b01be74\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gmp_5.2.10.dfsg.1-2ubuntu6.6_amd64.deb\r\n Size/MD5: 16382 9a52d461f0eb9b5e0717b64cd2483c03\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-ldap_5.2.10.dfsg.1-2ubuntu6.6_amd64.deb\r\n Size/MD5: 20650 0eb8f9021a5ad687be29d12a61715528\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mhash_5.2.10.dfsg.1-2ubuntu6.6_amd64.deb\r\n Size/MD5: 5690 35779e15e53c50bfdd75d4cf6647b8e2\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mysql_5.2.10.dfsg.1-2ubuntu6.6_amd64.deb\r\n Size/MD5: 75058 13315c1c64c955135d00a64f2e5c1788\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-odbc_5.2.10.dfsg.1-2ubuntu6.6_amd64.deb\r\n Size/MD5: 39230 99ef988b0b06c2b032ffc52f3f27d5a9\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-pgsql_5.2.10.dfsg.1-2ubuntu6.6_amd64.deb\r\n Size/MD5: 58558 20f0b2c059bc6b426da2be45b1fcb3da\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-pspell_5.2.10.dfsg.1-2ubuntu6.6_amd64.deb\r\n Size/MD5: 10088 00051cd04c6f37202386f17859db980e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-recode_5.2.10.dfsg.1-2ubuntu6.6_amd64.deb\r\n Size/MD5: 5192 d163c60f50efda1b54f94b112ccc0558\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-snmp_5.2.10.dfsg.1-2ubuntu6.6_amd64.deb\r\n Size/MD5: 13150 4eb9c35b9ba814f311cbe90977e268cb\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sqlite_5.2.10.dfsg.1-2ubuntu6.6_amd64.deb\r\n Size/MD5: 39934 44f24ce56db89bde71da12fef9b69c6c\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sybase_5.2.10.dfsg.1-2ubuntu6.6_amd64.deb\r\n Size/MD5: 29214 2c6e35b3c53013657a5cdcdaf79d1bfa\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-tidy_5.2.10.dfsg.1-2ubuntu6.6_amd64.deb\r\n Size/MD5: 18218 f02d8119fb6ae819598e7a61123414c1\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xmlrpc_5.2.10.dfsg.1-2ubuntu6.6_amd64.deb\r\n Size/MD5: 39358 02f6aff34eb4278fcfb6a3e9cb093a28\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xsl_5.2.10.dfsg.1-2ubuntu6.6_amd64.deb\r\n Size/MD5: 14062 ea4e2f1dabdafee475f0a073000815bd\r\n http://security.ubuntu.com/ubuntu/pool/universe/p/php5/libapache2-mod-php5filter_5.2.10.dfsg.1-2ubuntu6.6_amd64.deb\r\n Size/MD5: 2642728 bb19e2bd6bbe9af49ef5094594547ac9\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/libapache2-mod-php5_5.2.10.dfsg.1-2ubuntu6.6_i386.deb\r\n Size/MD5: 2504522 f5041c9810724f3135a94901c811f835\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cgi_5.2.10.dfsg.1-2ubuntu6.6_i386.deb\r\n Size/MD5: 4980470 9301a22f583801870abade7f01362184\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cli_5.2.10.dfsg.1-2ubuntu6.6_i386.deb\r\n Size/MD5: 2511890 f244e4e37185fd3895a54dbc4d2c30c9\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-common_5.2.10.dfsg.1-2ubuntu6.6_i386.deb\r\n Size/MD5: 425202 3784f1886ab61a52613f71d3617bd641\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-curl_5.2.10.dfsg.1-2ubuntu6.6_i386.deb\r\n Size/MD5: 24022 4b9c173290df3a720f8c27e87c206c85\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-dbg_5.2.10.dfsg.1-2ubuntu6.6_i386.deb\r\n Size/MD5: 8509326 0627f56020a14208ae7786c495433108\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-dev_5.2.10.dfsg.1-2ubuntu6.6_i386.deb\r\n Size/MD5: 366990 3f48c131e3cea35319d2474b9bd06637\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gd_5.2.10.dfsg.1-2ubuntu6.6_i386.deb\r\n Size/MD5: 33136 478e6cee816f3c88e98ad620ba59a661\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gmp_5.2.10.dfsg.1-2ubuntu6.6_i386.deb\r\n Size/MD5: 14218 7b69dfcb5601779d77976b8a94ebadca\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-ldap_5.2.10.dfsg.1-2ubuntu6.6_i386.deb\r\n Size/MD5: 18772 103aa5bbbd1ea27e4882dc3b542ecd32\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mhash_5.2.10.dfsg.1-2ubuntu6.6_i386.deb\r\n Size/MD5: 5372 78410de977f81df1c9cc04e55fb1f3c0\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mysql_5.2.10.dfsg.1-2ubuntu6.6_i386.deb\r\n Size/MD5: 66158 571934aa97f62ade292674d09ae13641\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-odbc_5.2.10.dfsg.1-2ubuntu6.6_i386.deb\r\n Size/MD5: 35810 2ca397b47914c7aabd1077faed6633f8\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-pgsql_5.2.10.dfsg.1-2ubuntu6.6_i386.deb\r\n Size/MD5: 53864 f3334269e3e68e417104a90d329de0e4\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-pspell_5.2.10.dfsg.1-2ubuntu6.6_i386.deb\r\n Size/MD5: 9190 8a61093fdacbf51237a4ccfd7b2251bd\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-recode_5.2.10.dfsg.1-2ubuntu6.6_i386.deb\r\n Size/MD5: 4960 ee006a16dd4922cd95df5cb64cdf0f5e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-snmp_5.2.10.dfsg.1-2ubuntu6.6_i386.deb\r\n Size/MD5: 12076 c4f82372c2f1c4cde79577bda01e2f40\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sqlite_5.2.10.dfsg.1-2ubuntu6.6_i386.deb\r\n Size/MD5: 35126 defb792372d07be5b537ce6095dbdaef\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sybase_5.2.10.dfsg.1-2ubuntu6.6_i386.deb\r\n Size/MD5: 26666 495668794d9741f4f17dda8de54b1e0f\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-tidy_5.2.10.dfsg.1-2ubuntu6.6_i386.deb\r\n Size/MD5: 16596 bf46e42e3cf895192f4c4047229851d8\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xmlrpc_5.2.10.dfsg.1-2ubuntu6.6_i386.deb\r\n Size/MD5: 36524 0cca90d1eff0d5c52a13235a94675cd2\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xsl_5.2.10.dfsg.1-2ubuntu6.6_i386.deb\r\n Size/MD5: 12934 54de705a4bb1467659391a4ef756cc9a\r\n http://security.ubuntu.com/ubuntu/pool/universe/p/php5/libapache2-mod-php5filter_5.2.10.dfsg.1-2ubuntu6.6_i386.deb\r\n Size/MD5: 2503054 e2ec6e88b31194bc8deed93d1fc6f66e\r\n\r\n armel architecture &#40;ARM Architecture&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/p/php5/libapache2-mod-php5_5.2.10.dfsg.1-2ubuntu6.6_armel.deb\r\n Size/MD5: 2458642 4ad093ca046cfebd04ee71aee5629a6f\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-cgi_5.2.10.dfsg.1-2ubuntu6.6_armel.deb\r\n Size/MD5: 4875994 2e02456840d3cce5a5bca5f1ad4312c3\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-cli_5.2.10.dfsg.1-2ubuntu6.6_armel.deb\r\n Size/MD5: 2455278 9f18ad6bb540ac4a3bbb92b5a470e15a\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-common_5.2.10.dfsg.1-2ubuntu6.6_armel.deb\r\n Size/MD5: 426178 76d66c71f2fee6da4af7dabe7accc125\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-curl_5.2.10.dfsg.1-2ubuntu6.6_armel.deb\r\n Size/MD5: 23990 14e41b12fc707c38e7cb92b8257f913d\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-dbg_5.2.10.dfsg.1-2ubuntu6.6_armel.deb\r\n Size/MD5: 8945786 fd8d3ea4113db7cfeade83df3f406856\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-dev_5.2.10.dfsg.1-2ubuntu6.6_armel.deb\r\n Size/MD5: 370178 81ba454cec8065e13a77a75d13993a73\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-gd_5.2.10.dfsg.1-2ubuntu6.6_armel.deb\r\n Size/MD5: 32510 948d7904055044e02b93c7847aa09aaf\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-gmp_5.2.10.dfsg.1-2ubuntu6.6_armel.deb\r\n Size/MD5: 13590 94cf30a2fa062d97af9bbc0f63208ef1\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-ldap_5.2.10.dfsg.1-2ubuntu6.6_armel.deb\r\n Size/MD5: 18390 83236ce7af1fbcfc43bf9be3bbb84221\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-mhash_5.2.10.dfsg.1-2ubuntu6.6_armel.deb\r\n Size/MD5: 5134 158e42a6c53bb59fc6dfa6bc67cf2b22\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-mysql_5.2.10.dfsg.1-2ubuntu6.6_armel.deb\r\n Size/MD5: 63046 d632bdfad77b68e3f18f4be29dac8acb\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-odbc_5.2.10.dfsg.1-2ubuntu6.6_armel.deb\r\n Size/MD5: 35236 56ec1c4525487ab36b04968761a8252a\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-pgsql_5.2.10.dfsg.1-2ubuntu6.6_armel.deb\r\n Size/MD5: 51444 74f5d851ca43162a525fc3da3b9c61f4\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-pspell_5.2.10.dfsg.1-2ubuntu6.6_armel.deb\r\n Size/MD5: 8730 33fa0ad4fdecfb24762ece22503e4635\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-recode_5.2.10.dfsg.1-2ubuntu6.6_armel.deb\r\n Size/MD5: 4786 e1415303b34ef9bd7a26059f73a24524\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-snmp_5.2.10.dfsg.1-2ubuntu6.6_armel.deb\r\n Size/MD5: 11866 10430888728ad3e0639608e2be9cb336\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-sqlite_5.2.10.dfsg.1-2ubuntu6.6_armel.deb\r\n Size/MD5: 33956 5c1a98b4f0ea784fe011671ba34f09d6\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-sybase_5.2.10.dfsg.1-2ubuntu6.6_armel.deb\r\n Size/MD5: 25784 4062fa7d0c14944a4c6ca0569d3c063d\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-tidy_5.2.10.dfsg.1-2ubuntu6.6_armel.deb\r\n Size/MD5: 16160 4949628a35d40ca0281c1fe9771d7597\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-xmlrpc_5.2.10.dfsg.1-2ubuntu6.6_armel.deb\r\n Size/MD5: 33730 4ded7223e0c6f9c9f8a3fb6996f953f0\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-xsl_5.2.10.dfsg.1-2ubuntu6.6_armel.deb\r\n Size/MD5: 12480 023bc689e443dbfe8c71dcd03f1cdbd0\r\n http://ports.ubuntu.com/pool/universe/p/php5/libapache2-mod-php5filter_5.2.10.dfsg.1-2ubuntu6.6_armel.deb\r\n Size/MD5: 2457220 25d94d47f95325656edb5ea79d88bd89\r\n\r\n lpia architecture &#40;Low Power Intel Architecture&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/p/php5/libapache2-mod-php5_5.2.10.dfsg.1-2ubuntu6.6_lpia.deb\r\n Size/MD5: 2492844 145b6f4ae03c30283985e3b6bbe68c9b\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-cgi_5.2.10.dfsg.1-2ubuntu6.6_lpia.deb\r\n Size/MD5: 4956852 cae53b7e6f2608ed578c4e9001c6d2fe\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-cli_5.2.10.dfsg.1-2ubuntu6.6_lpia.deb\r\n Size/MD5: 2498630 5e6d346fbddbe5f4498626e42c7c0a84\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-common_5.2.10.dfsg.1-2ubuntu6.6_lpia.deb\r\n Size/MD5: 424916 c245248b6d043e0720c6ff30f9f48bd5\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-curl_5.2.10.dfsg.1-2ubuntu6.6_lpia.deb\r\n Size/MD5: 23642 528ffdce10725de1060ca312db300e44\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-dbg_5.2.10.dfsg.1-2ubuntu6.6_lpia.deb\r\n Size/MD5: 8609146 e06648a4584aa69f842f9312e736f44f\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-dev_5.2.10.dfsg.1-2ubuntu6.6_lpia.deb\r\n Size/MD5: 366970 c2cf8f9590ae0a209bab40b24c49b5a9\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-gd_5.2.10.dfsg.1-2ubuntu6.6_lpia.deb\r\n Size/MD5: 32662 301cbdd769e9fa297e8b54faa4758cf7\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-gmp_5.2.10.dfsg.1-2ubuntu6.6_lpia.deb\r\n Size/MD5: 14156 ef129242a061b0801bc06ddcc007a4e3\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-ldap_5.2.10.dfsg.1-2ubuntu6.6_lpia.deb\r\n Size/MD5: 18598 a4375fb8c8afa7c5bcbe80cea4f1d036\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-mhash_5.2.10.dfsg.1-2ubuntu6.6_lpia.deb\r\n Size/MD5: 5258 9612979c96ea1e9fed2029e58e47914e\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-mysql_5.2.10.dfsg.1-2ubuntu6.6_lpia.deb\r\n Size/MD5: 64886 36772193878ed771de4f2c9ab62b394c\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-odbc_5.2.10.dfsg.1-2ubuntu6.6_lpia.deb\r\n Size/MD5: 35470 dda75dfe7f747743b5ca3dc955375ac0\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-pgsql_5.2.10.dfsg.1-2ubuntu6.6_lpia.deb\r\n Size/MD5: 53534 2b2840f1e7c4a79e18bd15ef4a7b8db9\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-pspell_5.2.10.dfsg.1-2ubuntu6.6_lpia.deb\r\n Size/MD5: 9096 21c8ef299ee1778836f2b6a8908cf066\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-recode_5.2.10.dfsg.1-2ubuntu6.6_lpia.deb\r\n Size/MD5: 4902 6b68e289a8f10c8b84b1cb91bda3f687\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-snmp_5.2.10.dfsg.1-2ubuntu6.6_lpia.deb\r\n Size/MD5: 11946 3049ac447786cc4f275905a7d95a14ab\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-sqlite_5.2.10.dfsg.1-2ubuntu6.6_lpia.deb\r\n Size/MD5: 34618 c7b99cd4a6a87f5551cb44527573cfe3\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-sybase_5.2.10.dfsg.1-2ubuntu6.6_lpia.deb\r\n Size/MD5: 26606 174ba894c26e5c188bc36ee17a590a75\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-tidy_5.2.10.dfsg.1-2ubuntu6.6_lpia.deb\r\n Size/MD5: 16704 74e1633a03ad4a260296fd256dfe8172\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-xmlrpc_5.2.10.dfsg.1-2ubuntu6.6_lpia.deb\r\n Size/MD5: 36258 5a9c14884982edcbf146a56c08341bad\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-xsl_5.2.10.dfsg.1-2ubuntu6.6_lpia.deb\r\n Size/MD5: 12916 7f46d47561ff30e2304be384deee0a39\r\n http://ports.ubuntu.com/pool/universe/p/php5/libapache2-mod-php5filter_5.2.10.dfsg.1-2ubuntu6.6_lpia.deb\r\n Size/MD5: 2491786 3ce78eea7b236712e30a6490fa791ebb\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/p/php5/libapache2-mod-php5_5.2.10.dfsg.1-2ubuntu6.6_powerpc.deb\r\n Size/MD5: 2636516 f809f9733c6cae803a6be94e9343323f\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-cgi_5.2.10.dfsg.1-2ubuntu6.6_powerpc.deb\r\n Size/MD5: 5119646 42b7689715097ecd38188f87dd813be1\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-cli_5.2.10.dfsg.1-2ubuntu6.6_powerpc.deb\r\n Size/MD5: 2585306 8d33554ba9deeaa390cf4e6936b0a6d0\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-common_5.2.10.dfsg.1-2ubuntu6.6_powerpc.deb\r\n Size/MD5: 430776 b9cf209be5009beb0c015c6621033b0c\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-curl_5.2.10.dfsg.1-2ubuntu6.6_powerpc.deb\r\n Size/MD5: 26354 295306c0c0474b71bdcc9d89364ebdf5\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-dbg_5.2.10.dfsg.1-2ubuntu6.6_powerpc.deb\r\n Size/MD5: 8977402 a0ca24ddfdd79603393c45dfc2b03430\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-dev_5.2.10.dfsg.1-2ubuntu6.6_powerpc.deb\r\n Size/MD5: 367008 2e5ca489e3e70d66683f0923e12df0bd\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-gd_5.2.10.dfsg.1-2ubuntu6.6_powerpc.deb\r\n Size/MD5: 36678 852f00d8d5a19a7839fa3359c7a3d560\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-gmp_5.2.10.dfsg.1-2ubuntu6.6_powerpc.deb\r\n Size/MD5: 14726 00d1ac077fc6bb24a2b9de1682efeabc\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-ldap_5.2.10.dfsg.1-2ubuntu6.6_powerpc.deb\r\n Size/MD5: 20010 e3deaf4f69d6012b7f912080e9c0f3db\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-mhash_5.2.10.dfsg.1-2ubuntu6.6_powerpc.deb\r\n Size/MD5: 5632 6c949ef684e91cbe66a249c85ac5489f\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-mysql_5.2.10.dfsg.1-2ubuntu6.6_powerpc.deb\r\n Size/MD5: 70040 c58f47c72a16fef0d647f6864b0a5c2f\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-odbc_5.2.10.dfsg.1-2ubuntu6.6_powerpc.deb\r\n Size/MD5: 36870 cfb20ad89f6dfaac26645fe261065ac7\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-pgsql_5.2.10.dfsg.1-2ubuntu6.6_powerpc.deb\r\n Size/MD5: 56878 3332b3c3644598c6c30e4a19693efc10\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-pspell_5.2.10.dfsg.1-2ubuntu6.6_powerpc.deb\r\n Size/MD5: 9340 d730f4f951d0f595de73f8f886edb5ab\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-recode_5.2.10.dfsg.1-2ubuntu6.6_powerpc.deb\r\n Size/MD5: 5210 7bc38fd7c5726f97f457f9a065bc4fd1\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-snmp_5.2.10.dfsg.1-2ubuntu6.6_powerpc.deb\r\n Size/MD5: 12398 9fdbb86d77efe2ad64794f4f7e3e711d\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-sqlite_5.2.10.dfsg.1-2ubuntu6.6_powerpc.deb\r\n Size/MD5: 37664 cb2d88a8e61374bc9ee18e0c03e17470\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-sybase_5.2.10.dfsg.1-2ubuntu6.6_powerpc.deb\r\n Size/MD5: 27490 12117df59410408cac3c110b71b34b76\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-tidy_5.2.10.dfsg.1-2ubuntu6.6_powerpc.deb\r\n Size/MD5: 17970 ea62310cb1a7c549ecdb03e7ab181585\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-xmlrpc_5.2.10.dfsg.1-2ubuntu6.6_powerpc.deb\r\n Size/MD5: 38496 9142c4d9239e08d12a29b820bcb2ddfe\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-xsl_5.2.10.dfsg.1-2ubuntu6.6_powerpc.deb\r\n Size/MD5: 13864 75fdf718df77c23f322d32bd286f895e\r\n http://ports.ubuntu.com/pool/universe/p/php5/libapache2-mod-php5filter_5.2.10.dfsg.1-2ubuntu6.6_powerpc.deb\r\n Size/MD5: 2635518 7030bfbeed54c0aa5d9502cfeea9b6e0\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/p/php5/libapache2-mod-php5_5.2.10.dfsg.1-2ubuntu6.6_sparc.deb\r\n Size/MD5: 2494342 98da755c137fd928ac5bfccc881fbd53\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-cgi_5.2.10.dfsg.1-2ubuntu6.6_sparc.deb\r\n Size/MD5: 4886006 a164cadfecd7925de19df4a67e2e933d\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-cli_5.2.10.dfsg.1-2ubuntu6.6_sparc.deb\r\n Size/MD5: 2461698 c91460419cf0825c5a65840e712fbc24\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-common_5.2.10.dfsg.1-2ubuntu6.6_sparc.deb\r\n Size/MD5: 427198 b5fdc1065bf16fb9c65516be0c32b8bd\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-curl_5.2.10.dfsg.1-2ubuntu6.6_sparc.deb\r\n Size/MD5: 24564 5b0dcbd770bc5160a69cc702a143e723\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-dbg_5.2.10.dfsg.1-2ubuntu6.6_sparc.deb\r\n Size/MD5: 8366774 9323a54b04716c0a7cdb9a695d460b5a\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-dev_5.2.10.dfsg.1-2ubuntu6.6_sparc.deb\r\n Size/MD5: 366966 ff174c27b64578ea5615653293da87f8\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-gd_5.2.10.dfsg.1-2ubuntu6.6_sparc.deb\r\n Size/MD5: 33100 e022d1b425b49cbbfe30290a90d0a24b\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-gmp_5.2.10.dfsg.1-2ubuntu6.6_sparc.deb\r\n Size/MD5: 13326 bd5b51aea46c0eeb7937deb5db40499e\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-ldap_5.2.10.dfsg.1-2ubuntu6.6_sparc.deb\r\n Size/MD5: 17918 b93167cb7cc2e4675d21a90b8afa3f03\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-mhash_5.2.10.dfsg.1-2ubuntu6.6_sparc.deb\r\n Size/MD5: 5182 f5ee707e184c00b23655815256d4069e\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-mysql_5.2.10.dfsg.1-2ubuntu6.6_sparc.deb\r\n Size/MD5: 62934 5ed425cb600f15ac7f1e69a124f38885\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-odbc_5.2.10.dfsg.1-2ubuntu6.6_sparc.deb\r\n Size/MD5: 33388 a440de4cbd1f6a3bce411519b751405a\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-pgsql_5.2.10.dfsg.1-2ubuntu6.6_sparc.deb\r\n Size/MD5: 50244 92ef8ba36e61e59953479cfcd91b590a\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-pspell_5.2.10.dfsg.1-2ubuntu6.6_sparc.deb\r\n Size/MD5: 8622 ba8d34a7cdb3a8823be27e51205a4462\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-recode_5.2.10.dfsg.1-2ubuntu6.6_sparc.deb\r\n Size/MD5: 4838 d3df13b871e6c5cc990c30109763a122\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-snmp_5.2.10.dfsg.1-2ubuntu6.6_sparc.deb\r\n Size/MD5: 11974 27be55358735c941ee2fc9e530227df7\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-sqlite_5.2.10.dfsg.1-2ubuntu6.6_sparc.deb\r\n Size/MD5: 32612 b9881eb126999890d51f31e8e5858457\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-sybase_5.2.10.dfsg.1-2ubuntu6.6_sparc.deb\r\n Size/MD5: 24980 55e2a2fcb9f3c185380c6864cea3ecc9\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-tidy_5.2.10.dfsg.1-2ubuntu6.6_sparc.deb\r\n Size/MD5: 16582 8d891b209e65305866a1911ac54f3019\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-xmlrpc_5.2.10.dfsg.1-2ubuntu6.6_sparc.deb\r\n Size/MD5: 34986 45bacfaaf8875e6af1690d27004888ae\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-xsl_5.2.10.dfsg.1-2ubuntu6.6_sparc.deb\r\n Size/MD5: 12380 48b34a7a356eb9cf4b641bf23e0159d8\r\n http://ports.ubuntu.com/pool/universe/p/php5/libapache2-mod-php5filter_5.2.10.dfsg.1-2ubuntu6.6_sparc.deb\r\n Size/MD5: 2492788 f1cf6f2f4af3a87c9fcf7db39895c102\r\n\r\nUpdated packages for Ubuntu 10.04 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.3.2-1ubuntu4.6.diff.gz\r\n Size/MD5: 193556 0980b5fba5c89ce04a027fc41ef08071\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.3.2-1ubuntu4.6.dsc\r\n Size/MD5: 3171 4f79fffb63072daafda61e5a3c8666cc\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.3.2.orig.tar.gz\r\n Size/MD5: 13734462 4480d7c6d6b4a86de7b8ec8f0c2d1871\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php-pear_5.3.2-1ubuntu4.6_all.deb\r\n Size/MD5: 354408 e3be4caa035ed64558dc5f81b9cf8802\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.3.2-1ubuntu4.6_all.deb\r\n Size/MD5: 1114 643199d6abb0abb4a7bd236143e780e3\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/libapache2-mod-php5_5.3.2-1ubuntu4.6_amd64.deb\r\n Size/MD5: 2988030 edd9a638195270b9ce6e753e972ae027\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cgi_5.3.2-1ubuntu4.6_amd64.deb\r\n Size/MD5: 5803912 d499e1dcbf7a1486be4039ae12d699c7\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cli_5.3.2-1ubuntu4.6_amd64.deb\r\n Size/MD5: 2906236 9c654a26963c233bb65887f87f480382\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-common_5.3.2-1ubuntu4.6_amd64.deb\r\n Size/MD5: 549472 2c78e946248c5261d9e245705395dcac\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-curl_5.3.2-1ubuntu4.6_amd64.deb\r\n Size/MD5: 27054 7c129e7d4d0b5c91baa79b43f7058745\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-dbg_5.3.2-1ubuntu4.6_amd64.deb\r\n Size/MD5: 10386004 b63d957dba91abcc7ae99a69b789182f\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-dev_5.3.2-1ubuntu4.6_amd64.deb\r\n Size/MD5: 408414 69c2ff2cb5eced51fe08ca1b8511874b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gd_5.3.2-1ubuntu4.6_amd64.deb\r\n Size/MD5: 39002 ff971096112998faf411af1b0f4f98bd\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gmp_5.3.2-1ubuntu4.6_amd64.deb\r\n Size/MD5: 16478 4df1113b39b44ec95b6be5b26239d549\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-ldap_5.3.2-1ubuntu4.6_amd64.deb\r\n Size/MD5: 19890 41883562b8dea2b43e83c5336120da09\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mysql_5.3.2-1ubuntu4.6_amd64.deb\r\n Size/MD5: 73124 7ba7c7b84668818918cd24993059025d\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-odbc_5.3.2-1ubuntu4.6_amd64.deb\r\n Size/MD5: 35848 d4b0cdc0881f921c78f7639b75746f61\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-pgsql_5.3.2-1ubuntu4.6_amd64.deb\r\n Size/MD5: 56922 f7b428e43d8834a9df619092f91433bf\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-pspell_5.3.2-1ubuntu4.6_amd64.deb\r\n Size/MD5: 8168 234d7c73789d1f9006b19204f299a74e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-recode_5.3.2-1ubuntu4.6_amd64.deb\r\n Size/MD5: 4380 0f5815361f4a409ca519be15967c0c03\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-snmp_5.3.2-1ubuntu4.6_amd64.deb\r\n Size/MD5: 11364 5f5699afc11bc01ce793f358bf85cfe4\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sqlite_5.3.2-1ubuntu4.6_amd64.deb\r\n Size/MD5: 55750 2c1e08a57d572478c707f002c3500ffa\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sybase_5.3.2-1ubuntu4.6_amd64.deb\r\n Size/MD5: 26400 ffca523f6b94415704eb0f39a7158469\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-tidy_5.3.2-1ubuntu4.6_amd64.deb\r\n Size/MD5: 18272 9b9e0dfc3235e631789e449ca78a173c\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xmlrpc_5.3.2-1ubuntu4.6_amd64.deb\r\n Size/MD5: 34806 efa24f6eabbfbcddd7eb5155d945cd9c\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xsl_5.3.2-1ubuntu4.6_amd64.deb\r\n Size/MD5: 13360 861c1f2408faeb690df81105e112c02d\r\n http://security.ubuntu.com/ubuntu/pool/universe/p/php5/libapache2-mod-php5filter_5.3.2-1ubuntu4.6_amd64.deb\r\n Size/MD5: 2987282 38641f078afb8137225e163d51ce7284\r\n http://security.ubuntu.com/ubuntu/pool/universe/p/php5/php5-enchant_5.3.2-1ubuntu4.6_amd64.deb\r\n Size/MD5: 8950 09d370a6c544e70f94e0ad80c70a623c\r\n http://security.ubuntu.com/ubuntu/pool/universe/p/php5/php5-intl_5.3.2-1ubuntu4.6_amd64.deb\r\n Size/MD5: 59404 f4940af37e9c06a00f64ace73c409809\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/libapache2-mod-php5_5.3.2-1ubuntu4.6_i386.deb\r\n Size/MD5: 2833396 0feb5625c5061550cc8ec087cc38c061\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cgi_5.3.2-1ubuntu4.6_i386.deb\r\n Size/MD5: 5623544 e29929fa1525df844875785aaca1400c\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cli_5.3.2-1ubuntu4.6_i386.deb\r\n Size/MD5: 2815356 a8a9413488c7be3840cb02df862a4c57\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-common_5.3.2-1ubuntu4.6_i386.deb\r\n Size/MD5: 542896 08243ede73f09da89dfc1f0f983e30d7\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-curl_5.3.2-1ubuntu4.6_i386.deb\r\n Size/MD5: 25608 36a579c9b88435ed0ecf1e133134fcf7\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-dbg_5.3.2-1ubuntu4.6_i386.deb\r\n Size/MD5: 10560588 a72f3bc4b60d30449893c0cc88665c3c\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-dev_5.3.2-1ubuntu4.6_i386.deb\r\n Size/MD5: 404922 6cad660c827bfe56261d9305c9644e0b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gd_5.3.2-1ubuntu4.6_i386.deb\r\n Size/MD5: 34748 0ace6326b104c929a03583f13bff8f8e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gmp_5.3.2-1ubuntu4.6_i386.deb\r\n Size/MD5: 14238 f5431f44b55a54070216655045a0311b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-ldap_5.3.2-1ubuntu4.6_i386.deb\r\n Size/MD5: 17558 8419a34d7cfa96501a74ede571f45ae0\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mysql_5.3.2-1ubuntu4.6_i386.deb\r\n Size/MD5: 64220 a8ad7576ad049d7e9ece698e8e4bfe32\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-odbc_5.3.2-1ubuntu4.6_i386.deb\r\n Size/MD5: 32094 c37faa808fdc85bd3fd48a60902ed096\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-pgsql_5.3.2-1ubuntu4.6_i386.deb\r\n Size/MD5: 52000 d2015d3db51e4eb3d39a53d896b9546b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-pspell_5.3.2-1ubuntu4.6_i386.deb\r\n Size/MD5: 7274 61a001b20ce393e1ac77679d9b444370\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-recode_5.3.2-1ubuntu4.6_i386.deb\r\n Size/MD5: 4154 7eacf907df0d9f2685d33b1534174d5b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-snmp_5.3.2-1ubuntu4.6_i386.deb\r\n Size/MD5: 10280 65d70043bf3f665661790a8b1d696e5b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sqlite_5.3.2-1ubuntu4.6_i386.deb\r\n Size/MD5: 46664 6042c3b080c7569ec50bd30b392ccc2f\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sybase_5.3.2-1ubuntu4.6_i386.deb\r\n Size/MD5: 23642 b218bd07dce3df858ab2219b1c3b24a2\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-tidy_5.3.2-1ubuntu4.6_i386.deb\r\n Size/MD5: 16378 e60510a3e061fcb62161c13f232411f0\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xmlrpc_5.3.2-1ubuntu4.6_i386.deb\r\n Size/MD5: 31940 2e4ecd3debaf681fe7185b5ab6717241\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xsl_5.3.2-1ubuntu4.6_i386.deb\r\n Size/MD5: 12340 3d031dd46d48485061b76ec8bdff1e03\r\n http://security.ubuntu.com/ubuntu/pool/universe/p/php5/libapache2-mod-php5filter_5.3.2-1ubuntu4.6_i386.deb\r\n Size/MD5: 2832424 cb0cb847468a984cfdfc158a968acc86\r\n http://security.ubuntu.com/ubuntu/pool/universe/p/php5/php5-enchant_5.3.2-1ubuntu4.6_i386.deb\r\n Size/MD5: 7768 ffae04ac038a1ee5687c841448a733f8\r\n http://security.ubuntu.com/ubuntu/pool/universe/p/php5/php5-intl_5.3.2-1ubuntu4.6_i386.deb\r\n Size/MD5: 53800 f26ec8df82897459f51318e51ecd288e\r\n\r\n armel architecture &#40;ARM Architecture&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/p/php5/libapache2-mod-php5_5.3.2-1ubuntu4.6_armel.deb\r\n Size/MD5: 2716990 dd6fc055cd6c4661f8c1f555ff199876\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-cgi_5.3.2-1ubuntu4.6_armel.deb\r\n Size/MD5: 5406408 f5a9a2700959739ec66ae54a5c6a7192\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-cli_5.3.2-1ubuntu4.6_armel.deb\r\n Size/MD5: 2707416 804e5718e9b35a16e19f8eb000013d35\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-common_5.3.2-1ubuntu4.6_armel.deb\r\n Size/MD5: 549374 16205c6fb91a2695ffb31ce5b48756a0\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-curl_5.3.2-1ubuntu4.6_armel.deb\r\n Size/MD5: 24478 b701fe4fefa853c9a4c68c3a57e4361a\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-dbg_5.3.2-1ubuntu4.6_armel.deb\r\n Size/MD5: 11211118 a0c00ae54e00624d482a1997f28b9a89\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-dev_5.3.2-1ubuntu4.6_armel.deb\r\n Size/MD5: 408300 1b99bdf666f6b97d0e17758fc80a32be\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-gd_5.3.2-1ubuntu4.6_armel.deb\r\n Size/MD5: 33034 2c9133f9759b964458ed1d8bb976b7d7\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-gmp_5.3.2-1ubuntu4.6_armel.deb\r\n Size/MD5: 13572 03921c24cface080678714a3870e8063\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-ldap_5.3.2-1ubuntu4.6_armel.deb\r\n Size/MD5: 16804 7dc386412f50e402d0d00b381bb4f9a0\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-mysql_5.3.2-1ubuntu4.6_armel.deb\r\n Size/MD5: 59506 8bf3f4543b5b001538d06b141d4ae09d\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-odbc_5.3.2-1ubuntu4.6_armel.deb\r\n Size/MD5: 29840 0467a6f1ce2a6bf45484526e348e3f94\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-pgsql_5.3.2-1ubuntu4.6_armel.deb\r\n Size/MD5: 47808 ffdd30e3537d023d79e1d3f8ccb83e5b\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-pspell_5.3.2-1ubuntu4.6_armel.deb\r\n Size/MD5: 7052 51d6895e749da26f6f86e891ebab5adb\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-recode_5.3.2-1ubuntu4.6_armel.deb\r\n Size/MD5: 4038 f2f4930765c985c1d4ff310c5ec96931\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-snmp_5.3.2-1ubuntu4.6_armel.deb\r\n Size/MD5: 10048 0eb93303de0fba01973dbac11d14ff20\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-sqlite_5.3.2-1ubuntu4.6_armel.deb\r\n Size/MD5: 43194 bcffaf2d54a0f0892651d5a4c36c2c67\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-sybase_5.3.2-1ubuntu4.6_armel.deb\r\n Size/MD5: 21550 47ca0ca752d9eaf470a425557ed7cca9\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-tidy_5.3.2-1ubuntu4.6_armel.deb\r\n Size/MD5: 15658 0071409645abb27fac956fe0230014b9\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-xmlrpc_5.3.2-1ubuntu4.6_armel.deb\r\n Size/MD5: 28880 a270f097cfeeb733fbb65fb54a7854dd\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-xsl_5.3.2-1ubuntu4.6_armel.deb\r\n Size/MD5: 11512 344e47e3088734025bec645beb923c86\r\n http://ports.ubuntu.com/pool/universe/p/php5/libapache2-mod-php5filter_5.3.2-1ubuntu4.6_armel.deb\r\n Size/MD5: 2715834 ecf56e2c12b8e2a44e384c72439c4ed5\r\n http://ports.ubuntu.com/pool/universe/p/php5/php5-enchant_5.3.2-1ubuntu4.6_armel.deb\r\n Size/MD5: 7504 7659f855b478897a9ae514c355439287\r\n http://ports.ubuntu.com/pool/universe/p/php5/php5-intl_5.3.2-1ubuntu4.6_armel.deb\r\n Size/MD5: 50900 2d1909d622ec9bc2350ad62569249874\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/p/php5/libapache2-mod-php5_5.3.2-1ubuntu4.6_powerpc.deb\r\n Size/MD5: 2982390 831e5eca51f2419f5818d434db284546\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-cgi_5.3.2-1ubuntu4.6_powerpc.deb\r\n Size/MD5: 5771702 56fe6e6df92e09380d876642af5380f2\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-cli_5.3.2-1ubuntu4.6_powerpc.deb\r\n Size/MD5: 2890492 140915153f47f11856901c84820be068\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-common_5.3.2-1ubuntu4.6_powerpc.deb\r\n Size/MD5: 551598 07f46408ad1ecd97379ed85399414665\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-curl_5.3.2-1ubuntu4.6_powerpc.deb\r\n Size/MD5: 28370 2fccc6fca3f44df0474a9b33e230a347\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-dbg_5.3.2-1ubuntu4.6_powerpc.deb\r\n Size/MD5: 11211024 2929424c681f42af04863ea0575eecd7\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-dev_5.3.2-1ubuntu4.6_powerpc.deb\r\n Size/MD5: 404914 d087838bea6c5846c0eb11312f05e136\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-gd_5.3.2-1ubuntu4.6_powerpc.deb\r\n Size/MD5: 39864 f868077f95f9dfc418fc500cd8494e80\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-gmp_5.3.2-1ubuntu4.6_powerpc.deb\r\n Size/MD5: 14332 15b24326fc979b89a464363ef63bbfe0\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-ldap_5.3.2-1ubuntu4.6_powerpc.deb\r\n Size/MD5: 19160 646142beb100e0e2f9a14f235cb6dcdc\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-mysql_5.3.2-1ubuntu4.6_powerpc.deb\r\n Size/MD5: 68996 b640a1031d42d7cbe2e7aff12829f2c5\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-odbc_5.3.2-1ubuntu4.6_powerpc.deb\r\n Size/MD5: 33944 1b0e6a66ca7398f8475c459c99ee3c44\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-pgsql_5.3.2-1ubuntu4.6_powerpc.deb\r\n Size/MD5: 55472 76b72f26e08aa45f511f2af59c890c04\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-pspell_5.3.2-1ubuntu4.6_powerpc.deb\r\n Size/MD5: 7482 f577ab49d3dd8525d03b269db67f157c\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-recode_5.3.2-1ubuntu4.6_powerpc.deb\r\n Size/MD5: 4384 03354e6742660a09bf84242f79b8aa1e\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-snmp_5.3.2-1ubuntu4.6_powerpc.deb\r\n Size/MD5: 10730 cecc9fed9b82ebf55de4ae540b3484ca\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-sqlite_5.3.2-1ubuntu4.6_powerpc.deb\r\n Size/MD5: 51978 cac8f3273beadfb63674c6856690473c\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-sybase_5.3.2-1ubuntu4.6_powerpc.deb\r\n Size/MD5: 24766 777af0607ded40852827902b3cfb4066\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-tidy_5.3.2-1ubuntu4.6_powerpc.deb\r\n Size/MD5: 17830 90e7aa5abc55826ed167c75243850bc3\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-xmlrpc_5.3.2-1ubuntu4.6_powerpc.deb\r\n Size/MD5: 34084 734bc0abdf803b4b6f8853a38e3e8b57\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-xsl_5.3.2-1ubuntu4.6_powerpc.deb\r\n Size/MD5: 13294 c6b9eb2de9e6705bcbeff056cdab595d\r\n http://ports.ubuntu.com/pool/universe/p/php5/libapache2-mod-php5filter_5.3.2-1ubuntu4.6_powerpc.deb\r\n Size/MD5: 2982024 186b9f16187871e65315958c25d510b3\r\n http://ports.ubuntu.com/pool/universe/p/php5/php5-enchant_5.3.2-1ubuntu4.6_powerpc.deb\r\n Size/MD5: 8296 2eb32e661e8e623873f6042cb5233043\r\n http://ports.ubuntu.com/pool/universe/p/php5/php5-intl_5.3.2-1ubuntu4.6_powerpc.deb\r\n Size/MD5: 60530 4ced8317938fb126970fff4a420854f9\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/p/php5/libapache2-mod-php5_5.3.2-1ubuntu4.6_sparc.deb\r\n Size/MD5: 2894338 705436aef4d2949e90a77a95bd292bad\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-cgi_5.3.2-1ubuntu4.6_sparc.deb\r\n Size/MD5: 5645508 b0b22997491f803dd770e76f7a4d2e2f\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-cli_5.3.2-1ubuntu4.6_sparc.deb\r\n Size/MD5: 2825972 ab9106c0d0173dfca220af6dc8396e70\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-common_5.3.2-1ubuntu4.6_sparc.deb\r\n Size/MD5: 547346 d0f9411ba79daf250504060c0e6cf3b0\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-curl_5.3.2-1ubuntu4.6_sparc.deb\r\n Size/MD5: 27074 3d430898426064b4c3435f8afcbb9d65\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-dbg_5.3.2-1ubuntu4.6_sparc.deb\r\n Size/MD5: 10621222 98f8d882e3a80e5d141968d7d8bcb819\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-dev_5.3.2-1ubuntu4.6_sparc.deb\r\n Size/MD5: 404906 39b5ebb15706bea58be4db1392987aa8\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-gd_5.3.2-1ubuntu4.6_sparc.deb\r\n Size/MD5: 36724 dfe7ded0b5ddd6064806190a637646d5\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-gmp_5.3.2-1ubuntu4.6_sparc.deb\r\n Size/MD5: 13434 71f93169324a20accfe7da16197860a6\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-ldap_5.3.2-1ubuntu4.6_sparc.deb\r\n Size/MD5: 17410 0f64440681b5847f0266b50c6c4e040d\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-mysql_5.3.2-1ubuntu4.6_sparc.deb\r\n Size/MD5: 62088 32fa95fa4d34b298aa48248c2d3f0d15\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-odbc_5.3.2-1ubuntu4.6_sparc.deb\r\n Size/MD5: 30936 303b6ab55dbc17094c25051ea0a1bdc0\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-pgsql_5.3.2-1ubuntu4.6_sparc.deb\r\n Size/MD5: 50514 0812e6bcbb0df06269e3458768870d93\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-pspell_5.3.2-1ubuntu4.6_sparc.deb\r\n Size/MD5: 7144 d588848979de91b502df2c1b5fdcc129\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-recode_5.3.2-1ubuntu4.6_sparc.deb\r\n Size/MD5: 4140 eb91d5d349a3a2a4285cdcb7914b7b14\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-snmp_5.3.2-1ubuntu4.6_sparc.deb\r\n Size/MD5: 10800 d8a53293bab378791a529ce68422ff7e\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-sqlite_5.3.2-1ubuntu4.6_sparc.deb\r\n Size/MD5: 46572 e42143c783a7111ebe4bb41daed0b4a1\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-sybase_5.3.2-1ubuntu4.6_sparc.deb\r\n Size/MD5: 22928 25dfcf83304e7bdea419260077820a87\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-tidy_5.3.2-1ubuntu4.6_sparc.deb\r\n Size/MD5: 16886 eaeb116eb49625b91b25c507e71e631c\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-xmlrpc_5.3.2-1ubuntu4.6_sparc.deb\r\n Size/MD5: 32172 c9acb8ffca3acba3d6bb148b2132da5d\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-xsl_5.3.2-1ubuntu4.6_sparc.deb\r\n Size/MD5: 12108 0125aa3d93a3d7d7db9225270d5abda5\r\n http://ports.ubuntu.com/pool/universe/p/php5/libapache2-mod-php5filter_5.3.2-1ubuntu4.6_sparc.deb\r\n Size/MD5: 2893690 fe786ee9ba78325ea46f192af98f4032\r\n http://ports.ubuntu.com/pool/universe/p/php5/php5-enchant_5.3.2-1ubuntu4.6_sparc.deb\r\n Size/MD5: 7490 6b951fe70259633af0388019bed230d5\r\n http://ports.ubuntu.com/pool/universe/p/php5/php5-intl_5.3.2-1ubuntu4.6_sparc.deb\r\n Size/MD5: 54036 796ca4df04bfa667cd16a0dd6df2a5a1\r\n\r\nUpdated packages for Ubuntu 10.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.3.3-1ubuntu9.2.diff.gz\r\n Size/MD5: 196816 ede7dff78a1e215a0c478267c57dd1a8\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.3.3-1ubuntu9.2.dsc\r\n Size/MD5: 3246 8629ecc0b18d05ce19ddd8a6fd5c2be9\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.3.3.orig.tar.gz\r\n Size/MD5: 13921529 5adf1a537895c2ec933fddd48e78d8a2\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php-pear_5.3.3-1ubuntu9.2_all.deb\r\n Size/MD5: 362866 d63047ea2c45970adee41c85604d6964\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.3.3-1ubuntu9.2_all.deb\r\n Size/MD5: 1122 f82fcb497f9831db617344e959fde575\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/libapache2-mod-php5_5.3.3-1ubuntu9.2_amd64.deb\r\n Size/MD5: 3106010 973e07bb984b8446ef3ef2a2d5cfa00f\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cgi_5.3.3-1ubuntu9.2_amd64.deb\r\n Size/MD5: 6028052 4742fca65397445228556709c11a8f2e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cli_5.3.3-1ubuntu9.2_amd64.deb\r\n Size/MD5: 3017590 26176b87d42a1a885a0a73953fe16a97\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-common_5.3.3-1ubuntu9.2_amd64.deb\r\n Size/MD5: 564200 66c937ec1b51a82affba110775a5d7e4\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-curl_5.3.3-1ubuntu9.2_amd64.deb\r\n Size/MD5: 26874 79f6429a811276a34005ac5b5a26b1e2\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-dbg_5.3.3-1ubuntu9.2_amd64.deb\r\n Size/MD5: 12405206 e01720b9f146509a2ed7bbf2ac70b13a\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-dev_5.3.3-1ubuntu9.2_amd64.deb\r\n Size/MD5: 418324 5e1f55067b100fbdb0e8480450a6e917\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gd_5.3.3-1ubuntu9.2_amd64.deb\r\n Size/MD5: 38490 da775d309a31452c687fdce9402400bd\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gmp_5.3.3-1ubuntu9.2_amd64.deb\r\n Size/MD5: 16210 8dee00c5c4c8b72ca548165d0aadd447\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-ldap_5.3.3-1ubuntu9.2_amd64.deb\r\n Size/MD5: 19560 f417e4b2d2909845c4d08b609ddda459\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mysql_5.3.3-1ubuntu9.2_amd64.deb\r\n Size/MD5: 75428 bdb08e4faee81589828ec316a3e6a52b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-odbc_5.3.3-1ubuntu9.2_amd64.deb\r\n Size/MD5: 35320 12ccfcdcb41110413ee8f10e99742529\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-pgsql_5.3.3-1ubuntu9.2_amd64.deb\r\n Size/MD5: 59076 35210edb7d5afc9e31c2bc59912898cb\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-pspell_5.3.3-1ubuntu9.2_amd64.deb\r\n Size/MD5: 8048 de86320c471cdf767edab14b178daefd\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-recode_5.3.3-1ubuntu9.2_amd64.deb\r\n Size/MD5: 4294 617566b3834b56b042967071460a272c\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-snmp_5.3.3-1ubuntu9.2_amd64.deb\r\n Size/MD5: 11170 0a4959dc691f4ff2d9ec63da62a33c72\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sqlite_5.3.3-1ubuntu9.2_amd64.deb\r\n Size/MD5: 54912 804acc24f4b7f6f07f03b6e5fdd9876e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-tidy_5.3.3-1ubuntu9.2_amd64.deb\r\n Size/MD5: 17952 0bd747dd720bd13f12ffbc07f583c9fb\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xmlrpc_5.3.3-1ubuntu9.2_amd64.deb\r\n Size/MD5: 34626 9a8e1665929e1f3de53ccc948d91e99e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xsl_5.3.3-1ubuntu9.2_amd64.deb\r\n Size/MD5: 13044 a022258a7261c170bc357ba68fe477ec\r\n http://security.ubuntu.com/ubuntu/pool/universe/p/php5/libapache2-mod-php5filter_5.3.3-1ubuntu9.2_amd64.deb\r\n Size/MD5: 3104626 04c9ab77e009f27eb3712b8a0cffd5d3\r\n http://security.ubuntu.com/ubuntu/pool/universe/p/php5/php5-enchant_5.3.3-1ubuntu9.2_amd64.deb\r\n Size/MD5: 8810 10a01a8e1a887be8f8c93fd8173b2637\r\n http://security.ubuntu.com/ubuntu/pool/universe/p/php5/php5-fpm_5.3.3-1ubuntu9.2_amd64.deb\r\n Size/MD5: 3042170 7740a71d177414ff403e3c5b53c5e971\r\n http://security.ubuntu.com/ubuntu/pool/universe/p/php5/php5-intl_5.3.3-1ubuntu9.2_amd64.deb\r\n Size/MD5: 58768 68e5e73df9bd861d6d1e53dfc3c18c66\r\n http://security.ubuntu.com/ubuntu/pool/universe/p/php5/php5-sybase_5.3.3-1ubuntu9.2_amd64.deb\r\n Size/MD5: 26040 3c1dfa40fba7450e2a3f2090a9a4a4e6\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/libapache2-mod-php5_5.3.3-1ubuntu9.2_i386.deb\r\n Size/MD5: 2944260 619f260f6c8c8d01abebfb898de87117\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cgi_5.3.3-1ubuntu9.2_i386.deb\r\n Size/MD5: 5835312 9ccb840393ef5c52ef0bce1575351218\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cli_5.3.3-1ubuntu9.2_i386.deb\r\n Size/MD5: 2922192 140a51e9a83fc7688adfd1c5595e5559\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-common_5.3.3-1ubuntu9.2_i386.deb\r\n Size/MD5: 555754 fa2fb0a9e101cac612f3ca769fa95d85\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-curl_5.3.3-1ubuntu9.2_i386.deb\r\n Size/MD5: 25296 de9d5ed65071a30717fa966a7560b5be\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-dbg_5.3.3-1ubuntu9.2_i386.deb\r\n Size/MD5: 12617506 c9451c5504e6171b8eb9c502c4249968\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-dev_5.3.3-1ubuntu9.2_i386.deb\r\n Size/MD5: 416994 3305cef2fe12c6f36d7b115bdd542077\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gd_5.3.3-1ubuntu9.2_i386.deb\r\n Size/MD5: 33970 2d2b533f8dd03dcb37123fe02261b8f0\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gmp_5.3.3-1ubuntu9.2_i386.deb\r\n Size/MD5: 13966 f06c7e37882ff66e28c9f0c3466a6e5b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-ldap_5.3.3-1ubuntu9.2_i386.deb\r\n Size/MD5: 17154 5ca6d14918a60d9b8dcf14ace08959a5\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mysql_5.3.3-1ubuntu9.2_i386.deb\r\n Size/MD5: 65966 97682a4e4926622ff574fd8270cbd946\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-odbc_5.3.3-1ubuntu9.2_i386.deb\r\n Size/MD5: 30826 9da385d8063f43060649efa9a7484d41\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-pgsql_5.3.3-1ubuntu9.2_i386.deb\r\n Size/MD5: 53722 fda31c7958a6747dc40fa0278e8a2e5d\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-pspell_5.3.3-1ubuntu9.2_i386.deb\r\n Size/MD5: 7148 f8719b35bc86a7e177c367d3dcd78714\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-recode_5.3.3-1ubuntu9.2_i386.deb\r\n Size/MD5: 4098 62dc4cc3b37074275da051ee912ff52d\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-snmp_5.3.3-1ubuntu9.2_i386.deb\r\n Size/MD5: 10014 5361d7a815cdda47babd766ae36c7f7e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sqlite_5.3.3-1ubuntu9.2_i386.deb\r\n Size/MD5: 46950 4182f187abc09b075649432f5da56542\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-tidy_5.3.3-1ubuntu9.2_i386.deb\r\n Size/MD5: 16070 db4f45c6d85ea94ffaf697d4022dc002\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xmlrpc_5.3.3-1ubuntu9.2_i386.deb\r\n Size/MD5: 31656 9196ef437de957ca3d7596ba42e9eab3\r\n http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xsl_5.3.3-1ubuntu9.2_i386.deb\r\n Size/MD5: 12030 56742dde4c1b020a4f9dda5f434d8671\r\n http://security.ubuntu.com/ubuntu/pool/universe/p/php5/libapache2-mod-php5filter_5.3.3-1ubuntu9.2_i386.deb\r\n Size/MD5: 2943178 d44b4b3954ad2727a92b8acf5db30c47\r\n http://security.ubuntu.com/ubuntu/pool/universe/p/php5/php5-enchant_5.3.3-1ubuntu9.2_i386.deb\r\n Size/MD5: 7634 5d139c268d1e5fc648327fc3bbbf114c\r\n http://security.ubuntu.com/ubuntu/pool/universe/p/php5/php5-fpm_5.3.3-1ubuntu9.2_i386.deb\r\n Size/MD5: 2944984 8442b12c63ed8301b5c671e5a2f6c8e0\r\n http://security.ubuntu.com/ubuntu/pool/universe/p/php5/php5-intl_5.3.3-1ubuntu9.2_i386.deb\r\n Size/MD5: 53300 650b608670e209ee475c8a568d477c13\r\n http://security.ubuntu.com/ubuntu/pool/universe/p/php5/php5-sybase_5.3.3-1ubuntu9.2_i386.deb\r\n Size/MD5: 23158 5d6b41b8f92447380d93e6640a22b18b\r\n\r\n armel architecture &#40;ARM Architecture&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/p/php5/libapache2-mod-php5_5.3.3-1ubuntu9.2_armel.deb\r\n Size/MD5: 2999022 daa8e8b7fdfa1a65cd661d853c0143b1\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-cgi_5.3.3-1ubuntu9.2_armel.deb\r\n Size/MD5: 5965966 ba709c7dbcec4e38e88a9daa24887d42\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-cli_5.3.3-1ubuntu9.2_armel.deb\r\n Size/MD5: 2986806 02a3968a3deac621ce433e9f8147a43b\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-common_5.3.3-1ubuntu9.2_armel.deb\r\n Size/MD5: 563518 3fd934f0a502ef4e37606867bbbd2ea6\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-curl_5.3.3-1ubuntu9.2_armel.deb\r\n Size/MD5: 25206 5d18abe9252cdc5229b7e91b68d778bb\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-dbg_5.3.3-1ubuntu9.2_armel.deb\r\n Size/MD5: 13759836 a141409295cd7b8e31ab83afae643d95\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-dev_5.3.3-1ubuntu9.2_armel.deb\r\n Size/MD5: 418820 f56a2c2cbfd56bf8a78c1530a049e6f5\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-gd_5.3.3-1ubuntu9.2_armel.deb\r\n Size/MD5: 37292 96b920810bbbdf8e430e7d6bacd77411\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-gmp_5.3.3-1ubuntu9.2_armel.deb\r\n Size/MD5: 13568 1ecc1622475107f35d019bdabf098f01\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-ldap_5.3.3-1ubuntu9.2_armel.deb\r\n Size/MD5: 17466 b1e77bb8269754bd0c72ed1ac5c45841\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-mysql_5.3.3-1ubuntu9.2_armel.deb\r\n Size/MD5: 63208 5deb4c388eb305128f6e620cb74347cf\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-odbc_5.3.3-1ubuntu9.2_armel.deb\r\n Size/MD5: 30618 7cc27fbb2e7cf59351267081ce916cd0\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-pgsql_5.3.3-1ubuntu9.2_armel.deb\r\n Size/MD5: 52906 fa8dc748d6914d9b75adce594ba3d4be\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-pspell_5.3.3-1ubuntu9.2_armel.deb\r\n Size/MD5: 6984 afb04370d5ffd75298abfc74f95f7889\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-recode_5.3.3-1ubuntu9.2_armel.deb\r\n Size/MD5: 3906 51d1a684e7c674fd181a74dc5a69c7bf\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-snmp_5.3.3-1ubuntu9.2_armel.deb\r\n Size/MD5: 9834 fca5b32f63f46f9f360f73da1528a26c\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-sqlite_5.3.3-1ubuntu9.2_armel.deb\r\n Size/MD5: 44546 6f7d8d3b215a37f8f8ba7e0baee9cf63\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-tidy_5.3.3-1ubuntu9.2_armel.deb\r\n Size/MD5: 15714 c1361163ce77383881da78fd454a19b9\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-xmlrpc_5.3.3-1ubuntu9.2_armel.deb\r\n Size/MD5: 30168 73b69174f080b4f989f620506000b901\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-xsl_5.3.3-1ubuntu9.2_armel.deb\r\n Size/MD5: 11460 e326bbcc1a5990751e84e18d23c4a61d\r\n http://ports.ubuntu.com/pool/universe/p/php5/libapache2-mod-php5filter_5.3.3-1ubuntu9.2_armel.deb\r\n Size/MD5: 2998222 eb97aaadbbc526badb470f2ab588a2c5\r\n http://ports.ubuntu.com/pool/universe/p/php5/php5-enchant_5.3.3-1ubuntu9.2_armel.deb\r\n Size/MD5: 7568 1f46699a9422cc125c2be6cfc6564660\r\n http://ports.ubuntu.com/pool/universe/p/php5/php5-fpm_5.3.3-1ubuntu9.2_armel.deb\r\n Size/MD5: 3009278 0bd50c06173a9b871393bbfca607fc5a\r\n http://ports.ubuntu.com/pool/universe/p/php5/php5-intl_5.3.3-1ubuntu9.2_armel.deb\r\n Size/MD5: 53476 712b3516cb52a3a2a251ec6c139aea4f\r\n http://ports.ubuntu.com/pool/universe/p/php5/php5-sybase_5.3.3-1ubuntu9.2_armel.deb\r\n Size/MD5: 21894 11b9b427bf4f3af130d7505b309bd019\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/p/php5/libapache2-mod-php5_5.3.3-1ubuntu9.2_powerpc.deb\r\n Size/MD5: 3091760 cec535868df930364de273a8d9813a59\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-cgi_5.3.3-1ubuntu9.2_powerpc.deb\r\n Size/MD5: 5985056 b7ee8229012587e24d13bc02db88f67f\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-cli_5.3.3-1ubuntu9.2_powerpc.deb\r\n Size/MD5: 2995916 3098a23a9264dae8e41437bcf38e2f59\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-common_5.3.3-1ubuntu9.2_powerpc.deb\r\n Size/MD5: 564322 4b319d44925b0b8bdea42d38f16983f9\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-curl_5.3.3-1ubuntu9.2_powerpc.deb\r\n Size/MD5: 28146 aea39e463fcfd7607c25a958478c5845\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-dbg_5.3.3-1ubuntu9.2_powerpc.deb\r\n Size/MD5: 13393736 1d680f8e9ccc4e46b6cc75ccc0f1ffeb\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-dev_5.3.3-1ubuntu9.2_powerpc.deb\r\n Size/MD5: 415382 96279bcdf5259326622013f78761b112\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-gd_5.3.3-1ubuntu9.2_powerpc.deb\r\n Size/MD5: 39282 54b73faba10e5f0fb1b89fb841e4f51e\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-gmp_5.3.3-1ubuntu9.2_powerpc.deb\r\n Size/MD5: 14098 1d635c8a683e4652fb0c445dac4eb920\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-ldap_5.3.3-1ubuntu9.2_powerpc.deb\r\n Size/MD5: 18866 a9df988c0ce9ad79aa97ade72c414615\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-mysql_5.3.3-1ubuntu9.2_powerpc.deb\r\n Size/MD5: 71472 60fdf09b45f88dd51d0c71fd2a639731\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-odbc_5.3.3-1ubuntu9.2_powerpc.deb\r\n Size/MD5: 33306 16e77b3081a9457b4db1a3288712de8c\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-pgsql_5.3.3-1ubuntu9.2_powerpc.deb\r\n Size/MD5: 57710 3f077e55f4e8717f073897eec80d472a\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-pspell_5.3.3-1ubuntu9.2_powerpc.deb\r\n Size/MD5: 7358 ae45fd458e011e64de815f508aaced39\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-recode_5.3.3-1ubuntu9.2_powerpc.deb\r\n Size/MD5: 4304 52632bfc349c5883be00ec66e17d91c3\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-snmp_5.3.3-1ubuntu9.2_powerpc.deb\r\n Size/MD5: 10536 ced4d0df904e53b38d3bddcfd8d37f78\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-sqlite_5.3.3-1ubuntu9.2_powerpc.deb\r\n Size/MD5: 51082 24d3991267a44a6000c97158867522db\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-tidy_5.3.3-1ubuntu9.2_powerpc.deb\r\n Size/MD5: 17504 bf1a3717987213dd64c51d3f303594c5\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-xmlrpc_5.3.3-1ubuntu9.2_powerpc.deb\r\n Size/MD5: 33772 f6a1f330aa73cd54d0097ab39462d521\r\n http://ports.ubuntu.com/pool/main/p/php5/php5-xsl_5.3.3-1ubuntu9.2_powerpc.deb\r\n Size/MD5: 13018 c9c704c34d475d926778b24ce8f56fdf\r\n http://ports.ubuntu.com/pool/universe/p/php5/libapache2-mod-php5filter_5.3.3-1ubuntu9.2_powerpc.deb\r\n Size/MD5: 3090844 e7c0485f0f0e3ef3e908a79c2ff700c6\r\n http://ports.ubuntu.com/pool/universe/p/php5/php5-enchant_5.3.3-1ubuntu9.2_powerpc.deb\r\n Size/MD5: 8090 2358caf8d8d658d240184bac30663c4e\r\n http://ports.ubuntu.com/pool/universe/p/php5/php5-fpm_5.3.3-1ubuntu9.2_powerpc.deb\r\n Size/MD5: 3021744 50656fd1da08c5fee4a3a074a86f0a0d\r\n http://ports.ubuntu.com/pool/universe/p/php5/php5-intl_5.3.3-1ubuntu9.2_powerpc.deb\r\n Size/MD5: 59640 ee69e7ae68194393189e3c78b93db10a\r\n http://ports.ubuntu.com/pool/universe/p/php5/php5-sybase_5.3.3-1ubuntu9.2_powerpc.deb\r\n Size/MD5: 24378 337e728142f95116ae790202beda4801\r\n\r\n", "cvss3": {}, "published": "2011-01-13T00:00:00", "type": "securityvulns", "title": "[USN-1042-1] PHP vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2010-4645", "CVE-2010-3436", "CVE-2010-3870", "CVE-2010-3709", "CVE-2009-5016", "CVE-2010-4156", "CVE-2010-3710", "CVE-2010-4409"], "modified": "2011-01-13T00:00:00", "id": "SECURITYVULNS:DOC:25489", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25489", "sourceData": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T19:03:08", "description": "Multiple vulnerabilities in different subsystems.", "cvss3": {}, "published": "2012-10-01T00:00:00", "type": "securityvulns", "title": "Apple Mac OS X multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2012-3722", "CVE-2011-3026", "CVE-2012-3721", "CVE-2011-4599", "CVE-2012-3723", "CVE-2012-0643", "CVE-2012-3720", "CVE-2012-0670", "CVE-2012-3718", "CVE-2012-0650", "CVE-2011-3048", "CVE-2012-3716", "CVE-2012-0671", "CVE-2012-0652", "CVE-2012-1173", "CVE-2012-0668", "CVE-2012-3719"], "modified": "2012-10-01T00:00:00", "id": "SECURITYVULNS:VULN:12597", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12597", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:46", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2012-09-24-1 Apple TV 5.1\r\n\r\nApple TV 5.1 is now available and addresses the following:\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An uninitialized memory access existed in the handling\r\nof Sorenson encoded movie files. This issue was addressed through\r\nimproved memory initialization.\r\nCVE-ID\r\nCVE-2012-3722 : Will Dormann of the CERT/CC\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: A malicious Wi-Fi network may be able to determine networks\r\na device has previously accessed\r\nDescription: Upon connecting to a Wi-Fi network, iOS may broadcast\r\nMAC addresses of previously accessed networks per the DNAv4\r\nprotocol. This issue was addressed by disabling DNAv4 on unencrypted\r\nWi-Fi networks\r\nCVE-ID\r\nCVE-2012-3725 : Mark Wuergler of Immunity, Inc.\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: Viewing a maliciously crafted TIFF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in libtiff&#39;s handling of\r\nThunderScan encoded TIFF images. This issue was addressed by updating\r\nlibtiff to version 3.9.5.\r\nCVE-ID\r\nCVE-2011-1167\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: Viewing a maliciously crafted PNG image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in libpng&#39;s\r\nhandling of PNG images. These issues were addressed through improved\r\nvalidation of PNG images.\r\nCVE-ID\r\nCVE-2011-3026 : Juri Aedla\r\nCVE-2011-3048\r\nCVE-2011-3328\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: Viewing a maliciously crafted JPEG image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A double free issue existed in ImageIO&#39;s handling of\r\nJPEG images. This issue was addressed through improved memory\r\nmanagement.\r\nCVE-ID\r\nCVE-2012-3726 : Phil of PKJE Consulting\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: Viewing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An integer overflow issue existed in libTIFF&#39;s handling\r\nof TIFF images. This issue was addressed through improved validation\r\nof TIFF images. This issue does not affect OS X Mountain Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2012-1173\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: Applications that use ICU may be vulnerable to an unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A stack buffer overflow existed in the handling of ICU\r\nlocale IDs. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2011-4599\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: An attacker with a privileged network position may cause an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple vulnerabilities existed in libxml, the most\r\nserious of which may lead to an unexpected application termination or\r\narbitrary code execution. These issues were addressed by applying the\r\nrelevant upstream patches.\r\nCVE-ID\r\nCVE-2011-1944 : Chris Evans of Google Chrome Security Team\r\nCVE-2011-2821 : Yang Dingning of NCNIPC, Graduate University of\r\nChinese Academy of Sciences\r\nCVE-2011-2834 : Yang Dingning of NCNIPC, Graduate University of\r\nChinese Academy of Sciences\r\nCVE-2011-3919 : Juri Aedla\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: An attacker with a privileged network position may cause an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in\r\nJavaScriptCore. These issues were addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2012-0682 : Apple Product Security\r\nCVE-2012-0683 : Dave Mandelin of Mozilla\r\nCVE-2012-3589 : Dave Mandelin of Mozilla\r\nCVE-2012-3590 : Apple Product Security\r\nCVE-2012-3591 : Apple Product Security\r\nCVE-2012-3592 : Apple Product Security\r\nCVE-2012-3678 : Apple Product Security\r\nCVE-2012-3679 : Chris Leary of Mozilla\r\n\r\n\r\nInstallation note:\r\n\r\nApple TV will periodically check for software updates. Alternatively,\r\nyou may manually check for software updates by selecting\r\n&quot;Settings -&gt; General -&gt; Update Software&quot;.\r\n\r\nTo check the current version of software, select\r\n&quot;Settings -&gt; General -&gt; About&quot;.\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple&#39;s Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.17 &#40;Darwin&#41;\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJQXO50AAoJEPefwLHPlZEwc40P/AmBKys+PAsdT8gGrSpOY1B9\r\n8h+Y0xdE+Hmesq9D4p6wvdY/lR+zMqtSwT6amNImYCIaRmm1P8+r8n31be52TYlg\r\n7GqEAZbDtFztHwIISC8Khf8dMvWSrLhzRa7X/cxlIgRKmoXFnqJZzYcUov/M9Uw8\r\nKwejQnztmAx7srHnZCNI+dxFqAC7hPoegnDnlVPx1DkwKDjt8q9xD3PGQyiGWWkI\r\nwqUEWvMGWr65CFyA7R0hDqKuNCowWn2cKP1UhIoEur5yRmc4aQVtOnHhJ8k9mdoO\r\n+58JC/y8lCtqGUyEL2Ar0FmIcRX/GJf+/isKOtmHx0JuEhH5beQ6s9FxU5eNR9DH\r\nEVPmVXowY9wMvKxwHFU3jwq8kQ3+IYC+7KA6lScb5mXO5mC5dbJPLp7uJto7+VtI\r\natgQmvzdB8G562wpwTPuA4UQWWr0i6WWl8zkfgkRHO+cXyN683rkBP/vVEo9FipR\r\nYkQ10RsXqYDRXBcRywmTZZwQy6txMtV9D2bnk1uukQHBsZh30/mEpcmZbo6CO3s3\r\nmnOtu5D2OQsNt4MqbviUkEgdc9JIJnqAOo+9YguDCEu6Rd7unbKB3RpmD+A3OJnR\r\nGhEa2Gqyvm/ozfb2D4L01y4UQo7dMLw+t/FOZXkrpdLlWn2LANWvXDCPSzIFCKoN\r\ncXF+ij425pfY+d7Iekz3\r\n=PSL+\r\n-----END PGP SIGNATURE-----\r\n", "cvss3": {}, "published": "2012-10-04T00:00:00", "type": "securityvulns", "title": "APPLE-SA-2012-09-24-1 Apple TV 5.1", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2012-0682", "CVE-2012-3722", "CVE-2012-3590", "CVE-2011-3026", "CVE-2011-4599", "CVE-2012-3678", "CVE-2012-0683", "CVE-2011-3919", "CVE-2011-1167", "CVE-2012-3726", "CVE-2012-3725", "CVE-2011-3328", "CVE-2011-2834", "CVE-2011-3048", "CVE-2012-3589", "CVE-2012-3679", "CVE-2012-1173", "CVE-2012-3592", "CVE-2011-2821", "CVE-2011-1944", "CVE-2012-3591"], "modified": "2012-10-04T00:00:00", "id": "SECURITYVULNS:DOC:28598", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28598", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:47:14", "description": "Multiple vulnerabilities on different formats and protocols parsing.", "cvss3": {}, "published": "2012-10-04T00:00:00", "type": "securityvulns", "title": "Apple TV multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2012-0682", "CVE-2012-3722", "CVE-2012-3590", "CVE-2011-3026", "CVE-2011-4599", "CVE-2012-3678", "CVE-2012-0683", "CVE-2011-3919", "CVE-2011-1167", "CVE-2012-3726", "CVE-2012-3725", "CVE-2011-3328", "CVE-2011-2834", "CVE-2011-3048", "CVE-2012-3589", "CVE-2012-3679", "CVE-2012-1173", "CVE-2012-3592", "CVE-2011-2821", "CVE-2011-1944", "CVE-2012-3591"], "modified": "2012-10-04T00:00:00", "id": "SECURITYVULNS:VULN:12610", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12610", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:46", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and\r\nSecurity Update 2012-004\r\n\r\nOS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update\r\n2012-004 are now available and address the following:\r\n\r\nApache\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\r\nImpact: Multiple vulnerabilities in Apache\r\nDescription: Apache is updated to version 2.2.22 to address several\r\nvulnerabilities, the most serious of which may lead to a denial of\r\nservice. Further information is available via the Apache web site at\r\nhttp://httpd.apache.org/. This issue does not affect OS X Mountain\r\nLion systems.\r\nCVE-ID\r\nCVE-2011-3368\r\nCVE-2011-3607\r\nCVE-2011-4317\r\nCVE-2012-0021\r\nCVE-2012-0031\r\nCVE-2012-0053\r\n\r\nBIND\r\nAvailable for: OS X Lion v10.7 to v10.7.4,\r\nOS X Lion Server v10.7 to v10.7.4\r\nImpact: A remote attacker may be able to cause a denial of service\r\nin systems configured to run BIND as a DNS nameserver\r\nDescription: A reachable assertion issue existed in the handling of\r\nDNS records. This issue was addressed by updating to BIND 9.7.6-P1.\r\nThis issue does not affect OS X Mountain Lion systems.\r\nCVE-ID\r\nCVE-2011-4313\r\n\r\nBIND\r\nAvailable for: OS X Lion v10.7 to v10.7.4,\r\nOS X Lion Server v10.7 to v10.7.4,\r\nOS X Mountain Lion v10.8 and v10.8.1\r\nImpact: A remote attacker may be able to cause a denial of service,\r\ndata corruption, or obtain sensitive information from process memory\r\nin systems configured to run BIND as a DNS nameserver\r\nDescription: A memory management issue existed in the handling of\r\nDNS records. This issue was addressed by updating to BIND 9.7.6-P1 on\r\nOS X Lion systems, and BIND 9.8.3-P1 on OS X Mountain Lion systems.\r\nCVE-ID\r\nCVE-2012-1667\r\n\r\nCoreText\r\nAvailable for: OS X Lion v10.7 to v10.7.4,\r\nOS X Lion Server v10.7 to v10.7.4\r\nImpact: Applications that use CoreText may be vulnerable to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A bounds checking issue existed in the handling of text\r\nglyphs, which may lead to out of bounds memory reads or writes. This\r\nissue was addressed through improved bounds checking. This issue does\r\nnot affect Mac OS X v10.6 or OS X Mountain Lion systems.\r\nCVE-ID\r\nCVE-2012-3716 : Jesse Ruderman of Mozilla Corporation\r\n\r\nData Security\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4,\r\nOS X Mountain Lion v10.8 and v10.8.1\r\nImpact: An attacker with a privileged network position may intercept\r\nuser credentials or other sensitive information\r\nDescription: TrustWave, a trusted root CA, has issued, and\r\nsubsequently revoked, a sub-CA certificate from one of its trusted\r\nanchors. This sub-CA facilitated the interception of communications\r\nsecured by Transport Layer Security &#40;TLS&#41;. This update adds the\r\ninvolved sub-CA certificate to OS X&#39;s list of untrusted certificates.\r\n\r\nDirectoryService\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8\r\nImpact: If the DirectoryService Proxy is used, a remote attacker may\r\ncause a denial of service or arbitrary code execution\r\nDescription: A buffer overflow existed in the DirectoryService\r\nProxy. This issue was addressed through improved bounds checking.\r\nThis issue does not affect OS X Lion and Mountain Lion systems.\r\nCVE-ID\r\nCVE-2012-0650 : aazubel working with HP&#39;s Zero Day Initiative\r\n\r\nImageIO\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\r\nImpact: Viewing a maliciously crafted PNG image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in libpng&#39;s\r\nhandling of PNG images. These issues were addressed through improved\r\nvalidation of PNG images. These issues do not affect OS X Mountain\r\nLion systems.\r\nCVE-ID\r\nCVE-2011-3026 : Juri Aedla\r\nCVE-2011-3048\r\n\r\nImageIO\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\r\nImpact: Viewing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An integer overflow issue existed in libTIFF&#39;s handling\r\nof TIFF images. This issue was addressed through improved validation\r\nof TIFF images. This issue does not affect OS X Mountain Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2012-1173 : Alexander Gavrun working with HP&#39;s Zero Day\r\nInitiative\r\n\r\nInstaller\r\nAvailable for: OS X Lion v10.7 to v10.7.4,\r\nOS X Lion Server v10.7 to v10.7.4\r\nImpact: Remote admins and persons with physical access to the system\r\nmay obtain account information\r\nDescription: The fix for CVE-2012-0652 in OS X Lion 10.7.4 prevented\r\nuser passwords from being recorded in the system log, but did not\r\nremove the old log entries. This issue was addressed by deleting log\r\nfiles that contained passwords. This issue does not affect Mac OS X\r\n10.6 or OS X Mountain Lion systems.\r\nCVE-ID\r\nCVE-2012-0652\r\n\r\nInternational Components for Unicode\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\r\nImpact: Applications that use ICU may be vulnerable to an unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A stack buffer overflow existed in the handling of ICU\r\nlocale IDs. This issue was addressed through improved bounds\r\nchecking. This issue does not affect OS X Mountain Lion systems.\r\nCVE-ID\r\nCVE-2011-4599\r\n\r\nKernel\r\nAvailable for: OS X Lion v10.7 to v10.7.4,\r\nOS X Lion Server v10.7 to v10.7.4\r\nImpact: A malicious program could bypass sandbox restrictions\r\nDescription: A logic issue existed in the handling of debug system\r\ncalls. This may allow a malicious program to gain code execution in\r\nother programs with the same user privileges. This issue was\r\naddressed by disabling handling of addresses in PT_STEP and\r\nPT_CONTINUE. This issue does not affect OS X Mountain Lion systems.\r\nCVE-ID\r\nCVE-2012-0643 : iOS Jailbreak Dream Team\r\n\r\nLoginWindow\r\nAvailable for: OS X Mountain Lion v10.8 and v10.8.1\r\nImpact: A local user may be able to obtain other user&#39;s login\r\npasswords\r\nDescription: A user-installed input method could intercept password\r\nkeystrokes from Login Window or Screen Saver Unlock. This issue was\r\naddressed by preventing user-installed methods from being used when\r\nthe system is handling login information.\r\nCVE-ID\r\nCVE-2012-3718 : An anonymous researcher\r\n\r\nMail\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\r\nImpact: Viewing an e-mail message may lead to execution of web\r\nplugins\r\nDescription: An input validation issue existed in Mail&#39;s handling of\r\nembedded web plugins. This issue was addressed by disabling third-\r\nparty plug-ins in Mail. This issue does not affect OS X Mountain Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2012-3719 : Will Dormann of the CERT/CC\r\n\r\nMobile Accounts\r\nAvailable for: OS X Mountain Lion v10.8 and v10.8.1\r\nImpact: A user with access to the contents of a mobile account may\r\nobtain the account password\r\nDescription: Creating a mobile account saved a hash of the password\r\nin the account, which was used to login when the mobile account was\r\nused as an external account. The password hash could be used to\r\ndetermine the user&#39;s password. This issue was addressed by creating\r\nthe password hash only if external accounts are enabled on the system\r\nwhere the mobile account is created.\r\nCVE-ID\r\nCVE-2012-3720 : Harald Wagener of Google, Inc.\r\n\r\nPHP\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4,\r\nOS X Mountain Lion v10.8 and v10.8.1\r\nImpact: Multiple vulnerabilities in PHP\r\nDescription: &gt;PHP is updated to version 5.3.15 to address multiple\r\nvulnerabilities, the most serious of which may lead to arbitrary code\r\nexecution. Further information is available via the PHP web site at\r\nhttp://www.php.net\r\nCVE-ID\r\nCVE-2012-0831\r\nCVE-2012-1172\r\nCVE-2012-1823\r\nCVE-2012-2143\r\nCVE-2012-2311\r\nCVE-2012-2386\r\nCVE-2012-2688\r\n\r\nPHP\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\r\nImpact: PHP scripts which use libpng may be vulnerable to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the handling of\r\nPNG files. This issue was addressed by updating PHP&#39;s copy of libpng\r\nto version 1.5.10. This issue does not affect OS X Mountain Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-3048\r\n\r\nProfile Manager\r\nAvailable for: OS X Lion Server v10.7 to v10.7.4\r\nImpact: An unauthenticated user could enumerate managed devices\r\nDescription: An authentication issue existed in the Device\r\nManagement private interface. This issue was addressed by removing\r\nthe interface. This issue does not affect OS X Mountain Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2012-3721 : Derick Cassidy of XEquals Corporation\r\n\r\nQuickLook\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\r\nImpact: Viewing a maliciously crafted .pict file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the handling of\r\n.pict files. This issue was addressed through improved validation of\r\n.pict files. This issue does not affect OS X Mountain Lion systems.\r\nCVE-ID\r\nCVE-2012-0671 : Rodrigo Rubira Branco &#40;twitter.com/bsdaemon&#41; from the\r\nQualys Vulnerability &amp; Malware Research Labs &#40;VMRL&#41;\r\n\r\nQuickTime\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An integer overflow existed in QuickTime&#39;s handling of\r\nsean atoms. This issue was addressed through improved bounds\r\nchecking. This issue does not affect OS X Mountain Lion systems.\r\nCVE-ID\r\nCVE-2012-0670 : Tom Gallagher &#40;Microsoft&#41; and Paul Bates &#40;Microsoft&#41;\r\nworking with HP&#39;s Zero Day Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An uninitialized memory access existed in the handling\r\nof Sorenson encoded movie files. This issue was addressed through\r\nimproved memory initialization. This issue does not affect OS X\r\nMountain Lion systems.\r\nCVE-ID\r\nCVE-2012-3722 : Will Dormann of the CERT/CC\r\n\r\nQuickTime\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of RLE\r\nencoded movie files. This issue was addressed through improved bounds\r\nchecking. This issue does not affect OS X Mountain Lion systems.\r\nCVE-ID\r\nCVE-2012-0668 : Luigi Auriemma working with HP&#39;s Zero Day Initiative\r\n\r\nRuby\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\r\nImpact: An attacker may be able to decrypt data protected by SSL\r\nDescription: There are known attacks on the confidentiality of SSL\r\n3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode.\r\nThe Ruby OpenSSL module disabled the &#39;empty fragment&#39; countermeasure\r\nwhich prevented these attacks. This issue was addressed by enabling\r\nempty fragments. This issue does not affect OS X Mountain Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-3389\r\n\r\nUSB\r\nAvailable for: OS X Lion v10.7 to v10.7.4,\r\nOS X Lion Server v10.7 to v10.7.4\r\nImpact: Attaching a USB device may lead to an unexpected system\r\ntermination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the handling of\r\nUSB hub descriptors. This issue was addressed through improved\r\nhandling of the bNbrPorts descriptor field. This issue does not\r\naffect OS X Mountain Lion systems.\r\nCVE-ID\r\nCVE-2012-3723 : Andy Davis of NGS Secure\r\n\r\nNote: OS X Mountain Lion v10.8.2 includes the content of\r\nSafari 6.0.1. For further details see &quot;About the security content\r\nof Safari 6.0.1&quot; at http://http//support.apple.com/kb/HT5502\r\n\r\n\r\nOS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update\r\n2012-004 may be obtained from the Software Update pane in System\r\nPreferences, or Apple&#39;s Software Downloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nThe Software Update utility will present the update that applies\r\nto your system configuration. Only one is needed, either\r\nOS X Mountain Lion v10.8.2, OS X Lion v10.7.5 or Security Update\r\n2012-004.\r\n\r\nFor OS X Mountain Lion v10.8.1\r\nThe download file is named: OSXUpd10.8.2.dmg\r\nIts SHA-1 digest is: d6779e1cc748b78af0207499383b1859ffbebe33\r\n\r\nFor OS X Mountain Lion v10.8\r\nThe download file is named: OSXUpdCombo10.8.2.dmg\r\nIts SHA-1 digest is: b08f10233d362e39f20b69f91d1d73f5e7b68a2c\r\n\r\nFor OS X Lion v10.7.4\r\nThe download file is named: MacOSXUpd10.7.5.dmg\r\nIts SHA-1 digest is: e0a9582cce9896938a7a541bd431862d93893532\r\n\r\nFor OS X Lion v10.7 and v10.7.3\r\nThe download file is named: MacOSXUpdCombo10.7.5.dmg\r\nIts SHA-1 digest is: f7a26b164fa10dae4fe646e57b01c34a619c8d9b\r\n\r\nFor OS X Lion Server v10.7.4\r\nThe download file is named: MacOSXServerUpd10.7.5.dmg\r\nIts SHA-1 digest is: a891b03bfb4eecb745c0c39a32f39960fdb6796a\r\n\r\nFor OS X Lion Server v10.7 and v10.7.3\r\nThe download file is named: MacOSXServerUpdCombo10.7.5.dmg\r\nIts SHA-1 digest is: df6e1748ab0a3c9e05c890be49d514673efd965e\r\n\r\nFor Mac OS X v10.6.8\r\nThe download file is named: SecUpd2012-004.dmg\r\nIts SHA-1 digest is: 5b136e29a871d41012f0c6ea1362d6210c8b4fb7\r\n\r\nFor Mac OS X Server v10.6.8\r\nThe download file is named: SecUpdSrvr2012-004.dmg\r\nIts SHA-1 digest is: 9b24496be15078e58a88537700f2f39c112e3b28\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple&#39;s Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.17 &#40;Darwin&#41;\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJQWhlbAAoJEPefwLHPlZEwwjwQAKrpQlZh1B2mkSTLxR7QZg6e\r\nQm7SmIZL9sjl5gQkTxoAvOGxJ8uRdYPlJ1IpyU/MbK0GqO53KmFSeKkwCnvLKMaW\r\npc6tiFaQ4zV4LEAwBAFEuqCsMyPEJqKDhYXl2cHQmWfAlrLCyCKfzGLy2mY2UnkE\r\nDQC2+ys70DChFv2GzyXlibBXAGMKDygJ5dVKynsi1ceZLYWbUJoGwlUtXPylBpnO\r\nQyGWXmEloPbhK6HJbKMNacuDdVcb26pvIeFiivkTSxPVlZ3ns2tAwEyvHrzA9O4n\r\n7rQ6jvfDbguOZmM5sPFvVKBw2GVDBNU+G3T8ouIXhk6Pjhr4in8VFCb8MIMLb8hm\r\n7YYn2z1TzKTNmUuYbwe6ukQvf57cPuW0bAvslbl6PgrzqorlNPU4rDoSvPrJx/RO\r\nBOYkcxfirevHDGibfkeqXPjL3h+bVrb1USZpAv+ZOAy0M89SHFcvMtpAhxnoGiV5\r\nw4EyKB+9Yi/CSAk2Ne3Y5kHH7/v3pWV68aJwhVirya7ex3vnJ+M+lRLKSm2BUjL3\r\n+9fykrJBDujFDXoCmK5CN5Wx36DSVZ4VO1h635crotudtcvd+LQ2VHma/Chav5wK\r\nq5SSllf4KEownpx6o/qTxpg5tcC4lvgTcsDHlYcNq2s8KTTjmOden8ar4h7M7QD2\r\nxyBfrQfG/dsif6jGHaot\r\n=8joH\r\n-----END PGP SIGNATURE-----\r\n", "cvss3": {}, "published": "2012-09-24T00:00:00", "type": "securityvulns", "title": "APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2012-3722", "CVE-2011-4317", "CVE-2012-2311", "CVE-2011-3026", "CVE-2012-2386", "CVE-2011-3607", "CVE-2012-0031", "CVE-2012-3721", "CVE-2011-4599", "CVE-2012-1823", "CVE-2012-2143", "CVE-2012-2688", "CVE-2012-3723", "CVE-2011-3389", "CVE-2012-0643", "CVE-2012-0053", "CVE-2012-0021", "CVE-2012-3720", "CVE-2011-3368", "CVE-2012-0670", "CVE-2012-3718", "CVE-2012-1667", "CVE-2012-0650", "CVE-2012-1172", "CVE-2011-3048", "CVE-2012-3716", "CVE-2012-0671", "CVE-2012-0652", "CVE-2012-1173", "CVE-2012-0831", "CVE-2012-0668", "CVE-2011-4313", "CVE-2012-3719"], "modified": "2012-09-24T00:00:00", "id": "SECURITYVULNS:DOC:28577", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28577", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:18:13", "description": "Large number of vulnerabilities in different components.", "cvss3": {}, "published": "2012-09-24T00:00:00", "type": "securityvulns", "title": "Apple iOS multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2012-3722", "CVE-2012-3729", "CVE-2012-3724", "CVE-2012-1140", "CVE-2012-3731", "CVE-2011-3026", "CVE-2012-1131", "CVE-2012-3746", "CVE-2012-1136", "CVE-2012-3736", "CVE-2012-3738", "CVE-2012-3743", "CVE-2012-1138", "CVE-2011-4599", "CVE-2012-1127", "CVE-2012-1126", "CVE-2011-3457", "CVE-2012-0680", "CVE-2012-1141", "CVE-2012-3727", "CVE-2011-3919", "CVE-2012-1130", "CVE-2012-3733", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-3744", "CVE-2012-3741", "CVE-2011-1167", "CVE-2012-1133", "CVE-2012-3726", "CVE-2012-1134", "CVE-2012-3725", "CVE-2012-3734", "CVE-2012-1139", "CVE-2011-3328", "CVE-2012-3745", "CVE-2011-2834", "CVE-2012-3740", "CVE-2012-1132", "CVE-2012-3737", "CVE-2011-3048", "CVE-2012-3728", "CVE-2012-1142", "CVE-2012-3735", "CVE-2012-3732", "CVE-2012-1128", "CVE-2012-1173", "CVE-2011-2821", "CVE-2011-1944", "CVE-2012-3742", "CVE-2012-1129", "CVE-2012-3730", "CVE-2012-1143", "CVE-2012-3739", "CVE-2012-1137"], "modified": "2012-09-24T00:00:00", "id": "SECURITYVULNS:VULN:12596", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12596", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:39", "description": "About the security content of Mac OS X v10.6.7 and Security Update 2011-001\r\n\r\n Last Modified: March 21, 2011\r\n Article: HT4581\r\n\r\nEmail this article\r\nPrint this page\r\nSummary\r\n\r\nThis document describes the security content of Mac OS X v10.6.7 and Security Update 2011-001, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.\r\n\r\nFor the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.\r\n\r\nFor information about the Apple Product Security PGP Key, see &quot;How to use the Apple Product Security PGP Key.&quot;\r\n\r\nWhere possible, CVE IDs are used to reference the vulnerabilities for further information.\r\n\r\nTo learn about other Security Updates, see &quot;Apple Security Updates.&quot;\r\nProducts Affected\r\n\r\nMac OS X 10.6, Product Security\r\nMac OS X v10.6.7 and Security Update 2011-001\r\n\r\n AirPort\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: When connected to Wi-Fi, an attacker on the same network may be able to cause a system reset\r\n\r\n Description: A divide by zero issue existed in the handling of Wi-Fi frames. When connected to Wi-Fi, an attacker on the same network may be able to cause a system reset. This issue does not affect systems prior to Mac OS X v10.6.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0172\r\n\r\n Apache\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Multiple vulnerabilities in Apache 2.2.15\r\n\r\n Description: Apache is updated to version 2.2.17 to address several vulnerabilities, the most serious of which may lead to a denial of service. Further information is available via the Apache web site at http://httpd.apache.org/\r\n\r\n CVE-ID\r\n\r\n CVE-2010-1452\r\n\r\n CVE-2010-2068\r\n\r\n AppleScript\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Running an AppleScript Studio-based application that allows untrusted input to be passed to a dialog may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A format string issue existed in AppleScript Studio&#39;s generic dialog commands &#40;&quot;display dialog&quot; and &quot;display alert&quot;&#41;. Running an AppleScript Studio-based application that allows untrusted input to be passed to a dialog may lead to an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0173 : Alexander Strange\r\n\r\n ATS\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution\r\n\r\n Description: A heap buffer overflow issue existed in the handling of OpenType fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0174\r\n\r\n ATS\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution\r\n\r\n Description: Multiple buffer overflow issues existed in the handling of TrueType fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0175 : Christoph Diehl of Mozilla, Felix Grobert of the Google Security Team, Marc Schoenefeld of Red Hat Security Response Team, Tavis Ormandy and Will Drewry of Google Security Team\r\n\r\n ATS\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution\r\n\r\n Description: Multiple buffer overflow issues existed in the handling of Type 1 fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0176 : Felix Grobert of the Google Security Team, geekable working with TippingPoint&#39;s Zero Day Initiative\r\n\r\n ATS\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution\r\n\r\n Description: Multiple buffer overflow issues existed in the handling of SFNT tables. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0177 : Marc Schoenefeld of Red Hat Security Response Team\r\n\r\n bzip2\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Using the command line bzip2 or bunzip2 tool to decompress a bzip2 file may result in an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer overflow issue existed in bzip2&#39;s handling of bzip2 compressed files. Using the command line bzip2 or bunzip2 tool to decompress a bzip2 file may result in an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2010-0405\r\n\r\n CarbonCore\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Applications that use FSFindFolder&#40;&#41; with the kTemporaryFolderType flag may be vulnerable to a local information disclosure\r\n\r\n Description: When used with the kTemporaryFolderType flag, the FSFindFolder&#40;&#41; API returns a directory that is world readable. This issue is addressed by returning a directory that is only readable by the user that the process is running as.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0178\r\n\r\n ClamAV\r\n\r\n Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6.6\r\n\r\n Impact: Multiple vulnerabilities in ClamAV\r\n\r\n Description: Multiple vulnerabilities exist in ClamAV, the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating ClamAV to version 0.96.5. ClamAV is distributed only with Mac OS X Server systems. Further information is available via the ClamAV website at http://www.clamav.net/\r\n\r\n CVE-ID\r\n\r\n CVE-2010-0405\r\n\r\n CVE-2010-3434\r\n\r\n CVE-2010-4260\r\n\r\n CVE-2010-4261\r\n\r\n CVE-2010-4479\r\n\r\n CoreText\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution\r\n\r\n Description: A memory corruption issue existed in CoreText&#39;s handling of font files. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0179 : Christoph Diehl of Mozilla\r\n\r\n File Quarantine\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Definition added\r\n\r\n Description: The OSX.OpinionSpy definition has been added to the malware check within File Quarantine.\r\n\r\n HFS\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: A local user may be able to read arbitrary files from an HFS, HFS+, or HFS+J filesystem\r\n\r\n Description: An integer overflow issue existed in the handling of the F_READBOOTSTRAP ioctl. A local user may be able to read arbitrary files from an HFS, HFS+, or HFS+J filesystem.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0180 : Dan Rosenberg of Virtual Security Research\r\n\r\n ImageIO\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow issue existed in ImageIO&#39;s handling of JPEG images. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.\r\n\r\n \r\n\r\n CVE-ID\r\n\r\n CVE-2011-0170 : Andrzej Dyjak working with iDefense VCP\r\n\r\n ImageIO\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Viewing a maliciously crafted XBM image may result in an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer overflow issue existed in ImageIO&#39;s handling of XBM images. Viewing a maliciously crafted XBM image may result in an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0181 : Harry Sintonen\r\n\r\n ImageIO\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution\r\n\r\n Description: A buffer overflow existed in libTIFF&#39;s handling of JPEG encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0191 : Apple\r\n\r\n ImageIO\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution\r\n\r\n Description: A buffer overflow existed in libTIFF&#39;s handling of CCITT Group 4 encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0192 : Apple\r\n\r\n ImageIO\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Viewing a maliciously crafted JPEG-encoded TIFF image may result in an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer overflow issue existed in ImageIO&#39;s handling of JPEG-encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution. This issue does not affect systems prior to Mac OS X v10.6.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0194 : Dominic Chell of NGS Secure\r\n\r\n Image RAW\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Viewing a maliciously crafted Canon RAW image may result in an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple buffer overflow issues existed in Image RAW&#39;s handling of Canon RAW images. Viewing a maliciously crafted Canon RAW image may result in an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0193 : Paul Harrington of NGS Secure\r\n\r\n Installer\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Visiting a maliciously crafted website may lead to the installation of an agent that contacts an arbitrary server when the user logs in, and mislead the user into thinking that the connection is with Apple\r\n\r\n Description: A URL processing issue in Install Helper may lead to the installation of an agent that contacts an arbitrary server when the user logs in. The dialog resulting from a connection failure may lead the user to believe that the connection was attempted with Apple. This issue is addressed by removing Install Helper.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0190 : Aaron Sigel of vtty.com\r\n\r\n Kerberos\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Multiple vulnerabilities in MIT Kerberos 5\r\n\r\n Description: Multiple cryptographic issues existed in MIT Kerberos 5. Only CVE-2010-1323 affects Mac OS X v10.5. Further information on the issues and the patches applied is available via the MIT Kerberos website at http://web.mit.edu/Kerberos/\r\n\r\n CVE-ID\r\n\r\n CVE-2010-1323\r\n\r\n CVE-2010-1324\r\n\r\n CVE-2010-4020\r\n\r\n CVE-2010-4021\r\n\r\n Kernel\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: A local user may be able to execute arbitrary code with system privileges\r\n\r\n Description: A privilege checking issue existed in the i386_set_ldt system call&#39;s handling of call gates. A local user may be able to execute arbitrary code with system privileges. This issue is addressed by disallowing creation of call gate entries via i386_set_ldt&#40;&#41;.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0182 : Jeff Mears\r\n\r\n Libinfo\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: A remote attacker may be able to cause a denial of service on hosts that export NFS file systems\r\n\r\n Description: An integer truncation issue existed in Libinfo&#39;s handling of NFS RPC packets. A remote attacker may be able to cause NFS RPC services such as lockd, statd, mountd, and portmap to become unresponsive.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0183 : Peter Schwenk of the University of Delaware\r\n\r\n libxml\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue existed in libxml&#39;s XPath handling. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2010-4008 : Bui Quang Minh from Bkis &#40;www.bkis.com&#41;\r\n\r\n libxml\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A double free issue existed in libxml&#39;s handling of XPath expressions. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue does not affect systems prior to Mac OS X v10.6.\r\n\r\n CVE-ID\r\n\r\n CVE-2010-4494 : Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences\r\n\r\n Mailman\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Multiple vulnerabilities in Mailman 2.1.13\r\n\r\n Description: Multiple cross-site scripting issues existed in Mailman 2.1.13. These issues are addressed by updating Mailman to version 2.1.14. Further information is available via the Mailman site at http://mail.python.org/pipermail/mailman-announce/2010-September/000154.html\r\n\r\n CVE-ID\r\n\r\n CVE-2010-3089\r\n\r\n PHP\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Multiple vulnerabilities in PHP 5.3.3\r\n\r\n Description: PHP is updated to version 5.3.4 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at http://www.php.net/\r\n\r\n CVE-ID\r\n\r\n CVE-2006-7243\r\n\r\n CVE-2010-2950\r\n\r\n CVE-2010-3709\r\n\r\n CVE-2010-3710\r\n\r\n CVE-2010-3870\r\n\r\n CVE-2010-4150\r\n\r\n CVE-2010-4409\r\n\r\n PHP\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\r\n\r\n Impact: Multiple vulnerabilities in PHP 5.2.14\r\n\r\n Description: PHP is updated to version 5.2.15 to address multiple vulnerabilities, the most serious of which may lead to arbitary code execution. Further information is available via the PHP website at http://www.php.net/\r\n\r\n CVE-ID\r\n\r\n CVE-2010-3436\r\n\r\n CVE-2010-3709\r\n\r\n CVE-2010-4150\r\n\r\n QuickLook\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue existed in QuickLook&#39;s handling of Excel files. Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect systems prior to Mac OS X v10.6.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0184 : Tobias Klein working with Verisign iDefense Labs\r\n\r\n QuickLook\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue existed in QuickLook&#39;s handling of Microsoft Office files. Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-1417 : Charlie Miller and Dion Blazakis, working with TippingPoint&#39;s Zero Day Initiative\r\n\r\n QuickTime\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Viewing a maliciously crafted JPEG2000 image with QuickTime may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple memory corruption issues existed in QuickTime&#39;s handling of JPEG2000 images. Viewing a maliciously crafted JPEG2000 image with QuickTime may lead to an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0186 : Will Dormann of the CERT/CC\r\n\r\n QuickTime\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer overflow existed in QuickTime&#39;s handling of movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.5 this issue was addressed in QuickTime 7.6.9.\r\n\r\n CVE-ID\r\n\r\n CVE-2010-4009 : Honggang Ren of Fortinet&#39;s FortiGuard Labs\r\n\r\n QuickTime\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue existed in QuickTime&#39;s handling of FlashPix images. Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.5 this issue was addressed in QuickTime 7.6.9.\r\n\r\n CVE-ID\r\n\r\n CVE-2010-3801 : Damian Put working with TippingPoint&#39;s Zero Day Initiative, and Rodrigo Rubira Branco from the Check Point Vulnerability Discovery Team\r\n\r\n QuickTime\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Visiting a maliciously crafted website may lead to the disclosure of video data from another site\r\n\r\n Description: A cross-origin issue existed in QuickTime plug-in&#39;s handling of cross-site redirects. Visiting a maliciously crafted website may lead to the disclosure of video data from another site. This issue is addressed by preventing QuickTime from following cross-site redirects.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability Research &#40;MSVR&#41;\r\n\r\n QuickTime\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Viewing a maliciously crafted QTVR movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue existed in QuickTime&#39;s handling of panorama atoms in QTVR &#40;QuickTime Virtual Reality&#41; movie files. Viewing a maliciously crafted QTVR movie file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.5 this issue was addressed in QuickTime 7.6.9.\r\n\r\n CVE-ID\r\n\r\n CVE-2010-3802 : an anonymous researcher working with TippingPoint&#39;s Zero Day Initiative\r\n\r\n Ruby\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Running a Ruby script that uses untrusted input to create a BigDecimal object may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer truncation issue existed in Ruby&#39;s BigDecimal class. Running a Ruby script that uses untrusted input to create a BigDecimal object may lead to an unexpected application termination or arbitrary code execution. This issue only affects 64-bit Ruby processes.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0188 : Apple\r\n\r\n Samba\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: If SMB file sharing is enabled, a remote attacker may cause a denial of service or arbitrary code execution\r\n\r\n Description: A stack buffer overflow existed in Samba&#39;s handling of Windows Security IDs. If SMB file sharing is enabled, a remote attacker may cause a denial of service or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2010-3069\r\n\r\n Subversion\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Subversion servers that use the non-default &quot;SVNPathAuthz short_circuit&quot; mod_dav_svn configuration setting may allow unauthorized users to access portions of the repository\r\n\r\n Description: Subversion servers that use the non-default &quot;SVNPathAuthz short_circuit&quot; mod_dav_svn configuration setting may allow unauthorized users to access portions of the repository. This issue is addressed by updating Subversion to version 1.6.13. This issue does not affect systems prior to Mac OS X v10.6.\r\n\r\n CVE-ID\r\n\r\n CVE-2010-3315\r\n\r\n Terminal\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: When ssh is used in Terminal&#39;s &quot;New Remote Connection&quot; dialog, SSH version 1 is selected as the default protocol version\r\n\r\n Description: When ssh is used in Terminal&#39;s &quot;New Remote Connection&quot; dialog, SSH version 1 is selected as the default protocol version. This issue is addressed by changing the default protocol version to &quot;Automatic&quot;. This issue does not affect systems prior to Mac OS X v10.6.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0189 : Matt Warren of HNW Inc.\r\n\r\n X11\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Multiple vulnerabilities in FreeType\r\n\r\n Description: Multiple vulnerabilities existed in FreeType, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues are addressed by updating FreeType to version 2.4.3. Further information is available via the FreeType site at http://www.freetype.org/\r\n\r\n CVE-ID\r\n\r\n CVE-2010-3814\r\n\r\n CVE-2010-3855\r\n", "cvss3": {}, "published": "2011-03-23T00:00:00", "type": "securityvulns", "title": "About the security content of Mac OS X v10.6.7 and Security Update 2011-001", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-0187", "CVE-2010-4008", "CVE-2011-0181", "CVE-2011-0174", "CVE-2011-0186", "CVE-2011-0182", "CVE-2011-0173", "CVE-2011-0188", "CVE-2011-0176", "CVE-2010-1324", "CVE-2010-4020", "CVE-2010-4261", "CVE-2010-3802", "CVE-2010-3089", "CVE-2011-0175", "CVE-2006-7243", "CVE-2010-3436", "CVE-2011-0189", "CVE-2010-4021", "CVE-2011-0180", "CVE-2010-3870", "CVE-2011-0184", "CVE-2011-0190", "CVE-2011-0179", "CVE-2011-0170", "CVE-2010-4009", "CVE-2010-3801", "CVE-2010-2068", "CVE-2011-0191", "CVE-2011-0178", "CVE-2010-0405", "CVE-2011-1417", "CVE-2011-0194", "CVE-2010-3315", "CVE-2010-1452", "CVE-2010-4479", "CVE-2010-3709", "CVE-2011-0172", "CVE-2011-0193", "CVE-2010-4494", "CVE-2011-0177", "CVE-2010-3710", "CVE-2010-3855", "CVE-2010-4150", "CVE-2010-2950", "CVE-2010-3814", "CVE-2010-4409", "CVE-2010-4260", "CVE-2010-1323", "CVE-2010-3434", "CVE-2010-3069", "CVE-2011-0192", "CVE-2011-0183"], "modified": "2011-03-23T00:00:00", "id": "SECURITYVULNS:DOC:25963", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25963", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:03:09", "description": "Multiple DoS conditions, format strings vulnerability in AppleScript, memory corruption on different file formats parsing, information leakage, privilege escalation.", "cvss3": {}, "published": "2011-03-23T00:00:00", "type": "securityvulns", "title": "Apple Mac OS X multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-0187", "CVE-2010-4008", "CVE-2011-0181", "CVE-2011-0174", "CVE-2011-0186", "CVE-2011-0182", "CVE-2011-0173", "CVE-2011-0188", "CVE-2011-0176", "CVE-2010-1324", "CVE-2010-4020", "CVE-2010-4261", "CVE-2010-3802", "CVE-2010-3089", "CVE-2011-0175", "CVE-2006-7243", "CVE-2010-3436", "CVE-2011-0189", "CVE-2010-4021", "CVE-2011-0180", "CVE-2010-3870", "CVE-2011-0184", "CVE-2011-0190", "CVE-2011-0179", "CVE-2011-0170", "CVE-2010-4009", "CVE-2010-3801", "CVE-2010-2068", "CVE-2011-0191", "CVE-2011-0178", "CVE-2010-0405", "CVE-2011-1417", "CVE-2011-0194", "CVE-2010-3315", "CVE-2010-1452", "CVE-2010-4479", "CVE-2010-3709", "CVE-2011-0172", "CVE-2011-0193", "CVE-2011-0200", "CVE-2010-4494", "CVE-2011-0177", "CVE-2010-3710", "CVE-2010-3855", "CVE-2010-4150", "CVE-2010-2950", "CVE-2010-3814", "CVE-2010-4409", "CVE-2010-4260", "CVE-2010-1323", "CVE-2010-3434", "CVE-2010-3069", "CVE-2011-0192", "CVE-2011-0183"], "modified": "2011-03-23T00:00:00", "id": "SECURITYVULNS:VULN:11518", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11518", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:42", "description": "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nGentoo Linux Security Advisory GLSA 201110-06\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n http://security.gentoo.org/\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n Severity: High\r\n Title: PHP: Multiple vulnerabilities\r\n Date: October 10, 2011\r\n Bugs: #306939, #332039, #340807, #350908, #355399, #358791,\r\n #358975, #369071, #372745, #373965, #380261\r\n ID: 201110-06\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nSynopsis\r\n========\r\n\r\nMultiple vulnerabilities were found in PHP, the worst of which leading\r\nto remote execution of arbitrary code.\r\n\r\nBackground\r\n==========\r\n\r\nPHP is a widely-used general-purpose scripting language that is\r\nespecially suited for Web development and can be embedded into HTML.\r\n\r\nAffected packages\r\n=================\r\n\r\n -------------------------------------------------------------------\r\n Package / Vulnerable / Unaffected\r\n -------------------------------------------------------------------\r\n 1 dev-lang/php &lt; 5.3.8 &gt;= 5.3.8\r\n\r\nDescription\r\n===========\r\n\r\nMultiple vulnerabilities have been discovered in PHP. Please review the\r\nCVE identifiers referenced below for details.\r\n\r\nImpact\r\n======\r\n\r\nA context-dependent attacker could execute arbitrary code, obtain\r\nsensitive information from process memory, bypass intended access\r\nrestrictions, or cause a Denial of Service in various ways.\r\n\r\nA remote attacker could cause a Denial of Service in various ways,\r\nbypass spam detections, or bypass open_basedir restrictions.\r\n\r\nWorkaround\r\n==========\r\n\r\nThere is no known workaround at this time.\r\n\r\nResolution\r\n==========\r\n\r\nAll PHP users should upgrade to the latest version:\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose &quot;&gt;=dev-lang/php-5.3.8&quot;\r\n\r\nReferences\r\n==========\r\n\r\n[ 1 ] CVE-2006-7243\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-7243\r\n[ 2 ] CVE-2009-5016\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5016\r\n[ 3 ] CVE-2010-1128\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1128\r\n[ 4 ] CVE-2010-1129\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1129\r\n[ 5 ] CVE-2010-1130\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1130\r\n[ 6 ] CVE-2010-1860\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1860\r\n[ 7 ] CVE-2010-1861\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1861\r\n[ 8 ] CVE-2010-1862\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1862\r\n[ 9 ] CVE-2010-1864\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1864\r\n[ 10 ] CVE-2010-1866\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1866\r\n[ 11 ] CVE-2010-1868\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1868\r\n[ 12 ] CVE-2010-1914\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1914\r\n[ 13 ] CVE-2010-1915\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1915\r\n[ 14 ] CVE-2010-1917\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1917\r\n[ 15 ] CVE-2010-2093\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2093\r\n[ 16 ] CVE-2010-2094\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2094\r\n[ 17 ] CVE-2010-2097\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2097\r\n[ 18 ] CVE-2010-2100\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2100\r\n[ 19 ] CVE-2010-2101\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2101\r\n[ 20 ] CVE-2010-2190\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2190\r\n[ 21 ] CVE-2010-2191\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2191\r\n[ 22 ] CVE-2010-2225\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2225\r\n[ 23 ] CVE-2010-2484\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2484\r\n[ 24 ] CVE-2010-2531\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2531\r\n[ 25 ] CVE-2010-2950\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2950\r\n[ 26 ] CVE-2010-3062\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3062\r\n[ 27 ] CVE-2010-3063\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3063\r\n[ 28 ] CVE-2010-3064\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3064\r\n[ 29 ] CVE-2010-3065\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3065\r\n[ 30 ] CVE-2010-3436\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3436\r\n[ 31 ] CVE-2010-3709\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3709\r\n[ 32 ] CVE-2010-3709\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3709\r\n[ 33 ] CVE-2010-3710\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3710\r\n[ 34 ] CVE-2010-3710\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3710\r\n[ 35 ] CVE-2010-3870\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3870\r\n[ 36 ] CVE-2010-4150\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4150\r\n[ 37 ] CVE-2010-4409\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4409\r\n[ 38 ] CVE-2010-4645\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4645\r\n[ 39 ] CVE-2010-4697\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4697\r\n[ 40 ] CVE-2010-4698\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4698\r\n[ 41 ] CVE-2010-4699\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4699\r\n[ 42 ] CVE-2010-4700\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4700\r\n[ 43 ] CVE-2011-0420\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0420\r\n[ 44 ] CVE-2011-0421\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0421\r\n[ 45 ] CVE-2011-0708\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0708\r\n[ 46 ] CVE-2011-0752\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0752\r\n[ 47 ] CVE-2011-0753\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0753\r\n[ 48 ] CVE-2011-0755\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0755\r\n[ 49 ] CVE-2011-1092\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1092\r\n[ 50 ] CVE-2011-1148\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1148\r\n[ 51 ] CVE-2011-1153\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1153\r\n[ 52 ] CVE-2011-1464\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1464\r\n[ 53 ] CVE-2011-1466\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1466\r\n[ 54 ] CVE-2011-1467\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1467\r\n[ 55 ] CVE-2011-1468\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1468\r\n[ 56 ] CVE-2011-1469\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1469\r\n[ 57 ] CVE-2011-1470\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1470\r\n[ 58 ] CVE-2011-1471\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1471\r\n[ 59 ] CVE-2011-1657\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1657\r\n[ 60 ] CVE-2011-1938\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1938\r\n[ 61 ] CVE-2011-2202\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2202\r\n[ 62 ] CVE-2011-2483\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2483\r\n[ 63 ] CVE-2011-3182\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3182\r\n[ 64 ] CVE-2011-3189\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3189\r\n[ 65 ] CVE-2011-3267\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3267\r\n[ 66 ] CVE-2011-3268\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3268\r\n\r\nAvailability\r\n============\r\n\r\nThis GLSA and any updates to it are available for viewing at\r\nthe Gentoo Security Website:\r\n\r\n http://security.gentoo.org/glsa/glsa-201110-06.xml\r\n\r\nConcerns?\r\n=========\r\n\r\nSecurity is a primary focus of Gentoo Linux and ensuring the\r\nconfidentiality and security of our users&#39; machines is of utmost\r\nimportance to us. Any security concerns should be addressed to\r\nsecurity@gentoo.org or alternatively, you may file a bug at\r\nhttps://bugs.gentoo.org.\r\n\r\nLicense\r\n=======\r\n\r\nCopyright 2011 Gentoo Foundation, Inc; referenced text\r\nbelongs to its owner&#40;s&#41;.\r\n\r\nThe contents of this document are licensed under the\r\nCreative Commons - Attribution / Share Alike license.\r\n\r\nhttp://creativecommons.org/licenses/by-sa/2.5\r\n", "cvss3": {}, "published": "2011-10-12T00:00:00", "type": "securityvulns", "title": "[ GLSA 201110-06 ] PHP: Multiple vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-0421", "CVE-2011-0752", "CVE-2011-1467", "CVE-2011-1153", "CVE-2011-1471", "CVE-2010-1129", "CVE-2010-2225", "CVE-2010-1868", "CVE-2011-1148", "CVE-2010-2484", "CVE-2010-2097", "CVE-2011-1466", "CVE-2010-2531", "CVE-2011-3189", "CVE-2010-3065", "CVE-2010-2191", "CVE-2011-1938", "CVE-2010-4697", "CVE-2010-1866", "CVE-2010-1915", "CVE-2011-1092", "CVE-2010-4698", "CVE-2011-2483", "CVE-2006-7243", "CVE-2011-0753", "CVE-2010-4645", "CVE-2010-3436", "CVE-2010-2093", "CVE-2011-1657", "CVE-2011-0708", "CVE-2010-3870", "CVE-2011-3268", "CVE-2010-1861", "CVE-2010-2190", "CVE-2010-3063", "CVE-2011-3182", "CVE-2010-2101", "CVE-2011-1468", "CVE-2011-0420", "CVE-2010-3062", "CVE-2010-1914", "CVE-2011-1470", "CVE-2010-1860", "CVE-2010-2094", "CVE-2010-3709", "CVE-2010-3064", "CVE-2011-1469", "CVE-2009-5016", "CVE-2011-3267", "CVE-2010-3710", "CVE-2010-4150", "CVE-2011-1464", "CVE-2011-0755", "CVE-2010-4699", "CVE-2010-1130", "CVE-2010-2100", "CVE-2011-2202", "CVE-2010-2950", "CVE-2010-4700", "CVE-2010-1917", "CVE-2010-1128", "CVE-2010-1864", "CVE-2010-4409", "CVE-2010-1862"], "modified": "2011-10-12T00:00:00", "id": "SECURITYVULNS:DOC:27147", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27147", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:45", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2012-09-19-1 iOS 6\r\n\r\niOS 6 is now available and addresses the following:\r\n\r\nCFNetwork\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of sensitive information\r\nDescription: An issue existed in CFNetwork&#39;s handling of malformed\r\nURLs. CFNetwork may send requests to an incorrect hostname, resulting\r\nin the disclosure of sensitive information. This issue was addressed\r\nthrough improvements to URL handling.\r\nCVE-ID\r\nCVE-2012-3724 : Erling Ellingsen of Facebook\r\n\r\nCoreGraphics\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: Multiple vulnerabilities in FreeType\r\nDescription: Multiple vulnerabilities existed in FreeType, the most\r\nserious of which may lead to arbitrary code execution when processing\r\na maliciously crafted font. These issues were addressed by updating\r\nFreeType to version 2.4.9. Further information is available via the\r\nFreeType site at http://www.freetype.org/\r\nCVE-ID\r\nCVE-2012-1126\r\nCVE-2012-1127\r\nCVE-2012-1128\r\nCVE-2012-1129\r\nCVE-2012-1130\r\nCVE-2012-1131\r\nCVE-2012-1132\r\nCVE-2012-1133\r\nCVE-2012-1134\r\nCVE-2012-1135\r\nCVE-2012-1136\r\nCVE-2012-1137\r\nCVE-2012-1138\r\nCVE-2012-1139\r\nCVE-2012-1140\r\nCVE-2012-1141\r\nCVE-2012-1142\r\nCVE-2012-1143\r\nCVE-2012-1144\r\n\r\nCoreMedia\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An uninitialized memory access existed in the handling\r\nof Sorenson encoded movie files. This issue was addressed through\r\nimproved memory initialization.\r\nCVE-ID\r\nCVE-2012-3722 : Will Dormann of the CERT/CC\r\n\r\nDHCP\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: A malicious Wi-Fi network may be able to determine networks\r\na device has previously accessed\r\nDescription: Upon connecting to a Wi-Fi network, iOS may broadcast\r\nMAC addresses of previously accessed networks per the DNAv4 protocol.\r\nThis issue was addressed by disabling DNAv4 on unencrypted Wi-Fi\r\nnetworks.\r\nCVE-ID\r\nCVE-2012-3725 : Mark Wuergler of Immunity, Inc.\r\n\r\nImageIO\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted TIFF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in libtiff&#39;s handling of\r\nThunderScan encoded TIFF images. This issue was addressed by updating\r\nlibtiff to version 3.9.5.\r\nCVE-ID\r\nCVE-2011-1167\r\n\r\nImageIO\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted PNG image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in libpng&#39;s\r\nhandling of PNG images. These issues were addressed through improved\r\nvalidation of PNG images.\r\nCVE-ID\r\nCVE-2011-3026 : Juri Aedla\r\nCVE-2011-3048\r\nCVE-2011-3328\r\n\r\nImageIO\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted JPEG image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A double free issue existed in ImageIO&#39;s handling of\r\nJPEG images. This issue was addressed through improved memory\r\nmanagement.\r\nCVE-ID\r\nCVE-2012-3726 : Phil of PKJE Consulting\r\n\r\nImageIO\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An integer overflow issue existed in libTIFF&#39;s handling\r\nof TIFF images. This issue was addressed through improved validation\r\nof TIFF images.\r\nCVE-ID\r\nCVE-2012-1173 : Alexander Gavrun working with HP&#39;s Zero Day\r\nInitiative\r\n\r\nInternational Components for Unicode\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: Applications that use ICU may be vulnerable to an unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A stack buffer overflow existed in the handling of ICU\r\nlocale IDs. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2011-4599\r\n\r\nIPSec\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: Loading a maliciously crafted racoon configuration file may\r\nlead to arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of racoon\r\nconfiguration files. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2012-3727 : iOS Jailbreak Dream Team\r\n\r\nKernel\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: An invalid pointer dereference issue existed in the\r\nkernel&#39;s handling of packet filter ioctls. This may allow an attacker\r\nto alter kernel memory. This issue was addressed through improved\r\nerror handling.\r\nCVE-ID\r\nCVE-2012-3728 : iOS Jailbreak Dream Team\r\n\r\nKernel\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: A local user may be able to determine kernel memory layout\r\nDescription: An uninitialized memory access issue existed in the\r\nBerkeley Packet Filter interpreter, which led to the disclosure of\r\nmemory content. This issue was addressed through improved memory\r\ninitialization.\r\nCVE-ID\r\nCVE-2012-3729 : Dan Rosenberg\r\n\r\nlibxml\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted web page may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple vulnerabilities existed in libxml, the most\r\nserious of which may lead to an unexpected application termination or\r\narbitrary code execution. These issues were addressed by applying the\r\nrelevant upstream patches.\r\nCVE-ID\r\nCVE-2011-1944 : Chris Evans of Google Chrome Security Team\r\nCVE-2011-2821 : Yang Dingning of NCNIPC, Graduate University of\r\nChinese Academy of Sciences\r\nCVE-2011-2834 : Yang Dingning of NCNIPC, Graduate University of\r\nChinese Academy of Sciences\r\nCVE-2011-3919 : Juri Aedla\r\n\r\nMail\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: Mail may present the wrong attachment in a message\r\nDescription: A logic issue existed in Mail&#39;s handling of\r\nattachments. If a subsequent mail attachment used the same Content-ID\r\nas a previous one, the previous attachment would be displayed, even\r\nin the case where the 2 mails originated from different senders. This\r\ncould facilitate some spoofing or phishing attacks. This issue was\r\naddressed through improved handling of attachments.\r\nCVE-ID\r\nCVE-2012-3730 : Angelo Prado of the salesforce.com Product Security\r\nTeam\r\n\r\nMail\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: Email attachments may be read without user&#39;s passcode\r\nDescription: A logic issue existed in Mail&#39;s use of Data Protection\r\non email attachments. This issue was addressed by properly setting\r\nthe Data Protection class for email attachments.\r\nCVE-ID\r\nCVE-2012-3731 : Stephen Prairie of Travelers Insurance, Erich\r\nStuntebeck of AirWatch\r\n\r\nMail\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: An attacker may spoof the sender of a S/MIME signed message\r\nDescription: S/MIME signed messages displayed the untrusted &#39;From&#39;\r\naddress, instead of the name associated with the message signer&#39;s\r\nidentity. This issue was addressed by displaying the address\r\nassociated with the message signer&#39;s identity when it is available.\r\nCVE-ID\r\nCVE-2012-3732 : An anonymous researcher\r\n\r\nMessages\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: A user may unintentionally disclose the existence of their\r\nemail addresses\r\nDescription: When a user had multiple email addresses associated\r\nwith iMessage, replying to a message may have resulted in the reply\r\nbeing sent from a different email address. This may disclose another\r\nemail address associated to the user&#39;s account. This issue was\r\naddressed by always replying from the email address the original\r\nmessage was sent to.\r\nCVE-ID\r\nCVE-2012-3733 : Rodney S. Foley of Gnomesoft, LLC\r\n\r\nOffice Viewer\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: Unencrypted document data may be written to a temporary file\r\nDescription: An information disclosure issue existed in the support\r\nfor viewing Microsoft Office files. When viewing a document, the\r\nOffice Viewer would write a temporary file containing data from the\r\nviewed document to the temporary directory of the invoking process.\r\nFor an application that uses data protection or other encryption to\r\nprotect the user&#39;s files, this could lead to information\r\ndisclosure. This issue was addressed by avoiding creation of\r\ntemporary files when viewing Office documents.\r\nCVE-ID\r\nCVE-2012-3734 : Salvatore Cataudella of Open Systems Technologies\r\n\r\nOpenGL\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: Applications that use OS X&#39;s OpenGL implementation may be\r\nvulnerable to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of GLSL compilation. These issues were addressed through\r\nimproved validation of GLSL shaders.\r\nCVE-ID\r\nCVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and\r\nMarc Schoenefeld of the Red Hat Security Response Team\r\n\r\nPasscode Lock\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: A person with physical access to the device could briefly\r\nview the last used third-party app on a locked device\r\nDescription: A logic issue existed with the display of the &quot;Slide to\r\nPower Off&quot; slider on the lock screen. This issue was addressed\r\nthrough improved lock state management.\r\nCVE-ID\r\nCVE-2012-3735 : Chris Lawrence DBB\r\n\r\nPasscode Lock\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: A person with physical access to the device may be able to\r\nbypass the screen lock\r\nDescription: A logic issue existed in the termination of FaceTime\r\ncalls from the lock screen. This issue was addressed through improved\r\nlock state management.\r\nCVE-ID\r\nCVE-2012-3736 : Ian Vitek of 2Secure AB\r\n\r\nPasscode Lock\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: All photos may be accessible at the lock screen\r\nDescription: A design issue existed in the support for viewing\r\nphotos that were taken at the lock screen. In order to determine\r\nwhich photos to permit access to, the passcode lock consulted the\r\ntime at which the device was locked and compared it to the time that\r\na photo was taken. By spoofing the current time, an attacker could\r\ngain access to photos that were taken before the device was locked.\r\nThis issues was addressed by explicitly keeping track of the photos\r\nthat were taken while the device was locked.\r\nCVE-ID\r\nCVE-2012-3737 : Ade Barkah of BlueWax Inc.\r\n\r\nPasscode Lock\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: A person with physical access to a locked device may perform\r\nFaceTime calls\r\nDescription: A logic issue existed in the Emergency Dialer screen,\r\nwhich permitted FaceTime calls via Voice Dialing on the locked\r\ndevice. This could also disclose the user&#39;s contacts via contact\r\nsuggestions. This issue was addressed by disabling Voice Dialing on\r\nthe Emergency Dialer screen.\r\nCVE-ID\r\nCVE-2012-3738 : Ade Barkah of BlueWax Inc.\r\n\r\nPasscode Lock\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: A person with physical access to the device may be able to\r\nbypass the screen lock\r\nDescription: Using the camera from the screen lock could in some\r\ncases interfere with automatic lock functionality, allowing a person\r\nwith physical access to the device to bypass the Passcode Lock\r\nscreen. This issue was addressed through improved lock state\r\nmanagement.\r\nCVE-ID\r\nCVE-2012-3739 : Sebastian Spanninger of the Austrian Federal\r\nComputing Centre &#40;BRZ&#41;\r\n\r\nPasscode Lock\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: A person with physical access to the device may be able to\r\nbypass the screen lock\r\nDescription: A state management issue existed in the handling of the\r\nscreen lock. This issue was addressed through improved lock state\r\nmanagement.\r\nCVE-ID\r\nCVE-2012-3740 : Ian Vitek of 2Secure AB\r\n\r\nRestrictions\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: A user may be able to make purchases without entering Apple\r\nID credentials\r\nDescription: After disabling Restrictions, iOS may not ask for the\r\nuser&#39;s password during a transaction. This issue was addressed by\r\nadditional enforcement of purchase authorization.\r\nCVE-ID\r\nCVE-2012-3741 : Kevin Makens of Redwood High School\r\n\r\nSafari\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: Websites may use characters with an appearance similar to\r\nthe lock icon in their titles\r\nDescription: Websites could use a Unicode character to create a lock\r\nicon in the page title. This icon was similar in appearance to the\r\nicon used to indicate a secure connection, and could have lead the\r\nuser to believe a secure connection had been established. This issue\r\nwas addressed by removing these characters from page titles.\r\nCVE-ID\r\nCVE-2012-3742 : Boku Kihara of Lepidum\r\n\r\nSafari\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: Passwords may autocomplete even when the site specifies that\r\nautocomplete should be disabled\r\nDescription: Password input elements with the autocomplete attribute\r\nset to &quot;off&quot; were being autocompleted. This issue was addressed\r\nthrough improved handling of the autocomplete attribute.\r\nCVE-ID\r\nCVE-2012-0680 : Dan Poltawski of Moodle\r\n\r\nSystem Logs\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: Sandboxed apps may obtain system log content\r\nDescription: Sandboxed apps had read access to /var/log directory,\r\nwhich may allow them to obtain sensitive information contained in\r\nsystem logs. This issue was addressed by denying sandboxed apps\r\naccess to the /var/log directory.\r\nCVE-ID\r\nCVE-2012-3743\r\n\r\nTelephony\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: An SMS message may appear to have been sent by an arbitrary\r\nuser\r\nDescription: Messages displayed the return address of an SMS message\r\nas the sender. Return addresses may be spoofed. This issue was\r\naddressed by always displaying the originating address instead of the\r\nreturn address.\r\nCVE-ID\r\nCVE-2012-3744 : pod2g\r\n\r\nTelephony\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: An SMS message may disrupt cellular connectivity\r\nDescription: An off-by-one buffer overflow existed in the handling\r\nof SMS user data headers. This issue was addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2012-3745 : pod2g\r\n\r\nUIKit\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: An attacker that gains access to a device&#39;s filesystem may\r\nbe able to read files that were being displayed in a UIWebView\r\nDescription: Applications that use UIWebView may leave unencrypted\r\nfiles on the file system even when a passcode is enabled. This issue\r\nwas addressed through improved use of data protection.\r\nCVE-ID\r\nCVE-2012-3746 : Ben Smith of Box\r\n\r\nWebKit\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2011-3016 : miaubiz\r\nCVE-2011-3021 : Arthur Gerkis\r\nCVE-2011-3027 : miaubiz\r\nCVE-2011-3032 : Arthur Gerkis\r\nCVE-2011-3034 : Arthur Gerkis\r\nCVE-2011-3035 : wushi of team509 working with iDefense VCP, Arthur\r\nGerkis\r\nCVE-2011-3036 : miaubiz\r\nCVE-2011-3037 : miaubiz\r\nCVE-2011-3038 : miaubiz\r\nCVE-2011-3039 : miaubiz\r\nCVE-2011-3040 : miaubiz\r\nCVE-2011-3041 : miaubiz\r\nCVE-2011-3042 : miaubiz\r\nCVE-2011-3043 : miaubiz\r\nCVE-2011-3044 : Arthur Gerkis\r\nCVE-2011-3050 : miaubiz\r\nCVE-2011-3053 : miaubiz\r\nCVE-2011-3059 : Arthur Gerkis\r\nCVE-2011-3060 : miaubiz\r\nCVE-2011-3064 : Atte Kettunen of OUSPG\r\nCVE-2011-3068 : miaubiz\r\nCVE-2011-3069 : miaubiz\r\nCVE-2011-3071 : pa_kt working with HP&#39;s Zero Day Initiative\r\nCVE-2011-3073 : Arthur Gerkis\r\nCVE-2011-3074 : Slawomir Blazek\r\nCVE-2011-3075 : miaubiz\r\nCVE-2011-3076 : miaubiz\r\nCVE-2011-3078 : Martin Barbella of the Google Chrome Security Team\r\nCVE-2011-3081 : miaubiz\r\nCVE-2011-3086 : Arthur Gerkis\r\nCVE-2011-3089 : Skylined of the Google Chrome Security Team, miaubiz\r\nCVE-2011-3090 : Arthur Gerkis\r\nCVE-2011-3105 : miaubiz\r\nCVE-2011-3913 : Arthur Gerkis\r\nCVE-2011-3924 : Arthur Gerkis\r\nCVE-2011-3926 : Arthur Gerkis\r\nCVE-2011-3958 : miaubiz\r\nCVE-2011-3966 : Aki Helin of OUSPG\r\nCVE-2011-3968 : Arthur Gerkis\r\nCVE-2011-3969 : Arthur Gerkis\r\nCVE-2011-3971 : Arthur Gerkis\r\nCVE-2012-0682 : Apple Product Security\r\nCVE-2012-0683 : Dave Mandelin of Mozilla\r\nCVE-2012-1520 : Martin Barbella of the Google Chrome Security Team\r\nusing AddressSanitizer, Jose A. Vazquez of spa-s3c.blogspot.com\r\nworking with iDefense VCP\r\nCVE-2012-1521 : Skylined of the Google Chrome Security Team, Jose A.\r\nVazquez of spa-s3c.blogspot.com working with iDefense VCP\r\nCVE-2012-2818 : miaubiz\r\nCVE-2012-3589 : Dave Mandelin of Mozilla\r\nCVE-2012-3590 : Apple Product Security\r\nCVE-2012-3591 : Apple Product Security\r\nCVE-2012-3592 : Apple Product Security\r\nCVE-2012-3593 : Apple Product Security\r\nCVE-2012-3594 : miaubiz\r\nCVE-2012-3595 : Martin Barbella of Google Chrome Security\r\nCVE-2012-3596 : Skylined of the Google Chrome Security Team\r\nCVE-2012-3597 : Abhishek Arya &#40;Inferno&#41; of the Google Chrome Security\r\nTeam\r\nCVE-2012-3598 : Apple Product Security\r\nCVE-2012-3599 : Abhishek Arya &#40;Inferno&#41; of the Google Chrome Security\r\nTeam\r\nCVE-2012-3600 : David Levin of the Chromium development community\r\nCVE-2012-3601 : Martin Barbella of the Google Chrome Security Team\r\nusing AddressSanitizer\r\nCVE-2012-3602 : miaubiz\r\nCVE-2012-3603 : Apple Product Security\r\nCVE-2012-3604 : Skylined of the Google Chrome Security Team\r\nCVE-2012-3605 : Cris Neckar of the Google Chrome Security team\r\nCVE-2012-3608 : Skylined of the Google Chrome Security Team\r\nCVE-2012-3609 : Skylined of the Google Chrome Security Team\r\nCVE-2012-3610 : Skylined of the Google Chrome Security Team\r\nCVE-2012-3611 : Apple Product Security\r\nCVE-2012-3612 : Skylined of the Google Chrome Security Team\r\nCVE-2012-3613 : Abhishek Arya &#40;Inferno&#41; of the Google Chrome Security\r\nTeam\r\nCVE-2012-3614 : Yong Li of Research In Motion, Inc.\r\nCVE-2012-3615 : Stephen Chenney of the Chromium development community\r\nCVE-2012-3617 : Apple Product Security\r\nCVE-2012-3618 : Abhishek Arya &#40;Inferno&#41; of the Google Chrome Security\r\nTeam\r\nCVE-2012-3620 : Abhishek Arya &#40;Inferno&#41; of the Google Chrome Security\r\nTeam\r\nCVE-2012-3624 : Skylined of the Google Chrome Security Team\r\nCVE-2012-3625 : Skylined of Google Chrome Security Team\r\nCVE-2012-3626 : Apple Product Security\r\nCVE-2012-3627 : Skylined and Abhishek Arya &#40;Inferno&#41; of Google Chrome\r\nSecurity team\r\nCVE-2012-3628 : Apple Product Security\r\nCVE-2012-3629 : Abhishek Arya &#40;Inferno&#41; of the Google Chrome Security\r\nTeam\r\nCVE-2012-3630 : Abhishek Arya &#40;Inferno&#41; of the Google Chrome Security\r\nTeam\r\nCVE-2012-3631 : Abhishek Arya &#40;Inferno&#41; of the Google Chrome Security\r\nTeam\r\nCVE-2012-3633 : Martin Barbella of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2012-3634 : Martin Barbella of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2012-3635 : Martin Barbella of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2012-3636 : Martin Barbella of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2012-3637 : Martin Barbella of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2012-3638 : Martin Barbella of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2012-3639 : Martin Barbella of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2012-3640 : miaubiz\r\nCVE-2012-3641 : Slawomir Blazek\r\nCVE-2012-3642 : miaubiz\r\nCVE-2012-3644 : miaubiz\r\nCVE-2012-3645 : Martin Barbella of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2012-3646 : Julien Chaffraix of the Chromium development\r\ncommunity, Martin Barbella of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2012-3647 : Skylined of the Google Chrome Security Team\r\nCVE-2012-3648 : Abhishek Arya &#40;Inferno&#41; of the Google Chrome Security\r\nTeam\r\nCVE-2012-3651 : Abhishek Arya &#40;Inferno&#41; and Martin Barbella of the\r\nGoogle Chrome Security Team\r\nCVE-2012-3652 : Martin Barbella of Google Chrome Security Team\r\nCVE-2012-3653 : Martin Barbella of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2012-3655 : Skylined of the Google Chrome Security Team\r\nCVE-2012-3656 : Abhishek Arya &#40;Inferno&#41; of the Google Chrome Security\r\nTeam\r\nCVE-2012-3658 : Apple\r\nCVE-2012-3659 : Mario Gomes of netfuzzer.blogspot.com, Abhishek Arya\r\n&#40;Inferno&#41; of the Google Chrome Security Team\r\nCVE-2012-3660 : Abhishek Arya &#40;Inferno&#41; of the Google Chrome Security\r\nTeam\r\nCVE-2012-3661 : Apple Product Security\r\nCVE-2012-3663 : Skylined of Google Chrome Security Team\r\nCVE-2012-3664 : Thomas Sepez of the Chromium development community\r\nCVE-2012-3665 : Martin Barbella of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2012-3666 : Apple\r\nCVE-2012-3667 : Trevor Squires of propaneapp.com\r\nCVE-2012-3668 : Apple Product Security\r\nCVE-2012-3669 : Apple Product Security\r\nCVE-2012-3670 : Abhishek Arya &#40;Inferno&#41; of the Google Chrome Security\r\nTeam, Arthur Gerkis\r\nCVE-2012-3671 : Skylined and Martin Barbella of the Google Chrome\r\nSecurity Team\r\nCVE-2012-3672 : Abhishek Arya &#40;Inferno&#41; of the Google Chrome Security\r\nTeam\r\nCVE-2012-3673 : Abhishek Arya &#40;Inferno&#41; of the Google Chrome Security\r\nTeam\r\nCVE-2012-3674 : Skylined of Google Chrome Security Team\r\nCVE-2012-3676 : Julien Chaffraix of the Chromium development\r\ncommunity\r\nCVE-2012-3677 : Apple\r\nCVE-2012-3678 : Apple Product Security\r\nCVE-2012-3679 : Chris Leary of Mozilla\r\nCVE-2012-3680 : Skylined of Google Chrome Security Team\r\nCVE-2012-3681 : Apple\r\nCVE-2012-3682 : Adam Barth of the Google Chrome Security Team\r\nCVE-2012-3683 : wushi of team509 working with iDefense VCP\r\nCVE-2012-3684 : kuzzcc\r\nCVE-2012-3686 : Robin Cao of Torch Mobile &#40;Beijing&#41;\r\nCVE-2012-3703 : Apple Product Security\r\nCVE-2012-3704 : Skylined of the Google Chrome Security Team\r\nCVE-2012-3706 : Apple Product Security\r\nCVE-2012-3708 : Apple\r\nCVE-2012-3710 : James Robinson of Google\r\nCVE-2012-3747 : David Bloom of Cue\r\n\r\nWebKit\r\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\r\niPod touch &#40;3rd generation&#41; and later, iPad, iPad 2\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite disclosure of information\r\nDescription: A cross-origin issue existed in the handling of CSS\r\nproperty values. This issue was addressed through improved origin\r\ntracking.\r\nCVE-ID\r\nCVE-2012-3691 : Apple\r\n\r\nWebKit\r\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\r\niPod touch &#40;3rd generation&#41; and later, iPad, iPad 2\r\nImpact: A malicious website may be able to replace the contents of\r\nan iframe on another site\r\nDescription: A cross-origin issue existed in the handling of iframes\r\nin popup windows. This issue was addressed through improved origin\r\ntracking.\r\nCVE-ID\r\nCVE-2011-3067 : Sergey Glazunov\r\n\r\nWebKit\r\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\r\niPod touch &#40;3rd generation&#41; and later, iPad, iPad 2\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite disclosure of information\r\nDescription: A cross-origin issue existed in the handling of iframes\r\nand fragment identifiers. This issue was addressed through improved\r\norigin tracking.\r\nCVE-ID\r\nCVE-2012-2815 : Elie Bursztein, Baptiste Gourdin, Gustav Rydstedt,\r\nand Dan Boneh of the Stanford University Security Laboratory\r\n\r\nWebKit\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: Look-alike characters in a URL could be used to masquerade a\r\nwebsite\r\nDescription: The International Domain Name &#40;IDN&#41; support and Unicode\r\nfonts embedded in Safari could have been used to create a URL which\r\ncontains look-alike characters. These could have been used in a\r\nmalicious website to direct the user to a spoofed site that visually\r\nappears to be a legitimate domain. This issue was addressed by\r\nsupplementing WebKit&#39;s list of known look-alike characters. Look-\r\nalike characters are rendered in Punycode in the address bar.\r\nCVE-ID\r\nCVE-2012-3693 : Matt Cooley of Symantec\r\n\r\nWebKit\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: A canonicalization issue existed in the handling of\r\nURLs. This may have led to cross-site scripting on sites which use\r\nthe location.href property. This issue was addressed through improved\r\ncanonicalization of URLs.\r\nCVE-ID\r\nCVE-2012-3695 : Masato Kinugawa\r\n\r\nWebKit\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to HTTP\r\nrequest splitting\r\nDescription: An HTTP header injection issue existed in the handling\r\nof WebSockets. This issue was addressed through improved WebSockets\r\nURI sanitization.\r\nCVE-ID\r\nCVE-2012-3696 : David Belcher of the BlackBerry Security Incident\r\nResponse Team\r\n\r\nWebKit\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: A maliciously crafted website may be able to spoof the value\r\nin the URL bar\r\nDescription: A state management issue existed in the handling of\r\nsession history. Navigations to a fragment on the current page may\r\ncause Safari to display incorrect information in the URL bar. This\r\nissue was addressed through improved session state tracking.\r\nCVE-ID\r\nCVE-2011-2845 : Jordi Chancel\r\n\r\nWebKit\r\nAvailable for: iPhone 3GS and later,\r\niPod touch &#40;4th generation&#41; and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of the disclosure of memory contents\r\nDescription: An uninitialized memory access issue existed in the\r\nhandling of SVG images. This issue was addressed through improved\r\nmemory initialization.\r\nCVE-ID\r\nCVE-2012-3650 : Apple\r\n\r\n\r\nInstallation note:\r\n\r\nThis update is available through iTunes and Software Update on your\r\niOS device, and will not appear in your computer&#39;s Software Update\r\napplication, or in the Apple Downloads site. Make sure you have an\r\nInternet connection and have installed the latest version of iTunes\r\nfrom www.apple.com/itunes/\r\n\r\niTunes and Software Update on the device will automatically check\r\nApple&#39;s update server on its weekly schedule. When an update is\r\ndetected, it is downloaded and the option to be installed is\r\npresented to the user when the iOS device is docked. We recommend\r\napplying the update immediately if possible. Selecting Don&#39;t Install\r\nwill present the option the next time you connect your iOS device.\r\n\r\nThe automatic update process may take up to a week depending on the\r\nday that iTunes or the device checks for updates. You may manually\r\nobtain the update via the Check for Updates button within iTunes, or\r\nthe Software Update on your device.\r\n\r\nTo check that the iPhone, iPod touch, or iPad has been updated:\r\n\r\n* Navigate to Settings\r\n* Select General\r\n* Select About. The version after applying this update will be &quot;6.0&quot;.\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple&#39;s Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.17 &#40;Darwin&#41;\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJQWeYHAAoJEPefwLHPlZEwFlwP/1Ib/2m8K7orlPb3zmsKTyjo\r\n3T0rFqu1LbXNzwLRhan7E7KiJoQ7U6yVO4045o/19AYZM+zGVNnHsCkUc3+Vcpa5\r\nTZIM9Rik2iXKMxzttFfc5tvhE1u18PstsDLU/jvyW+s3XxMVL54wnSmW1R+P0de0\r\n8+Q++IANogUj+scJzQkTaFDNDN5v1p0BT0+cifCcqktXB4H/PoaQ7drIWiDGYB/9\r\nn4IL5AjM0BJBzWkldfjPimZ0BseSA0BxdeVCopmAgdnigyB60G4cWGzkU7E35VnP\r\ndWgdU9rnIIvGGe/vP912f7AoPtWs1b8n6DYCJgGRXvaRfPoHFUlXaRoVB6vJlMVs\r\nJXyMrw/RSDfYEgJdNbFOSxyJXHUkTkt4+aNW4KcoMR6raI/W5zKDyMEICw1wpkwP\r\nid6Dz4e6ncf+cfvAFqXpk02OC7iJqn71IJN2MvU/hC7797l++PINIoOHwJZolt+T\r\nxL3wV8p3Lk8K6lZx3Q9Tu6Dd7GYkxtjLCgV1NgdHOwPKDUOJ47oG6RjZAd6hpicp\r\nRqYXbk5bJpd3nZv+X6FrCZqGfeuwREWW7FJ0dI+/8ohlnisTz16f48W9FtuN3HIj\r\nbmxFJ46P4LGxrizwDSdBngxf3Utkh+7hGLuMH51/jR8+tCqDIEgpKBA+2F+IOmyP\r\nXtT4lS60xKz63YSg79dd\r\n=LvMt\r\n-----END PGP SIGNATURE-----\r\n", "cvss3": {}, "published": "2012-09-24T00:00:00", "type": "securityvulns", "title": "APPLE-SA-2012-09-19-1 iOS 6", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2012-3667", "CVE-2012-0682", "CVE-2012-3670", "CVE-2012-3722", "CVE-2012-3729", "CVE-2011-3039", "CVE-2012-3609", "CVE-2011-3043", "CVE-2012-3646", "CVE-2012-3724", "CVE-2012-3600", "CVE-2012-3610", "CVE-2012-3590", "CVE-2012-1140", "CVE-2012-3693", "CVE-2012-3731", "CVE-2011-3105", "CVE-2012-2815", "CVE-2011-3026", "CVE-2012-1131", "CVE-2012-3639", "CVE-2011-3044", "CVE-2011-3081", "CVE-2012-3637", "CVE-2011-3068", "CVE-2012-3641", "CVE-2012-3746", "CVE-2011-3968", "CVE-2012-1136", "CVE-2012-3703", "CVE-2012-3736", "CVE-2011-2845", "CVE-2012-3738", "CVE-2012-3626", "CVE-2012-3704", "CVE-2012-3603", "CVE-2012-3743", "CVE-2012-3663", "CVE-2012-1138", "CVE-2011-4599", "CVE-2012-3668", "CVE-2012-1127", "CVE-2012-3660", "CVE-2012-3678", "CVE-2012-1520", "CVE-2011-3059", "CVE-2011-3071", "CVE-2012-3635", "CVE-2012-3644", "CVE-2012-1521", "CVE-2012-3676", "CVE-2012-3674", "CVE-2012-3593", "CVE-2011-3075", "CVE-2012-1126", "CVE-2012-3671", "CVE-2011-3457", "CVE-2012-3602", "CVE-2012-3625", "CVE-2012-3611", "CVE-2012-3659", "CVE-2011-3958", "CVE-2012-3596", "CVE-2012-3669", "CVE-2012-3655", "CVE-2012-3634", "CVE-2011-3969", "CVE-2012-3706", "CVE-2012-3658", "CVE-2012-0683", "CVE-2012-0680", "CVE-2012-3684", "CVE-2011-3060", "CVE-2012-1141", "CVE-2012-3727", "CVE-2012-3652", "CVE-2012-3651", "CVE-2011-3971", "CVE-2011-3919", "CVE-2012-1130", "CVE-2012-3665", "CVE-2011-3021", "CVE-2012-3733", "CVE-2012-3664", "CVE-2012-1135", "CVE-2011-3069", "CVE-2012-1144", "CVE-2012-3744", "CVE-2012-3656", "CVE-2012-3666", "CVE-2012-3598", "CVE-2012-3710", "CVE-2012-3645", "CVE-2012-3741", "CVE-2011-1167", "CVE-2012-1133", "CVE-2011-3074", "CVE-2012-3661", "CVE-2012-3726", "CVE-2011-3038", "CVE-2011-3035", "CVE-2012-3708", "CVE-2012-1134", "CVE-2012-3673", "CVE-2011-3053", "CVE-2012-3725", "CVE-2012-3681", "CVE-2012-3642", "CVE-2012-3653", "CVE-2012-3734", "CVE-2012-3682", "CVE-2012-3686", "CVE-2012-1139", "CVE-2011-3036", "CVE-2011-3050", "CVE-2012-3638", "CVE-2012-3633", "CVE-2012-3747", "CVE-2012-2818", "CVE-2011-3328", "CVE-2012-3618", "CVE-2012-3594", "CVE-2011-3078", "CVE-2012-3745", "CVE-2011-2834", "CVE-2012-3628", "CVE-2012-3740", "CVE-2011-3926", "CVE-2011-3073", "CVE-2012-3680", "CVE-2011-3076", "CVE-2012-3614", "CVE-2012-3612", "CVE-2012-3696", "CVE-2012-3605", "CVE-2012-3647", "CVE-2012-3648", "CVE-2011-3086", "CVE-2012-1132", "CVE-2012-3737", "CVE-2012-3617", "CVE-2011-3041", "CVE-2012-3613", "CVE-2011-3048", "CVE-2012-3589", "CVE-2011-3966", "CVE-2011-3034", "CVE-2012-3620", "CVE-2012-3679", "CVE-2012-3728", "CVE-2011-3067", "CVE-2012-3677", "CVE-2011-3924", "CVE-2012-3595", "CVE-2011-3042", "CVE-2011-3016", "CVE-2012-1142", "CVE-2012-3630", "CVE-2012-3735", "CVE-2011-3090", "CVE-2012-3683", "CVE-2012-3732", "CVE-2012-3691", "CVE-2012-3650", "CVE-2012-3640", "CVE-2012-3636", "CVE-2012-3599", "CVE-2012-1128", "CVE-2012-3624", "CVE-2012-1173", "CVE-2012-3629", "CVE-2011-3032", "CVE-2012-3672", "CVE-2012-3592", "CVE-2011-3037", "CVE-2011-2821", "CVE-2012-3627", "CVE-2011-1944", "CVE-2012-3615", "CVE-2012-3695", "CVE-2012-3742", "CVE-2011-3913", "CVE-2012-1129", "CVE-2012-3591", "CVE-2012-3608", "CVE-2011-3064", "CVE-2011-3027", "CVE-2012-3604", "CVE-2012-3730", "CVE-2012-3601", "CVE-2012-1143", "CVE-2011-3040", "CVE-2012-3739", "CVE-2012-3631", "CVE-2012-3597", "CVE-2011-3089", "CVE-2012-1137"], "modified": "2012-09-24T00:00:00", "id": "SECURITYVULNS:DOC:28576", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28576", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-01-03T10:57:02", "description": "Check for the Version of icu", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for icu FEDORA-2011-17101", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4599"], "modified": "2018-01-03T00:00:00", "id": "OPENVAS:863979", "href": "http://plugins.openvas.org/nasl.php?oid=863979", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for icu FEDORA-2011-17101\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"icu on Fedora 16\";\ntag_insight = \"Tools and utilities for developing with icu.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071318.html\");\n script_id(863979);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:42:22 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-4599\");\n script_xref(name: \"FEDORA\", value: \"2011-17101\");\n script_name(\"Fedora Update for icu FEDORA-2011-17101\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of icu\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"icu\", rpm:\"icu~4.6~3.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:57:32", "description": "Check for the Version of icu", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for icu CESA-2011:1815 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4599"], "modified": "2017-12-28T00:00:00", "id": "OPENVAS:881290", "href": "http://plugins.openvas.org/nasl.php?oid=881290", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for icu CESA-2011:1815 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The International Components for Unicode (ICU) library provides robust and\n full-featured Unicode services.\n\n A stack-based buffer overflow flaw was found in the way ICU performed\n variant canonicalization for some locale identifiers. If a\n specially-crafted locale representation was opened in an application\n linked against ICU, it could cause the application to crash or, possibly,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2011-4599)\n \n All users of ICU should upgrade to these updated packages, which contain a\n backported patch to resolve this issue. All applications linked against\n ICU must be restarted for this update to take effect.\";\n\ntag_affected = \"icu on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-December/018323.html\");\n script_id(881290);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:18:48 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-4599\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1815\");\n script_name(\"CentOS Update for icu CESA-2011:1815 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of icu\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"icu\", rpm:\"icu~3.6~5.16.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libicu\", rpm:\"libicu~3.6~5.16.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libicu-devel\", rpm:\"libicu-devel~3.6~5.16.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libicu-doc\", rpm:\"libicu-doc~3.6~5.16.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:20:41", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1348-1", "cvss3": {}, "published": "2012-02-01T00:00:00", "type": "openvas", "title": "Ubuntu Update for icu USN-1348-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4599"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840881", "href": "http://plugins.openvas.org/nasl.php?oid=840881", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1348_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for icu USN-1348-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that ICU did not properly handle invalid locale data\n during Unicode conversion. If an application using ICU processed crafted\n data, an attacker could cause it to crash or potentially execute arbitrary\n code with the privileges of the user invoking the program.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1348-1\";\ntag_affected = \"icu on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1348-1/\");\n script_id(840881);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-01 11:36:58 +0530 (Wed, 01 Feb 2012)\");\n script_cve_id(\"CVE-2011-4599\");\n script_xref(name: \"USN\", value: \"1348-1\");\n script_name(\"Ubuntu Update for icu USN-1348-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libicu42\", ver:\"4.2.1-3ubuntu0.10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libicu42\", ver:\"4.2.1-3ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libicu44\", ver:\"4.4.2-2ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:23", "description": "Check for the Version of icu", "cvss3": {}, "published": "2011-12-23T00:00:00", "type": "openvas", "title": "Fedora Update for icu FEDORA-2011-17119", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4599"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863666", "href": "http://plugins.openvas.org/nasl.php?oid=863666", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for icu FEDORA-2011-17119\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"icu on Fedora 15\";\ntag_insight = \"Tools and utilities for developing with icu.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071316.html\");\n script_id(863666);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-23 10:33:34 +0530 (Fri, 23 Dec 2011)\");\n script_xref(name: \"FEDORA\", value: \"2011-17119\");\n script_cve_id(\"CVE-2011-4599\");\n script_name(\"Fedora Update for icu FEDORA-2011-17119\");\n\n script_summary(\"Check for the Version of icu\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"icu\", rpm:\"icu~4.4.2~9.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:55:38", "description": "Check for the Version of icu", "cvss3": {}, "published": "2011-12-30T00:00:00", "type": "openvas", "title": "Mandriva Update for icu MDVSA-2011:194 (icu)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4599"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:831516", "href": "http://plugins.openvas.org/nasl.php?oid=831516", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for icu MDVSA-2011:194 (icu)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been discovered and corrected in icu:\n\n A stack-based buffer overflow flaw was found in the way ICU\n performed variant canonicalization for some locale identifiers. If a\n specially-crafted locale representation was opened in an application\n linked against ICU, it could cause the application to crash or,\n possibly, execute arbitrary code with the privileges of the user\n running the application (CVE-2011-4599).\n\n The updated packages have been patched to correct this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"icu on Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-12/msg00025.php\");\n script_id(831516);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6570 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:06:35 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-30 09:13:11 +0530 (Fri, 30 Dec 2011)\");\n script_xref(name: \"MDVSA\", value: \"2011:194\");\n script_cve_id(\"CVE-2011-4599\");\n script_name(\"Mandriva Update for icu MDVSA-2011:194 (icu)\");\n\n script_summary(\"Check for the Version of icu\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"icu\", rpm:\"icu~4.0~2.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icu-doc\", rpm:\"icu-doc~4.0~2.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libicu40\", rpm:\"libicu40~4.0~2.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libicu-devel\", rpm:\"libicu-devel~4.0~2.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64icu40\", rpm:\"lib64icu40~4.0~2.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64icu-devel\", rpm:\"lib64icu-devel~4.0~2.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"icu\", rpm:\"icu~4.4~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icu-doc\", rpm:\"icu-doc~4.4~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libicu44\", rpm:\"libicu44~4.4~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libicu-devel\", rpm:\"libicu-devel~4.4~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64icu44\", rpm:\"lib64icu44~4.4~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64icu-devel\", rpm:\"lib64icu-devel~4.4~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:27", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-12-30T00:00:00", "type": "openvas", "title": "Mandriva Update for icu MDVSA-2011:194 (icu)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4599"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310831516", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831516", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for icu MDVSA-2011:194 (icu)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-12/msg00025.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831516\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-30 09:13:11 +0530 (Fri, 30 Dec 2011)\");\n script_xref(name:\"MDVSA\", value:\"2011:194\");\n script_cve_id(\"CVE-2011-4599\");\n script_name(\"Mandriva Update for icu MDVSA-2011:194 (icu)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'icu'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(mes5|2010\\.1)\");\n script_tag(name:\"affected\", value:\"icu on Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\");\n script_tag(name:\"insight\", value:\"A vulnerability has been discovered and corrected in icu:\n\n A stack-based buffer overflow flaw was found in the way ICU\n performed variant canonicalization for some locale identifiers. If a\n specially-crafted locale representation was opened in an application\n linked against ICU, it could cause the application to crash or,\n possibly, execute arbitrary code with the privileges of the user\n running the application (CVE-2011-4599).\n\n The updated packages have been patched to correct this issue.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"icu\", rpm:\"icu~4.0~2.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icu-doc\", rpm:\"icu-doc~4.0~2.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libicu40\", rpm:\"libicu40~4.0~2.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libicu-devel\", rpm:\"libicu-devel~4.0~2.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64icu40\", rpm:\"lib64icu40~4.0~2.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64icu-devel\", rpm:\"lib64icu-devel~4.0~2.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"icu\", rpm:\"icu~4.4~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icu-doc\", rpm:\"icu-doc~4.4~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libicu44\", rpm:\"libicu44~4.4~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libicu-devel\", rpm:\"libicu-devel~4.4~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64icu44\", rpm:\"lib64icu44~4.4~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64icu-devel\", rpm:\"lib64icu-devel~4.4~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:42", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-12-16T00:00:00", "type": "openvas", "title": "RedHat Update for icu RHSA-2011:1815-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4599"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870523", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870523", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for icu RHSA-2011:1815-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-December/msg00037.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870523\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-16 11:08:42 +0530 (Fri, 16 Dec 2011)\");\n script_xref(name:\"RHSA\", value:\"2011:1815-01\");\n script_cve_id(\"CVE-2011-4599\");\n script_name(\"RedHat Update for icu RHSA-2011:1815-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'icu'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"icu on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The International Components for Unicode (ICU) library provides robust and\n full-featured Unicode services.\n\n A stack-based buffer overflow flaw was found in the way ICU performed\n variant canonicalization for some locale identifiers. If a\n specially-crafted locale representation was opened in an application\n linked against ICU, it could cause the application to crash or, possibly,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2011-4599)\n\n All users of ICU should upgrade to these updated packages, which contain a\n backported patch to resolve this issue. All applications linked against\n ICU must be restarted for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"icu\", rpm:\"icu~3.6~5.16.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icu-debuginfo\", rpm:\"icu-debuginfo~3.6~5.16.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libicu\", rpm:\"libicu~3.6~5.16.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libicu-devel\", rpm:\"libicu-devel~3.6~5.16.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libicu-doc\", rpm:\"libicu-doc~3.6~5.16.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:17", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for icu CESA-2011:1815 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4599"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881290", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881290", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for icu CESA-2011:1815 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-December/018323.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881290\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:18:48 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-4599\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2011:1815\");\n script_name(\"CentOS Update for icu CESA-2011:1815 centos5 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'icu'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"icu on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The International Components for Unicode (ICU) library provides robust and\n full-featured Unicode services.\n\n A stack-based buffer overflow flaw was found in the way ICU performed\n variant canonicalization for some locale identifiers. If a\n specially-crafted locale representation was opened in an application\n linked against ICU, it could cause the application to crash or, possibly,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2011-4599)\n\n All users of ICU should upgrade to these updated packages, which contain a\n backported patch to resolve this issue. All applications linked against\n ICU must be restarted for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"icu\", rpm:\"icu~3.6~5.16.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libicu\", rpm:\"libicu~3.6~5.16.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libicu-devel\", rpm:\"libicu-devel~3.6~5.16.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libicu-doc\", rpm:\"libicu-doc~3.6~5.16.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:40", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for icu CESA-2011:1815 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4599"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881453", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881453", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for icu CESA-2011:1815 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-December/018340.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881453\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:54:43 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-4599\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2011:1815\");\n script_name(\"CentOS Update for icu CESA-2011:1815 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'icu'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"icu on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The International Components for Unicode (ICU) library provides robust and\n full-featured Unicode services.\n\n A stack-based buffer overflow flaw was found in the way ICU performed\n variant canonicalization for some locale identifiers. If a\n specially-crafted locale representation was opened in an application\n linked against ICU, it could cause the application to crash or, possibly,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2011-4599)\n\n All users of ICU should upgrade to these updated packages, which contain a\n backported patch to resolve this issue. All applications linked against\n ICU must be restarted for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"icu\", rpm:\"icu~4.2.1~9.1.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libicu\", rpm:\"libicu~4.2.1~9.1.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libicu-devel\", rpm:\"libicu-devel~4.2.1~9.1.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libicu-doc\", rpm:\"libicu-doc~4.2.1~9.1.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:34", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1348-1", "cvss3": {}, "published": "2012-02-01T00:00:00", "type": "openvas", "title": "Ubuntu Update for icu USN-1348-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4599"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840881", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840881", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1348_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for icu USN-1348-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1348-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840881\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-01 11:36:58 +0530 (Wed, 01 Feb 2012)\");\n script_cve_id(\"CVE-2011-4599\");\n script_xref(name:\"USN\", value:\"1348-1\");\n script_name(\"Ubuntu Update for icu USN-1348-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1348-1\");\n script_tag(name:\"affected\", value:\"icu on Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that ICU did not properly handle invalid locale data\n during Unicode conversion. If an application using ICU processed crafted\n data, an attacker could cause it to crash or potentially execute arbitrary\n code with the privileges of the user invoking the program.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libicu42\", ver:\"4.2.1-3ubuntu0.10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libicu42\", ver:\"4.2.1-3ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libicu44\", ver:\"4.4.2-2ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:55:34", "description": "Check for the Version of icu", "cvss3": {}, "published": "2011-12-16T00:00:00", "type": "openvas", "title": "CentOS Update for icu CESA-2011:1815 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4599"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:881058", "href": "http://plugins.openvas.org/nasl.php?oid=881058", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for icu CESA-2011:1815 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The International Components for Unicode (ICU) library provides robust and\n full-featured Unicode services.\n\n A stack-based buffer overflow flaw was found in the way ICU performed\n variant canonicalization for some locale identifiers. If a\n specially-crafted locale representation was opened in an application\n linked against ICU, it could cause the application to crash or, possibly,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2011-4599)\n\n All users of ICU should upgrade to these updated packages, which contain a\n backported patch to resolve this issue. All applications linked against\n ICU must be restarted for this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"icu on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-December/018324.html\");\n script_id(881058);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-16 11:10:58 +0530 (Fri, 16 Dec 2011)\");\n script_xref(name: \"CESA\", value: \"2011:1815\");\n script_cve_id(\"CVE-2011-4599\");\n script_name(\"CentOS Update for icu CESA-2011:1815 centos5 i386\");\n\n script_summary(\"Check for the Version of icu\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"icu\", rpm:\"icu~3.6~5.16.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libicu\", rpm:\"libicu~3.6~5.16.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libicu-devel\", rpm:\"libicu-devel~3.6~5.16.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libicu-doc\", rpm:\"libicu-doc~3.6~5.16.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for icu FEDORA-2011-17101", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4599"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863979", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863979", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for icu FEDORA-2011-17101\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071318.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863979\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:42:22 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-4599\");\n script_xref(name:\"FEDORA\", value:\"2011-17101\");\n script_name(\"Fedora Update for icu FEDORA-2011-17101\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'icu'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"icu on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"icu\", rpm:\"icu~4.6~3.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:53", "description": "The remote host is missing an update to icu\nannounced via advisory DSA 2397-1.", "cvss3": {}, "published": "2012-02-12T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2397-1 (icu)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4599"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231070714", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070714", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2397_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2397-1 (icu)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70714\");\n script_cve_id(\"CVE-2011-4599\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 06:35:00 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2397-1 (icu)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(5|6)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202397-1\");\n script_tag(name:\"insight\", value:\"It was discovered that a buffer overflow in the Unicode libraray ICU\ncould lead to the execution of arbitrary code.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 3.8.1-3+lenny3.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 4.4.1-8.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.8.1.1-3.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your icu packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to icu\nannounced via advisory DSA 2397-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"3.8.1-3+lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lib32icu-dev\", ver:\"3.8.1-3+lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lib32icu38\", ver:\"3.8.1-3+lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libicu-dev\", ver:\"3.8.1-3+lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libicu38\", ver:\"3.8.1-3+lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libicu38-dbg\", ver:\"3.8.1-3+lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"4.4.1-8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lib32icu-dev\", ver:\"4.4.1-8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lib32icu44\", ver:\"4.4.1-8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libicu-dev\", ver:\"4.4.1-8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libicu44\", ver:\"4.4.1-8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libicu44-dbg\", ver:\"4.4.1-8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-18T11:04:57", "description": "Check for the Version of php-intl", "cvss3": {}, "published": "2010-12-28T00:00:00", "type": "openvas", "title": "Mandriva Update for php-intl MDVSA-2010:255 (php-intl)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4409"], "modified": "2018-01-17T00:00:00", "id": "OPENVAS:1361412562310831285", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831285", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for php-intl MDVSA-2010:255 (php-intl)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was discovered and corrected in php-intl:\n\n Integer overflow in the NumberFormatter::getSymbol (aka\n numfmt_get_symbol) function in PHP 5.3.3 and earlier allows\n context-dependent attackers to cause a denial of service (application\n crash) via an invalid argument (CVE-2010-4409).\n \n The updated packages have been upgraded to php-intl-1.1.2 and patched\n to correct this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"php-intl on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-12/msg00016.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831285\");\n script_version(\"$Revision: 8447 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:12:19 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-28 07:11:56 +0100 (Tue, 28 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:255\");\n script_cve_id(\"CVE-2010-4409\");\n script_name(\"Mandriva Update for php-intl MDVSA-2010:255 (php-intl)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of php-intl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-intl\", rpm:\"php-intl~1.1.2~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-08T12:58:08", "description": "Check for the Version of icu", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for icu CESA-2011:1815 centos6 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4599"], "modified": "2018-01-08T00:00:00", "id": "OPENVAS:881453", "href": "http://plugins.openvas.org/nasl.php?oid=881453", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for icu CESA-2011:1815 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The International Components for Unicode (ICU) library provides robust and\n full-featured Unicode services.\n\n A stack-based buffer overflow flaw was found in the way ICU performed\n variant canonicalization for some locale identifiers. If a\n specially-crafted locale representation was opened in an application\n linked against ICU, it could cause the application to crash or, possibly,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2011-4599)\n \n All users of ICU should upgrade to these updated packages, which contain a\n backported patch to resolve this issue. All applications linked against\n ICU must be restarted for this update to take effect.\";\n\ntag_affected = \"icu on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-December/018340.html\");\n script_id(881453);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:54:43 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-4599\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1815\");\n script_name(\"CentOS Update for icu CESA-2011:1815 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of icu\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"icu\", rpm:\"icu~4.2.1~9.1.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libicu\", rpm:\"libicu~4.2.1~9.1.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libicu-devel\", rpm:\"libicu-devel~4.2.1~9.1.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libicu-doc\", rpm:\"libicu-doc~4.2.1~9.1.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:55:15", "description": "Check for the Version of icu", "cvss3": {}, "published": "2011-12-16T00:00:00", "type": "openvas", "title": "RedHat Update for icu RHSA-2011:1815-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4599"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870523", "href": "http://plugins.openvas.org/nasl.php?oid=870523", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for icu RHSA-2011:1815-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The International Components for Unicode (ICU) library provides robust and\n full-featured Unicode services.\n\n A stack-based buffer overflow flaw was found in the way ICU performed\n variant canonicalization for some locale identifiers. If a\n specially-crafted locale representation was opened in an application\n linked against ICU, it could cause the application to crash or, possibly,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2011-4599)\n\n All users of ICU should upgrade to these updated packages, which contain a\n backported patch to resolve this issue. All applications linked against\n ICU must be restarted for this update to take effect.\";\n\ntag_affected = \"icu on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-December/msg00037.html\");\n script_id(870523);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-16 11:08:42 +0530 (Fri, 16 Dec 2011)\");\n script_xref(name: \"RHSA\", value: \"2011:1815-01\");\n script_cve_id(\"CVE-2011-4599\");\n script_name(\"RedHat Update for icu RHSA-2011:1815-01\");\n\n script_summary(\"Check for the Version of icu\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"icu\", rpm:\"icu~3.6~5.16.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icu-debuginfo\", rpm:\"icu-debuginfo~3.6~5.16.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libicu\", rpm:\"libicu~3.6~5.16.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libicu-devel\", rpm:\"libicu-devel~3.6~5.16.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libicu-doc\", rpm:\"libicu-doc~3.6~5.16.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:35", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-12-23T00:00:00", "type": "openvas", "title": "Fedora Update for icu FEDORA-2011-17119", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4599"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863666", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863666", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for icu FEDORA-2011-17119\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071316.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863666\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-23 10:33:34 +0530 (Fri, 23 Dec 2011)\");\n script_xref(name:\"FEDORA\", value:\"2011-17119\");\n script_cve_id(\"CVE-2011-4599\");\n script_name(\"Fedora Update for icu FEDORA-2011-17119\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'icu'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"icu on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"icu\", rpm:\"icu~4.4.2~9.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-12-16T00:00:00", "type": "openvas", "title": "CentOS Update for icu CESA-2011:1815 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4599"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881058", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881058", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for icu CESA-2011:1815 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-December/018324.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881058\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-16 11:10:58 +0530 (Fri, 16 Dec 2011)\");\n script_xref(name:\"CESA\", value:\"2011:1815\");\n script_cve_id(\"CVE-2011-4599\");\n script_name(\"CentOS Update for icu CESA-2011:1815 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'icu'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"icu on CentOS 5\");\n script_tag(name:\"insight\", value:\"The International Components for Unicode (ICU) library provides robust and\n full-featured Unicode services.\n\n A stack-based buffer overflow flaw was found in the way ICU performed\n variant canonicalization for some locale identifiers. If a\n specially-crafted locale representation was opened in an application\n linked against ICU, it could cause the application to crash or, possibly,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2011-4599)\n\n All users of ICU should upgrade to these updated packages, which contain a\n backported patch to resolve this issue. All applications linked against\n ICU must be restarted for this update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"icu\", rpm:\"icu~3.6~5.16.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libicu\", rpm:\"libicu~3.6~5.16.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libicu-devel\", rpm:\"libicu-devel~3.6~5.16.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libicu-doc\", rpm:\"libicu-doc~3.6~5.16.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T23:03:42", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2012-33)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4599"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120216", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120216", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120216\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:20:36 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2012-33)\");\n script_tag(name:\"insight\", value:\"A stack-based buffer overflow flaw was found in the way ICU performed variant canonicalization for some locale identifiers. If a specially-crafted locale representation was opened in an application linked against ICU, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-4599 )\");\n script_tag(name:\"solution\", value:\"Run yum update icu to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2012-33.html\");\n script_cve_id(\"CVE-2011-4599\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"libicu\", rpm:\"libicu~4.2.1~9.9.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"icu\", rpm:\"icu~4.2.1~9.9.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libicu-devel\", rpm:\"libicu-devel~4.2.1~9.9.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libicu-doc\", rpm:\"libicu-doc~4.2.1~9.9.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:44", "description": "The remote host is missing updates announced in\nadvisory GLSA 201209-07.", "cvss3": {}, "published": "2012-09-26T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201209-07 (icu)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4599"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:136141256231072424", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231072424", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201209_07.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.72424\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-4599\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-26 11:20:49 -0400 (Wed, 26 Sep 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201209-07 (icu)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"A buffer overflow in International Components for Unicode could\nresult in execution of arbitrary code or Denial of Service.\");\n script_tag(name:\"solution\", value:\"All ICU users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/icu-49.1.1-r1'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201209-07\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=394201\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201209-07.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"dev-libs/icu\", unaffected: make_list(\"ge 49.1.1-r1\"), vulnerable: make_list(\"lt 49.1.1-r1\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-12-21T11:32:53", "description": "Check for the Version of php-intl", "cvss3": {}, "published": "2010-12-28T00:00:00", "type": "openvas", "title": "Mandriva Update for php-intl MDVSA-2010:255 (php-intl)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4409"], "modified": "2017-12-20T00:00:00", "id": "OPENVAS:831285", "href": "http://plugins.openvas.org/nasl.php?oid=831285", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for php-intl MDVSA-2010:255 (php-intl)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was discovered and corrected in php-intl:\n\n Integer overflow in the NumberFormatter::getSymbol (aka\n numfmt_get_symbol) function in PHP 5.3.3 and earlier allows\n context-dependent attackers to cause a denial of service (application\n crash) via an invalid argument (CVE-2010-4409).\n \n The updated packages have been upgraded to php-intl-1.1.2 and patched\n to correct this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"php-intl on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-12/msg00016.php\");\n script_id(831285);\n script_version(\"$Revision: 8186 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 07:30:34 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-28 07:11:56 +0100 (Tue, 28 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:255\");\n script_cve_id(\"CVE-2010-4409\");\n script_name(\"Mandriva Update for php-intl MDVSA-2010:255 (php-intl)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of php-intl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-intl\", rpm:\"php-intl~1.1.2~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:51:11", "description": "The remote host is missing updates announced in\nadvisory GLSA 201209-07.", "cvss3": {}, "published": "2012-09-26T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201209-07 (icu)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4599"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:72424", "href": "http://plugins.openvas.org/nasl.php?oid=72424", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A buffer overflow in International Components for Unicode could\nresult in execution of arbitrary code or Denial of Service.\";\ntag_solution = \"All ICU users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/icu-49.1.1-r1'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201209-07\nhttp://bugs.gentoo.org/show_bug.cgi?id=394201\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201209-07.\";\n\n \n \nif(description)\n{\n script_id(72424);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-4599\");\n script_version(\"$Revision: 6593 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:18:14 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-26 11:20:49 -0400 (Wed, 26 Sep 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201209-07 (icu)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"dev-libs/icu\", unaffected: make_list(\"ge 49.1.1-r1\"), vulnerable: make_list(\"lt 49.1.1-r1\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:51:15", "description": "The remote host is missing an update to icu\nannounced via advisory DSA 2397-1.", "cvss3": {}, "published": "2012-02-12T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2397-1 (icu)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4599"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:70714", "href": "http://plugins.openvas.org/nasl.php?oid=70714", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2397_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2397-1 (icu)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that a buffer overflow in the Unicode libraray ICU\ncould lead to the execution of arbitrary code.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 3.8.1-3+lenny3.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 4.4.1-8.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.8.1.1-3.\n\nWe recommend that you upgrade your icu packages.\";\ntag_summary = \"The remote host is missing an update to icu\nannounced via advisory DSA 2397-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202397-1\";\n\nif(description)\n{\n script_id(70714);\n script_cve_id(\"CVE-2011-4599\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 06:35:00 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2397-1 (icu)\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"3.8.1-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lib32icu-dev\", ver:\"3.8.1-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lib32icu38\", ver:\"3.8.1-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libicu-dev\", ver:\"3.8.1-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libicu38\", ver:\"3.8.1-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libicu38-dbg\", ver:\"3.8.1-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"4.4.1-8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lib32icu-dev\", ver:\"4.4.1-8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lib32icu44\", ver:\"4.4.1-8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libicu-dev\", ver:\"4.4.1-8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libicu44\", ver:\"4.4.1-8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libicu44-dbg\", ver:\"4.4.1-8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:04", "description": "Oracle Linux Local Security Checks ELSA-2011-1815", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-1815", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4599"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122044", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122044", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-1815.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122044\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:12:08 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-1815\");\n script_tag(name:\"insight\", value:\"ELSA-2011-1815 - icu security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-1815\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-1815.html\");\n script_cve_id(\"CVE-2011-4599\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"icu\", rpm:\"icu~4.2.1~9.1.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libicu\", rpm:\"libicu~4.2.1~9.1.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libicu-devel\", rpm:\"libicu-devel~4.2.1~9.1.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libicu-doc\", rpm:\"libicu-doc~4.2.1~9.1.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-02T10:54:59", "description": "Check for the Version of php", "cvss3": {}, "published": "2010-12-28T00:00:00", "type": "openvas", "title": "Mandriva Update for php MDVSA-2010:254 (php)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-7243", "CVE-2010-3436", "CVE-2010-3870", "CVE-2010-3709", "CVE-2010-3710", "CVE-2010-4150", "CVE-2010-4409"], "modified": "2017-12-22T00:00:00", "id": "OPENVAS:831283", "href": "http://plugins.openvas.org/nasl.php?oid=831283", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for php MDVSA-2010:254 (php)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This is a maintenance and security update that upgrades php to 5.3.4\n for 2010.0/2010.1.\n\n Security Enhancements and Fixes in PHP 5.3.4:\n \n * Paths with NULL in them (foo\\0bar.txt) are now considered as invalid\n (CVE-2006-7243).\n * Fixed bug #53512 (NumberFormatter::setSymbol crash on bogus values)\n (CVE-2010-4409)\n \n Please note that CVE-2010-4150, CVE-2010-3870, CVE-2010-3436,\n CVE-2010-3709, CVE-2010-3710 were fixed in previous advisories.\n \n Key Bug Fixes in PHP 5.3.4 include:\n \n * Added stat support for zip stream.\n * Added follow_location (enabled by default) option for the http\n stream support.\n * Added a 3rd parameter to get_html_translation_table. It now takes\n a charset hint, like htmlentities et al.\n * Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect\n zend multibyte at runtime.\n * Multiple improvements to the FPM SAPI.\n * Over 100 other bug fixes.\n \n Additional post 5.3.4 fixes:\n \n * Fixed bug #53517 (segfault in pgsql_stmt_execute() when postgres\n is down).\n * Fixed bug #53541 (format string bug in ext/phar).\n \n Additionally some of the PECL extensions has been upgraded and/or\n rebuilt for the new php version.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"php on Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-12/msg00015.php\");\n script_id(831283);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-28 07:11:56 +0100 (Tue, 28 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:254\");\n script_cve_id(\"CVE-2006-7243\", \"CVE-2010-4409\", \"CVE-2010-4150\", \"CVE-2010-3870\", \"CVE-2010-3436\", \"CVE-2010-3709\", \"CVE-2010-3710\");\n script_name(\"Mandriva Update for php MDVSA-2010:254 (php)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-mod_php\", rpm:\"apache-mod_php~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-apc\", rpm:\"php-apc~3.1.6~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-apc-admin\", rpm:\"php-apc-admin~3.1.6~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bz2\", rpm:\"php-bz2~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-calendar\", rpm:\"php-calendar~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ctype\", rpm:\"php-ctype~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-curl\", rpm:\"php-curl~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-doc\", rpm:\"php-doc~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dom\", rpm:\"php-dom~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator\", rpm:\"php-eaccelerator~0.9.6.1~1.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator-admin\", rpm:\"php-eaccelerator-admin~0.9.6.1~1.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-enchant\", rpm:\"php-enchant~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-exif\", rpm:\"php-exif~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fileinfo\", rpm:\"php-fileinfo~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filter\", rpm:\"php-filter~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fpm\", rpm:\"php-fpm~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ftp\", rpm:\"php-ftp~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gearman\", rpm:\"php-gearman~0.7.0~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gettext\", rpm:\"php-gettext~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gmp\", rpm:\"php-gmp~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-hash\", rpm:\"php-hash~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-iconv\", rpm:\"php-iconv~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ini\", rpm:\"php-ini~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-intl\", rpm:\"php-intl~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-json\", rpm:\"php-json~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mailparse\", rpm:\"php-mailparse~2.1.5~8.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcal\", rpm:\"php-mcal~0.6~35.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcrypt\", rpm:\"php-mcrypt~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mssql\", rpm:\"php-mssql~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysqli\", rpm:\"php-mysqli~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-optimizer\", rpm:\"php-optimizer~0.1~0.alpha2.8.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pcntl\", rpm:\"php-pcntl~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_dblib\", rpm:\"php-pdo_dblib~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_mysql\", rpm:\"php-pdo_mysql~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_odbc\", rpm:\"php-pdo_odbc~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_pgsql\", rpm:\"php-pdo_pgsql~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_sqlite\", rpm:\"php-pdo_sqlite~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-phar\", rpm:\"php-phar~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pinba\", rpm:\"php-pinba~0.0.5~2.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-posix\", rpm:\"php-posix~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-readline\", rpm:\"php-readline~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sasl\", rpm:\"php-sasl~0.1.0~33.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-session\", rpm:\"php-session~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-shmop\", rpm:\"php-shmop~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sockets\", rpm:\"php-sockets~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sphinx\", rpm:\"php-sphinx~1.0.4~2.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sqlite3\", rpm:\"php-sqlite3~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ssh2\", rpm:\"php-ssh2~0.11.2~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-suhosin\", rpm:\"php-suhosin~0.9.32.1~0.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sybase_ct\", rpm:\"php-sybase_ct~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvmsg\", rpm:\"php-sysvmsg~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvsem\", rpm:\"php-sysvsem~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvshm\", rpm:\"php-sysvshm~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tclink\", rpm:\"php-tclink~3.4.5~7.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-timezonedb\", rpm:\"php-timezonedb~2010.15~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tokenizer\", rpm:\"php-tokenizer~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-translit\", rpm:\"php-translit~0.6.0~15.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-vld\", rpm:\"php-vld~0.10.1~1.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-wddx\", rpm:\"php-wddx~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xattr\", rpm:\"php-xattr~1.1.0~13.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xdebug\", rpm:\"php-xdebug~2.1.0~0.3mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlreader\", rpm:\"php-xmlreader~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlwriter\", rpm:\"php-xmlwriter~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xsl\", rpm:\"php-xsl~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zip\", rpm:\"php-zip~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zlib\", rpm:\"php-zlib~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-mod_php\", rpm:\"apache-mod_php~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-apc\", rpm:\"php-apc~3.1.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-apc-admin\", rpm:\"php-apc-admin~3.1.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bz2\", rpm:\"php-bz2~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-calendar\", rpm:\"php-calendar~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ctype\", rpm:\"php-ctype~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-curl\", rpm:\"php-curl~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dio\", rpm:\"php-dio~0.0.2~6.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-doc\", rpm:\"php-doc~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dom\", rpm:\"php-dom~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator\", rpm:\"php-eaccelerator~0.9.6.1~0.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator-admin\", rpm:\"php-eaccelerator-admin~0.9.6.1~0.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-enchant\", rpm:\"php-enchant~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-exif\", rpm:\"php-exif~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fam\", rpm:\"php-fam~5.0.1~10.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fileinfo\", rpm:\"php-fileinfo~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filepro\", rpm:\"php-filepro~5.1.6~20.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filter\", rpm:\"php-filter~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fpm\", rpm:\"php-fpm~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ftp\", rpm:\"php-ftp~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gettext\", rpm:\"php-gettext~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gmp\", rpm:\"php-gmp~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-hash\", rpm:\"php-hash~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-iconv\", rpm:\"php-iconv~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-idn\", rpm:\"php-idn~1.2b~18.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ini\", rpm:\"php-ini~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-intl\", rpm:\"php-intl~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-json\", rpm:\"php-json~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mailparse\", rpm:\"php-mailparse~2.1.5~3.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcal\", rpm:\"php-mcal~0.6~30.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcrypt\", rpm:\"php-mcrypt~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mssql\", rpm:\"php-mssql~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysqli\", rpm:\"php-mysqli~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-optimizer\", rpm:\"php-optimizer~0.1~0.alpha2.3.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pcntl\", rpm:\"php-pcntl~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_dblib\", rpm:\"php-pdo_dblib~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_mysql\", rpm:\"php-pdo_mysql~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_odbc\", rpm:\"php-pdo_odbc~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_pgsql\", rpm:\"php-pdo_pgsql~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_sqlite\", rpm:\"php-pdo_sqlite~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-phar\", rpm:\"php-phar~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-posix\", rpm:\"php-posix~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-readline\", rpm:\"php-readline~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sasl\", rpm:\"php-sasl~0.1.0~28.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-session\", rpm:\"php-session~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-shmop\", rpm:\"php-shmop~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sockets\", rpm:\"php-sockets~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sqlite3\", rpm:\"php-sqlite3~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ssh2\", rpm:\"php-ssh2~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-suhosin\", rpm:\"php-suhosin~0.9.32.1~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sybase_ct\", rpm:\"php-sybase_ct~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvmsg\", rpm:\"php-sysvmsg~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvsem\", rpm:\"php-sysvsem~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvshm\", rpm:\"php-sysvshm~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tclink\", rpm:\"php-tclink~3.4.5~1.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-timezonedb\", rpm:\"php-timezonedb~2010.15~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tokenizer\", rpm:\"php-tokenizer~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-translit\", rpm:\"php-translit~0.6.0~10.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-vld\", rpm:\"php-vld~0.10.1~0.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-wddx\", rpm:\"php-wddx~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xattr\", rpm:\"php-xattr~1.1.0~9.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xdebug\", rpm:\"php-xdebug~2.1.0~0.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlreader\", rpm:\"php-xmlreader~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlwriter\", rpm:\"php-xmlwriter~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xsl\", rpm:\"php-xsl~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zip\", rpm:\"php-zip~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zlib\", rpm:\"php-zlib~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-22T13:06:18", "description": "Check for the Version of php", "cvss3": {}, "published": "2010-12-28T00:00:00", "type": "openvas", "title": "Mandriva Update for php MDVSA-2010:254 (php)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-7243", "CVE-2010-3436", "CVE-2010-3870", "CVE-2010-3709", "CVE-2010-3710", "CVE-2010-4150", "CVE-2010-4409"], "modified": "2018-01-22T00:00:00", "id": "OPENVAS:1361412562310831283", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831283", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for php MDVSA-2010:254 (php)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This is a maintenance and security update that upgrades php to 5.3.4\n for 2010.0/2010.1.\n\n Security Enhancements and Fixes in PHP 5.3.4:\n \n * Paths with NULL in them (foo\\0bar.txt) are now considered as invalid\n (CVE-2006-7243).\n * Fixed bug #53512 (NumberFormatter::setSymbol crash on bogus values)\n (CVE-2010-4409)\n \n Please note that CVE-2010-4150, CVE-2010-3870, CVE-2010-3436,\n CVE-2010-3709, CVE-2010-3710 were fixed in previous advisories.\n \n Key Bug Fixes in PHP 5.3.4 include:\n \n * Added stat support for zip stream.\n * Added follow_location (enabled by default) option for the http\n stream support.\n * Added a 3rd parameter to get_html_translation_table. It now takes\n a charset hint, like htmlentities et al.\n * Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect\n zend multibyte at runtime.\n * Multiple improvements to the FPM SAPI.\n * Over 100 other bug fixes.\n \n Additional post 5.3.4 fixes:\n \n * Fixed bug #53517 (segfault in pgsql_stmt_execute() when postgres\n is down).\n * Fixed bug #53541 (format string bug in ext/phar).\n \n Additionally some of the PECL extensions has been upgraded and/or\n rebuilt for the new php version.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"php on Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-12/msg00015.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831283\");\n script_version(\"$Revision: 8485 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 08:57:57 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-28 07:11:56 +0100 (Tue, 28 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:254\");\n script_cve_id(\"CVE-2006-7243\", \"CVE-2010-4409\", \"CVE-2010-4150\", \"CVE-2010-3870\", \"CVE-2010-3436\", \"CVE-2010-3709\", \"CVE-2010-3710\");\n script_name(\"Mandriva Update for php MDVSA-2010:254 (php)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-mod_php\", rpm:\"apache-mod_php~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-apc\", rpm:\"php-apc~3.1.6~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-apc-admin\", rpm:\"php-apc-admin~3.1.6~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bz2\", rpm:\"php-bz2~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-calendar\", rpm:\"php-calendar~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ctype\", rpm:\"php-ctype~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-curl\", rpm:\"php-curl~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-doc\", rpm:\"php-doc~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dom\", rpm:\"php-dom~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator\", rpm:\"php-eaccelerator~0.9.6.1~1.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator-admin\", rpm:\"php-eaccelerator-admin~0.9.6.1~1.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-enchant\", rpm:\"php-enchant~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-exif\", rpm:\"php-exif~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fileinfo\", rpm:\"php-fileinfo~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filter\", rpm:\"php-filter~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fpm\", rpm:\"php-fpm~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ftp\", rpm:\"php-ftp~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gearman\", rpm:\"php-gearman~0.7.0~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gettext\", rpm:\"php-gettext~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gmp\", rpm:\"php-gmp~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-hash\", rpm:\"php-hash~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-iconv\", rpm:\"php-iconv~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ini\", rpm:\"php-ini~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-intl\", rpm:\"php-intl~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-json\", rpm:\"php-json~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mailparse\", rpm:\"php-mailparse~2.1.5~8.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcal\", rpm:\"php-mcal~0.6~35.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcrypt\", rpm:\"php-mcrypt~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mssql\", rpm:\"php-mssql~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysqli\", rpm:\"php-mysqli~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-optimizer\", rpm:\"php-optimizer~0.1~0.alpha2.8.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pcntl\", rpm:\"php-pcntl~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_dblib\", rpm:\"php-pdo_dblib~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_mysql\", rpm:\"php-pdo_mysql~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_odbc\", rpm:\"php-pdo_odbc~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_pgsql\", rpm:\"php-pdo_pgsql~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_sqlite\", rpm:\"php-pdo_sqlite~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-phar\", rpm:\"php-phar~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pinba\", rpm:\"php-pinba~0.0.5~2.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-posix\", rpm:\"php-posix~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-readline\", rpm:\"php-readline~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sasl\", rpm:\"php-sasl~0.1.0~33.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-session\", rpm:\"php-session~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-shmop\", rpm:\"php-shmop~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sockets\", rpm:\"php-sockets~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sphinx\", rpm:\"php-sphinx~1.0.4~2.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sqlite3\", rpm:\"php-sqlite3~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ssh2\", rpm:\"php-ssh2~0.11.2~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-suhosin\", rpm:\"php-suhosin~0.9.32.1~0.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sybase_ct\", rpm:\"php-sybase_ct~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvmsg\", rpm:\"php-sysvmsg~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvsem\", rpm:\"php-sysvsem~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvshm\", rpm:\"php-sysvshm~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tclink\", rpm:\"php-tclink~3.4.5~7.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-timezonedb\", rpm:\"php-timezonedb~2010.15~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tokenizer\", rpm:\"php-tokenizer~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-translit\", rpm:\"php-translit~0.6.0~15.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-vld\", rpm:\"php-vld~0.10.1~1.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-wddx\", rpm:\"php-wddx~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xattr\", rpm:\"php-xattr~1.1.0~13.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xdebug\", rpm:\"php-xdebug~2.1.0~0.3mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlreader\", rpm:\"php-xmlreader~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlwriter\", rpm:\"php-xmlwriter~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xsl\", rpm:\"php-xsl~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zip\", rpm:\"php-zip~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zlib\", rpm:\"php-zlib~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.3.4~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-mod_php\", rpm:\"apache-mod_php~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-apc\", rpm:\"php-apc~3.1.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-apc-admin\", rpm:\"php-apc-admin~3.1.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bz2\", rpm:\"php-bz2~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-calendar\", rpm:\"php-calendar~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ctype\", rpm:\"php-ctype~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-curl\", rpm:\"php-curl~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dio\", rpm:\"php-dio~0.0.2~6.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-doc\", rpm:\"php-doc~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dom\", rpm:\"php-dom~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator\", rpm:\"php-eaccelerator~0.9.6.1~0.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator-admin\", rpm:\"php-eaccelerator-admin~0.9.6.1~0.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-enchant\", rpm:\"php-enchant~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-exif\", rpm:\"php-exif~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fam\", rpm:\"php-fam~5.0.1~10.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fileinfo\", rpm:\"php-fileinfo~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filepro\", rpm:\"php-filepro~5.1.6~20.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filter\", rpm:\"php-filter~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fpm\", rpm:\"php-fpm~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ftp\", rpm:\"php-ftp~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gettext\", rpm:\"php-gettext~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gmp\", rpm:\"php-gmp~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-hash\", rpm:\"php-hash~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-iconv\", rpm:\"php-iconv~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-idn\", rpm:\"php-idn~1.2b~18.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ini\", rpm:\"php-ini~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-intl\", rpm:\"php-intl~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-json\", rpm:\"php-json~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mailparse\", rpm:\"php-mailparse~2.1.5~3.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcal\", rpm:\"php-mcal~0.6~30.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcrypt\", rpm:\"php-mcrypt~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mssql\", rpm:\"php-mssql~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysqli\", rpm:\"php-mysqli~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-optimizer\", rpm:\"php-optimizer~0.1~0.alpha2.3.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pcntl\", rpm:\"php-pcntl~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_dblib\", rpm:\"php-pdo_dblib~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_mysql\", rpm:\"php-pdo_mysql~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_odbc\", rpm:\"php-pdo_odbc~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_pgsql\", rpm:\"php-pdo_pgsql~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_sqlite\", rpm:\"php-pdo_sqlite~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-phar\", rpm:\"php-phar~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-posix\", rpm:\"php-posix~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-readline\", rpm:\"php-readline~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sasl\", rpm:\"php-sasl~0.1.0~28.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-session\", rpm:\"php-session~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-shmop\", rpm:\"php-shmop~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sockets\", rpm:\"php-sockets~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sqlite3\", rpm:\"php-sqlite3~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ssh2\", rpm:\"php-ssh2~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-suhosin\", rpm:\"php-suhosin~0.9.32.1~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sybase_ct\", rpm:\"php-sybase_ct~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvmsg\", rpm:\"php-sysvmsg~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvsem\", rpm:\"php-sysvsem~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvshm\", rpm:\"php-sysvshm~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tclink\", rpm:\"php-tclink~3.4.5~1.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-timezonedb\", rpm:\"php-timezonedb~2010.15~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tokenizer\", rpm:\"php-tokenizer~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-translit\", rpm:\"php-translit~0.6.0~10.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-vld\", rpm:\"php-vld~0.10.1~0.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-wddx\", rpm:\"php-wddx~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xattr\", rpm:\"php-xattr~1.1.0~9.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xdebug\", rpm:\"php-xdebug~2.1.0~0.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlreader\", rpm:\"php-xmlreader~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlwriter\", rpm:\"php-xmlwriter~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xsl\", rpm:\"php-xsl~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zip\", rpm:\"php-zip~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zlib\", rpm:\"php-zlib~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.3.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-09-23T15:15:20", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1042-1", "cvss3": {}, "published": "2011-01-14T00:00:00", "type": "openvas", "title": "Ubuntu Update for php5 vulnerabilities USN-1042-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4645", "CVE-2010-3436", "CVE-2010-3870", "CVE-2010-3709", "CVE-2009-5016", "CVE-2010-4156", "CVE-2010-3710", "CVE-2010-4409"], "modified": "2019-09-16T00:00:00", "id": "OPENVAS:1361412562310840564", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840564", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for php5 vulnerabilities USN-1042-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1042-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840564\");\n script_version(\"2019-09-16T06:54:58+0000\");\n script_tag(name:\"last_modification\", value:\"2019-09-16 06:54:58 +0000 (Mon, 16 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2011-01-14 16:07:43 +0100 (Fri, 14 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"USN\", value:\"1042-1\");\n script_cve_id(\"CVE-2009-5016\", \"CVE-2010-3436\", \"CVE-2010-3709\", \"CVE-2010-3710\", \"CVE-2010-3870\", \"CVE-2010-4156\", \"CVE-2010-4409\", \"CVE-2010-4645\");\n script_name(\"Ubuntu Update for php5 vulnerabilities USN-1042-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(9\\.10|6\\.06 LTS|10\\.04 LTS|8\\.04 LTS|10\\.10)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1042-1\");\n script_tag(name:\"affected\", value:\"php5 vulnerabilities on Ubuntu 6.06 LTS,\n Ubuntu 8.04 LTS,\n Ubuntu 9.10,\n Ubuntu 10.04 LTS,\n Ubuntu 10.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that an integer overflow in the XML UTF-8 decoding\n code could allow an attacker to bypass cross-site scripting (XSS)\n protections. This issue only affected Ubuntu 6.06 LTS, Ubuntu 8.04 LTS,\n and Ubuntu 9.10. (CVE-2009-5016)\n\n It was discovered that the XML UTF-8 decoding code did not properly\n handle non-shortest form UTF-8 encoding and ill-formed subsequences\n in UTF-8 data, which could allow an attacker to bypass cross-site\n scripting (XSS) protections. (CVE-2010-3870)\n\n It was discovered that attackers might be able to bypass open_basedir()\n restrictions by passing a specially crafted filename. (CVE-2010-3436)\n\n Maksymilian Arciemowicz discovered that a NULL pointer dereference in the\n ZIP archive handling code could allow an attacker to cause a denial\n of service through a specially crafted ZIP archive. This issue only\n affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, and Ubuntu\n 10.10. (CVE-2010-3709)\n\n It was discovered that a stack consumption vulnerability in the\n filter_var() PHP function when in FILTER_VALIDATE_EMAIL mode, could\n allow a remote attacker to cause a denial of service. This issue\n only affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, and\n Ubuntu 10.10. (CVE-2010-3710)\n\n It was discovered that the mb_strcut function in the Libmbfl\n library within PHP could allow an attacker to read arbitrary memory\n within the application process. This issue only affected Ubuntu\n 10.10. (CVE-2010-4156)\n\n Maksymilian Arciemowicz discovered that an integer overflow in the\n NumberFormatter::getSymbol function could allow an attacker to cause\n a denial of service. This issue only affected Ubuntu 10.04 LTS and\n Ubuntu 10.10. (CVE-2010-4409)\n\n Rick Regan discovered that when handing PHP textual representations\n of the largest subnormal double-precision floating-point number,\n the zend_strtod function could go into an infinite loop on 32bit\n x86 processors, allowing an attacker to cause a denial of service.\n (CVE-2010-4645)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.2.10.dfsg.1-2ubuntu6.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.2.10.dfsg.1-2ubuntu6.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.2.10.dfsg.1-2ubuntu6.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.2.10.dfsg.1-2ubuntu6.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.2.10.dfsg.1-2ubuntu6.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.2.10.dfsg.1-2ubuntu6.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.2.10.dfsg.1-2ubuntu6.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.2.10.dfsg.1-2ubuntu6.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.2.10.dfsg.1-2ubuntu6.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.2.10.dfsg.1-2ubuntu6.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mhash\", ver:\"5.2.10.dfsg.1-2ubuntu6.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.2.10.dfsg.1-2ubuntu6.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.2.10.dfsg.1-2ubuntu6.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.2.10.dfsg.1-2ubuntu6.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.2.10.dfsg.1-2ubuntu6.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.2.10.dfsg.1-2ubuntu6.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.2.10.dfsg.1-2ubuntu6.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.2.10.dfsg.1-2ubuntu6.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.2.10.dfsg.1-2ubuntu6.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.2.10.dfsg.1-2ubuntu6.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.2.10.dfsg.1-2ubuntu6.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.2.10.dfsg.1-2ubuntu6.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.2.10.dfsg.1-2ubuntu6.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.2.10.dfsg.1-2ubuntu6.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.2.10.dfsg.1-2ubuntu6.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.1.2-1ubuntu3.20\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.1.2-1ubuntu3.20\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.1.2-1ubuntu3.20\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.1.2-1ubuntu3.20\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.1.2-1ubuntu3.20\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.1.2-1ubuntu3.20\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.1.2-1ubuntu3.20\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.1.2-1ubuntu3.20\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mhash\", ver:\"5.1.2-1ubuntu3.20\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.1.2-1ubuntu3.20\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysqli\", ver:\"5.1.2-1ubuntu3.20\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.1.2-1ubuntu3.20\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.1.2-1ubuntu3.20\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.1.2-1ubuntu3.20\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.1.2-1ubuntu3.20\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.1.2-1ubuntu3.20\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.1.2-1ubuntu3.20\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.1.2-1ubuntu3.20\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.1.2-1ubuntu3.20\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.1.2-1ubuntu3.20\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.1.2-1ubuntu3.20\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.2-1ubuntu4.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.2-1ubuntu4.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.2-1ubuntu4.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.2-1ubuntu4.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.3.2-1ubuntu4.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.3.2-1ubuntu4.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.3.2-1ubuntu4.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.3.2-1ubuntu4.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.3.2-1ubuntu4.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.3.2-1ubuntu4.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.3.2-1ubuntu4.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.3.2-1ubuntu4.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.3.2-1ubuntu4.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.3.2-1ubuntu4.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.3.2-1ubuntu4.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.3.2-1ubuntu4.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.3.2-1ubuntu4.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.3.2-1ubuntu4.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.3.2-1ubuntu4.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.3.2-1ubuntu4.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.3.2-1ubuntu4.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.3.2-1ubuntu4.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.3.2-1ubuntu4.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.3.2-1ubuntu4.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.3.2-1ubuntu4.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.2-1ubuntu4.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.2.4-2ubuntu5.13\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.2.4-2ubuntu5.13\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.2.4-2ubuntu5.13\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.2.4-2ubuntu5.13\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.2.4-2ubuntu5.13\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.2.4-2ubuntu5.13\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.2.4-2ubuntu5.13\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.2.4-2ubuntu5.13\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.2.4-2ubuntu5.13\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mhash\", ver:\"5.2.4-2ubuntu5.13\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.2.4-2ubuntu5.13\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.2.4-2ubuntu5.13\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.2.4-2ubuntu5.13\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.2.4-2ubuntu5.13\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.2.4-2ubuntu5.13\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.2.4-2ubuntu5.13\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.2.4-2ubuntu5.13\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.2.4-2ubuntu5.13\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.2.4-2ubuntu5.13\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.2.4-2ubuntu5.13\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.2.4-2ubuntu5.13\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.2.4-2ubuntu5.13\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.2.4-2ubuntu5.13\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.3-1ubuntu9.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.3-1ubuntu9.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.3-1ubuntu9.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.3-1ubuntu9.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.3.3-1ubuntu9.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.3.3-1ubuntu9.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.3.3-1ubuntu9.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.3.3-1ubuntu9.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.3.3-1ubuntu9.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.3.3-1ubuntu9.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.3.3-1ubuntu9.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.3.3-1ubuntu9.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.3.3-1ubuntu9.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.3.3-1ubuntu9.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.3.3-1ubuntu9.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.3.3-1ubuntu9.2\", rls:\"UBUNTU10.10\")) != NUL