Lucene search
This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2016-1504-1.NASLHistoryJan 02, 2019 - 12:00 a.m.
SUSE SLES12 Security Update : php5 (SUSE-SU-2016:1504-1)
2019-01-0200:00:00
This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
30
This update for php5 fixes the following issues :
Security issues fixed :
-
CVE-2016-4346: heap overflow in ext/standard/string.c (bsc#977994)
-
CVE-2016-4342: heap corruption in tar/zip/phar parser (bsc#977991)
-
CVE-2016-4537, CVE-2016-4538: bcpowmod accepts negative scale causing heap buffer overflow corrupting one definition (bsc#978827)
-
CVE-2016-4539: Malformed input causes segmentation fault in xml_parse_into_struct() function (bsc#978828)
-
CVE-2016-4540, CVE-2016-4541: Out-of-bounds memory read in zif_grapheme_stripos when given negative offset (bsc#978829)
-
CVE-2016-4542, CVE-2016-4543, CVE-2016-4544:
Out-of-bounds heap memory read in exif_read_data() caused by malformed input (bsc#978830) -
CVE-2015-4116: Use-after-free vulnerability in the spl_ptr_heap_insert function (bsc#980366)
-
CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions.c (bsc#980373)
-
CVE-2015-8874: Stack consumption vulnerability in GD (bsc#980375)
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2016:1504-1.
# The text itself is copyright (C) SUSE.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(119978);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/24");
script_cve_id(
"CVE-2015-4116",
"CVE-2015-8873",
"CVE-2015-8874",
"CVE-2016-4342",
"CVE-2016-4346",
"CVE-2016-4537",
"CVE-2016-4538",
"CVE-2016-4539",
"CVE-2016-4540",
"CVE-2016-4541",
"CVE-2016-4542",
"CVE-2016-4543",
"CVE-2016-4544"
);
script_name(english:"SUSE SLES12 Security Update : php5 (SUSE-SU-2016:1504-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"This update for php5 fixes the following issues :
Security issues fixed :
- CVE-2016-4346: heap overflow in ext/standard/string.c
(bsc#977994)
- CVE-2016-4342: heap corruption in tar/zip/phar parser
(bsc#977991)
- CVE-2016-4537, CVE-2016-4538: bcpowmod accepts negative
scale causing heap buffer overflow corrupting _one_
definition (bsc#978827)
- CVE-2016-4539: Malformed input causes segmentation fault
in xml_parse_into_struct() function (bsc#978828)
- CVE-2016-4540, CVE-2016-4541: Out-of-bounds memory read
in zif_grapheme_stripos when given negative offset
(bsc#978829)
- CVE-2016-4542, CVE-2016-4543, CVE-2016-4544:
Out-of-bounds heap memory read in exif_read_data()
caused by malformed input (bsc#978830)
- CVE-2015-4116: Use-after-free vulnerability in the
spl_ptr_heap_insert function (bsc#980366)
- CVE-2015-8873: Stack consumption vulnerability in
Zend/zend_exceptions.c (bsc#980373)
- CVE-2015-8874: Stack consumption vulnerability in GD
(bsc#980375)
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=977991");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=977994");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=978827");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=978828");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=978829");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=978830");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=980366");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=980373");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=980375");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-4116/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-8873/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-8874/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-4342/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-4346/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-4537/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-4538/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-4539/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-4540/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-4541/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-4542/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-4543/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-4544/");
# https://www.suse.com/support/update/announcement/2016/suse-su-20161504-1/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?380a5b59");
script_set_attribute(attribute:"solution", value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Software Development Kit 12-SP1 :
zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-895=1
SUSE Linux Enterprise Software Development Kit 12 :
zypper in -t patch SUSE-SLE-SDK-12-2016-895=1
SUSE Linux Enterprise Module for Web Scripting 12 :
zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-895=1
To bring your system up-to-date, use 'zypper patch'.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-4342");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2016-4544");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/16");
script_set_attribute(attribute:"patch_publication_date", value:"2016/06/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/02");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php5-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bcmath");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bcmath-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bz2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bz2-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-calendar");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-calendar-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ctype");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ctype-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-curl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-curl-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dba");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dba-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dom");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dom-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-enchant");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-enchant-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-exif");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-exif-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fastcgi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fastcgi-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fileinfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fileinfo-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fpm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fpm-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ftp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ftp-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gd-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gettext");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gettext-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gmp-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-iconv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-iconv-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-intl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-intl-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-json");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-json-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ldap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ldap-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mbstring");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mbstring-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mcrypt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mcrypt-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mysql-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-odbc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-odbc-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-opcache");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-opcache-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-openssl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-openssl-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pcntl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pcntl-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pdo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pdo-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pgsql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pgsql-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-phar");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-phar-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-posix");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-posix-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pspell");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pspell-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-shmop");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-shmop-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-snmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-snmp-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-soap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-soap-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sockets");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sockets-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sqlite");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sqlite-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-suhosin");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-suhosin-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvmsg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvmsg-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvsem");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvsem-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvshm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvshm-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-tokenizer");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-tokenizer-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-wddx");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-wddx-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlreader");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlreader-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlrpc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlrpc-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlwriter");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlwriter-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xsl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xsl-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zip");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zip-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zlib");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zlib-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES12", sp:"0", reference:"apache2-mod_php5-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"apache2-mod_php5-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bcmath-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bcmath-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bz2-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bz2-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-calendar-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-calendar-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ctype-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ctype-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-curl-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-curl-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dba-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dba-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-debugsource-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dom-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dom-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-enchant-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-enchant-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-exif-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-exif-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fastcgi-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fastcgi-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fileinfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fileinfo-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fpm-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fpm-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ftp-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ftp-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gd-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gd-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gettext-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gettext-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gmp-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gmp-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-iconv-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-iconv-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-intl-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-intl-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-json-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-json-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ldap-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ldap-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mbstring-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mbstring-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mcrypt-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mcrypt-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mysql-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mysql-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-odbc-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-odbc-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-opcache-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-opcache-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-openssl-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-openssl-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pcntl-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pcntl-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pdo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pdo-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pgsql-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pgsql-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-phar-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-phar-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-posix-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-posix-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pspell-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pspell-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-shmop-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-shmop-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-snmp-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-snmp-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-soap-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-soap-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sockets-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sockets-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sqlite-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sqlite-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-suhosin-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-suhosin-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvmsg-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvmsg-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvsem-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvsem-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvshm-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvshm-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-tokenizer-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-tokenizer-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-wddx-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-wddx-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlreader-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlreader-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlrpc-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlrpc-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlwriter-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlwriter-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xsl-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xsl-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zip-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zip-debuginfo-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zlib-5.5.14-59.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zlib-debuginfo-5.5.14-59.2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php5");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | suse_linux | php5-intl | p-cpe:/a:novell:suse_linux:php5-intl |
| novell | suse_linux | php5-intl-debuginfo | p-cpe:/a:novell:suse_linux:php5-intl-debuginfo |
| novell | suse_linux | php5-json | p-cpe:/a:novell:suse_linux:php5-json |
| novell | suse_linux | php5-json-debuginfo | p-cpe:/a:novell:suse_linux:php5-json-debuginfo |
| novell | suse_linux | php5-ldap | p-cpe:/a:novell:suse_linux:php5-ldap |
| novell | suse_linux | php5-ldap-debuginfo | p-cpe:/a:novell:suse_linux:php5-ldap-debuginfo |
| novell | suse_linux | php5-mbstring | p-cpe:/a:novell:suse_linux:php5-mbstring |
| novell | suse_linux | php5-mbstring-debuginfo | p-cpe:/a:novell:suse_linux:php5-mbstring-debuginfo |
| novell | suse_linux | php5-mcrypt | p-cpe:/a:novell:suse_linux:php5-mcrypt |
| novell | suse_linux | php5-mcrypt-debuginfo | p-cpe:/a:novell:suse_linux:php5-mcrypt-debuginfo |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4116
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8873
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8874
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4342
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4346
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4537
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4538
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4539
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4540
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4541
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4542
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4543
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4544
www.nessus.org/u?380a5b59
bugzilla.suse.com/show_bug.cgi?id=977991
bugzilla.suse.com/show_bug.cgi?id=977994
bugzilla.suse.com/show_bug.cgi?id=978827
bugzilla.suse.com/show_bug.cgi?id=978828
bugzilla.suse.com/show_bug.cgi?id=978829
bugzilla.suse.com/show_bug.cgi?id=978830
bugzilla.suse.com/show_bug.cgi?id=980366
bugzilla.suse.com/show_bug.cgi?id=980373
bugzilla.suse.com/show_bug.cgi?id=980375
www.suse.com/security/cve/CVE-2015-4116/
www.suse.com/security/cve/CVE-2015-8873/
www.suse.com/security/cve/CVE-2015-8874/
www.suse.com/security/cve/CVE-2016-4342/
www.suse.com/security/cve/CVE-2016-4346/
www.suse.com/security/cve/CVE-2016-4537/
www.suse.com/security/cve/CVE-2016-4538/
www.suse.com/security/cve/CVE-2016-4539/
www.suse.com/security/cve/CVE-2016-4540/
www.suse.com/security/cve/CVE-2016-4541/
www.suse.com/security/cve/CVE-2016-4542/
www.suse.com/security/cve/CVE-2016-4543/
www.suse.com/security/cve/CVE-2016-4544/
Related
nessus
nessus
openSUSE Security Update : php5 (openSUSE-2016-696)
2016-06-09 00:00:00
Fedora 24 : php-5.6.21-1.fc24 (2016-f4e73663f4)
2016-05-09 00:00:00
openSUSE Security Update : libqt5-qtbase (openSUSE-2016-613)
2016-03-03 00:00:00
openvas
openvas
Fedora Update for php FEDORA-2016-e205218629
2016-06-08 00:00:00
PHP Multiple Vulnerabilities - 03 - Jul16 (Windows)
2016-07-14 00:00:00
PHP Multiple Vulnerabilities - 03 - Jul16 (Linux)
2016-07-14 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: php-5.6.21-1.fc22
2016-05-12 07:24:40
[SECURITY] Fedora 24 Update: php-5.6.21-1.fc24
2016-05-07 12:29:10
[SECURITY] Fedora 23 Update: gd-2.1.1-8.fc23
2016-07-18 21:03:22
f5
f5
SOL24734336 - PHP vulnerabilities CVE-2016-4542, CVE-2016-4543, and CVE-2016-4544
2016-05-23 00:00:00
K81081046 : PHP vulnerabilities CVE-2016-4537 and CVE-2016-4538
2016-05-23 00:00:00
debian
debian
[SECURITY] [DSA 3602-1] php5 security update
2016-06-14 15:43:55
[SECURITY] [DSA 3602-1] php5 security update
2016-06-14 15:43:55
[SECURITY] [DLA 499-1] php5 security update
2016-05-31 20:07:56
ubuntu
ubuntu
PHP vulnerabilities
2016-05-24 00:00:00
suse
suse
Security update for php53 (important)
2016-06-14 20:07:58
Security update for php5 (important)
2016-06-11 14:14:42
Security update for php53 (important)
2016-06-21 13:08:17
ubuntucve
ubuntucve
osv
osv
php5 - security update
2016-05-31 00:00:00
CVE-2015-8874
2016-05-16 10:59:00
libgd2 - security update
2016-05-19 00:00:00
prion
prion
Design/Logic Flaw
2016-05-16 10:59:00
Stack overflow
2016-05-16 10:59:00
Design/Logic Flaw
2016-05-16 10:59:00
cve
cve
alpinelinux
alpinelinux
CVE-2015-8874
2016-05-16 10:59:00
mageia
mageia
Updated libgd packages fix CVE-2015-8874
2016-05-22 01:11:24
Updated libgd packages fix security vulnerability
2016-07-05 18:47:08
debiancve
debiancve
hackerone
hackerone
Internet Bug Bounty: CVE-2015-8874 Stack overflow with imagefilltoborder
2016-06-24 03:40:50
veracode
veracode
Denial Of Service (DoS)
2019-05-02 06:02:21
Denial Of Service (DoS)
2019-05-02 06:02:22
Denial Of Service (DoS)
2018-06-27 07:31:32
htbridge
htbridge
Use-After-Free in PHP
2015-05-20 00:00:00
seebug
seebug
PHP 'ext/phar/phar_object. c' heap overflow vulnerability, CVE-2016-4342)
2016-11-18 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2016-11-30 00:00:00
ibm
ibm
Related for SUSE_SU-2016-1504-1.NASL