Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2017-1585-1.NASL
HistoryJun 19, 2017 - 12:00 a.m.

SUSE SLES11 Security Update : php53 (SUSE-SU-2017:1585-1)

2017-06-1900:00:00
This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
29
JSON

This update for php53 fixes the following issues: This security issue was fixed :

  • CVE-2017-7272: PHP enabled potential SSRF in applications that accept an fsockopen hostname argument with an expectation that the port number is constrained.
    Because a :port syntax was recognized, fsockopen used the port number that is specified in the hostname argument, instead of the port number in the second argument of the function (bsc#1031246)

  • CVE-2016-6294: The locale_accept_from_http function in ext/intl/locale/locale_methods.c did not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument (bsc#1035111).

  • CVE-2017-9227: An issue was discovered in Oniguruma 6.2.0, as used in mbstring in PHP. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer. (bsc#1040883)

  • CVE-2017-9226: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in mbstring in PHP. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation.
    Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of ‘\700’ would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption. (bsc#1040889)

  • CVE-2017-9224: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in mbstring in PHP. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.
    (bsc#1040891)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2017:1585-1.
# The text itself is copyright (C) SUSE.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(100866);
  script_version("3.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2016-6294", "CVE-2017-7272", "CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227");

  script_name(english:"SUSE SLES11 Security Update : php53 (SUSE-SU-2017:1585-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for php53 fixes the following issues: This security issue
was fixed :

  - CVE-2017-7272: PHP enabled potential SSRF in
    applications that accept an fsockopen hostname argument
    with an expectation that the port number is constrained.
    Because a :port syntax was recognized, fsockopen used
    the port number that is specified in the hostname
    argument, instead of the port number in the second
    argument of the function (bsc#1031246)

  - CVE-2016-6294: The locale_accept_from_http function in
    ext/intl/locale/locale_methods.c did not properly
    restrict calls to the ICU uloc_acceptLanguageFromHTTP
    function, which allowed remote attackers to cause a
    denial of service (out-of-bounds read) or possibly have
    unspecified other impact via a call with a long argument
    (bsc#1035111).

  - CVE-2017-9227: An issue was discovered in Oniguruma
    6.2.0, as used in mbstring in PHP. A stack out-of-bounds
    read occurs in mbc_enc_len() during regular expression
    searching. Invalid handling of reg->dmin in
    forward_search_range() could result in an invalid
    pointer dereference, as an out-of-bounds read from a
    stack buffer. (bsc#1040883)

  - CVE-2017-9226: An issue was discovered in Oniguruma
    6.2.0, as used in Oniguruma-mod in mbstring in PHP. A
    heap out-of-bounds write or read occurs in
    next_state_val() during regular expression compilation.
    Octal numbers larger than 0xff are not handled correctly
    in fetch_token() and fetch_token_in_cc(). A malformed
    regular expression containing an octal number in the
    form of '\700' would produce an invalid code point value
    larger than 0xff in next_state_val(), resulting in an
    out-of-bounds write memory corruption. (bsc#1040889)

  - CVE-2017-9224: An issue was discovered in Oniguruma
    6.2.0, as used in Oniguruma-mod in mbstring in PHP. A
    stack out-of-bounds read occurs in match_at() during
    regular expression searching. A logical error involving
    order of validation and access in match_at() could
    result in an out-of-bounds read from a stack buffer.
    (bsc#1040891)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1031246"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1035111"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1040883"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1040889"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1040891"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-6294/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-7272/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-9224/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-9226/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-9227/"
  );
  # https://www.suse.com/support/update/announcement/2017/suse-su-20171585-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?52357544"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t
patch sdksp4-php53-13151=1

SUSE Linux Enterprise Server 11-SP4:zypper in -t patch
slessp4-php53-13151=1

SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch
dbgsp4-php53-13151=1

To bring your system up-to-date, use 'zypper patch'."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php53");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-bz2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-calendar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-ctype");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-curl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-dom");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-exif");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-fastcgi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-fileinfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-ftp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-gettext");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-gmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-iconv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-json");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-mcrypt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-openssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pcntl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pear");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pspell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-shmop");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-suhosin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-sysvmsg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-sysvsem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-sysvshm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-tokenizer");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-wddx");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-xmlreader");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-xmlwriter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-xsl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-zip");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-zlib");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/07/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/06/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/06/19");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES11", sp:"4", reference:"apache2-mod_php53-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-bcmath-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-bz2-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-calendar-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-ctype-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-curl-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-dba-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-dom-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-exif-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-fastcgi-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-fileinfo-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-ftp-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-gd-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-gettext-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-gmp-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-iconv-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-intl-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-json-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-ldap-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-mbstring-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-mcrypt-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-mysql-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-odbc-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-openssl-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-pcntl-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-pdo-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-pear-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-pgsql-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-pspell-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-shmop-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-snmp-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-soap-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-suhosin-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-sysvmsg-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-sysvsem-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-sysvshm-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-tokenizer-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-wddx-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-xmlreader-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-xmlrpc-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-xmlwriter-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-xsl-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-zip-5.3.17-108.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"php53-zlib-5.3.17-108.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php53");
}
VendorProductVersionCPE
novellsuse_linuxapache2-mod_php53p-cpe:/a:novell:suse_linux:apache2-mod_php53
novellsuse_linuxphp53p-cpe:/a:novell:suse_linux:php53
novellsuse_linuxphp53-bcmathp-cpe:/a:novell:suse_linux:php53-bcmath
novellsuse_linuxphp53-bz2p-cpe:/a:novell:suse_linux:php53-bz2
novellsuse_linuxphp53-calendarp-cpe:/a:novell:suse_linux:php53-calendar
novellsuse_linuxphp53-ctypep-cpe:/a:novell:suse_linux:php53-ctype
novellsuse_linuxphp53-curlp-cpe:/a:novell:suse_linux:php53-curl
novellsuse_linuxphp53-dbap-cpe:/a:novell:suse_linux:php53-dba
novellsuse_linuxphp53-domp-cpe:/a:novell:suse_linux:php53-dom
novellsuse_linuxphp53-exifp-cpe:/a:novell:suse_linux:php53-exif
Rows per page:
1-10 of 461

Related

openvas 42
nessus 61
ibm 5
freebsd 2
osv 7
slackware 1
fedora 7
hackerone 1
amazon 7
debian 5
mageia 2
altlinux 1
redhatcve 5
prion 5
debiancve 5
suse 1
seebug 1
packetstorm 1
ubuntucve 6
cve 5
alpinelinux 3
veracode 7
checkpoint_advisories 1
f5 6
ubuntu 3
photon 1
redhat 1
rosalinux 2
cloudlinux 1
cloudfoundry 1
gentoo 1
apple 2
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2017:1585-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:1662-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:1717-1)
2021-06-09 00:00:00
nessus
nessus
SUSE SLES12 Security Update : php5 (SUSE-SU-2017:1662-1)
2019-01-02 00:00:00
openSUSE Security Update : php5 (openSUSE-2017-764)
2017-07-05 00:00:00
openSUSE Security Update : php7 (openSUSE-2017-790)
2017-07-07 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in php5 affect IBM Flex System Manager (FSM) (CVE-2017-9227, CVE-2017-9226 CVE-2017-9224)
2018-06-18 01:38:12
Security Bulletin: Vulnerabilities in php53 affect IBM BladeCenter Advanced Management Module (AMM) (CVE-2017-9227, CVE-2017-9226, CVE-2017-9224)
2023-04-14 14:32:25
Security Bulletin: Vulnerabilities in PHP affect IBM Chassis Management Module (CVE-2017-9227, CVE-2017-9226, CVE-2017-9224)
2019-01-31 02:25:02
freebsd
freebsd
oniguruma -- multiple vulnerabilities
2017-07-06 00:00:00
php -- multiple vulnerabilities
2016-07-21 00:00:00
osv
osv
libonig - security update
2017-05-28 00:00:00
CVE-2017-7272
2017-03-27 17:59:00
CVE-2017-9227
2017-05-24 15:29:00
slackware
slackware
[slackware-security] php
2017-07-08 00:39:45
fedora
fedora
[SECURITY] Fedora 24 Update: php-5.6.31-1.fc24
2017-07-19 01:49:32
[SECURITY] Fedora 26 Update: php-7.1.7-1.fc26
2017-07-18 22:25:50
[SECURITY] Fedora 24 Update: oniguruma-5.9.6-4.fc24
2017-06-10 10:23:48
hackerone
hackerone
Internet Bug Bounty: PHP mbstring / Oniguruma multiple remote heap/stack corruptions
2017-06-08 06:55:30
amazon
amazon
Medium: php56
2017-08-17 18:16:00
Medium: php70
2017-08-03 20:38:00
Important: oniguruma
2023-10-12 15:09:00
debian
debian
[SECURITY] [DLA 958-1] libonig security update
2017-05-28 13:46:37
[SECURITY] [DLA 1490-1] php5 security update
2018-09-01 13:12:11
[SECURITY] [DLA 875-1] php5 security update
2017-03-27 23:05:29
mageia
mageia
Updated php and libgd packages fix security vulnerabilities
2017-08-08 01:16:24
Updated php/xmlrpc-epi/timezone packages fix security vulnerability
2016-07-27 00:59:16
altlinux
altlinux
Security fix for the ALT Linux 8 package oniguruma version 6.4.0-alt1
2017-07-12 00:00:00
redhatcve
redhatcve
CVE-2017-7272
2017-03-31 09:48:04
CVE-2016-6294
2016-07-25 13:48:29
CVE-2017-9226
2017-06-30 11:21:15
prion
prion
Design/Logic Flaw
2017-03-27 17:59:00
Out-of-bounds
2016-07-25 14:59:00
Stack overflow
2017-05-24 15:29:00
debiancve
debiancve
CVE-2017-9226
2017-05-24 15:29:00
CVE-2017-7272
2017-03-27 17:59:00
CVE-2016-6294
2016-07-25 14:59:00
suse
suse
Security update for php53 (important)
2017-06-28 18:11:15
seebug
seebug
PHP Server Side Request Forgery Security Bypass Vulnerability(CVE-2017-7272)
2017-04-06 00:00:00
packetstorm
packetstorm
PHP 7.1.2 fsockopen Misbehavior
2017-04-03 00:00:00
ubuntucve
ubuntucve
CVE-2017-7272
2017-03-27 00:00:00
CVE-2016-6294
2016-07-25 00:00:00
CVE-2017-9226
2017-05-24 00:00:00
cve
cve
CVE-2016-6294
2016-07-25 14:59:00
CVE-2017-7272
2017-03-27 17:59:00
CVE-2017-9227
2017-05-24 15:29:00
alpinelinux
alpinelinux
CVE-2017-9224
2017-05-24 15:29:00
CVE-2017-9227
2017-05-24 15:29:00
CVE-2017-9226
2017-05-24 15:29:00
veracode
veracode
Out-Of-Bounds Read
2019-05-16 02:59:59
Out-of-Bounds Write
2019-05-16 02:59:59
Out-Of-Bounds Read
2019-05-16 02:59:59
checkpoint_advisories
checkpoint_advisories
Oniguruma Project Memory Corruption (CVE-2017-9226)
2020-09-24 00:00:00
f5
f5
K61164061 : PHP vulnerability CVE-2017-9227
2017-07-24 00:00:00
K34551175 : PHP vulnerability CVE-2017-9224
2017-07-21 00:00:00
PHP vulnerabilities CVE-2017-9226 and CVE-2017-7890
2017-08-08 00:03:00
ubuntu
ubuntu
PHP vulnerabilities
2017-12-18 00:00:00
PHP vulnerabilities
2017-08-10 00:00:00
PHP vulnerabilities
2016-08-02 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2017-0021
2017-06-22 00:00:00
redhat
redhat
(RHSA-2018:1296) Moderate: rh-php70-php security, bug fix, and enhancement update
2018-05-03 03:21:11
rosalinux
rosalinux
Advisory ROSA-SA-2021-1966
2021-07-02 18:06:34
Advisory ROSA-SA-2021-1950
2021-07-02 17:57:45
cloudlinux
cloudlinux
Fix of 227 CVE
2020-10-15 12:00:00
cloudfoundry
cloudfoundry
USN-3045-1 PHP vulnerabilities | Cloud Foundry
2016-09-09 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2016-11-30 00:00:00
apple
apple
About the security content of macOS Sierra 10.12 - Apple Support
2017-01-23 05:36:06
About the security content of macOS Sierra 10.12
2016-09-20 00:00:00
JSON
Related for SUSE_SU-2017-1585-1.NASL
openvas42nessus61ibm5freebsd2osv7slackware1fedora7hackerone1amazon7debian5mageia2altlinux1redhatcve5prion5debiancve5suse1seebug1packetstorm1ubuntucve6cve5alpinelinux3veracode7checkpoint_advisories1f56ubuntu3photon1redhat1rosalinux2cloudlinux1cloudfoundry1gentoo1apple2