Lucene search
Copyright (C) 2015 Greenbone Networks GmbHOPENVAS:1361412562310850787HistoryOct 13, 2015 - 12:00 a.m.
SUSE: Security Advisory for php53 (SUSE-SU-2014:0869-1)
2015-10-1300:00:00
Copyright (C) 2015 Greenbone Networks GmbH
plugins.openvas.org
16
0.951 High
EPSS
Percentile
99.1%
The remote host is missing an update for the
# Copyright (C) 2015 Greenbone Networks GmbH
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (C) the respective author(s)
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.850787");
script_version("2020-01-31T07:58:03+0000");
script_tag(name:"last_modification", value:"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)");
script_tag(name:"creation_date", value:"2015-10-13 18:35:00 +0530 (Tue, 13 Oct 2015)");
script_cve_id("CVE-2014-0237", "CVE-2014-0238", "CVE-2014-2497", "CVE-2014-4049");
script_tag(name:"cvss_base", value:"5.1");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:H/Au:N/C:P/I:P/A:P");
script_tag(name:"qod_type", value:"package");
script_name("SUSE: Security Advisory for php53 (SUSE-SU-2014:0869-1)");
script_tag(name:"summary", value:"The remote host is missing an update for the 'php53'
package(s) announced via the referenced advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"php53 was updated to fix the following security vulnerabilities:
* Heap-based buffer overflow in DNS TXT record parsing. (CVE-2014-4049)
* Denial of service in Fileinfo component. (CVE-2014-0238)
* Performance degradation by too many file_printf calls.
(CVE-2014-0237)
* NULL pointer dereference in GD XPM decoder. (CVE-2014-2497)
Security Issues references:
* CVE-2014-4049
* CVE-2014-0238
* CVE-2014-0237
* CVE-2014-2497");
script_tag(name:"affected", value:"php53 on SUSE Linux Enterprise Server 11 SP3");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_xref(name:"SUSE-SU", value:"2014:0869-1");
script_tag(name:"solution_type", value:"VendorFix");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2015 Greenbone Networks GmbH");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse", "ssh/login/rpms", re:"ssh/login/release=SLES11\.0SP3");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLES11.0SP3") {
if(!isnull(res = isrpmvuln(pkg:"apache2-mod_php53", rpm:"apache2-mod_php53~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53", rpm:"php53~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-bcmath", rpm:"php53-bcmath~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-bz2", rpm:"php53-bz2~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-calendar", rpm:"php53-calendar~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-ctype", rpm:"php53-ctype~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-curl", rpm:"php53-curl~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-dba", rpm:"php53-dba~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-dom", rpm:"php53-dom~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-exif", rpm:"php53-exif~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-fastcgi", rpm:"php53-fastcgi~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-fileinfo", rpm:"php53-fileinfo~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-ftp", rpm:"php53-ftp~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-gd", rpm:"php53-gd~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-gettext", rpm:"php53-gettext~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-gmp", rpm:"php53-gmp~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-iconv", rpm:"php53-iconv~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-intl", rpm:"php53-intl~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-json", rpm:"php53-json~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-ldap", rpm:"php53-ldap~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-mbstring", rpm:"php53-mbstring~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-mcrypt", rpm:"php53-mcrypt~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-mysql", rpm:"php53-mysql~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-odbc", rpm:"php53-odbc~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-openssl", rpm:"php53-openssl~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-pcntl", rpm:"php53-pcntl~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-pdo", rpm:"php53-pdo~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-pear", rpm:"php53-pear~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-pgsql", rpm:"php53-pgsql~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-pspell", rpm:"php53-pspell~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-shmop", rpm:"php53-shmop~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-snmp", rpm:"php53-snmp~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-soap", rpm:"php53-soap~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-suhosin", rpm:"php53-suhosin~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-sysvmsg", rpm:"php53-sysvmsg~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-sysvsem", rpm:"php53-sysvsem~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-sysvshm", rpm:"php53-sysvshm~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-tokenizer", rpm:"php53-tokenizer~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-wddx", rpm:"php53-wddx~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-xmlreader", rpm:"php53-xmlreader~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-xmlrpc", rpm:"php53-xmlrpc~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-xmlwriter", rpm:"php53-xmlwriter~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-xsl", rpm:"php53-xsl~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-zip", rpm:"php53-zip~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php53-zlib", rpm:"php53-zlib~5.3.17~0.23.5", rls:"SLES11.0SP3"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
References
Related
nessus
nessus
SuSE 11.3 Security Update : php53 (SAT Patch Number 9450)
2014-07-04 00:00:00
openSUSE Security Update : php5 (openSUSE-SU-2014:0784-1)
2014-06-13 00:00:00
Ubuntu 14.04 LTS : PHP vulnerabilities (USN-2254-1)
2014-06-24 00:00:00
suse
suse
Security update for php53 (important)
2014-07-04 01:04:18
Security update for PHP5 (important)
2014-07-04 00:04:20
Security update for PHP5 (important)
2014-07-07 19:04:42
ubuntu
ubuntu
PHP updates
2014-06-25 00:00:00
PHP vulnerabilities
2014-06-23 00:00:00
GD library vulnerabilities
2016-05-31 00:00:00
openvas
openvas
Ubuntu Update for php5 USN-2254-2
2014-07-01 00:00:00
Ubuntu Update for php5 USN-2254-1
2014-07-01 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: php-phpunit-PHPUnit-MockObject-1.2.3-4.fc20
2014-06-17 23:31:30
[SECURITY] Fedora 19 Update: php-phpunit-PHPUnit-MockObject-1.2.3-4.fc19
2014-06-17 23:36:22
[SECURITY] Fedora 19 Update: php-doctrine-orm-2.4.2-2.fc19
2014-06-17 23:36:22
mageia
mageia
Updated file packages fix CVE-2014-0237-8
2014-06-06 09:52:39
Updated php packages fix CVE-2014-0237-8
2014-06-06 21:54:14
Updated gd and libgd packages fix security vulnerability
2014-07-09 02:44:55
securityvulns
securityvulns
[ MDVSA-2014:116 ] file
2014-06-14 00:00:00
PHP/fileinfo/file DoS
2014-06-14 00:00:00
libgd / PHP DoS
2014-07-22 00:00:00
f5
f5
K16954 : Multiple PHP CDF vulnerabilities CVE-2014-0237 and CVE-2014-0238
2015-09-16 00:00:00
SOL16954 - Multiple PHP CDF vulnerabilities CVE-2014-0237 and CVE-2014-0238
2015-07-14 00:00:00
SOL15761 - Multiple PHP 5.x vulnerabilities
2014-10-30 00:00:00
amazon
amazon
slackware
slackware
[slackware-security] php
2014-06-09 21:04:52
ibm
ibm
freebsd
freebsd
PHP multiple vulnerabilities
2014-08-14 00:00:00
osv
osv
php5 - security update
2014-06-01 00:00:00
php5 - regression update
2015-01-31 00:00:00
php5 - security update
2015-01-31 00:00:00
debian
debian
[SECURITY] [DSA 2943-1] php5 security update
2014-06-01 08:38:03
[SECURITY] [DLA 145-1] php5 security update
2015-01-31 13:08:25
[SECURITY] [DSA 2961-1] php5 security update
2014-06-16 19:30:13
ubuntucve
ubuntucve
cve
cve
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:02:04
Arbitrary Code Execution
2019-05-02 05:04:21
Denial Of Service (DoS)
2019-05-02 05:04:17
debiancve
debiancve
checkpoint_advisories
checkpoint_advisories
PHP CDF File Handling Infinite Loop (CVE-2014-0238)
2014-08-03 00:00:00
PHP php_parserr DNS_TXT Heap Buffer Overflow (CVE-2014-4049)
2014-07-16 00:00:00
seebug
seebug
php-gd 'gdxpm.c'η©Ίζιζη»ζε‘ζΌζ΄
2014-03-17 00:00:00
PHP "gdImageCreateFromXpm()"η©Ίζιι΄ζ₯εΌη¨ζΌζ΄
2014-03-19 00:00:00
prion
prion
Null pointer dereference
2014-03-21 14:55:00
Code injection
2014-06-01 04:29:00
Design/Logic Flaw
2014-06-01 04:29:00
oraclelinux
oraclelinux
php security update
2014-08-06 00:00:00
php53 and php security update
2014-08-06 00:00:00
file security and bug fix update
2014-10-15 00:00:00
redhat
redhat
(RHSA-2014:1013) Moderate: php security update
2014-08-06 00:00:00
(RHSA-2014:1012) Moderate: php53 and php security update
2014-08-06 00:00:00
(RHSA-2014:1606) Moderate: file security and bug fix update
2014-10-14 00:00:00
centos
centos
php security update
2014-08-06 14:38:20
php, php53 security update
2014-08-06 14:53:37
file, python security update
2014-10-20 18:08:44
gentoo
gentoo
GD: Multiple vulnerabilities
2016-07-16 00:00:00
PHP: Multiple vulnerabilities
2014-08-29 00:00:00