Search...

Fedora Update for oniguruma FEDORA-2017-e314044789

2017-09-28T00:00:00

ID OPENVAS:1361412562310873447
Type openvas
Reporter Copyright (C) 2017 Greenbone Networks GmbH
Modified 2017-09-29T00:00:00

Description

Check the version of oniguruma

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_fedora_2017_e314044789_oniguruma_fc25.nasl 7318 2017-09-29 05:31:27Z asteins $
#
# Fedora Update for oniguruma FEDORA-2017-e314044789
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.873447");
  script_version("$Revision: 7318 $");
  script_tag(name:"last_modification", value:"$Date: 2017-09-29 07:31:27 +0200 (Fri, 29 Sep 2017) $");
  script_tag(name:"creation_date", value:"2017-09-28 09:14:51 +0200 (Thu, 28 Sep 2017)");
  script_cve_id("CVE-2017-9228", "CVE-2017-9224", "CVE-2017-9225", "CVE-2017-9226", 
                "CVE-2017-9227", "CVE-2017-9229");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_tag(name:"qod_type", value:"package");
  script_name("Fedora Update for oniguruma FEDORA-2017-e314044789");
  script_tag(name: "summary", value: "Check the version of oniguruma");
  script_tag(name: "vuldetect", value: "Get the installed version with the help 
of detect NVT and check if the version is vulnerable or not.");
  script_tag(name: "insight", value: "Oniguruma is a regular expressions library.
The characteristics of this library is that different character encoding
for every regular expression object can be specified.
(supported APIs: GNU regex, POSIX and Oniguruma native)
");
  script_tag(name: "affected", value: "oniguruma on Fedora 25");
  script_tag(name: "solution", value: "Please Install the Updated Packages.");

  script_xref(name: "FEDORA", value: "2017-e314044789");
  script_xref(name: "URL" , value: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/47PRMNMSFMVKZJD3BZ7VDOOTRWWYCXFF");
  script_tag(name:"solution_type", value:"VendorFix");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2017 Greenbone Networks GmbH");
  script_family("Fedora Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms");
  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");

res = "";
if(release == NULL){
  exit(0);
}

if(release == "FC25")
{

  if ((res = isrpmvuln(pkg:"oniguruma", rpm:"oniguruma~6.1.3~3.fc25", rls:"FC25")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310873447", "bulletinFamily": "scanner", "title": "Fedora Update for oniguruma FEDORA-2017-e314044789", "description": "Check the version of oniguruma", "published": "2017-09-28T00:00:00", "modified": "2017-09-29T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873447", "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "references": ["2017-e314044789", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/47PRMNMSFMVKZJD3BZ7VDOOTRWWYCXFF"], "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9229", "CVE-2017-9227", "CVE-2017-9225"], "type": "openvas", "lastseen": "2017-09-29T14:19:56", "history": [], "edition": 1, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "1d5493c8551d1b55852086e8e2585989"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "9c7a82a0b863cd13cbc5e63e67b5fef0"}, {"key": "href", "hash": "63287643d60eca01ec7890b5a6723e2d"}, {"key": "modified", "hash": "a4f45435fef806a7a378042f63ee9e95"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "6e31a62cd85a591649deea5700e9bc69"}, {"key": "published", "hash": "1b80047fc25e133e710f5dd7f80138f4"}, {"key": "references", "hash": "4e89baf15179c97441c11afb3c3d1ce3"}, {"key": "reporter", "hash": "a2323bbbec1269474bb5afba0147298f"}, {"key": "sourceData", "hash": "6a519f4c690f1aecb9d6adb5c66b5ab3"}, {"key": "title", "hash": "63a3fd060566192248cc2a05a9373b37"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "93ac0efe663936c43342a9d26340b50e926c804a3814db2b458049388b891bef", "viewCount": 0, "enchantments": {"vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_e314044789_oniguruma_fc25.nasl 7318 2017-09-29 05:31:27Z asteins $\n#\n# Fedora Update for oniguruma FEDORA-2017-e314044789\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873447\");\n script_version(\"$Revision: 7318 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-29 07:31:27 +0200 (Fri, 29 Sep 2017) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-28 09:14:51 +0200 (Thu, 28 Sep 2017)\");\n script_cve_id(\"CVE-2017-9228\", \"CVE-2017-9224\", \"CVE-2017-9225\", \"CVE-2017-9226\", \n \"CVE-2017-9227\", \"CVE-2017-9229\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for oniguruma FEDORA-2017-e314044789\");\n script_tag(name: \"summary\", value: \"Check the version of oniguruma\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Oniguruma is a regular expressions library.\nThe characteristics of this library is that different character encoding\nfor every regular expression object can be specified.\n(supported APIs: GNU regex, POSIX and Oniguruma native)\n\");\n script_tag(name: \"affected\", value: \"oniguruma on Fedora 25\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2017-e314044789\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/47PRMNMSFMVKZJD3BZ7VDOOTRWWYCXFF\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"oniguruma\", rpm:\"oniguruma~6.1.3~3.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "1361412562310873447"}

{"result": {"cve": [{"id": "CVE-2017-9224", "type": "cve", "title": "CVE-2017-9224", "description": "An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.", "published": "2017-05-24T11:29:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9224", "cvelist": ["CVE-2017-9224"], "lastseen": "2017-06-04T21:21:57"}, {"id": "CVE-2017-9228", "type": "cve", "title": "CVE-2017-9228", "description": "An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.", "published": "2017-05-24T11:29:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9228", "cvelist": ["CVE-2017-9228"], "lastseen": "2017-06-04T21:21:57"}, {"id": "CVE-2017-9226", "type": "cve", "title": "CVE-2017-9226", "description": "An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.", "published": "2017-05-24T11:29:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9226", "cvelist": ["CVE-2017-9226"], "lastseen": "2017-06-04T21:21:57"}, {"id": "CVE-2017-9229", "type": "cve", "title": "CVE-2017-9229", "description": "An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.", "published": "2017-05-24T11:29:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9229", "cvelist": ["CVE-2017-9229"], "lastseen": "2017-06-04T21:21:57"}, {"id": "CVE-2017-9227", "type": "cve", "title": "CVE-2017-9227", "description": "An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.", "published": "2017-05-24T11:29:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9227", "cvelist": ["CVE-2017-9227"], "lastseen": "2017-10-13T10:41:24"}, {"id": "CVE-2017-9225", "type": "cve", "title": "CVE-2017-9225", "description": "An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow.", "published": "2017-05-24T11:29:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9225", "cvelist": ["CVE-2017-9225"], "lastseen": "2017-06-04T21:21:57"}], "f5": [{"id": "F5:K34551175", "type": "f5", "title": "PHP vulnerability CVE-2017-9224", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP AAM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP ASM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP DNS| None| 13.0.0 \n12.0.0 - 12.1.2| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1| Not vulnerable| None \nBIG-IP GTM| None| 11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP Link Controller| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP PEM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.1| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1| Not vulnerable| None \nBIG-IP WebSafe| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.3.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.2.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.2| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "published": "2017-07-22T01:48:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://support.f5.com/csp/article/K34551175", "cvelist": ["CVE-2017-9224"], "lastseen": "2017-07-22T02:17:00"}, {"id": "F5:K43292324", "type": "f5", "title": "PHP vulnerability CVE-2017-9228", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP AAM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP ASM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP DNS| None| 13.0.0 \n12.0.0 - 12.1.2| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1| Not vulnerable| None \nBIG-IP GTM| None| 11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP Link Controller| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP PEM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.1| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1| Not vulnerable| None \nBIG-IP WebSafe| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.3.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.2.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.2| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "published": "2017-07-22T01:58:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://support.f5.com/csp/article/K43292324", "cvelist": ["CVE-2017-9228"], "lastseen": "2017-07-22T02:17:05"}, {"id": "F5:K01709026", "type": "f5", "title": "PHP vulnerabilities CVE-2017-7890 and CVE-2017-9226", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP AAM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP ASM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP DNS| None| 13.0.0 \n12.0.0 - 12.1.2| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1| Not vulnerable| None \nBIG-IP GTM| None| 11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP Link Controller| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP PEM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.1| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1| Not vulnerable| None \nBIG-IP WebSafe| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.3.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.2.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.2| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "published": "2017-08-08T00:04:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://support.f5.com/csp/article/K01709026", "cvelist": ["CVE-2017-9226", "CVE-2017-7890"], "lastseen": "2017-08-09T15:09:33"}, {"id": "F5:K09361513", "type": "f5", "title": "PHP vulnerabilities CVE-2017-9226 and CVE-2017-7890", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP AAM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP ASM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP DNS| None| 13.0.0 \n12.0.0 - 12.1.2| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1| Not vulnerable| None \nBIG-IP GTM| None| 11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP Link Controller| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP PEM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.1| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1| Not vulnerable| None \nBIG-IP WebSafe| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.3.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.2.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.2| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "published": "2017-08-08T00:03:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://support.f5.com/csp/article/K09361513", "cvelist": ["CVE-2017-9226", "CVE-2017-7890"], "lastseen": "2017-08-08T00:21:26"}, {"id": "F5:K06844177", "type": "f5", "title": "PHP vulnerability CVE-2017-9229", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP AAM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP ASM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP DNS| None| 13.0.0 \n12.0.0 - 12.1.2| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1| Not vulnerable| None \nBIG-IP GTM| None| 11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP Link Controller| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP PEM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.1| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1| Not vulnerable| None \nBIG-IP WebSafe| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.3.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.2.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.2| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "published": "2017-07-21T23:57:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://support.f5.com/csp/article/K06844177", "cvelist": ["CVE-2017-9229"], "lastseen": "2017-07-22T00:24:43"}, {"id": "F5:K61164061", "type": "f5", "title": "PHP vulnerability CVE-2017-9227", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP AAM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP ASM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP DNS| None| 13.0.0 \n12.0.0 - 12.1.2| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1| Not vulnerable| None \nBIG-IP GTM| None| 11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP Link Controller| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP PEM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.1| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1| Not vulnerable| None \nBIG-IP WebSafe| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.3.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.2.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.2| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "published": "2017-07-24T20:25:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://support.f5.com/csp/article/K61164061", "cvelist": ["CVE-2017-9227"], "lastseen": "2017-07-24T22:24:26"}], "nessus": [{"id": "FEDORA_2017-E314044789.NASL", "type": "nessus", "title": "Fedora 25 : oniguruma (2017-e314044789)", "description": "This new package includes additional fixes for CVE-2017-9228 .\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-09-29T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=103552", "cvelist": ["CVE-2017-9224", "CVE-2017-9228"], "lastseen": "2018-02-04T11:03:22"}, {"id": "OPENSUSE-2017-790.NASL", "type": "nessus", "title": "openSUSE Security Update : php7 (openSUSE-2017-790)", "description": "This update for php7 fixes the following security issues :\n\n - CVE-2017-9224: stack out-of-bounds read occurs in match_at() could lead to Denial of service (bsc#1040891)\n\n - CVE-2017-9226: heap out-of-bounds write orread occurs in next_state_val() could lead to Denial of service(bsc#1040889)\n\n - CVE-2017-9227: stack out-of-bounds read in mbc_enc_len() could lead to Denial of service (bsc#1040883)\n\n - CVE-2017-6441: The _zval_get_long_func_ex in Zend/zend_operators.c in PHP allowed attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted use of 'declare(ticks=' in a PHP script (bsc#1032155).\n\n - CVE-2016-6294: The locale_accept_from_http function in ext/intl/locale/locale_methods.c did not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument (bsc#1035111).\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "published": "2017-07-07T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=101287", "cvelist": ["CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2016-6294", "CVE-2017-6441"], "lastseen": "2017-10-29T13:35:52"}, {"id": "FEDORA_2017-B674DC22AD.NASL", "type": "nessus", "title": "Fedora 25 : php (2017-b674dc22ad)", "description": "**PHP version 7.0.21** (06 Jul 2017)\n\n**Core:**\n\n - Fixed bug php#74738 (Multiple [PATH=] and [HOST=] sections not properly parsed). (Manuel Mausz)\n\n - Fixed bug php#74658 (Undefined constants in array properties result in broken properties). (Laruence)\n\n - Fixed misparsing of abstract unix domain socket names.\n (Sara)\n\n - Fixed bug php#74101, bug php#74614 (Unserialize Heap Use-After-Free (READ: 1) in zval_get_type). (Nikita)\n\n - Fixed bug php#74111 (Heap buffer overread (READ: 1) finish_nested_data from unserialize). (Nikita)\n\n - Fixed bug php#74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability). (Stas)\n\n - Fixed bug php#74819 (wddx_deserialize() heap out-of-bound read via php_parse_date()). (Derick)\n\n**DOM:**\n\n - Fixed bug php#69373 (References to deleted XPath query results). (ttoohey)\n\n**Intl:**\n\n - Fixed bug php#73473 (Stack Buffer Overflow in msgfmt_parse_message). (libnex)\n\n - Fixed bug php#74705 (Wrong reflection on Collator::getSortKey and collator_get_sort_key). (Tyson Andre, Remi)\n\n - Fixed bug php#73634 (grapheme_strpos illegal memory access). (Stas)\n\n**Mbstring:**\n\n - Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA)\n\n**Opcache:**\n\n - Fixed bug php#74663 (Segfault with opcache.memory_protect and validate_timestamp).\n (Laruence)\n\n**OpenSSL:**\n\n - Fixed bug php#74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()). (Stas)\n\n**Reflection:**\n\n - Fixed bug php#74673 (Segfault when cast Reflection object to string with undefined constant). (Laruence)\n\n**SPL:**\n\n - Fixed bug php#74478 (null coalescing operator failing with SplFixedArray). (jhdxr)\n\n**Standard:**\n\n - Fixed bug php#74708 (Invalid Reflection signatures for random_bytes and random_int). (Tyson Andre, Remi)\n\n - Fixed bug php#73648 (Heap buffer overflow in substr).\n (Stas)\n\n**FTP:**\n\n - Fixed bug php#74598 (ftp:// wrapper ignores context arg). (Sara)\n\n**PHAR:**\n\n - Fixed bug php#74386 (Phar::__construct reflection incorrect). (villfa)\n\n**SOAP**\n\n - Fixed bug php#74679 (Incorrect conversion array with WSDL_CACHE_MEMORY). (Dmitry)\n\n**Streams:**\n\n - Fixed bug php#74556 (stream_socket_get_name() returns '\\0'). (Sara)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-07-14T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=101538", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9229", "CVE-2017-9227"], "lastseen": "2018-02-04T10:55:39"}, {"id": "ALA_ALAS-2017-871.NASL", "type": "nessus", "title": "Amazon Linux AMI : php56 (ALAS-2017-871)", "description": "Out-of-bounds heap write in bitset_set_range()\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption. (CVE-2017-9228)\n\nInvalid pointer dereference in left_adjust_char_head()\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition. (CVE-2017-9229)\n\nHeap buffer overflow in next_state_val() during regular expression compilation\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\\\\700';\nwould produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption. (CVE-2017-9226)\n\nOut-of-bounds stack read in mbc_enc_len() during regular expression searching\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg>dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer. CVE-2017-9227 \n\nOut-of-bounds stack read in match_at() during regular expression searching\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.\n(CVE-2017-9224)", "published": "2017-08-18T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=102545", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9229", "CVE-2017-9227"], "lastseen": "2018-04-19T07:57:06"}, {"id": "SLACKWARE_SSA_2017-188-01.NASL", "type": "nessus", "title": "Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2017-188-01)", "description": "New php packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix security issues.", "published": "2017-07-10T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=101316", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9229", "CVE-2017-9227"], "lastseen": "2018-01-27T03:15:55"}, {"id": "FEDORA_2017-B8BB4B86E2.NASL", "type": "nessus", "title": "Fedora 26 : php (2017-b8bb4b86e2)", "description": "**PHP version 7.1.7** (06 Jul 2017)\n\n**Core:**\n\n - Fixed bug php#74738 (Multiple [PATH=] and [HOST=] sections not properly parsed). (Manuel Mausz)\n\n - Fixed bug php#74658 (Undefined constants in array properties result in broken properties). (Laruence)\n\n - Fixed misparsing of abstract unix domain socket names.\n (Sara)\n\n - Fixed bug php#74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability). (Stas)\n\n - Fixed bug php#74101, bug php#74614 (Unserialize Heap Use-After-Free (READ: 1) in zval_get_type). (Nikita)\n\n - Fixed bug php#74111 (Heap buffer overread (READ: 1) finish_nested_data from unserialize). (Nikita)\n\n - Fixed bug php#74819 (wddx_deserialize() heap out-of-bound read via php_parse_date()). (Derick)\n\n**Date:**\n\n - Fixed bug php#74639 (implement clone for DatePeriod and DateInterval). (andrewnester)\n\n**DOM:**\n\n - Fixed bug php#69373 (References to deleted XPath query results). (ttoohey)\n\n**Intl:**\n\n - Fixed bug php#73473 (Stack Buffer Overflow in msgfmt_parse_message). (libnex)\n\n - Fixed bug php#74705 (Wrong reflection on Collator::getSortKey and collator_get_sort_key). (Tyson Andre, Remi)\n\n**Mbstring:**\n\n - Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA)\n\n**Opcache:**\n\n - Fixed bug php#74663 (Segfault with opcache.memory_protect and validate_timestamp).\n (Laruence)\n\n - Revert opcache.enable_cli to default disabled. (Nikita)\n\n**OpenSSL:**\n\n - Fixed bug php#74720 (pkcs7_en/decrypt does not work if \\x1a is used in content). (Anatol)\n\n - Fixed bug php#74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()). (Stas)\n\n**Reflection:**\n\n - Fixed bug php#74673 (Segfault when cast Reflection object to string with undefined constant). (Laruence)\n\n**SPL:**\n\n - Fixed bug php#74478 (null coalescing operator failing with SplFixedArray). (jhdxr)\n\n**FTP:**\n\n - Fixed bug php#74598 (ftp:// wrapper ignores context arg). (Sara)\n\n**PHAR:**\n\n - Fixed bug php#74386 (Phar::__construct reflection incorrect). (villfa)\n\n**SOAP**\n\n - Fixed bug php#74679 (Incorrect conversion array with WSDL_CACHE_MEMORY). (Dmitry)\n\n**Streams:**\n\n - Fixed bug php#74556 (stream_socket_get_name() returns '\\0'). (Sara)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-07-19T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=101797", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9229", "CVE-2017-9227"], "lastseen": "2018-02-04T11:14:06"}, {"id": "OPENSUSE-2017-764.NASL", "type": "nessus", "title": "openSUSE Security Update : php5 (openSUSE-2017-764)", "description": "This update for php5 fixes the following security issues :\n\n - CVE-2016-6294: The locale_accept_from_http function in ext/intl/locale/locale_methods.c did not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument (bsc#1035111).\n\n - CVE-2017-9227: A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching.\n (bsc#1040883)\n\n - CVE-2017-9226: A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. (bsc#1040889)\n\n - CVE-2017-9224: A stack out-of-bounds read occurs in match_at() during regular expression searching.\n (bsc#1040891)\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "published": "2017-07-05T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=101219", "cvelist": ["CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2016-6294"], "lastseen": "2017-10-29T13:42:40"}, {"id": "FREEBSD_PKG_B396CF6C62E611E79DEFB499BAEBFEAF.NASL", "type": "nessus", "title": "FreeBSD : oniguruma -- multiple vulnerabilities (b396cf6c-62e6-11e7-9def-b499baebfeaf)", "description": "the PHP project reports :\n\n- A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer (CVE-2017-9224).\n\n- A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption (CVE-2017-9226).\n\n- A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer (CVE-2017-9227).\n\n- A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption (CVE-2017-9228).\n\n- A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition (CVE-2017-9228).", "published": "2017-07-10T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=101332", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9227"], "lastseen": "2018-02-01T03:04:38"}, {"id": "SUSE_SU-2017-1585-1.NASL", "type": "nessus", "title": "SUSE SLES11 Security Update : php53 (SUSE-SU-2017:1585-1)", "description": "This update for php53 fixes the following issues: This security issue was fixed :\n\n - CVE-2017-7272: PHP enabled potential SSRF in applications that accept an fsockopen hostname argument with an expectation that the port number is constrained.\n Because a :port syntax was recognized, fsockopen used the port number that is specified in the hostname argument, instead of the port number in the second argument of the function (bsc#1031246)\n\n - CVE-2016-6294: The locale_accept_from_http function in ext/intl/locale/locale_methods.c did not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument (bsc#1035111).\n\n - CVE-2017-9227: An issue was discovered in Oniguruma 6.2.0, as used in mbstring in PHP. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer. (bsc#1040883)\n\n - CVE-2017-9226: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in mbstring in PHP. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation.\n Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption. (bsc#1040889)\n\n - CVE-2017-9224: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in mbstring in PHP. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.\n (bsc#1040891)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-06-19T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=100866", "cvelist": ["CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-7272", "CVE-2016-6294"], "lastseen": "2017-10-29T13:43:13"}, {"id": "FEDORA_2017-E2D6D0067F.NASL", "type": "nessus", "title": "Fedora 24 : oniguruma (2017-e2d6d0067f)", "description": "Multiple security flaws were found on oniguruma currently being shipped on Fedora. This new rpm should fix the issue. \n\nFixed CVEs: CVE-2017-9226 CVE-2017-9224 CVE-2017-9227 CVE-2017-9229 CVE-2017-9228\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-06-13T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=100748", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9229", "CVE-2017-9227"], "lastseen": "2018-02-04T11:14:42"}], "openvas": [{"id": "OPENVAS:1361412562310872929", "type": "openvas", "title": "Fedora Update for php FEDORA-2017-b8bb4b86e2", "description": "Check the version of php", "published": "2017-08-04T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872929", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9229", "CVE-2017-9227"], "lastseen": "2017-08-21T11:27:04"}, {"id": "OPENVAS:1361412562310872744", "type": "openvas", "title": "Fedora Update for oniguruma FEDORA-2017-e2d6d0067f", "description": "Check the version of oniguruma", "published": "2017-06-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872744", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9229", "CVE-2017-9227"], "lastseen": "2017-07-25T10:57:54"}, {"id": "OPENVAS:1361412562310872877", "type": "openvas", "title": "Fedora Update for php FEDORA-2017-b674dc22ad", "description": "Check the version of php", "published": "2017-07-14T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872877", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9229", "CVE-2017-9227"], "lastseen": "2017-08-03T10:57:34"}, {"id": "OPENVAS:1361412562310890958", "type": "openvas", "title": "Debian LTS Advisory ([SECURITY] [DLA 958-1] libonig security update)", "description": "CVE-2017-9224\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in\nRuby through 2.4.1 and mbstring in PHP through 7.1.5. A stack\nout-of-bounds read occurs in match_at() during regular expression\nsearching. A logical error involving order of validation and access in\nmatch_at() could result in an out-of-bounds read from a stack buffer.\n\nCVE-2017-9226\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in\nRuby through 2.4.1 and mbstring in PHP through 7.1.5. A heap\nout-of-bounds write or read occurs in next_state_val() during regular\nexpression compilation. Octal numbers larger than 0xff are not handled\ncorrectly in fetch_token() and fetch_token_in_cc(). A malformed regular\nexpression containing an octal number in the form of ", "published": "2018-01-25T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310890958", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9229", "CVE-2017-9227"], "lastseen": "2018-03-29T18:47:59"}, {"id": "OPENVAS:1361412562310872898", "type": "openvas", "title": "Fedora Update for php FEDORA-2017-5ade380ab2", "description": "Check the version of php", "published": "2017-07-21T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872898", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9229", "CVE-2017-9227"], "lastseen": "2017-08-10T11:37:10"}, {"id": "OPENVAS:1361412562310872753", "type": "openvas", "title": "Fedora Update for oniguruma FEDORA-2017-60997f0d14", "description": "Check the version of oniguruma", "published": "2017-06-13T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872753", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9229", "CVE-2017-9227", "CVE-2017-9225"], "lastseen": "2017-07-25T10:57:41"}, {"id": "OPENVAS:1361412562310843281", "type": "openvas", "title": "Ubuntu Update for php7.0 USN-3382-1", "description": "Check the version of php7.0", "published": "2017-08-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843281", "cvelist": ["CVE-2016-10397", "CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-11143", "CVE-2017-9229", "CVE-2017-9227", "CVE-2017-11628", "CVE-2015-8994", "CVE-2017-11147", "CVE-2017-11362", "CVE-2017-11145", "CVE-2017-11144"], "lastseen": "2017-09-04T14:22:15"}], "freebsd": [{"id": "B396CF6C-62E6-11E7-9DEF-B499BAEBFEAF", "type": "freebsd", "title": "oniguruma -- multiple vulnerabilities", "description": "\nthe PHP project reports:\n\n\nA stack out-of-bounds read occurs in match_at() during regular\n\t expression searching. A logical error involving order of validation\n\t and access in match_at() could result in an out-of-bounds read from\n\t a stack buffer (CVE-2017-9224).\nA heap out-of-bounds write or read occurs in next_state_val()\n\t during regular expression compilation. Octal numbers larger than 0xff\n\t are not handled correctly in fetch_token() and fetch_token_in_cc().\n\t A malformed regular expression containing an octal number in the form\n\t of '\\700' would produce an invalid code point value larger than 0xff\n\t in next_state_val(), resulting in an out-of-bounds write memory\n\t corruption (CVE-2017-9226).\nA stack out-of-bounds read occurs in mbc_enc_len() during regular\n\t expression searching. Invalid handling of reg->dmin in\n\t forward_search_range() could result in an invalid pointer dereference,\n\t as an out-of-bounds read from a stack buffer (CVE-2017-9227).\nA heap out-of-bounds write occurs in bitset_set_range() during\n\t regular expression compilation due to an uninitialized variable from\n\t an incorrect state transition. An incorrect state transition in\n\t parse_char_class() could create an execution path that leaves a\n\t critical local variable uninitialized until it's used as an index,\n\t resulting in an out-of-bounds write memory corruption (CVE-2017-9228).\nA SIGSEGV occurs in left_adjust_char_head() during regular expression\n\t compilation. Invalid handling of reg->dmax in forward_search_range() could\n\t result in an invalid pointer dereference, normally as an immediate\n\t denial-of-service condition (CVE-2017-9228).\n\n\n", "published": "2017-07-06T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vuxml.freebsd.org/freebsd/b396cf6c-62e6-11e7-9def-b499baebfeaf.html", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9227"], "lastseen": "2018-01-05T04:54:04"}], "amazon": [{"id": "ALAS-2017-871", "type": "amazon", "title": "Medium: php56", "description": "**Issue Overview:**\n\nOut-of-bounds heap write in bitset_set_range() \nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption. ([CVE-2017-9228 __](<https://access.redhat.com/security/cve/CVE-2017-9228>))\n\nInvalid pointer dereference in left_adjust_char_head() \nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition. ([CVE-2017-9229 __](<https://access.redhat.com/security/cve/CVE-2017-9229>))\n\nHeap buffer overflow in next_state_val() during regular expression compilation \nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\\\\\\700'; would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption. ([CVE-2017-9226 __](<https://access.redhat.com/security/cve/CVE-2017-9226>))\n\nOut-of-bounds stack read in mbc_enc_len() during regular expression searching \nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg>dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer. [CVE-2017-9227 __](<https://access.redhat.com/security/cve/CVE-2017-9227>)\n\nOut-of-bounds stack read in match_at() during regular expression searching \nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer. ([CVE-2017-9224 __](<https://access.redhat.com/security/cve/CVE-2017-9224>))\n\n \n**Affected Packages:** \n\n\nphp56\n\n \n**Issue Correction:** \nRun _yum update php56_ to update your system. \n\n\n \n**New Packages:**\n \n \n i686: \n php56-xmlrpc-5.6.31-1.134.amzn1.i686 \n php56-recode-5.6.31-1.134.amzn1.i686 \n php56-enchant-5.6.31-1.134.amzn1.i686 \n php56-intl-5.6.31-1.134.amzn1.i686 \n php56-odbc-5.6.31-1.134.amzn1.i686 \n php56-bcmath-5.6.31-1.134.amzn1.i686 \n php56-mcrypt-5.6.31-1.134.amzn1.i686 \n php56-mssql-5.6.31-1.134.amzn1.i686 \n php56-cli-5.6.31-1.134.amzn1.i686 \n php56-mysqlnd-5.6.31-1.134.amzn1.i686 \n php56-dbg-5.6.31-1.134.amzn1.i686 \n php56-tidy-5.6.31-1.134.amzn1.i686 \n php56-fpm-5.6.31-1.134.amzn1.i686 \n php56-gd-5.6.31-1.134.amzn1.i686 \n php56-process-5.6.31-1.134.amzn1.i686 \n php56-pgsql-5.6.31-1.134.amzn1.i686 \n php56-dba-5.6.31-1.134.amzn1.i686 \n php56-pdo-5.6.31-1.134.amzn1.i686 \n php56-pspell-5.6.31-1.134.amzn1.i686 \n php56-common-5.6.31-1.134.amzn1.i686 \n php56-gmp-5.6.31-1.134.amzn1.i686 \n php56-ldap-5.6.31-1.134.amzn1.i686 \n php56-5.6.31-1.134.amzn1.i686 \n php56-mbstring-5.6.31-1.134.amzn1.i686 \n php56-imap-5.6.31-1.134.amzn1.i686 \n php56-opcache-5.6.31-1.134.amzn1.i686 \n php56-soap-5.6.31-1.134.amzn1.i686 \n php56-xml-5.6.31-1.134.amzn1.i686 \n php56-embedded-5.6.31-1.134.amzn1.i686 \n php56-snmp-5.6.31-1.134.amzn1.i686 \n php56-devel-5.6.31-1.134.amzn1.i686 \n php56-debuginfo-5.6.31-1.134.amzn1.i686 \n \n src: \n php56-5.6.31-1.134.amzn1.src \n \n x86_64: \n php56-ldap-5.6.31-1.134.amzn1.x86_64 \n php56-mcrypt-5.6.31-1.134.amzn1.x86_64 \n php56-devel-5.6.31-1.134.amzn1.x86_64 \n php56-gd-5.6.31-1.134.amzn1.x86_64 \n php56-recode-5.6.31-1.134.amzn1.x86_64 \n php56-pdo-5.6.31-1.134.amzn1.x86_64 \n php56-tidy-5.6.31-1.134.amzn1.x86_64 \n php56-intl-5.6.31-1.134.amzn1.x86_64 \n php56-imap-5.6.31-1.134.amzn1.x86_64 \n php56-fpm-5.6.31-1.134.amzn1.x86_64 \n php56-soap-5.6.31-1.134.amzn1.x86_64 \n php56-snmp-5.6.31-1.134.amzn1.x86_64 \n php56-pgsql-5.6.31-1.134.amzn1.x86_64 \n php56-xmlrpc-5.6.31-1.134.amzn1.x86_64 \n php56-process-5.6.31-1.134.amzn1.x86_64 \n php56-dbg-5.6.31-1.134.amzn1.x86_64 \n php56-embedded-5.6.31-1.134.amzn1.x86_64 \n php56-mssql-5.6.31-1.134.amzn1.x86_64 \n php56-dba-5.6.31-1.134.amzn1.x86_64 \n php56-debuginfo-5.6.31-1.134.amzn1.x86_64 \n php56-5.6.31-1.134.amzn1.x86_64 \n php56-mysqlnd-5.6.31-1.134.amzn1.x86_64 \n php56-gmp-5.6.31-1.134.amzn1.x86_64 \n php56-odbc-5.6.31-1.134.amzn1.x86_64 \n php56-mbstring-5.6.31-1.134.amzn1.x86_64 \n php56-bcmath-5.6.31-1.134.amzn1.x86_64 \n php56-pspell-5.6.31-1.134.amzn1.x86_64 \n php56-opcache-5.6.31-1.134.amzn1.x86_64 \n php56-cli-5.6.31-1.134.amzn1.x86_64 \n php56-common-5.6.31-1.134.amzn1.x86_64 \n php56-enchant-5.6.31-1.134.amzn1.x86_64 \n php56-xml-5.6.31-1.134.amzn1.x86_64 \n \n \n", "published": "2017-08-17T18:16:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://alas.aws.amazon.com/ALAS-2017-871.html", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9229", "CVE-2017-9227"], "lastseen": "2017-08-18T03:07:40"}, {"id": "ALAS-2017-867", "type": "amazon", "title": "Medium: php70", "description": "**Issue Overview:**\n\nOut-of-bounds heap write in bitset_set_range(): \nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption. ([CVE-2017-9228 __](<https://access.redhat.com/security/cve/CVE-2017-9228>))\n\nBuffer over-read from unitialized data in gdImageCreateFromGifCtx function \nThe GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information. ([CVE-2017-7890 __](<https://access.redhat.com/security/cve/CVE-2017-7890>))\n\nInvalid pointer dereference in left_adjust_char_head(): \nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition. ([CVE-2017-9229 __](<https://access.redhat.com/security/cve/CVE-2017-9229>))\n\nHeap buffer overflow in next_state_val() during regular expression compilation: \nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of \\\\\\700 would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.([CVE-2017-9226 __](<https://access.redhat.com/security/cve/CVE-2017-9226>))\n\nOut-of-bounds stack read in mbc_enc_len() during regular expression searching: \nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer. ([CVE-2017-9227 __](<https://access.redhat.com/security/cve/CVE-2017-9227>))\n\nOut-of-bounds stack read in match_at() during regular expression searching: \nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer. ([CVE-2017-9224 __](<https://access.redhat.com/security/cve/CVE-2017-9224>))\n\n \n**Affected Packages:** \n\n\nphp70\n\n \n**Issue Correction:** \nRun _yum update php70_ to update your system. \n\n\n \n**New Packages:**\n \n \n i686: \n php70-imap-7.0.21-1.23.amzn1.i686 \n php70-gd-7.0.21-1.23.amzn1.i686 \n php70-fpm-7.0.21-1.23.amzn1.i686 \n php70-7.0.21-1.23.amzn1.i686 \n php70-pdo-dblib-7.0.21-1.23.amzn1.i686 \n php70-debuginfo-7.0.21-1.23.amzn1.i686 \n php70-common-7.0.21-1.23.amzn1.i686 \n php70-gmp-7.0.21-1.23.amzn1.i686 \n php70-ldap-7.0.21-1.23.amzn1.i686 \n php70-odbc-7.0.21-1.23.amzn1.i686 \n php70-devel-7.0.21-1.23.amzn1.i686 \n php70-enchant-7.0.21-1.23.amzn1.i686 \n php70-snmp-7.0.21-1.23.amzn1.i686 \n php70-json-7.0.21-1.23.amzn1.i686 \n php70-mcrypt-7.0.21-1.23.amzn1.i686 \n php70-process-7.0.21-1.23.amzn1.i686 \n php70-intl-7.0.21-1.23.amzn1.i686 \n php70-soap-7.0.21-1.23.amzn1.i686 \n php70-mysqlnd-7.0.21-1.23.amzn1.i686 \n php70-dbg-7.0.21-1.23.amzn1.i686 \n php70-dba-7.0.21-1.23.amzn1.i686 \n php70-pgsql-7.0.21-1.23.amzn1.i686 \n php70-recode-7.0.21-1.23.amzn1.i686 \n php70-pdo-7.0.21-1.23.amzn1.i686 \n php70-zip-7.0.21-1.23.amzn1.i686 \n php70-embedded-7.0.21-1.23.amzn1.i686 \n php70-mbstring-7.0.21-1.23.amzn1.i686 \n php70-pspell-7.0.21-1.23.amzn1.i686 \n php70-opcache-7.0.21-1.23.amzn1.i686 \n php70-xmlrpc-7.0.21-1.23.amzn1.i686 \n php70-bcmath-7.0.21-1.23.amzn1.i686 \n php70-tidy-7.0.21-1.23.amzn1.i686 \n php70-xml-7.0.21-1.23.amzn1.i686 \n php70-cli-7.0.21-1.23.amzn1.i686 \n \n src: \n php70-7.0.21-1.23.amzn1.src \n \n x86_64: \n php70-mysqlnd-7.0.21-1.23.amzn1.x86_64 \n php70-xml-7.0.21-1.23.amzn1.x86_64 \n php70-cli-7.0.21-1.23.amzn1.x86_64 \n php70-pspell-7.0.21-1.23.amzn1.x86_64 \n php70-fpm-7.0.21-1.23.amzn1.x86_64 \n php70-embedded-7.0.21-1.23.amzn1.x86_64 \n php70-intl-7.0.21-1.23.amzn1.x86_64 \n php70-recode-7.0.21-1.23.amzn1.x86_64 \n php70-common-7.0.21-1.23.amzn1.x86_64 \n php70-pgsql-7.0.21-1.23.amzn1.x86_64 \n php70-odbc-7.0.21-1.23.amzn1.x86_64 \n php70-mbstring-7.0.21-1.23.amzn1.x86_64 \n php70-dbg-7.0.21-1.23.amzn1.x86_64 \n php70-pdo-7.0.21-1.23.amzn1.x86_64 \n php70-devel-7.0.21-1.23.amzn1.x86_64 \n php70-enchant-7.0.21-1.23.amzn1.x86_64 \n php70-snmp-7.0.21-1.23.amzn1.x86_64 \n php70-process-7.0.21-1.23.amzn1.x86_64 \n php70-debuginfo-7.0.21-1.23.amzn1.x86_64 \n php70-imap-7.0.21-1.23.amzn1.x86_64 \n php70-zip-7.0.21-1.23.amzn1.x86_64 \n php70-ldap-7.0.21-1.23.amzn1.x86_64 \n php70-json-7.0.21-1.23.amzn1.x86_64 \n php70-xmlrpc-7.0.21-1.23.amzn1.x86_64 \n php70-tidy-7.0.21-1.23.amzn1.x86_64 \n php70-opcache-7.0.21-1.23.amzn1.x86_64 \n php70-bcmath-7.0.21-1.23.amzn1.x86_64 \n php70-dba-7.0.21-1.23.amzn1.x86_64 \n php70-soap-7.0.21-1.23.amzn1.x86_64 \n php70-mcrypt-7.0.21-1.23.amzn1.x86_64 \n php70-7.0.21-1.23.amzn1.x86_64 \n php70-gd-7.0.21-1.23.amzn1.x86_64 \n php70-pdo-dblib-7.0.21-1.23.amzn1.x86_64 \n php70-gmp-7.0.21-1.23.amzn1.x86_64 \n \n \n", "published": "2017-08-03T20:38:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://alas.aws.amazon.com/ALAS-2017-867.html", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9229", "CVE-2017-9227", "CVE-2017-7890"], "lastseen": "2017-08-04T08:16:39"}], "slackware": [{"id": "SSA-2017-188-01", "type": "slackware", "title": "php", "description": "New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/php-5.6.31-i586-1_slack14.2.txz: Upgraded.\n This release fixes bugs and security issues.\n For more information, see:\n https://php.net/ChangeLog-5.php#5.6.31\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9224\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9226\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9227\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9228\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9229\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.6.31-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.6.31-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.6.31-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.6.31-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/php-5.6.31-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/php-5.6.31-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.31-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.31-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\n9d84dc917f30f144b7001476e16c61ad php-5.6.31-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n79a0b931a46d8f4e74d4cabcd83c3cca php-5.6.31-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\na08ff003d4467b54fd1db431a178f39a php-5.6.31-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n090724d926672595678dba11f4c8a784 php-5.6.31-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n4c3518403b7114c64d26892e405626a6 php-5.6.31-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n4dc2e1cc2b25a1fee220c23035f5b5b4 php-5.6.31-x86_64-1_slack14.2.txz\n\nSlackware -current package:\nc5326035ae4a5f4463808c50e80c52eb n/php-5.6.31-i586-1.txz\n\nSlackware x86_64 -current package:\n731d6e7969ba150589e29813aa3ad12a n/php-5.6.31-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg php-5.6.31-i586-1_slack14.2.txz\n\nThen, restart Apache httpd:\n > /etc/rc.d/rc.httpd stop\n > /etc/rc.d/rc.httpd start", "published": "2017-07-07T17:39:45", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.438658", "cvelist": ["CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-9229", "CVE-2017-9227"], "lastseen": "2018-02-02T18:11:28"}], "ubuntu": [{"id": "USN-3382-2", "type": "ubuntu", "title": "PHP vulnerabilities", "description": "USN-3382-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM.\n\nOriginal advisory details:\n\nIt was discovered that the PHP URL parser incorrectly handled certain URI components. A remote attacker could possibly use this issue to bypass hostname-specific URL checks. (CVE-2016-10397)\n\nIt was discovered that PHP incorrectly handled certain boolean parameters when unserializing data. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2017-11143)\n\nSebastian Li, Wei Lei, Xie Xiaofei, and Liu Yang discovered that PHP incorrectly handled the OpenSSL sealing function. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2017-11144)\n\nWei Lei and Liu Yang discovered that the PHP date extension incorrectly handled memory. A remote attacker could possibly use this issue to disclose sensitive information from the server. (CVE-2017-11145)\n\nIt was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash or disclose sensitive information. This issue only affected Ubuntu 14.04 LTS. (CVE-2017-11147)\n\nWei Lei and Liu Yang discovered that PHP incorrectly handled parsing ini files. An attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2017-11628)\n\nIt was discovered that PHP mbstring incorrectly handled certain regular expressions. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229)", "published": "2017-12-18T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/3382-2/", "cvelist": ["CVE-2016-10397", "CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-11143", "CVE-2017-9229", "CVE-2017-9227", "CVE-2017-11628", "CVE-2017-11147", "CVE-2017-11145", "CVE-2017-11144"], "lastseen": "2018-03-29T18:19:48"}, {"id": "USN-3382-1", "type": "ubuntu", "title": "PHP vulnerabilities", "description": "It was discovered that the PHP opcache created keys for files it cached based on their filepath. A local attacker could possibly use this issue in a shared hosting environment to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-8994)\n\nIt was discovered that the PHP URL parser incorrectly handled certain URI components. A remote attacker could possibly use this issue to bypass hostname-specific URL checks. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-10397)\n\nIt was discovered that PHP incorrectly handled certain boolean parameters when unserializing data. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2017-11143)\n\nSebastian Li, Wei Lei, Xie Xiaofei, and Liu Yang discovered that PHP incorrectly handled the OpenSSL sealing function. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2017-11144)\n\nWei Lei and Liu Yang discovered that the PHP date extension incorrectly handled memory. A remote attacker could possibly use this issue to disclose sensitive information from the server. (CVE-2017-11145)\n\nIt was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash or disclose sensitive information. This issue only affected Ubuntu 14.04 LTS. (CVE-2017-11147)\n\nIt was discovered that PHP incorrectly handled locale length. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2017-11362)\n\nWei Lei and Liu Yang discovered that PHP incorrectly handled parsing ini files. An attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2017-11628)\n\nIt was discovered that PHP mbstring incorrectly handled certain regular expressions. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229)", "published": "2017-08-10T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/3382-1/", "cvelist": ["CVE-2016-10397", "CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-11143", "CVE-2017-9229", "CVE-2017-9227", "CVE-2017-11628", "CVE-2015-8994", "CVE-2017-11147", "CVE-2017-11362", "CVE-2017-11145", "CVE-2017-11144"], "lastseen": "2018-03-29T18:19:46"}]}}