Lucene search
Copyright (C) 2022 Greenbone AGOPENVAS:13614125623111020140430HistoryJan 28, 2022 - 12:00 a.m.
Mageia: Security Advisory (MGASA-2014-0430)
2022-01-2800:00:00
Copyright (C) 2022 Greenbone AG
plugins.openvas.org
3
9.7 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.937 High
EPSS
Percentile
99.1%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.10.2014.0430");
script_cve_id("CVE-2014-2014");
script_tag(name:"creation_date", value:"2022-01-28 10:58:44 +0000 (Fri, 28 Jan 2022)");
script_version("2024-02-02T05:06:08+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:08 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:N/A:N");
script_name("Mageia: Security Advisory (MGASA-2014-0430)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("Mageia Linux Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA(3|4)");
script_xref(name:"Advisory-ID", value:"MGASA-2014-0430");
script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2014-0430.html");
script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=14326");
script_xref(name:"URL", value:"http://www.php.net/ChangeLog-5.php#5.5.18");
script_xref(name:"URL", value:"http://www.php.net/ChangeLog-5.php#5.4.34");
script_xref(name:"URL", value:"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3669");
script_xref(name:"URL", value:"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3670");
script_xref(name:"URL", value:"https://bugs.php.net/bug.php?id=68089");
script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=13820");
script_tag(name:"summary", value:"The remote host is missing an update for the 'php, php-apc, php-gd-bundled, php-suhosin' package(s) announced via the MGASA-2014-0430 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"An integer overflow flaw in PHP's unserialize() function was reported. If
unserialize() were used on untrusted data, this issue could lead to a crash or
potentially information disclosure (CVE-2014-3669).
A heap corruption issue was reported in PHP's exif_thumbnail() function. A
specially-crafted JPEG image could cause the PHP interpreter to crash or,
potentially, execute arbitrary code (CVE-2014-3670).
If client-supplied input was passed to PHP's cURL client as a URL to download,
it could return local files from the server due to improper handling of null
bytes (PHP#68089).
PHP has been updated to version 5.4.34 for Mageia 3 and 5.5.18 for Mageia 4,
which fix these issues and other bugs.
Additionally, the suhosin PHP extension has been updated to version 0.9.36
and a bug in the php zip extension that could cause a crash on Mageia 4 has
been fixed (mga#13820)");
script_tag(name:"affected", value:"'php, php-apc, php-gd-bundled, php-suhosin' package(s) on Mageia 3, Mageia 4.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "MAGEIA3") {
if(!isnull(res = isrpmvuln(pkg:"apache-mod_php", rpm:"apache-mod_php~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64php5_common5", rpm:"lib64php5_common5~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libphp5_common5", rpm:"libphp5_common5~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php", rpm:"php~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-apc", rpm:"php-apc~3.1.14~7.13.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-apc-admin", rpm:"php-apc-admin~3.1.14~7.13.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-bcmath", rpm:"php-bcmath~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-bz2", rpm:"php-bz2~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-calendar", rpm:"php-calendar~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-cgi", rpm:"php-cgi~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-cli", rpm:"php-cli~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-ctype", rpm:"php-ctype~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-curl", rpm:"php-curl~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-dba", rpm:"php-dba~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-devel", rpm:"php-devel~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-doc", rpm:"php-doc~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-dom", rpm:"php-dom~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-enchant", rpm:"php-enchant~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-exif", rpm:"php-exif~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-fileinfo", rpm:"php-fileinfo~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-filter", rpm:"php-filter~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-fpm", rpm:"php-fpm~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-ftp", rpm:"php-ftp~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-gd", rpm:"php-gd~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-gd-bundled", rpm:"php-gd-bundled~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-gettext", rpm:"php-gettext~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-gmp", rpm:"php-gmp~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-hash", rpm:"php-hash~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-iconv", rpm:"php-iconv~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-imap", rpm:"php-imap~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-ini", rpm:"php-ini~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-interbase", rpm:"php-interbase~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-intl", rpm:"php-intl~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-json", rpm:"php-json~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-ldap", rpm:"php-ldap~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-mbstring", rpm:"php-mbstring~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-mcrypt", rpm:"php-mcrypt~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-mssql", rpm:"php-mssql~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-mysql", rpm:"php-mysql~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-mysqli", rpm:"php-mysqli~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-mysqlnd", rpm:"php-mysqlnd~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-odbc", rpm:"php-odbc~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-openssl", rpm:"php-openssl~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-pcntl", rpm:"php-pcntl~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-pdo", rpm:"php-pdo~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-pdo_dblib", rpm:"php-pdo_dblib~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-pdo_firebird", rpm:"php-pdo_firebird~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-pdo_mysql", rpm:"php-pdo_mysql~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-pdo_odbc", rpm:"php-pdo_odbc~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-pdo_pgsql", rpm:"php-pdo_pgsql~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-pdo_sqlite", rpm:"php-pdo_sqlite~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-pgsql", rpm:"php-pgsql~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-phar", rpm:"php-phar~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-posix", rpm:"php-posix~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-readline", rpm:"php-readline~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-recode", rpm:"php-recode~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-session", rpm:"php-session~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-shmop", rpm:"php-shmop~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-snmp", rpm:"php-snmp~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-soap", rpm:"php-soap~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-sockets", rpm:"php-sockets~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-sqlite3", rpm:"php-sqlite3~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-suhosin", rpm:"php-suhosin~0.9.36~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-sybase_ct", rpm:"php-sybase_ct~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-sysvmsg", rpm:"php-sysvmsg~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-sysvsem", rpm:"php-sysvsem~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-sysvshm", rpm:"php-sysvshm~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-tidy", rpm:"php-tidy~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-tokenizer", rpm:"php-tokenizer~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-wddx", rpm:"php-wddx~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-xml", rpm:"php-xml~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-xmlreader", rpm:"php-xmlreader~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-xmlrpc", rpm:"php-xmlrpc~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-xmlwriter", rpm:"php-xmlwriter~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-xsl", rpm:"php-xsl~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-zip", rpm:"php-zip~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-zlib", rpm:"php-zlib~5.4.34~1.mga3", rls:"MAGEIA3"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "MAGEIA4") {
if(!isnull(res = isrpmvuln(pkg:"apache-mod_php", rpm:"apache-mod_php~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64php5_common5", rpm:"lib64php5_common5~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libphp5_common5", rpm:"libphp5_common5~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php", rpm:"php~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-apc", rpm:"php-apc~3.1.15~4.8.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-apc-admin", rpm:"php-apc-admin~3.1.15~4.8.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-bcmath", rpm:"php-bcmath~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-bz2", rpm:"php-bz2~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-calendar", rpm:"php-calendar~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-cgi", rpm:"php-cgi~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-cli", rpm:"php-cli~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-ctype", rpm:"php-ctype~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-curl", rpm:"php-curl~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-dba", rpm:"php-dba~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-devel", rpm:"php-devel~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-doc", rpm:"php-doc~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-dom", rpm:"php-dom~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-enchant", rpm:"php-enchant~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-exif", rpm:"php-exif~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-fileinfo", rpm:"php-fileinfo~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-filter", rpm:"php-filter~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-fpm", rpm:"php-fpm~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-ftp", rpm:"php-ftp~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-gd", rpm:"php-gd~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-gettext", rpm:"php-gettext~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-gmp", rpm:"php-gmp~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-hash", rpm:"php-hash~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-iconv", rpm:"php-iconv~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-imap", rpm:"php-imap~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-ini", rpm:"php-ini~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-interbase", rpm:"php-interbase~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-intl", rpm:"php-intl~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-json", rpm:"php-json~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-ldap", rpm:"php-ldap~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-mbstring", rpm:"php-mbstring~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-mcrypt", rpm:"php-mcrypt~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-mssql", rpm:"php-mssql~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-mysql", rpm:"php-mysql~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-mysqli", rpm:"php-mysqli~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-mysqlnd", rpm:"php-mysqlnd~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-odbc", rpm:"php-odbc~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-opcache", rpm:"php-opcache~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-openssl", rpm:"php-openssl~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-pcntl", rpm:"php-pcntl~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-pdo", rpm:"php-pdo~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-pdo_dblib", rpm:"php-pdo_dblib~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-pdo_firebird", rpm:"php-pdo_firebird~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-pdo_mysql", rpm:"php-pdo_mysql~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-pdo_odbc", rpm:"php-pdo_odbc~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-pdo_pgsql", rpm:"php-pdo_pgsql~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-pdo_sqlite", rpm:"php-pdo_sqlite~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-pgsql", rpm:"php-pgsql~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-phar", rpm:"php-phar~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-posix", rpm:"php-posix~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-readline", rpm:"php-readline~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-recode", rpm:"php-recode~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-session", rpm:"php-session~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-shmop", rpm:"php-shmop~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-snmp", rpm:"php-snmp~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-soap", rpm:"php-soap~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-sockets", rpm:"php-sockets~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-sqlite3", rpm:"php-sqlite3~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-suhosin", rpm:"php-suhosin~0.9.36~1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-sybase_ct", rpm:"php-sybase_ct~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-sysvmsg", rpm:"php-sysvmsg~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-sysvsem", rpm:"php-sysvsem~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-sysvshm", rpm:"php-sysvshm~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-tidy", rpm:"php-tidy~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-tokenizer", rpm:"php-tokenizer~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-wddx", rpm:"php-wddx~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-xml", rpm:"php-xml~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-xmlreader", rpm:"php-xmlreader~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-xmlrpc", rpm:"php-xmlrpc~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-xmlwriter", rpm:"php-xmlwriter~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-xsl", rpm:"php-xsl~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-zip", rpm:"php-zip~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"php-zlib", rpm:"php-zlib~5.5.18~1.1.mga4", rls:"MAGEIA4"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
References
www.php.net/ChangeLog-5.php#5.4.34
www.php.net/ChangeLog-5.php#5.5.18
advisories.mageia.org/MGASA-2014-0430.html
bugs.mageia.org/show_bug.cgi?id=13820
bugs.mageia.org/show_bug.cgi?id=14326
bugs.php.net/bug.php?id=68089
bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3669
bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3670
MGASA-2014-0430
Related
mageia
mageia
Updated php packages fix security vulnerabilities
2014-10-28 14:33:36
Updated imapsync package fixes CVE-2014-2014
2014-02-28 02:03:00
nessus
nessus
RHEL 6 : php (RHSA-2015:0021)
2015-01-09 00:00:00
Scientific Linux Security Update : php on SL5.x i386/x86_64 (20141106)
2014-11-10 00:00:00
GLSA-201411-04 : PHP: Multiple vulnerabilities
2014-11-10 00:00:00
redhat
redhat
(RHSA-2015:0021) Important: php security update
2015-01-08 00:00:00
(RHSA-2014:1824) Important: php security update
2014-11-06 00:00:00
(RHSA-2014:1768) Important: php53 security update
2014-10-30 00:00:00
threatpost
threatpost
PHP Patches Buffer Overflow Vulnerabilities
2014-10-22 13:33:23
securityvulns
securityvulns
PHP memory corruption
2014-11-03 00:00:00
[USN-2391-1] php5 vulnerabilities
2014-11-03 00:00:00
[ MDVSA-2014:202 ] php
2014-10-27 00:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2014-435)
2015-09-08 00:00:00
Slackware: Security Advisory (SSA:2014-307-03)
2022-04-21 00:00:00
RedHat Update for php RHSA-2014:1824-01
2014-11-07 00:00:00
oraclelinux
oraclelinux
php security update
2014-11-06 00:00:00
php security update
2014-10-30 00:00:00
php53 security update
2014-10-30 00:00:00
debian
debian
[SECURITY] [DSA 3064-1] php5 security update
2014-11-04 16:08:18
[SECURITY] [DSA 3064-1] php5 security update
2014-11-04 16:08:34
[SECURITY] [DLA 94-1] php5 security update
2014-11-25 22:00:28
f5
f5
centos
centos
php security update
2014-11-06 18:30:07
php53 security update
2014-10-31 14:37:09
php security update
2014-10-31 13:14:51
ibm
ibm
slackware
slackware
[slackware-security] php
2014-11-04 01:25:39
amazon
amazon
Important: php54
2014-10-28 17:09:00
Important: php55
2014-10-28 17:10:00
veracode
veracode
Memory Corruption And Code Execution
2019-05-02 05:13:12
Arbitrary Code Execution
2019-05-02 05:04:21
Denial Of Service (DoS)
2019-01-15 09:02:53
gentoo
gentoo
PHP: Multiple vulnerabilities
2014-11-09 00:00:00
osv
osv
php5 - security update
2014-11-25 00:00:00
php5 - security update
2014-11-04 00:00:00
ubuntu
ubuntu
php5 vulnerabilities
2014-10-30 00:00:00
hackerone
hackerone
Internet Bug Bounty: Integer overflow in unserialize() (32-bits only)
2015-09-18 00:00:00
cve
cve
ubuntucve
ubuntucve
fedora
fedora
[SECURITY] Fedora 21 Update: php-5.6.2-1.fc21
2014-11-01 16:41:03
[SECURITY] Fedora 20 Update: php-5.5.18-1.fc20
2014-10-23 06:23:25
[SECURITY] Fedora 19 Update: php-5.5.18-1.fc19
2014-10-28 06:35:04
prion
prion
Memory corruption
2014-10-29 10:55:00
Integer overflow
2014-10-29 10:55:00
Design/Logic Flaw
2014-04-18 22:14:00
checkpoint_advisories
checkpoint_advisories
PHP Core unserialize Function Integer Overflow (CVE-2014-3669)
2014-11-25 00:00:00
suse
suse
Security update for php53 (important)
2016-06-21 13:08:17
kitploit
kitploit
Radamsa - A General-Purpose Fuzzer
2024-03-25 11:30:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1950
2021-07-02 17:57:45
9.7 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.937 High
EPSS
Percentile
99.1%
Related for OPENVAS:13614125623111020140430